• Disk images take many steps, and many things can go wrong.
• Zip files leave you wondering what to do, especially if you use a browser other than Safari.
• Installers have a reputation for being sneaky (on Windows) or indicating that an application will require elevated privileges (on Mac).

What can browsers do to make some of these choices suck less, and make installing Mac apps easier?

Here's what I'd like to see: when you download a zip containing just an application, the browser offers to "install" it for you rather than just leaving it in the downloads folder. It could even do the same for disk images that contain nothing other than an application and a shortcut to /Applications.

Install applications only from authors whom you trust.

Malicious software can damage your computer or violate your privacy.

You clicked a link from http://adium.im/ that downloads an application called "Adium". Move it to /Applications and:

[x] Add to dock
[ ] Add to desktop
[ ] Launch now (if unchecked, reveal in finder)

Cancel / Install Now

Done right, this could be both easier and safer for users than leaving software in the user's Downloads directory.

But hiding the extension by default is only part of the problem. Most users can't be expected to memorize the meanings of dozens of three-letter filename extensions. Even advanced users can't be expected to check the extension every time they download a 15-second video clip.

The real problem is that the same action -- double-clicking on a downloaded file -- has a completely different meaning depending on whether the file is a document or a program. In the first case, it means "view this document"; in the second case, it means "grant this program all of my privileges".

Mac OS X 10.5 "Leopard" tries an interesting solution: "quarantining" just-downloaded programs. If you download a program using Safari or Firefox, you get a concise dialog reminding you that it was downloaded from the Internet.

Unfortunately, Apple botched an important part of this dialog: the button label. The OS X HIG suggest that button names should be verbs that describe the action performed, so if users only read one word in the dialog, it will be one that differentiates one action from another. (Windows, in contrast, is notorious for using "Yes" and "No" as button labels.) Apple chose the verb "Open", which suffers from exactly the same problem as double-clicking: it has a vastly different meaning for documents and applications!

There is concern that because the dialog is "in the way of what you were doing", many users will click through no matter what the dialog says. So perhaps a better solution is to take a hint from the Web application security model, and grant fewer privileges to most local applications. Why should running a screen saver or local game be so much more dangerous than visiting a web page?

A third possible solution is to make the action to launch an application explicit. In a command-line setting, this action might be "chmod +x". On Mac, a natural choice would be dragging the application to the Applications folder, since that is already a normal part of installing an application.

For now, my workaround is to drag files to VLC (as a habit) instead of double-clicking them. I suggested this in the "Handling downloaded files" section of Security tips for Firefox users.