@Bakunin:
I generally agree.
It could have been the OP had already installed the software with a non-root user as a test - just out of interesst, that's why I asked.
But in the end (my past reality
) you get such software on your desk and it has to be installed. So far I or coworkers got such tasks always communicated orally and not written.
It comes down to install it, maybe with the vendor, or deny the installation unless the management, or whatever guys bought that fancy software, will take the risk.
And to be on the clean side, you would need to notice the management of possible dangers and get a kind of written assurance from them just in case something goes wrong. But to be honest, I don't remember any coworker, who demanded this from his boss for any Software before he started the setup and I do not know if this would keep one free from guilt at court.
root or not - software can still be malicious, dangerous or any less degree of a threat/unwanted behaviour. With root it usually can harm the system it is installed on but hopefully not more system, depending on the environment and setup. So if possible only a "quarantained" system might be a start as already said by Don.
Though what is if there is a timer that it automatically does it's tricks after a defined time/date, when it is somewhat sure to be installed in a production environment where it has locally or over the net access to precious data etc...
A tracker like mentioned basically does not need root. But I know what you mean