I have to point out that Windows Installer (.msi) files aren't safer than executable installers. Windows installer files can define custom actions. These custom actions allow executing executable files or loading dynamic libraries to execute code. Currently, the safest Windows installation technology is the appx/msix packaging stuff because this doesn't allow custom actions.
@@Z3rgatul Yup, that is always a problem. There are other protections in place to limit this, but remember that "current safest" doesn't mean completely free of risk.
But you need custom actions for a lot of things. Registering global services for example. And appx is too restricted, you can't used it for example if you have a native webbrowser extension component.
Many exe insatallers are just the Msi wrapped in an exe that extracts the msi and runs windows installer. This is largely a holdover from old versions of Windows, the exe wrapper will install an updated version of the Windows Installer if needed before installing the msi. Modern versions of Windows already have the latest installer version (kept updated by Windows update) so they don't need manual updates. In these cases the msi is a better choice cause it is typically a smaller download (in the age of dialup this was a big advantage). Exe installers are most likely offered these days just for people unsure about MSI files even though they have been around for more than 20 years
The best profit of this standardization comes from the fact, that MSI installers (especially in minimal/quiet mode) are physically unable to show ads or in any other way annoy me during the installation (or even worse, during the uninstallation). Just msiexec /q and done; such a relief!
EXE installers can also include a quiet-mode, but that requires the installer vendor to specifically support it, as Nikita said, it's a standard feature of the MSI format. That's part of why it's used to install patches and such as part of custom OS installations like with nLite.
I guess it makes me realize that Linux actually has over a hundred installer formats, and that's why there are so many distributions, that is a very fragmented ecosystem
They actually could include ads, because you can have custom actions in an MSI, which is just code that will be executed at a fixed point of installation. This is also the reason, why it is definitely possible, that a MSI can be a virus in itself. Although, both is very uncommon.
@@tacokoneko theres like 3 formats total and they are just zip files in different names. And the only difference between them are the philosophy of where the files should be in folder location, so a different format most of the time doesnt even affects the software just the config file location and if the binary is available if you have local network at home
@@KatyaAbc575 take a deep breath and feel better knowing that laptop was an empty chasis. The lightness of it and amount for flex would seem to indicate it at least
This channel has come such a long way-I remember his early videos being computer prank videos, and here he is explaining different installer properties 😂 we’ve matured together ThioJoe
It’s one reason why I don’t watch his videos cause I just see him as the tech prankster. I remember his video about taping batteries to your Ethernet cable to make it faster.
@@LoFi3 Exactly, I sometimes refrain from watching a video because I still take everything he says with a grain of salt, but his recent videos have certainly improved in quality and educational value!
yeah i was shocked when he actually started making educational videos instead of pranking people. made me actually subscribe and hit bell, cuz he usually has rather interesting things i didnt know as a topic now.
I love seeing an MSI as a setup file, since it basically guarantees that I won't have to worry about any clunky custom-made non-native UIs that usually lag and aren't able to be dragged around n stuff. MSI files always install in one uniform way that feels comfortable because it fits in with the rest of the OS. Edit: Read the replies for more info, pretty cool stuff
This is not necessarily the case. MSI allows for custom UI dialogs, and even a complete replacement of the UI engine by embedding the resources to run it within the MSI. Microsoft has been doing this for years with Office, SQL, Visual Studio, etc.
@@DexieTheSheep I develop Windows MSI installers. You can basically put anything in them. Call custom DLLs with custom UIs, custom C++ coded features in embedded DLL's etc. I guess conditional on the Installer development software being used and how it's all packaged.
One application that is a very good example of having a difference in the exe and the msi is Zoom. The exe only installs for the currently logged on user, while the msi installs the application for all users. So if you are going install zoom on a computer that has several user or are connected to a domain you will have use the msi, otherwise only the one installing the program will be able to use it.
@@RDCST An MSI package will install the software on *C:\Program Files* or *C:\Program Files (x86)* which is accessible by all users. An EXE program may install the software only in *C:\Users\[user name]* especially if the user does not not have administrative rights on the computer. The *C:\Users\[user name]* folder is accessible only to the user. A different user will have a different *C:\Users\[user name]* folder.
@@zqzj incorrect, if you run a EXE as a privilege process it still depends on how the EXE file is designed to behave. If it's designed to only install in the user profile then it will always do so no matter what privilege you give it. The same goes with MSI files, they can be designed to either install with user privilege or system privilege (i.e. UAC asking you to give permission for higher privilege). And as someone said earlier most EXE installers are just wrapped MSI files.
Two more points: MSI is managed, I have had cases where trying to start a program actually starts repairs; then finally starts it (Seen somewhere in the XP - 7 era) MSI have some install "on demand" feature, but I have not looked more into it.
But then windows has to keep a copy of the .msi file on your computer somewhere to install the "on demand" feature, unless the .msi is on a network drive this is going to take up even more space on your local machine.
MSI files also allow for the use of MST (Microsoft Transform) files. MST files allow for configuration of different deployments of of the MSI. Examples include specifying different installation directories, adding files to be included/copied in the install, and specifying installation information required at installation, such as User Name, Organization Name, and/or software key.
Transforms don’t get nearly as much love as they deserve. Nothing like cracking open an msi using orca and tinkering to your heart’s content. Also great for those deployments where different business units will get different installs of the same software…just attach an mst for each.
9:35 I can tell you that as someone who thought they were pretty well caught up on their tech... you humbled the hell out of me. This is actually really incredible info to know for those outside of it. Best part is you had me thinking from the title to the end.
Sometimes you can get a choice between EXE, MSI, or ZIP, which you have extract it yourself to a folder of your own choice (Self-install), safest option, you not executing anything, until you run the actual program of course, and hopefully you obtained that program data through a trusted source. Always use a sandbox when in doubt also.
The problem with msi installer is often, that you *need* that specific msi file to uninstall (even for upgrading) the program. One of the best examples is LibreOffice - If you don't want the huge installer file always sitting there, you can't uninstall or even upgrade the program! (And there are multiple examples as malware in a msi)
It needs the MSI file to know how to uninstall. It's by design. Shame on any vendors or users who don't preserve a cached copy of the MSI after installing. At least don't delete anything from the Windows\Installer folder.
This. I need to delete the installer file sometimes (especially if it's big) to save some space on my SSD. I deleted some of the MSI files and when I try to uninstall the programs, I get an error stating that MSI file couldn't be found. So I had to delete the program files manually, which was not the best idea I think
@@emironurlular Without the MSI, Windows doesn't have what it needs to uninstall the program. Consider getting a bigger drive instead of deleting. If not possible, then at least store a copy of the MSI on a backup drive (e.g. a thumb drive) dedicated to offloading system drive files so you can point to it if Windows Installer prompts for it.
The msi installer doesn't necessarily create an uninstall script. Most of the time a copy of the msi installer is copied in the system often sucking space (think about 500MB for vmware workstation and a few hundreds MB for assorted drivers and utilities). If you delete those, you will not be able to uninstall or even upgrade a piece of software as windows will look for a previous installer.
And this is probably the biggest downside of MSI. It copies itself mostly to ":/Windows/Installer" folder. On my PC currently LibreOffice's "junk file" is the largest in this folder, with it's 300MB.
