Topaz Installers

I’ve been ruminating about this for awhile, but I can’t be silent any longer. I have most of the Topaz apps and use a Mac, currently on Mojave.

I have my regular user account set up as a Normal (i.e. not administrator) account. This, to prevent anything from getting installed without me giving the OK. ALL of the Topaz installers place their apps and resources into the user account instead of at the root level. The root level library is the one that contains the Applications folder that the OS places on the dock for easy access. What is even more concerning is that at no time during the installations is there a pause to enter admin credentials to allow the install…it just happens. It is as if the Topaz installer developers are hackers.

I finally figured out what was going on when I could not find the updated Topaz app in the Applications folder on the dock. Now, it is an extra step to move the app from where the installer puts it over into the root level Applications folder so it is available on the dock. I have always left the resources where the installer puts them for fear of the apps not working if they are moved.

Every other software company gets it right, and all the other folks follow the security protocols of asking for admin credentials to install software if the user is not in an admin account. Not Topaz. Why is that?

I may be able to offer a non-official perspective which may, or may not, be useful. While I don’t use a Mac for Topaz apps, I have worked extensively with FreeBSD, Linux, & Unix which all use the same permissions infrastructure (all taken from Unix) with MacOS a close cousin to FreeBSD under the hood. I have dealt with a myriad of routine permission issues (years) on those Unix-like OSes and am fairly familiar with how they work and are managed.

You say the Topaz installers place the apps into the user account? This is what I would expect as the same (Topaz) installers don’t ask for elevated privs on Windows, either (the OS I use for Topaz apps).

However, if the installer only writes to a user-level account then no admin privs should be required (and therefore no need to prompted for “root” credentials") unless I’m missing something (no “hacking” would be required and I find that very unlikely as an explanation). This is where I lose track of your description.

If the MacOS Applications folder/dir that you describe has permissions that do not allow a non-priviledged user to write into that dir then, of course, admin/root creds would be required to move files in there. But, your description doesn’t mention those being needed. So, there must be some other explanation that may not be completely obvious.

The last point is that the installers only run with the permissions that you allow them. But, I’m confused because on the one hand you say the installer only writes files to a user account, but you also say that they write into the Applications folder and you imply this needs elevated privs (root/admin). I don’t see how both of those things can be simultaneously in effect. There is a third possibility, however, the Unix-like “group” permissions. If the Applications folder/dir has group permissions set for RW and your user account is in that group, then the OS would allow you to write files in that dir (as designed). I have used that paradigm extensively to allow non-root (ie user-level) users to write to a shared dir; it’s a routine (non-esoteric) approach. That MacOS GUI may very well configure this on account creation, etc.

Is that a possibility? Normally, I would be fiddling with these types of permissions at the command-line level, so some of this is undoubtedly hidden behind the MacOS GUI (which is essentially a front-end for FreeBSD/Unix, so to speak).

Not sure if that helps or confuses matters further, but my guess is there is an explanation that just may not be completely obvious.

Broadly, and generally, speaking this issue is similar to the Windows situation of the ProgramFiles dir/folder. ie this is essentially an OS dir, but user-level is still typically allowed (by OS perms) to install apps there without prompting for admin creds. Later down the line, the approach started transitioning to ~user/apps which is a user-level dir that each user owns relative to their own (non-admin) privileges (and thus, the “install for one user or everyone?” prompt). Of course, all ISV’s don’t necessarily change their approach concurrently ie making a change like that is like herding ducks.

Checking in to say I have this issue too. Would be good if the installers would put the apps in root applications folder after asking for authentication.

Well, the fact that something can be installed, even within a user account without admin privileges, is a discussion probably better suited on a forum on Apple’s site. The whole notion of not giving a user account admin privileges is to prevent anything from being installed without some sort of notice that it’s going to happen. Without that protection, some nasty stuff could be installed behind the scenes.

But, the bottom line for THIS forum is that Topaz should get their act together and install their apps where they are SUPPOSED to be installed on a Mac, and that is in the root level Applications folder. That’s the whole point of how Apple set it up so that when an app is installed, it is immediately available in the Applications folder that the OS puts on the dock by default. Shouldn’t have to play “Hunt the Wumpus” to find an app.

Admin privs would never be required to install within a user account file-space…that’s why it’s a user account file-space. And, yes, anytime you allow an installer admin privs anything can happen (but you say that wasn’t the case, buy you imply that somehow the installer had elevated privs anyway; I don’t see how).

The above makes zero sense to me. I’m not clear if you want the installer to have elevated privs or you don’t? My point is that the installer won’t have elevated privs unless you have things configured that way and/or entered the elevated creds (which you say you didn’t).

But, since I’m not a Mac user I’ll bow out now. Good luck.

OK. All of you who don’t use or know about MacOS, just move on. It seems that maybe the folks at Topaz don’t understand it very well either. BUT…

Dear Topaz—please start writing installers that put the apps in the root level Applications folder where it is supposed to go. That is why the OS places THAT application folder on the dock by default so that apps are all right there in one neat place. It can’t be all that hard to write installers that do that…every other software developer on planet Earth does it.

Likewise, anyone that claims hacking is involved in the installation doesn’t have a clear understanding of the underlying actions.

I don’t understand why your apps are being installed into a user level folder. All my apps, including Topaz apps, install automatically into the root level Applications folder. To check, I opened my user Applications folder, and found that the only thing in it is a folder called Chrome Apps, which contains some Google Chrome plugins.

(I do have some beefs with Topaz installer system, which takes forever and litters my Applications folder with multiple folders of Topaz apps, and sometimes multiple copies of the same app. At the moment, I have 4 folders of Topaz apps and 5 Topaz apps loose in the folder. This is after doing some housekeeping to get rid of duplicates.)

At any rate, I don’t know what would cause your installations to land in your user Applications folder. Whatever it is is not universal. It may be specific to something about the way your computer is set up. But why that would occur only with Topaz apps doesn’t make sense.

(BTW: I am running Catalina. And the drive is a 1TB SSD — a clone of a clone of a clone of the HD in my old 2012 MBPro.)

Maybe you only have one account on your machine. If that’s the case, then of course the apps would install in the root level Applications folder because that account is the administrator.