*hypf*

After InstallShield and others moved on to simply generating Windows Installer scripts that were executed and wrapping their own GUI around it (though I still don't quite understand why this GUI has to be so ugly skinned in recent versions. Consistency across a platform is actually a nice thing to have and I don't like it when programs break that intentionally) now there is a new problem to overcome for installers: Signatures and requesting elevated privileges.

The first part might already have been important with Windows XP SP2, though I can't really tell since the time I've used that OS accounts for maybe a few hours total. However, more and more open source projects move to signing their installers what I see as a good thing since it enables Windows to check the signature and detect changes (whether deliberate or just download errors) before executing the whole thing and it enables users to establish a base of trust (plus, it's tracable to the person or corporation that signed it). Also Windows will display a much more friendly confirmation dialog when the signature can be verified.

The other part is more icky on Windows Vista. Since Microsoft introduced UAC programs can request elevated privileges through a manifest. If the administrator disabled automatic setup discovery heuristics (which are pretty accurate, however they cannot be bypassed which makes them not quite good if they give a false positive) through group policies the only thing Windows will use for determining whether the program needs administrative access is the manifest.

Actually, there is another option: Requesting elevated privileges only when you need them. This is what the Windows Installer currently does and I found it to be a pretty nice idea. Why bother the user with requests that are unnecessary? However, most installers actually do need elevated privileges.

Many programs nowadays are packages with the Nullsoft Scriptable Install System (NSIS) and since most of them are hobbyist or open source projects almost none are signed (a problem not specific to NSIS, but it has a broad userbase in the open source community due to the fact that it is itself open source). Furthermore, no NSIS installer I found included the manifest that told Windows to start it in elevated mode. And NSIS apparently does not support (or no one uses it) requesting privileges only when needed.

The funny thing about NSIS is that if you start it as a limited user it will try to run the installation (which may succeed to some degree thanks to Vista's virtualized files) and then fail miserably. The worse part here is, that on failure NSIS won't even bother to do a rollback which I find a little disturbing. An installer often meddles with the system at a quite low level and may produce inconsistencies if it won't run completely. An installer not being able to properly roll back changes already made on failure relies a little too heavily on the assumption that everything will work fine (I doubt they even try to use Transactional NTFS on Vista [although this may be true for all installers currently but would be a nice addition]).

So basically you have to clean up your system a bit after NSIS failed due to limited user rights. Thankfully the stuff for that is all in one place.

Windows already has a hard time dealing with the multitude of different installers while the only package management system which could be called by that name (Windows Installer) isn't used as widely as I'd hope. Come on, guys. There is already a decent installer framework. InstallShield, Wise, etc. made the move to compile their scripts to Windows Installer, should be possible to do that with NSIS as well.

Or use WiX.