@@Hudee1985 the sad fact is that the majority of the software could be distributed in a zip file. I have a folder called "programs" that contains several subfolders, each one is a program that was copied over from c:\program files sometimes ago (I have software that is 10+ years old in there). This software works fine with the existing libraries, so whenever I reinstall Windows, or I buy a new PC, all I have to do is to just copy the folder over and call it a day. There are also other offenders like Dropbox that waste 900MB at the first install, as they store the currently installed version, and two copies of the same installer.
This is true. also safe to mention that viruses sometimes can attack MSI files, especially on the Windows Restore folder (MSI advantage is that they always create restoration points in case something goes wrong) so viruses take advantage of that and stick themselves to the MSI files backed up to the C drive for uninstalling
🎯 Key Takeaways for quick navigation: 00:00 📦 Windows software installations can use either .exe or .msi files. 00:50 🧩 .exe files are executables, while .msi files are Microsoft installers with standardized installation instructions. 02:41 🏡 For personal use, .exe or .msi doesn't make a significant difference, but .msi is recommended for enterprise or IT administrators. 04:33 🔄 .msi files automatically create uninstall scripts for easier program removal. 05:54 🦠 .msi files are less likely to contain viruses compared to .exe files. 07:17 🔄 If given the choice, it's advisable to use .msi files for installation, especially for enterprise purposes. 09:40 📥 Finding .msi versions might require specific searches or visiting enterprise-focused pages for certain software. Made with HARPA AI
Never underestimate the ability of a developer to f something up, even something as standardized as MSI. There's still a lot one can mess up. So, yes, it is possible to have a crappy UX/UI in an MSI, particularly when Custom Actions are involved, and especially when you have somebody inexperienced developing the package.
Thanks for educating me! If possible, I prefer standalone executables most. They are selfcontained and don't need any installation directory. Makes it easy to move programs around different hard drives or computers.
These are referred to as "portable apps" and it's up to the developer to design the program to be capable of this. I wish more programs were designed to be portable.
Package deployment is art.. EXE,MSI,APPX,MSIX 100% depend if you can manage and fullfill this install silently. I tend to prefert msi for apps that support patches (msp) and tranforms (msp), so there is less downtime during maintenances. As enduser msi is fine since since you will probably upgrade the app often. As enterprise, depend of the app and insall features needed per app. I have seen broken installers as .exe and also broken .msi and trust me msi ones are hard to troubleshoot.
Thank you for this. Im in a program that briefly talked about MSI and EXE but I was a bit lost as I felt they were not covering a lot. this helped me better understand it. thanks!
For the record, Metasploit has an option to wrap a payload into a MSI file so that it is executed as "postinstall script" when the MSI is installed. This helps bypass some security products that look closely at EXE files but only loosely at MSI files. So while most viruses nowadays are not distributed as MSI (and lot of them not as EXE either), they do exist.
Yeah I think its kinda stupid to say its unlikely a virus. Its just as likely to be a virus, the installed app could also be a virus, and you can probably automatically start it after installation
5:34 It is actually possible to run an exe from an msi as part of the installation process. I used this once to automatically uninstall an old version of a software, that wasn't compatible with the new installer system. So if someone wants to distribute a virus via a msi, this is possible.
It’s so grate actually getting useful tech knowledge from TH-cam. I’m tired of all that super interesting stuff that I’ll never get to use in the real world.
The "downloader installers?" Despise them with a passion! Now, I get that they are making sure that every time the installer is run the latest version of the software is installed. However, when I download software, I expect to download software! It's like buying a car and only getting the body! The rest of it comes later! What if I did not want the latest version? What if I'm trying to resurrect an antique, that the latest will not run on? I also despise the self-deleting installers, as well.
A lot of .exe installers have the installation parameters included, and you can either use the favorite search engine, or try with something like installer.exe /? from the command line. Sometimes non-standard switches are included in help. Usually, developers try to keep it similar to MSI packages, so the /q might actually work. Fun (terms and conditions apply) fact: Firefox MSI installer, when distributed through the Endpoint Manager (Intune), is not detected as installed by default, but works flawlessly if you create the .intunewin package (specific package that can consist all the required files, if you need more like the config files or something else) with the same install logic. When you install the .msi application, it gets the unique code, where the information is written about the developer and the version/build, so it's easy to detect the vulnerable outdated version of the application. And is also easy to get rid of the outdated JRE, just push the msiexec /x with the product code followed by /qn - and live happily after. Yeah, for the regular use is indeed better to use .msi if there is a choice. P.S. Kudos to Mark Russinovich for PSTools, what a Man!
@@bniedermann, it still works fine with the MSI in the Intune package, but is probably a good idea to test with the exe-file, too. In general, I am lazy, and when you package the MSI, Microsoft is very kind to put the (un)install comnands automatically, so you don't have to. In the end, it works, and is the final goal.
I could also argue that a number of EXE installers do not include standard command line parameters or documentation of said parameters or support for any parameters at all. These are the types of installers we dread in IT Endpoint Management. MSI is at least very consistent and supports silent installation nearly every time (as long as the developer doesn't defy standards compliance).
I feel that .msi instead of standing for "Microsoft (MS) Installer (I)" it should be "Microsoft (M) Software (S) Installer (I)" because it makes more sense.
Just an FYI, often times an EXE installer is just a wrapper, called a boot strapper, containing the MSI. Often times the benefit to doing this is to install pre-requisite installations (like a specific .NET version) that the MSI format doesn't directly allow for. SOURCE: a guy who has to make these installers from time-to-time.
MSI has technically been replaced by appx/msix now, but those block some actions making the install safer but not as flexible as an MSI is. MSI is not safer than an executable as it does allow arbitraty code to run in the instalation.
1:28 Wrong/misleading/requires correction. One can still execute code using so-called Custom Actions. They call a .dll file that the developer embeds, which contains an entry point to their code and passes parameters about the installation. This can be necessary for manipulating .config files based on install flags and parameters. Source: I use it at work.
MSI files can contain what is called a "custom action", which is likely an executable. So either way, there is a risk of viruses. Best to check the Digital Signature of both. Right click.. properties.. digital signature.
@@hydradragonantivirus Agreed, but I'll explain it this way. My company produces desktop software. I purchased a digital signature. Then I had to go through an extensive process, providing all my company information and legal documents, then they verified my own personal background, having to provide a driver's license, birth certificate, social security number, background check, credit check, etc. I had to take several different photos of myself holding up all of the information. The company is based out of my home so I had to take pictures of that, with me in the picture. They sent a letter to my address with a code that I had to provide back to them. They needed a footprint of my software to produce the hash and certificate to embed in my own software to prevent tampering. Is it 100% foolproof?, no. I could very well include malware in the code I wrote, of course. But it is traceable directly to me. I have to do this every year when the certificate expires.
the advantage of MSI over and EXE format is that you can scrutinize its content without having to install it. you can check on the database instructions, and even dump the embedded media. on the context of which one is safe, it basically depends on who and how they are crafted. in terms of manageability on the installed components, again this would depend on how the program structure is designed. many software products use EXE installer so they can package multiple MSIs into one package; and many EXE installers basically are just a bootstrap to run msiexec to install the embedded MSI file/s.
