So what do you do for fresh installs? If you put too much expectation in and installer verifying itself, then you ignore the scenario where someone who hasn't installed BTS yet ? So what do you think is best way to do that as it has to be indepedent of blockchain?
The easiest thing to do would be to just rely on HTTPS. Yeah, the user could be at a risk of a man-in-the-middle attack, but the risk is only for that one time they download the installer for the first time.
More advanced users could use GPG to verify that the hash of the installer is signed by the appropriate trusted developers and auditors. Obviously you need to somehow get the public key fingerprints of these people to know you have the right public keys (they could read the fingerprints aloud in a YouTube video for example).
You could also read the hash of the executable over the phone to a few trusted friends (or if not trusted, at least friends who you are confident wouldn't collude together to harm you) who already have the blockchain clients setup and ask them to use their client to verify that it is valid.