zerotoclaude
Module 02/Software Basics/Lesson 01

Installing software safely

How to install things without breaking your machine or trusting the wrong website.

7 min read

Installing software is one of those tasks that's either trivial (one button, two seconds) or oddly involved (terminal commands, paths, permissions). The difference comes down to where the software is coming from and howit's being delivered. Once you understand the few common patterns, the friction goes away.

The three places software comes from

Almost every program you'll ever install arrives through one of three channels:

  1. An app store. The Mac App Store, Microsoft Store, iOS App Store, Google Play. The store vets the software (somewhat), handles installation, manages updates. Easiest path. Best for consumer apps.
  2. A direct download.You go to the maker's website, download an installer (a .dmg, .exe, .msi, or .pkg), and run it. More steps, but the maker controls the release. This is how most developer tools get distributed.
  3. A package manager. A command-line tool that knows about thousands of programs and can install any of them with one line. brew install node. winget install git. The most efficient path once you're comfortable in a terminal. We'll spend more time on these in a later lesson.
Note
For everything in this curriculum we'll prefer direct downloads or package managers, not app stores. Developer tools usually aren't in app stores, and when they are, they're often older versions.

What an installer actually does

When you double-click an installer, it's running a small program whose job is to put files in the right places on your computer. It copies the application into /Applications (on Mac) or C:\Program Files\ (on Windows), creates shortcuts, maybe adds a few configuration files, and registers the program with the operating system so it shows up in menus and search.

Some installers also need administrator permission because they're writing to folders that aren't yours personally — they're writing to shared system folders. That's why you sometimes get a password prompt during install. Not a red flag by itself; just the system asking before letting an installer touch protected areas.

Spotting a sketchy installer

The single most important habit when installing developer tools: install from the source you trust. Not the first link you Googled. Not a forum post. Not a YouTube video's description. The maker's actual website.

For example, if someone tells you to install Node.js:

  • nodejs.org — the official site.
  • nodejs-download.xyz, node-installer.com, any look-alike — almost certainly malware.

On Mac and Windows, modern installers are usually signedby the publisher — the operating system checks a cryptographic signature and shows a warning if something's off. Don't click past those warnings. If your computer refuses to run an installer because it's "from an unidentified developer," stop and verify you got it from the right place.

One rule, repeated until it sticks
Don't run installers from places you wouldn't enter your email password. Installers can do anything to your machine — including quietly install other things alongside. The installer already has admin rights the moment you double-click it.

Mac vs. Windows vs. Linux

The platforms differ in detail but the shape is similar.

Mac

Most apps come as .dmgfiles — a disk image. You double-click it, a window pops open showing the app icon and a shortcut to your Applications folder. You drag the app into Applications. That's install. To uninstall, drag it out of Applications to the Trash.

Some come as .pkg installers — a wizard with "next, next, next." Usually because they need to put files in multiple places.

For developer tools, Mac has an excellent package manager called Homebrew (brew). Install once and you can install almost any developer tool with one command.

Windows

Apps come as .exe or .msiinstallers. You run them, click through a wizard, the app gets installed and added to the Start menu. To uninstall, use the "Apps" settings page, not by deleting files.

Windows has its own package manager called winget (built in) and a community one called Scoop. Both work great for developer tools.

Linux

Almost everything is installed through a package manager — apt on Ubuntu/Debian, dnf on Fedora, pacman on Arch. Direct downloads exist but are uncommon. Linux is the most package-manager-native of the three.

package manager flavours
# Mac (Homebrew)
brew install node

# Windows (winget)
winget install OpenJS.NodeJS

# Linux (apt, on Ubuntu/Debian)
sudo apt install nodejs

Updating and uninstalling

How you update depends on how you installed. App store apps update themselves (or via the store). Direct-download apps often have a "Check for updates" menu item — and many notify you on launch. Package-manager installs are easiest: one command updates everything.

Uninstalling looks the way you'd expect: Mac drag-to-trash, Windows "Apps" settings, Linux apt remove. The one trap is that some apps leave behind configuration files in hidden folders even after uninstall. Usually fine; occasionally you need to clear those too if you're troubleshooting a reinstall.

A clean install habit
Before installing something new for a tutorial, write down what you installed so you can uninstall later if you change your mind. Three years from now you don't want a forgotten background service eating your battery for a tool you used once.
What to take with you
  • Software comes from app stores, direct downloads, or package managers. Each has its place.
  • Always install from the maker's actual site or an official package manager — never random download portals.
  • Installers usually need admin permission to put files in shared system folders. That's normal; you should still pay attention to which one you're allowing.
  • Each OS has a native package manager (brew, winget, apt) — learn yours; it'll save you hours every year.