I’m assuming some people use .msi files for malware purposes since when you try to run a .msi file Windows (or maybe Firefox, I haven’t tried on any other browser) will give you a warning about the possibility of it containing a virus. No matter where you download it from
one thing i always consider before clicking on one of Thios videos is, "Will this help make my ethernet speeds 10x faster for free?", and the answer is yes. always yes.
Exe has one giant advantage tho. On the same computer, only 1 msi can install at a time. However, you can install as many exes as you want at the same time.
Windows restricting installation to 1 at a time is the dumbest shit. What use does this shit have? Ig it doesn't help windows is designed the asinine way of not being able to access files in use by other programs.
EXE can use things like semaphore to restrict multiple installations as well. MSI restricts multiple installations at once because it is technically a state machine that examines your computer, determines how to get to the installed state. Then makes it happen. If multiple installs occur at the same time you run the risk of changing the state one install is depending on by a second install.
It's mainly to avoid conflicts and collisions. In theory, maybe Microsoft could have developed an engine that could manage transactions from multiple packages running simultaneously, but they'd have to do away with certain things like Custom Actions and anything that could circumvent conflict management.
And being able to run multiple EXE installers at the same time is not necessarily a good thing because there's no conflict management. Granted, you might be installing two completely unrelated things, but Windows has no way to know that.
If you can't find an .msi, if you install the .exe, you can usually find the .msi for it in C:\Windows\Installer. Usually if you dig into the details tab of the properties you can figure out what it is. Going off the top of my mind but here's how I usually find it: $msis = Get-ChildItem -Path "C:\Windows\Installer" -include *.msi | Foreach-Object { Get-AppLockerFileInformation $_ } $msis | Where-Object { $_.Publisher -like "*Firefox*" } | Select-Object -ExpandProperty FullName Replace firefox with whatever, may need a tweak or two.
funny enough, most software "installing" for Linux opening the file and coping everything into a folder. I never understood why windows had to make this so overly complex. Even Macs are dead simple. Because for some reason Windows wants files in diffrent places from a software install, rather than just all in one location.
what? it's absolutely the other way around, in linux we have program data being installed to /usr/bin, /usr/share/applications, /usr/share/icons, /usr/share/locale, /usr/share/man, /usr/share/, /etc, /usr/lib .... meanwhile windows programs tend to be all contained in c:\program files\ (mostly)
@@ferchuu9 but you don't run an installer in linux. You literally just open a container file, copy it over, and that's it. Windows has filers going all over the place plus changes to the registry.
MSI files are basically just glorified CAB files, they're basically just ZIP files with some built-in instructions on where to extract the files, add some stuff to the registry, install services, make shortcuts, and such. The biggest benefit to MSI over EXE is that you can extract the contents of the installer and run it like a "portable" program a lot easier with an MSI than an with EXE. With an MSI, you can either directly extract it, or can do a "network install" with the /A switch which merely extracts the contents but doesn't add registry entries or services, make shortcuts, etc. With an EXE file, it might be possible to extract it if it's a ZIP, RAR, 7Z SFX (self-extracting executable), or you might need a tool or 7-zip plugin if it's a Wise, Inno, Installshield, NSIS, etc. file. (Note, in either case, simply extracting the contents instead of installing does work for most programs, but some do _require_ being installed because they need services or registry-entries or whatever in order to run, they _can't_ be run portable.)
Yes, registry enties and PATH updates. The script in the msi can also create / delete folders. And execute programs that are part of the payload. The program was needed to accomplish tasks the installation script was unable to perform.
@@TollyH winget cant install ziped software yet only exe/msi so there is alot of sofware that it doesnt support thats why im still on chocolatey plus it doesnt require the microsoft store installed which is another plus as im using windows ltsc so it keeps windows even less bloated
@@TollyH Oh ok. I had always wondered about using Chocolatey but still stuck with winget from beta days since it is quite sufficient for my needs till now
Do note that MSI isn't guaranteed to not be a virus. Apart from the classic "installer" tasks, they can define custom tasks which run bundled executables or scripts. In fact, software like Inno Setup uses this to create MSI packages, which just wrap the actual installer EXE but that allow compatibility like you mentioned. General software rules apply and you should never install software from untrusted sources.
Thats the reason to use iobit uninstaller (install monitor) which tracks down what it installed (exe or msi) and removes it also fully - works like a charm. Also macOS has big problems there in the install world, when you do not install it via store, then you have to remeber that you installed this programm this way and you have to uninstall it with an uninstall script from the program itself. I really don't understand why they do not have a container for each app and so it can be removed without traces (windows s had this approach kind a as it allowed only store apps)
Ahh yes the .msi installer and .exe installer. Before I recently upgraded to Windows 11 (my computer did meet more than the minimum requirements for Windows 11, so I waited for my computer to get the upgrade), I had trouble installing programs through MSI files on Windows 10. I would get something like "MSI Server is not responding". I would keep on clicking on retry, and I pretty much have to wait hours for some software to update or install. Now at least on Windows 11, I've seen a ton of improvements in terms of performance. In fact I decided to upgrade to windows 11, because of how slow windows 10 is now. Now it's as fast as my Ubuntu installation (I sometimes get tired of using Windows, so I sometimes boot into Ubuntu whenever I need to do some programming or whenever I just don't want to use Windows for a few days).
@@quicksilverb12 Well from my experience Ubuntu is fast, maybe you haven't even noticed it. Anyway I'm kind of planning on switching to another Linux distro. Because some other ones that I tried like Arch Linux, and I honestly didn't really like it. I'm planning on switching to a Red Hat based system like Fedora Workstation. Which I know you might mention that Red Hat Linux based systems only allow open source software. And a lot of stuff I use are open source. So I don't mind that, and I know you can change it to allow proprietary software.
appx is just an offline installer for windows store apps, msix is just the same as msi but it provides developers with better tools for configuration, etc and appxbundle contains multiple appx files that's all
".MSI file is not going to be a virus"? Then you say it is possible to install a virus through the .msi file. You are basically saying that if you want users to install a virus. bundle it inside an MSI file because you are assuring them that it is safe... That is a reason to put a virus in .msi over .exe. False sense of security. Microsoft Edge is a good example. Its a virus. Just try to get rid of it...
6:30 My recommendation for most users would be that torrents are more likely to be safe rather than a random website you found in bing. At least, as long as there are a couple peers sharing the file.
Good explanation of exe and msi files, thanks! ... but can you please stop using these stock video clips, which are not really beneficial to your explanations? They're not even funny. One is more ridiculous than the next. Ok, Thanks, have a nice day!
The manageability of MSI is that on an Active Directory domain you can just drop a .msi into a Group Policy Object and all computers subject to that GPO will auto-install on boot.
Other installer technologies like Inno or old Wise have less overhead. MSI usually adds extra bloat to the system directory and the registry. Unfortunately, other vendors, such as InstallShield and Wise, have switched over to the MSI format under the hood. When they run, they extract an MSI and pass control to it. When Microsoft creates something, it is always complex with databases, XML and GUIDs. Often programs just need to have files extracted to a disk. But an MSI might index every single file in the registry. I have one program that is tightly coupled to the MSI. And when it is run without these registry entries, it triggers a "repair" to undo my attempts at debloating it. All installers include a log unless specifically disabled. What uninstallers fail to remove on any platform is entries created by the program later, after the installation has concluded. The uninstaller may include clauses to delete additional items. An Inno or old Wise package can be extracted to examine the contents. But with MSI you often get cabinets inside cabinets and all files named as hexadecimal numbers.
