The internets full of a ton of files which makes it quite hard to determine what you’re downloading is actually the thing that you were looking for. Fortunately, there are a few things you can do to ensure the intergrity of the file in question which we’ll explore in this blog post.
Using stores to download your desired software decreases the risk of encountering malicious versions of that program. Places like this are very rigorous when it comes to security especially the Apple App Store which makes it less likely that you’ll find malware on there (although there have been many cases of mis-haps but nothing is perfect). Nearly every major operating system has a store with a few examples being: Apple App Store, Google Play, Microsoft Store.
So you’ve tried to download something from the store but it’s not there, what now? We’re gonna have to use a web browser whilst taking precautions to keep our device safe. Some tips for doing this would be to only download from the original publishers’ sites (such as downloading Google Chrome from a Google website only). Alongside doing so, check if the link and the website seems legitimate, be careful with the download buttons you click and check for https connections, avoiding http connections.
Now that the file is on your device, there are still ways to check if it is safe. Regarding installers such as exe’s and apk’s, you can gather information about them before running them. A few red flags here would be warnings showing up about the file, installers asking for too many unreasonable permissions and unverified publishers (or the lack of one). So long as you don’t run the file after seeing these, you should be able to remove it safely.
Everything I’ve shown so far works well but seems to be quite exclusive to software but what about other files? This is where file signatures come in and where a bit of technical skill might be required. Each file has a size in bits which can depend on many factors like the contents, the file type, file information etc. This is then used in a special checksum algorithm to generate a file signature or a checksum as it’s more commonly referred to.
The two major checksum algorithms used in the real world are MD5 (insecure) and SHA256 (secure). These algorithms use the bits in a file to perform special calculations which create the checksum. Any little change to the file alters the bits as well as the checksum. This comes in use when a website provides the checksum that you should expect upon downloading the file. MD5 is insecure as it has been cracked whilst SHA256 is still cryptographically secure.
Checksums can be generated in a variety of ways with many systems having this utility built into them. Once you generate a checksum you can compare it against the original and if they match you’re good otherwise remove the file as it has been tampered with.
On Windows, this can be done easily in a Powershell terminal:
The command is as follows: Get-FileHash <file path>. You can also specify the -Algorithm flag and then follow that with the algorithm of your choice. Without this, the command defaults to SHA256.
On Linux, this can also be done from a terminal:
sha256sum <file>. Used for SHA256 checksums.
md5sum <file>. Used for MD5 checksums.
Alternatively, you could also just find a website or a program where you can send your file to and have it calculate the checksum for you.
Finally, I would like to end with a dilemma which is that what if an attacker has compromised a file, surely they would also alter the checksum on the website? This is possible and the way to get around this it to obtain the checksum from somewhere else you can trust either a different website or someone you know.
Thanks for reading :) you should now be able to check the intergrity of your files and keep your device safe from hidden threats.