One of my biggest complaints and pet-hates are the Install Packages many developers feel they must include. (( I always have the impression they’re just Windows developers that transitioned to the Mac without fully understanding it. ))
The problem is that Install Packages are a security and abuse issue waiting to happen. You are required to go back to the “dark ways” and just mindlessly click “next, next, insert password, next…”
to go through screens of useless information while the installer package can simply be wiping out your home folder and installing a key logger on a system level and you will never even know what it did.
A possible solution to this is a Quicklook plugin called “Suspicious Package“, a very apt name i must add. With it you can simply invoke Quicklook (( through pressing the space bar on finder or right-clicking it and selecting on “Quick Look filename” )) on a Install Package and see what its contents are.
You will now see where the installer will install files, if it haves any install scripts (and you can look through these if you understand them) or if they require an Admin password or a full System Restart to install. All without even executing the file once.
A QuickLook on the MAMP install package.
The installation of the plugin itself is very simple and you just need to drag the plugin to your Quicklook folder on YourUserFolder/Library/Quicklook . If no such folder exists just create it with the exact name of “Quicklook”.
It should be noted that although Mac OS X is a very secure system, it is no more secure than any other when it comes to the user allowing suspicious applications to run with the elevated privileges of a Administrator. If an application has that privilege, because you gave them to it by typing your admin password, then the app can do as it pleases with your system. So, always go for the paranoid side of things, specially the ones that you are not fully sure of its character. Better safe than sorry…