Uninstalling an app that installed by msi is sooo convenient that it is alone a reason for me to use it. You can directly uninstall it from windows search/start menu but for exe, you have to uninstall it from control panel, and it usually gives the error as the app is still running. Even you thought you killed every process from task manager you still can't uninstall it...
Usually, the msi is a set of instructions for placing files and registries. However, lets take chrome enterprise msi. It does not have any files in its "file table"*1 . Instead it has custom actions running the installation through an executable "binary table"1*. A fake msi. 1) you need a program to see inside msi such as orca. It is basically a database.
as a linux user it is mandatory for me to inform you that almost all linux apps (packages) can be installed without any sort of risk because they are verified before hand and distributed though an app store (package manager such as pacman) and they downloaded files are once again veriefed on you own computer to make sure you got the prommised file and it didn't get intercepted or moddified
This isn't really a question about "should", as each program is built with different purposes. MSI's are typically for installer programs which then copy the main executable programs to the appropriate places, as selected by the user.
A very good explanation there Thio, its just a shame that quite often devlopers and providers of the software do not give the required information of silent install switches or permissions their applications need, often defaulting to oh just have the user be an administrator. That advice is wrong on so many levels these days and from an enterprise perspective. The other worrying trend in particular with .exe files is to get around the administrative permissions in some cases they have started installing the application to %appdata% of the user profile which effectively makes the application unmanageable on shared devices etc.
Even Microsoft is guilty of this. Look at Teams and OneDrive -- both per-user installers, meaning each user profile gets a copy. 😝 Enterprises have been complaining for years.
Many years ago there was an installer "package" that was used by many programs ( particularly games), the main problem with it was that it was quite old code (16 bit) and was still being used for 32 bit games. The problem occurred with a 64bit windows, while the game would run fine, the installer wouldn't so you couldn't play it.
we played with Msi using active directory years ago, where you attach the MSI file to a users account, the user logs on and it installs the program, user logs off and the program is uninstalled, basically the program follows the user to what ever machine they log on to. Been years since i have played with it all now sadly.
one software patch a supplier provided to us was provided as a .exe installer. IT dept decided they had to convert it to a .msi so they could roll it out to the whole fleet because they wanted to avoid any issue from trying to replace program .exe files that were currently being accessed by users. I don't know how msi helps there but apparently it does.
MSI has the built-in ability to handle files in use by either terminating the application that's holding the file(s) open or queuing the file(s) to be replaced on reboot. Maybe the EXE installer that the supplier provided wasn't robust enough to handle this, or maybe the IT department just didn't trust it since EXEs can be an unknown quantity.
The best way to install software is through the package manager of your OS. Especially on linux where the package manager is so fucking powerful, as every singl file is installed with it! On windows the package managers are mostly just hacked in with glue, and it feels like you are simply curl getting the programs
I have to point out that Windows Installer (.msi) files aren't safer than executable installers.
Windows installer files can define custom actions. These custom actions allow executing executable files or loading dynamic libraries to execute code.
Currently, the safest Windows installation technology is the appx/msix packaging stuff because this doesn't allow custom actions.
But msix/appx can still install exe with virus
Thanx for thr comment. I just wondered if msi files are maybe safer. Turns out it's not.
@@Z3rgatul Yup, that is always a problem.
There are other protections in place to limit this, but remember that "current safest" doesn't mean completely free of risk.
But you need custom actions for a lot of things. Registering global services for example. And appx is too restricted, you can't used it for example if you have a native webbrowser extension component.
@@Z3rgatul No. appx runs in a sandbox. Don't use virus if the app itself is the virus. Then this terminology does not make sense.
Many exe insatallers are just the Msi wrapped in an exe that extracts the msi and runs windows installer. This is largely a holdover from old versions of Windows, the exe wrapper will install an updated version of the Windows Installer if needed before installing the msi. Modern versions of Windows already have the latest installer version (kept updated by Windows update) so they don't need manual updates. In these cases the msi is a better choice cause it is typically a smaller download (in the age of dialup this was a big advantage). Exe installers are most likely offered these days just for people unsure about MSI files even though they have been around for more than 20 years
Yeah MSI's are just better in every way.
The internet exe u the reason msi
I play the whole series on the
Thanks! I also wanted to point that out. 👍
There are still a few things hard to do with MSI installer.
The best profit of this standardization comes from the fact, that MSI installers (especially in minimal/quiet mode) are physically unable to show ads or in any other way annoy me during the installation (or even worse, during the uninstallation). Just msiexec /q and done; such a relief!
EXE installers can also include a quiet-mode, but that requires the installer vendor to specifically support it, as Nikita said, it's a standard feature of the MSI format. That's part of why it's used to install patches and such as part of custom OS installations like with nLite.
Well they might as well include ads in the installed program . . .
I guess it makes me realize that Linux actually has over a hundred installer formats, and that's why there are so many distributions, that is a very fragmented ecosystem
They actually could include ads, because you can have custom actions in an MSI, which is just code that will be executed at a fixed point of installation.
This is also the reason, why it is definitely possible, that a MSI can be a virus in itself.
Although, both is very uncommon.
@@tacokoneko theres like 3 formats total and they are just zip files in different names. And the only difference between them are the philosophy of where the files should be in folder location, so a different format most of the time doesnt even affects the software just the config file location and if the binary is available if you have local network at home
msi files are amazing when you’re deploying to a fleet of computers + installation flags are there as well
That's why they're used for custom OS installations like with nLite.
@@I.____.....__...__ False.
@@tyreselongbottom6170 care to elaborate?
@@tyreselongbottom6170 so you say it ist wrong but dont say what IS right 🤦🤦
@@107bande True.
The "Person Break Computer" video was top notch. Loved it while ThioJoe was explaining in a reasonable way his stuff.
Videos of people breaking their computer hardware always hurt my heart quite alot. I dont know why.
@@KatyaAbc575 I feel you, hardware gore not nice :(
Certainly have to have a good range of acting abilities if you're a stock video actor.
@@KatyaAbc575 take a deep breath and feel better knowing that laptop was an empty chasis. The lightness of it and amount for flex would seem to indicate it at least
I was laughing my ass off when that stock video came on.
This channel has come such a long way-I remember his early videos being computer prank videos, and here he is explaining different installer properties 😂 we’ve matured together ThioJoe
It’s one reason why I don’t watch his videos cause I just see him as the tech prankster. I remember his video about taping batteries to your Ethernet cable to make it faster.
@@LoFi3 or how to download RAM LOL
@@LoFi3 Exactly, I sometimes refrain from watching a video because I still take everything he says with a grain of salt, but his recent videos have certainly improved in quality and educational value!
@@mellenooijen243 he gave up on the tech jokes a long time ago now
yeah i was shocked when he actually started making educational videos instead of pranking people. made me actually subscribe and hit bell, cuz he usually has rather interesting things i didnt know as a topic now.
