The most convenient solution would be to prevent users from installing it in the first place. Still, if they work on it, they could download the source code and install it inside their home directory. Unless you also block direct access to the internet. I would also recommend that you read man sudoers.
Other solution: monitor internet usage and pull their ears when you see suspicious amounts of data being transferred.