DEV Community

Amara Graham
Amara Graham

Posted on

What are your thoughts on 'Silent Installations'?

Recently a coworker asked me about my thoughts on "silent installations" and all I could think about was keyloggers, spyware, and other things that could show up installed on my computer unannounced. Hard pass.

His idea was service providers may want silent installations so users just get the software they need without being bothered.

Even installing at scale across multiple server nodes, I could see two paths: easy scriptable installs with a config file, something I could work with in a terminal or provide the software in a package manager (like Brew, for instance) that I can still script my way to the install. I'd want to be able to configure the install for my given setup, whether I'm installing this on my personal machine or on a server.

Am I missing something? Is the definition for "silent installations" broader than I've described it? What are your thoughts? Are you packaging your software this way?

Top comments (17)

Collapse
 
terabytetiger profile image
Tyler V. (he/him)

all I could think about was keyloggers, spyware, and other things that could show up installed on my computer unannounced. Hard pass.

This was my first thought when I saw the post title.

As someone who generally falls in the "superuser" camp I might be skewed here, but I prefer being told when something is going to update. For me, updates are exciting and I love to see what's changing!

Collapse
 
missamarakay profile image
Amara Graham

With updates do you ever skip versions or delay? Or do you just want the heads up to read the release notes/changelog? I've skipped or temporarily delayed if its part of my current workflow and I don't want those extra variables.

Collapse
 
terabytetiger profile image
Tyler V. (he/him)

Same as you! I'll put off an update for a bit if it would cause disturbance, or only adds a feature I don't plan to use.

Collapse
 
codemouse92 profile image
Jason C. McDonald • Edited

I agree with all the comments so far. I always want to see what will be installed, and explicitly authorize it.

Deliberate malware aside, even "well-meaning" silent installations can go horribly awry. You may want to avoid something due to privacy concerns (e.g. most Google stuff), licensing ethics, security flaws you're aware of that may affect you, or a malicious dependency that otherwise valid projects unwittingly rely on (NPM debacle anyone?)

Thus, I never ever ever EVER want silent installation to touch my machine. I would consider such a thing to be inherently dishonest, if not outright malicious, as a matter of principle. I would always wonder what it is that someone doesn't want me to notice.

Collapse
 
missamarakay profile image
Amara Graham

Do silent updates make you feel the same way? I feel like I know the answer.

I think there is a container influenced mindset where people seemingly stopped caring about things like permissions, privacy, etc. because they are under the impression its self contained, well-meaning.

Or maybe its not the developers and technical folks that are looking for silent installations, its everyone outside that group... because they find the UX annoying and truly do accept the defaults, just clicking on through.

Everyone has me thinking now!

Collapse
 
codemouse92 profile image
Jason C. McDonald

Yeah, I don't like silent updates either.

Collapse
 
trickvi profile image
Tryggvi BjΓΆrgvinsson

I absolutely need silent installs for my work and usually curse and dislike software vendors that don't offer it.

However I seem to understand the term differently than others in this thread. To clarify, my interpretation is that a silent install is software installation that requires no user interaction (described here).

So to me this could be installation via package managers that need no extra input, install scripts that don't prompt users etc.

The reason is that I and my unit at work manage the machines at work. All servers and laptops and anything in between. We need to frequently install applications (or update them) on particular machines and we cannot do it if we have to constantly click next, next, finish.

What we do instead is that we use a configuration management tool to manage installs. Such a tool cannot do user interaction during setup. It absolutely requires silent installs.

So if 100 people need some software that doesn't support silent installs, we'd rather find an alternative than walk around or remotely log into all 100 computers to install via a GUI client. Even if it takes more time to find the alternative because updating will then also require us to repeat the manual installation process. Manual installs are also out of the question because we want our environment to be predictable.

Sadly some software vendors offer silent installs but when we want to use it, it turns out we can't because they have something like for example an Adobe Air dependency that requires user interaction to approve its license thus breaking the silent install of the software we wanted to install.

I may sound harsh in my reply but I'm not trying to be. I've just too many times had angry clients who want a nice software but I either have to turn them down because of missing silent installs or take on a lot of extra work to keep them happy but at the cost of my team's efficiency and happiness.