I love seeing an MSI as a setup file, since it basically guarantees that I won't have to worry about any clunky custom-made non-native UIs that usually lag and aren't able to be dragged around n stuff. MSI files always install in one uniform way that feels comfortable because it fits in with the rest of the OS.
Edit: Read the replies for more info, pretty cool stuff
Yep.
This is not necessarily the case. MSI allows for custom UI dialogs, and even a complete replacement of the UI engine by embedding the resources to run it within the MSI. Microsoft has been doing this for years with Office, SQL, Visual Studio, etc.
@@serpent77 Interesting. Never seen those before. Still, though, for the majority of MSI installers it shows that native-looking dialog box, so... :P
@@DexieTheSheep I develop Windows MSI installers. You can basically put anything in them. Call custom DLLs with custom UIs, custom C++ coded features in embedded DLL's etc. I guess conditional on the Installer development software being used and how it's all packaged.
@@toby9999 Please don't give people ideas :)
This guys fire at turning an answer to a simple question, into an EXACTLY 10 minute video, lol.
answered in first 2 or 3 mins. The rest is additional information
One application that is a very good example of having a difference in the exe and the msi is Zoom. The exe only installs for the currently logged on user, while the msi installs the application for all users. So if you are going install zoom on a computer that has several user or are connected to a domain you will have use the msi, otherwise only the one installing the program will be able to use it.
If the non installer user create a shortcut to the installed exe can launch the app too?
@@RDCST An MSI package will install the software on *C:\Program Files* or *C:\Program Files (x86)* which is accessible by all users. An EXE program may install the software only in *C:\Users\[user name]* especially if the user does not not have administrative rights on the computer. The *C:\Users\[user name]* folder is accessible only to the user. A different user will have a different *C:\Users\[user name]* folder.
@@RaymondHng incorrect. Run an exe with elevated privileges and it will install for all users.
@@zqzj incorrect, if you run a EXE as a privilege process it still depends on how the EXE file is designed to behave. If it's designed to only install in the user profile then it will always do so no matter what privilege you give it.
The same goes with MSI files, they can be designed to either install with user privilege or system privilege (i.e. UAC asking you to give permission for higher privilege).
And as someone said earlier most EXE installers are just wrapped MSI files.
Two more points:
MSI is managed, I have had cases where trying to start a program actually starts repairs; then finally starts it (Seen somewhere in the XP - 7 era)
MSI have some install "on demand" feature, but I have not looked more into it.
But then windows has to keep a copy of the .msi file on your computer somewhere to install the "on demand" feature, unless the .msi is on a network drive this is going to take up even more space on your local machine.
I've had that happen in Windows 11; that functionality is still there.
MSI files also allow for the use of MST (Microsoft Transform) files. MST files allow for configuration of different deployments of of the MSI. Examples include specifying different installation directories, adding files to be included/copied in the install, and specifying installation information required at installation, such as User Name, Organization Name, and/or software key.
Transforms don’t get nearly as much love as they deserve.
Nothing like cracking open an msi using orca and tinkering to your heart’s content.
Also great for those deployments where different business units will get different installs of the same software…just attach an mst for each.
Didn't even know about this, interesting topic, I'll be choosing MSI when given the choice, thanks!
9:35 I can tell you that as someone who thought they were pretty well caught up on their tech... you humbled the hell out of me. This is actually really incredible info to know for those outside of it. Best part is you had me thinking from the title to the end.
Your videos are really informative, thank you!
Sometimes you can get a choice between EXE, MSI, or ZIP, which you have extract it yourself to a folder of your own choice (Self-install), safest option, you not executing anything, until you run the actual program of course, and hopefully you obtained that program data through a trusted source. Always use a sandbox when in doubt also.
MSIX packaging is saffer and easier to install
gets zip bombed
The problem with msi installer is often, that you *need* that specific msi file to uninstall (even for upgrading) the program.
One of the best examples is LibreOffice - If you don't want the huge installer file always sitting there, you can't uninstall or even upgrade the program!
(And there are multiple examples as malware in a msi)
Exactly why I avoid MSI installers like the plague.
It needs the MSI file to know how to uninstall. It's by design. Shame on any vendors or users who don't preserve a cached copy of the MSI after installing. At least don't delete anything from the Windows\Installer folder.
This. I need to delete the installer file sometimes (especially if it's big) to save some space on my SSD. I deleted some of the MSI files and when I try to uninstall the programs, I get an error stating that MSI file couldn't be found. So I had to delete the program files manually, which was not the best idea I think
@@emironurlular Without the MSI, Windows doesn't have what it needs to uninstall the program. Consider getting a bigger drive instead of deleting. If not possible, then at least store a copy of the MSI on a backup drive (e.g. a thumb drive) dedicated to offloading system drive files so you can point to it if Windows Installer prompts for it.
@@mazessj Would be even better if installing an MSI caused Windows to keep a secret copy of the MSI in case the user needs to uninstall.
The msi installer doesn't necessarily create an uninstall script. Most of the time a copy of the msi installer is copied in the system often sucking space (think about 500MB for vmware workstation and a few hundreds MB for assorted drivers and utilities).
If you delete those, you will not be able to uninstall or even upgrade a piece of software as windows will look for a previous installer.
And this is probably the biggest downside of MSI. It copies itself mostly to ":/Windows/Installer" folder. On my PC currently LibreOffice's "junk file" is the largest in this folder, with it's 300MB.
@@Hudee1985 the sad fact is that the majority of the software could be distributed in a zip file.
I have a folder called "programs" that contains several subfolders, each one is a program that was copied over from c:\program files sometimes ago (I have software that is 10+ years old in there). This software works fine with the existing libraries, so whenever I reinstall Windows, or I buy a new PC, all I have to do is to just copy the folder over and call it a day.
There are also other offenders like Dropbox that waste 900MB at the first install, as they store the currently installed version, and two copies of the same installer.
This is true.
also safe to mention that viruses sometimes can attack MSI files, especially on the Windows Restore folder (MSI advantage is that they always create restoration points in case something goes wrong) so viruses take advantage of that and stick themselves to the MSI files backed up to the C drive for uninstalling
🎯 Key Takeaways for quick navigation:
00:00 📦 Windows software installations can use either .exe or .msi files.
00:50 🧩 .exe files are executables, while .msi files are Microsoft installers with standardized installation instructions.
02:41 🏡 For personal use, .exe or .msi doesn't make a significant difference, but .msi is recommended for enterprise or IT administrators.
04:33 🔄 .msi files automatically create uninstall scripts for easier program removal.
05:54 🦠 .msi files are less likely to contain viruses compared to .exe files.
07:17 🔄 If given the choice, it's advisable to use .msi files for installation, especially for enterprise purposes.
09:40 📥 Finding .msi versions might require specific searches or visiting enterprise-focused pages for certain software.
Made with HARPA AI
Another advantage for regular users AND enterprises is that MSIs are ALWAYS consistent with windows ui and ux. EXEs might contain crap GUIs
MSI can embed alternate UIs that are still odd, or outright crap.
Never underestimate the ability of a developer to f something up, even something as standardized as MSI. There's still a lot one can mess up. So, yes, it is possible to have a crappy UX/UI in an MSI, particularly when Custom Actions are involved, and especially when you have somebody inexperienced developing the package.
