Is there some good way to install and run untrusted software, except in a full VM? Assume running the software does not require admin privileges.
Can I use a separate partition, for example (How would I make sure other partitions are not touched)?
Am I right that installers need admin privileges and thus can do "anything"?
Is there some way to verify that the installer does not do anything "wrong" (or detect and rollback what it did?
Outside a full VM there are some limited options. It also depends what the installer installs. For example if it installs driver you probably cannot sandbox it.
Some App-Virtualisations can do it. I've only experience with Turbo.net. You just need to try. You need account and install that client. Then do:
turbo login turbo run --name=my-app --mount=C:\location-of-installer --admin clean
--mount makes that location visible inside the sandbox. You probably need --admin, so that the installer won't complain.
A new console window will open. In there, run you're installer. Simple execute it:
cd C:\location-of-installer the-installer.exe
Hopefully you're installer succeeds. Not the installed app is in that sandbox. You can start the sandbox again with 'turbo start my-app'. You also can freeze it as a image, to use on other machines, upload the hub etc.
turbo commit my-app --startup-file="C:\Program Files (x86)\My-App\App.exe"
Commit will create a 'frozen' version of the sandbox, ready to be used on other computers, uploaded to the hub and so one. `--startup-file={}' sets what .exe should be started.
