The key ideas here are validate. Validate, validate, validate. Any input, any arguments
from the command line, any data from files, any data from Windows
or browsing, validate. Even when the input is from another program because you don't know what that program will do when it's not under your control. Also remember that values and conditions you get
from the environment, from the net, and so forth, are also input of a sort. Verify any assumptions
you're making, you should at least
state the assumption. If you can't verify it,
try not to make it. If you absolutely must make it, warn the installers
about the assumption so that they can see whether or not it's valid on the system. But ideally what will happen is, you'll be able to
validate the assumption. If it's false, you program
will act reasonably.