A lot of MSI files are made to just run an EXE which installs it.
@@dexterhaxxor other way round bud
@@RationalFunction Nope, go check out Inno Setup’s documentation
Thanks for educating me!
If possible, I prefer standalone executables most. They are selfcontained and don't need any installation directory. Makes it easy to move programs around different hard drives or computers.
These are referred to as "portable apps" and it's up to the developer to design the program to be capable of this. I wish more programs were designed to be portable.
I like those as well except on linux, they are app images.
Package deployment is art.. EXE,MSI,APPX,MSIX 100% depend if you can manage and fullfill this install silently. I tend to prefert msi for apps that support patches (msp) and tranforms (msp), so there is less downtime during maintenances.
As enduser msi is fine since since you will probably upgrade the app often. As enterprise, depend of the app and insall features needed per app. I have seen broken installers as .exe and also broken .msi and trust me msi ones are hard to troubleshoot.
so for enterprise which one do you prefer between exe and msi?
@@patboy24 I select the one that offer me the most management options for the particular app. Most of the time is MSI. Depend of the app.
Thank you for this. Im in a program that briefly talked about MSI and EXE but I was a bit lost as I felt they were not covering a lot. this helped me better understand it. thanks!
For the record, Metasploit has an option to wrap a payload into a MSI file so that it is executed as "postinstall script" when the MSI is installed. This helps bypass some security products that look closely at EXE files but only loosely at MSI files. So while most viruses nowadays are not distributed as MSI (and lot of them not as EXE either), they do exist.
Yeah I think its kinda stupid to say its unlikely a virus. Its just as likely to be a virus, the installed app could also be a virus, and you can probably automatically start it after installation
Lol what security products are you using??
5:34 It is actually possible to run an exe from an msi as part of the installation process. I used this once to automatically uninstall an old version of a software, that wasn't compatible with the new installer system. So if someone wants to distribute a virus via a msi, this is possible.
It's also very common for .exe files to actually just contain the .msi itself along with extra stuff and it is just a self extracting installer.
after browsing through so many channels. Yours is by far the best. The explaining thod is so great and detailed even complex stuff is
thought it stood for "micro-star international" for a second
same but msi files aren’t companies though
It’s so grate actually getting useful tech knowledge from TH-cam. I’m tired of all that super interesting stuff that I’ll never get to use in the real world.
The "downloader installers?" Despise them with a passion! Now, I get that they are making sure that every time the installer is run the latest version of the software is installed. However, when I download software, I expect to download software! It's like buying a car and only getting the body! The rest of it comes later! What if I did not want the latest version? What if I'm trying to resurrect an antique, that the latest will not run on?
I also despise the self-deleting installers, as well.
Danke!
bitte schön 👍
A lot of .exe installers have the installation parameters included, and you can either use the favorite search engine, or try with something like installer.exe /? from the command line. Sometimes non-standard switches are included in help. Usually, developers try to keep it similar to MSI packages, so the /q might actually work.
Fun (terms and conditions apply) fact: Firefox MSI installer, when distributed through the Endpoint Manager (Intune), is not detected as installed by default, but works flawlessly if you create the .intunewin package (specific package that can consist all the required files, if you need more like the config files or something else) with the same install logic. When you install the .msi application, it gets the unique code, where the information is written about the developer and the version/build, so it's easy to detect the vulnerable outdated version of the application. And is also easy to get rid of the outdated JRE, just push the msiexec /x with the product code followed by /qn - and live happily after.
Yeah, for the regular use is indeed better to use .msi if there is a choice.
P.S. Kudos to Mark Russinovich for PSTools, what a Man!
The Firefox MSI Installer is just the EXE Installer wrapped in a MSI file. I recommend using the EXE.
@@bniedermann, it still works fine with the MSI in the Intune package, but is probably a good idea to test with the exe-file, too. In general, I am lazy, and when you package the MSI, Microsoft is very kind to put the (un)install comnands automatically, so you don't have to. In the end, it works, and is the final goal.
I could also argue that a number of EXE installers do not include standard command line parameters or documentation of said parameters or support for any parameters at all. These are the types of installers we dread in IT Endpoint Management.
MSI is at least very consistent and supports silent installation nearly every time (as long as the developer doesn't defy standards compliance).
@@mazessj, indeed. There are "standard", not that much, not at all, and there is Java. Fucking Java
great video! im super amazed of this quality of videos being your first one, keep going and youll make it far! :D
I feel that .msi instead of standing for "Microsoft (MS) Installer (I)" it should be "Microsoft (M) Software (S) Installer (I)" because it makes more sense.
I always wondered the difference and then always put it behind me. Tha k you for looking into this!
Just an FYI, often times an EXE installer is just a wrapper, called a boot strapper, containing the MSI. Often times the benefit to doing this is to install pre-requisite installations (like a specific .NET version) that the MSI format doesn't directly allow for.
SOURCE: a guy who has to make these installers from time-to-time.
Always wondered, now I know! Thanks for the great explanation and video
MSI has technically been replaced by appx/msix now, but those block some actions making the install safer but not as flexible as an MSI is. MSI is not safer than an executable as it does allow arbitraty code to run in the instalation.
4:39 I'm using a desktop app that takes care of uninstalling any app that I tell it, as well as any leftover files, Revo Uninstaller Pro
Revo uninstaller is excellent
You should totally install master sonic install (MSI) because its so much faster than excrement everlasting (EXE) installation
Great wordplay
1:28 Wrong/misleading/requires correction. One can still execute code using so-called Custom Actions. They call a .dll file that the developer embeds, which contains an entry point to their code and passes parameters about the installation. This can be necessary for manipulating .config files based on install flags and parameters.
Source: I use it at work.
MSI files can contain what is called a "custom action", which is likely an executable. So either way, there is a risk of viruses. Best to check the Digital Signature of both. Right click.. properties.. digital signature.
Take the same precautions with MSI as you do with EXE.
Even if valid signature can have malware.
@@hydradragonantivirus Agreed, but I'll explain it this way. My company produces desktop software. I purchased a digital signature. Then I had to go through an extensive process, providing all my company information and legal documents, then they verified my own personal background, having to provide a driver's license, birth certificate, social security number, background check, credit check, etc. I had to take several different photos of myself holding up all of the information. The company is based out of my home so I had to take pictures of that, with me in the picture. They sent a letter to my address with a code that I had to provide back to them. They needed a footprint of my software to produce the hash and certificate to embed in my own software to prevent tampering. Is it 100% foolproof?, no. I could very well include malware in the code I wrote, of course. But it is traceable directly to me. I have to do this every year when the certificate expires.
Not why this is showing under my employees login.. but is kenlnetherland responding back.
the advantage of MSI over and EXE format is that you can scrutinize its content without having to install it. you can check on the database instructions, and even dump the embedded media. on the context of which one is safe, it basically depends on who and how they are crafted. in terms of manageability on the installed components, again this would depend on how the program structure is designed. many software products use EXE installer so they can package multiple MSIs into one package; and many EXE installers basically are just a bootstrap to run msiexec to install the embedded MSI file/s.
I'm glad that my motherboard is an MSI, not EXE.
