We have an application that is being provided and installed by a third party company. They are charging market rate 'consultancy' fee to do this.
They installed the majority of the folders in the root of the C drive, to my shock.
Is it OK to install them to the root of the C drive? Can this method of installation cause problems? Or should applications be installed to Program Files instead?
While not an official source, Raymond Chen at The Old New Thing has discussed this.
Specifically, the above-linked blog post states:
Naturally, compliance with those software certification programs' terms would only apply if you intended to apply for (or already have applied, and received certification under) those particular software certification programs. And more to the point in this case, it's about the default installation path, nothing more.
There are certain advantages to not installing in
%programfiles%. One is to safeguard the program from being used as a trampoline for malware (for more details see, for example http://foundstone-dire-detect-insecurely-regist.software.informer.com/1.0/ or google for more "Foundstone DIRE").Another advantage would be to install w/o requiring elevated privileges. This may be important, again, if a program is compromised, it won't have the access rights to compromise something else.
In Linux world, it is common practice to install third-party and system's software packages separately. For instance, while usual software packages go into
/usr/bin, third-party typically goes into/usr/local/binor/usr/share/binif it needs to be shared by multiple users, or into$HOME/binif it is supposed to be used by this specific user. Hearing how it's a consultancy firm that installs these programs on your PC, they probably have some (not to say contrived) user policies which make it necessary or at least more convenient to not use%programfiles%.