So please everyone make sure your software can be installed silently 🀫

Collapse
 
missamarakay profile image
Amara Graham

Thank you so much for your response and contributing to this discussion.

Can you provide a name of software with a silent installation experience? Do you expect to configure this software with a config file? Or do you accept the company provided defaults and run your own scripts to make any additional changes later?

What about updates? Do you initiate those manually?

Collapse
 
trickvi profile image
Tryggvi BjΓΆrgvinsson

There are lots of software solutions that offer silent installs. These may or may not be documented properly. For example many of our users at work need R and R Studio. Both offer silent installs as discussed in an R-bloggers blog post. It's usually something they do via command line installs.

I vaguely remember a project around Ubuntu that was specifically focused on installing and upgrading silently but I couldn't find a reference.

Balsamiq is the software I referred to that advertises silent installs but fails because it depends on Adobe Air which can't be installed silently.

Then we have software like Adobe Creative Cloud where the user installs the installer that can pick products to use but those I truly dislike because we can't do anything (yeah Adobe is not a favourite).

Configuration is another thing. Sane defaults from the company makes us very happy. But often we do need to make configurations and we do them in the way the software requires. We love configuration files. That makes everything so much easier and maintenance a lot more readable.

For Windows machines we often have to deduce what registry keys we should change and how (a burden), sometimes we just have to run some commandline tool with proper arguments to do the configurations.

There are software packages like for example Outlook which we can't configure easily but setting up the environment with autodiscover hosts will configure automatically but even if it is easier, I don't like it because I want maintenance to be readable.

Many times we have to apply licenses to software package and those cannot be configured easily. Those I don't like. I understand why companies try to make the process convoluted, but its just such a burden to try to figure out how to apply licenses to some software.

Worst case scenarios are things like Navision (Microsoft Dynamics Nav) where we cannot configure it remotely. We therefore just created a document describing the configuration process and place it on the machines for users to follow.

As I said in my earlier comment, we manage everything with a configuration management tool (we use Salt). That allows us to decide when to run updates and then we run the updates on all machines. So usually we test new versions of software in a test environment and if we're happy and everything looks good, we roll them out to every machine that should have it.

We version control our configurations so if we notice a problem, we just roll back and install a more recent working version and apply it to all the machines.

That way we can be sure we have a uniform and predictable environment, saving us a lot of time in maintenance (because we no longer need to solve unique problems for each user or spend time trying different versions, if we have a problem we solve it once and it is then solved for everyone).

Collapse
 
moopet profile image
Ben Sinclair

I see silent installs to be for things like dependencies. Installing X app also installs Y utility. It goes into malware when it's things like "Install Java" and you get the Yahoo! Toolbar, where it's almost silent.

But more for things like if you're using an app and it needs a certain plugin to export to a particular file format and it requests and installs it automatically on demand. I'd prefer to actively give permission, personally.

Collapse
 
missamarakay profile image
Amara Graham

My brain went straight to the Yahoo! Toolbar scenario too.

Collapse
 
jerdog profile image
Jeremy Meiss

So back in a former life, my company created software for OEMs, mobile service providers, and system integrators. We routinely created "silent installs" which allowed for background installs of updates, new APNs, etc.

All that goes to say that I think you're on the right path, and plenty of use cases are there I think, given consent.

Collapse
 
yokotobe profile image
yokotobe

Silent installatation is made for convinience for all users. As a developer i only use this service from reliable providers or review installer scripts if I can.

Collapse
 
andrewbrown profile image
Andrew Brown πŸ‡¨πŸ‡¦

I would infer that Silent Installations are updates you don't notice. Doesn't chrome do that?

Collapse
 
missamarakay profile image
Amara Graham

Chrome for me (MacOS) always prompts with something on the menu bar, but maybe you can set it for automatic updates? Not sure.

Collapse
 
andrewbrown profile image
Andrew Brown πŸ‡¨πŸ‡¦

Uncertain, but I can tell you that Microsoft Updates are not silent. πŸ™ƒ
My day is ruined the few times I need to boot up Windows 10.

Thread Thread
 
missamarakay profile image
Amara Graham

That's my next post - "Let's talk about how obtrusive updates are" πŸ˜†