5:35 Thiojoe: MSI Malware is very rare
Meanwhile, Magniber, STRRAT, Adwind, Ghostrat, Younglotus, and Farfli Rat: It's our time to shine.
I’m assuming some people use .msi files for malware purposes since when you try to run a .msi file Windows (or maybe Firefox, I haven’t tried on any other browser) will give you a warning about the possibility of it containing a virus. No matter where you download it from
Isn't it the other way around?
@@just.nobody not for me
@@cursorguy Since I was a kid I've always seen exe files giving potential virus warnings. I've only seen few .msi files with those warnings.
@@just.nobody must be a Firefox only thing then
If you *run* anything after downloading Windows will give you a warning.
one thing i always consider before clicking on one of Thios videos is, "Will this help make my ethernet speeds 10x faster for free?", and the answer is yes. always yes.
Exe has one giant advantage tho. On the same computer, only 1 msi can install at a time. However, you can install as many exes as you want at the same time.
Most installers check for a previous installation
Windows restricting installation to 1 at a time is the dumbest shit. What use does this shit have? Ig it doesn't help windows is designed the asinine way of not being able to access files in use by other programs.
EXE can use things like semaphore to restrict multiple installations as well. MSI restricts multiple installations at once because it is technically a state machine that examines your computer, determines how to get to the installed state. Then makes it happen. If multiple installs occur at the same time you run the risk of changing the state one install is depending on by a second install.
It's mainly to avoid conflicts and collisions. In theory, maybe Microsoft could have developed an engine that could manage transactions from multiple packages running simultaneously, but they'd have to do away with certain things like Custom Actions and anything that could circumvent conflict management.
And being able to run multiple EXE installers at the same time is not necessarily a good thing because there's no conflict management. Granted, you might be installing two completely unrelated things, but Windows has no way to know that.
If you can't find an .msi, if you install the .exe, you can usually find the .msi for it in C:\Windows\Installer. Usually if you dig into the details tab of the properties you can figure out what it is. Going off the top of my mind but here's how I usually find it:
$msis = Get-ChildItem -Path "C:\Windows\Installer" -include *.msi | Foreach-Object { Get-AppLockerFileInformation $_ }
$msis | Where-Object { $_.Publisher -like "*Firefox*" } | Select-Object -ExpandProperty FullName
Replace firefox with whatever, may need a tweak or two.
My PC is made by msi 💀💀
Smartest person on earth
MSI or .msi? Lol
You should probably stick to .msi files otherwise you'll break your system!
@@1612akshat
Have you even seen the video? 💀
@@Neto.nxr4ed whooshed right over your head 💨
I rarely see MSI, only seen in chrome desktop remote... But it makes more sense to choose MSI if possible...
funny enough, most software "installing" for Linux opening the file and coping everything into a folder. I never understood why windows had to make this so overly complex. Even Macs are dead simple. Because for some reason Windows wants files in diffrent places from a software install, rather than just all in one location.
what? it's absolutely the other way around, in linux we have program data being installed to /usr/bin, /usr/share/applications, /usr/share/icons, /usr/share/locale, /usr/share/man, /usr/share/, /etc, /usr/lib .... meanwhile windows programs tend to be all contained in c:\program files\ (mostly)
@@ferchuu9 but you don't run an installer in linux. You literally just open a container file, copy it over, and that's it. Windows has filers going all over the place plus changes to the registry.
You've clearly never looked at Debian package installation files. (-:
@@JdeBP I use endeavouros (arch) btw
@@ferchuu9 bruh stop spreading fud, things like /usr/share/man are obv man pages lol
MSI files are basically just glorified CAB files, they're basically just ZIP files with some built-in instructions on where to extract the files, add some stuff to the registry, install services, make shortcuts, and such. The biggest benefit to MSI over EXE is that you can extract the contents of the installer and run it like a "portable" program a lot easier with an MSI than an with EXE. With an MSI, you can either directly extract it, or can do a "network install" with the /A switch which merely extracts the contents but doesn't add registry entries or services, make shortcuts, etc. With an EXE file, it might be possible to extract it if it's a ZIP, RAR, 7Z SFX (self-extracting executable), or you might need a tool or 7-zip plugin if it's a Wise, Inno, Installshield, NSIS, etc. file. (Note, in either case, simply extracting the contents instead of installing does work for most programs, but some do _require_ being installed because they need services or registry-entries or whatever in order to run, they _can't_ be run portable.)
Yes, registry enties and PATH updates. The script in the msi can also create / delete folders. And execute programs that are part of the payload. The program was needed to accomplish tasks the installation script was unable to perform.
Using Chocolatey makes all this so much easier 1 command and im up and running with the software installed
Is chocolatey better than winget? Ik that it was better during the early days, but is that still the case?
@@TollyH winget cant install ziped software yet only exe/msi so there is alot of sofware that it doesnt support thats why im still on chocolatey plus it doesnt require the microsoft store installed which is another plus as im using windows ltsc so it keeps windows even less bloated
@@TollyH Oh ok. I had always wondered about using Chocolatey but still stuck with winget from beta days since it is quite sufficient for my needs till now
Your back, great job man
What about his back?
@@J_Titor It does a great job.
should i install a virus in .exe or .msi?
😂
Both, if possible.
Too funny 🤣
Well if you WannaCry, then do either one of them I guess. But don't blame us if your computer gets destroyed.
@@pyp2205 I am a microsoft fan so I would do the latter
Do note that MSI isn't guaranteed to not be a virus. Apart from the classic "installer" tasks, they can define custom tasks which run bundled executables or scripts. In fact, software like Inno Setup uses this to create MSI packages, which just wrap the actual installer EXE but that allow compatibility like you mentioned. General software rules apply and you should never install software from untrusted sources.
Thats the reason to use iobit uninstaller (install monitor) which tracks down what it installed (exe or msi) and removes it also fully - works like a charm. Also macOS has big problems there in the install world, when you do not install it via store, then you have to remeber that you installed this programm this way and you have to uninstall it with an uninstall script from the program itself. I really don't understand why they do not have a container for each app and so it can be removed without traces (windows s had this approach kind a as it allowed only store apps)
Yaas! that's the topic which I want too,
Love My dear Windows.
Ahh yes the .msi installer and .exe installer. Before I recently upgraded to Windows 11 (my computer did meet more than the minimum requirements for Windows 11, so I waited for my computer to get the upgrade), I had trouble installing programs through MSI files on Windows 10. I would get something like "MSI Server is not responding". I would keep on clicking on retry, and I pretty much have to wait hours for some software to update or install. Now at least on Windows 11, I've seen a ton of improvements in terms of performance.
In fact I decided to upgrade to windows 11, because of how slow windows 10 is now. Now it's as fast as my Ubuntu installation (I sometimes get tired of using Windows, so I sometimes boot into Ubuntu whenever I need to do some programming or whenever I just don't want to use Windows for a few days).
Ubuntu fast when ??? xDDD
@@quicksilverb12 Have you even tried Ubuntu? Because it looks like you didn't.
