That's an interesting point, otherwise I'd say it's basically the Windows equivalent of LD_PRELOAD. Running executables from the "downloads" directory is certainly a thing though, never realized the security implication there (beyond trusting the download natch)

with putty i would be surprised if most didn't run it straight from the desktop. i would be a dirty liar if i said i haven't, countless times.

This. Without an installer that puts a link into the start menu, everyone I've ever worked with just dumps it on the desktop. I used to throw a symlink into the start menu, but when other devs used my machine they expected it to be on the desktop. Just one of those quirks of using PUTTY

But why not just use the installer?

For a long time, there wasn't an installer for putty, so a lot of us became accustomed to just dropping the binary on our desktop or "bin" folder", but there is an installer now. Also, certain corporate environments that preclude the installer from working correctly, but won't mind you "installing" a program to your desktop/local app data.

I find the corporate environment thing suspicious. I could imagine that if you don't have admin access, you can't install to Program Files, but couldn't you still install to your home directory, and still get those lovely start menu shortcuts?

Not really.

Windows, by default requests elevated rights from the user (the UAC dialog) if you run any exe that has 'setup' or 'install' in the name, or if the manifest inside/alongside the exe defines a requirement for elevated rights.

You can spot these files as they have a little Windows 'shield' overlay on their icons (Windows overlays that itself if it detects a file needing elevated rights).

So, unless you can elevate your rights (i.e. be admin, or type in admin credentials), you can't run most installers.

However, prior to Windows 7 your personal start menu folder wasn't locked down - and as a non-admin you could easily add/remove shortcuts from it. Since Windows 7 onwards it's now protected, so you need to elevate to be able to write to it.

Windows allows you to run (by default) software from ANY folder you like, but you can only (by default, again) write to some of your user folders and the the %TEMP% location.

So downloading the PuTTY exe and running it from the downloads folder or desktop is perfectly legitimate, although not good practice.

As an aside: I'm not sure if Chrome still does it, but I recall that if you try to install it and you don't have admin rights, it just puts an icon on your desktop, and installs all the chrome files into a folder under ProgramData which resides in your user hierarchy, instead of the locked down Program Files area. Which is one way of getting around the lack of admin-rights.

Huh. I think that's a poor design choice on the part of the Windows folks, but they probably know things I don't.

You know in order to secure an old house, you just nail boards over all the openings? Well, yeah, that's the Windows security model that is. :)

I was going to say putty does not have an installer, but TIL putty now has an installer..