@@pyp2205 there's much much much much faster and more reliable distros than Ubuntu 😂
@@pyp2205 tbf ubuntu is definitely on the heavier side as for a linux distro
@@quicksilverb12 Well from my experience Ubuntu is fast, maybe you haven't even noticed it. Anyway I'm kind of planning on switching to another Linux distro. Because some other ones that I tried like Arch Linux, and I honestly didn't really like it. I'm planning on switching to a Red Hat based system like Fedora Workstation. Which I know you might mention that Red Hat Linux based systems only allow open source software. And a lot of stuff I use are open source. So I don't mind that, and I know you can change it to allow proprietary software.
ThioJoe - great edu!! I learned a lot, and APPRECIATE IT!!
.MSI files don't uninstall programs, rather they _de_-install them.
Nice and clear explanation. Thank you.
this guys eyes are so intense
interesting observation
Transforms are a big advantage to MSI files. You can modify those instructions for install by attaching an mst to the msi for enterprise deployment.
I'm missing:
- MSIX
- APPX
- APPXBundle
appx is just an offline installer for windows store apps, msix is just the same as msi but it provides developers with better tools for configuration, etc and appxbundle contains multiple appx files that's all
Thank Thio, you make computer information easy to understand.
".MSI file is not going to be a virus"? Then you say it is possible to install a virus through the .msi file. You are basically saying that if you want users to install a virus. bundle it inside an MSI file because you are assuring them that it is safe... That is a reason to put a virus in .msi over .exe. False sense of security. Microsoft Edge is a good example. Its a virus. Just try to get rid of it...
eh? MS edge is a virus? Please explain lmfao
I am proud to declare that I actually managed to completely get rid of Microsoft Edge!
@@vengirgirem one year later and also now European Commission’s Digital Markets Act is in effect. So Microsoft now "allows" users to remove edge.
@@RawSiafu didn't know that. Makes sense now considering I tried to do the same two years ago and failed miserably
@@vengirgiremHOW
6:30 My recommendation for most users would be that torrents are more likely to be safe rather than a random website you found in bing. At least, as long as there are a couple peers sharing the file.
actually I've never heard about msi files 😂
Even with minecraft ? 😢
Old school windows users are all to familiar with msi files 😂
@@yorl418 Yeah the old Minecraft Launcher does use MSI.
Bro 💀💀💀
@@lordpuff XD
You cleared one of my confusion. Thanks🐥😃
I always thought MSI is an installer I was right XD
Yeah same, I would be like "I'm assuming that's an installer file?".
In all the years and all the docs...never knew this. Thank you Joe!
Good explanation of exe and msi files, thanks! ... but can you please stop using these stock video clips, which are not really beneficial to your explanations? They're not even funny. One is more ridiculous than the next. Ok, Thanks, have a nice day!
Best soft soft Introduction Ever!!
Man, you're rocks! Thank You for your course !!
Man, I've always wanted to know this and forgot to investigate. Thank you! 💪
The manageability of MSI is that on an Active Directory domain you can just drop a .msi into a Group Policy Object and all computers subject to that GPO will auto-install on boot.
You are/were not alone! I pray you found what has worked for you!
I’ve actually wondered about this recently! Good to know.
Other installer technologies like Inno or old Wise have less overhead. MSI usually adds extra bloat to the system directory and the registry. Unfortunately, other vendors, such as InstallShield and Wise, have switched over to the MSI format under the hood. When they run, they extract an MSI and pass control to it. When Microsoft creates something, it is always complex with databases, XML and GUIDs.
Often programs just need to have files extracted to a disk. But an MSI might index every single file in the registry. I have one program that is tightly coupled to the MSI. And when it is run without these registry entries, it triggers a "repair" to undo my attempts at debloating it.
All installers include a log unless specifically disabled. What uninstallers fail to remove on any platform is entries created by the program later, after the installation has concluded. The uninstaller may include clauses to delete additional items.
An Inno or old Wise package can be extracted to examine the contents. But with MSI you often get cabinets inside cabinets and all files named as hexadecimal numbers.
Thio joe is the only TH-cam Computer Nerd that I actually find entertaining..... Don't judge me😐
Thanks for sharing your expirence with all of us ❤️ 😊
Awaited video
Uninstalling an app that installed by msi is sooo convenient that it is alone a reason for me to use it. You can directly uninstall it from windows search/start menu but for exe, you have to uninstall it from control panel, and it usually gives the error as the app is still running. Even you thought you killed every process from task manager you still can't uninstall it...
Usually, the msi is a set of instructions for placing files and registries.
However, lets take chrome enterprise msi.
It does not have any files in its "file table"*1 . Instead it has custom actions running the installation through an executable "binary table"1*. A fake msi.
1) you need a program to see inside msi such as orca. It is basically a database.
This. Yes. Chrome MSI is not a true MSI! Bad example, @ThioJoe
as a linux user it is mandatory for me to inform you that almost all linux apps (packages) can be installed without any sort of risk because they are verified before hand and distributed though an app store (package manager such as pacman) and they downloaded files are once again veriefed on you own computer to make sure you got the prommised file and it didn't get intercepted or moddified
This isn't really a question about "should", as each program is built with different purposes. MSI's are typically for installer programs which then copy the main executable programs to the appropriate places, as selected by the user.
"Oh interesting topic." [Immediately checks video length] "10 minutes? I'll watch it if it's clear at 1.5 speed."
It was clear.
Excellent explanation, thanks a lot!
6:31 When you setup huge object with all variable types in NodeJS and the console.log prints "undefined"
A very good explanation there Thio, its just a shame that quite often devlopers and providers of the software do not give the required information of silent install switches or permissions their applications need, often defaulting to oh just have the user be an administrator. That advice is wrong on so many levels these days and from an enterprise perspective. The other worrying trend in particular with .exe files is to get around the administrative permissions in some cases they have started installing the application to %appdata% of the user profile which effectively makes the application unmanageable on shared devices etc.
Even Microsoft is guilty of this. Look at Teams and OneDrive -- both per-user installers, meaning each user profile gets a copy. 😝 Enterprises have been complaining for years.
Many years ago there was an installer "package" that was used by many programs ( particularly games), the main problem with it was that it was quite old code (16 bit) and was still being used for 32 bit games. The problem occurred with a 64bit windows, while the game would run fine, the installer wouldn't so you couldn't play it.
Thanks! Informative!
Most useful & clearly explained. Thank you.
we played with Msi using active directory years ago, where you attach the MSI file to a users account, the user logs on and it installs the program, user logs off and the program is uninstalled, basically the program follows the user to what ever machine they log on to. Been years since i have played with it all now sadly.
Great! Thanks for nice sharing! Have a lovely day
I used to be prejudiced against MSI files. Thanks for letting me know better
one software patch a supplier provided to us was provided as a .exe installer. IT dept decided they had to convert it to a .msi so they could roll it out to the whole fleet because they wanted to avoid any issue from trying to replace program .exe files that were currently being accessed by users. I don't know how msi helps there but apparently it does.
MSI has the built-in ability to handle files in use by either terminating the application that's holding the file(s) open or queuing the file(s) to be replaced on reboot. Maybe the EXE installer that the supplier provided wasn't robust enough to handle this, or maybe the IT department just didn't trust it since EXEs can be an unknown quantity.
fr stay on the grind
The best way to install software is through the package manager of your OS.
Especially on linux where the package manager is so fucking powerful, as every singl file is installed with it!
On windows the package managers are mostly just hacked in with glue, and it feels like you are simply curl getting the programs