Making sure you download what you think you're downloading requires two things: The publisher publishing the hash or checksum of each file and a tool to verify that your download actually matches.
Mostly we're lazy. We go to a software publisher's web site and download files and just assume that what's in the file is what the publisher claims it to be. The problem is that these days web sites are frequently compromised by hackers and it only requires one of the bad guys to add an evil payload to a downloaded file to ruin your day and if you're really unlucky, a malware inclusion such as ransomware could ruin your life.
So, verifying file integrity is crucially important and vendors should publish hashes and or checksums for every file they offer for download. Alas, many still don't. Febooti, a company I wrote about a couple of posts ago for their Windows Automation software, do just that; they
Febooti not only provides MD5 hashes for all their software titles but also offers SHA-1, RIPEMD-160, and CRC32 check and, to make it easy to perform verification offers their own freeware hash verification tool that runs on all 32 and 64-bit versions of Microsoft Windows.
This tool performs a large number of verificatoion algorithms including MD2, MD4, MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, Whirlpool, Tiger-192,RIPEMD-128, RIPEMD-160, RIPEMD-256, and RIPEMD-320 and a list of Hash Test Vectors to verify that the tool works correctly.
After you install the software you might wonder where it is as there is no visible executable in Programs. Febooti have cunningly made the software integrate with the system; it's available in the right-click context menu under "Properties."
This is a great freeware tool and something you should have to hand and use every time there's an opportunity to verify whether you've got the file you think you have. While it might seem like a pain to do this, the reality is that hacking is becoming a progressively bigger threat and it's no longer a question of "will" you come across a compromised download site but "when."
Zipbuds: Earbuds with great sound, great design (particularly for travellers), and a great priceNext Post
Is Wi-Fi killing us...slowly?
FTC and 10 state attorneys general settle with vacation services group that made massive robocall...
We upped the tech quotient of our backyard ice bar with coasters made from 3D-printed forms.
You can use the CuBox-i4Pro as an Android machine, a general purpose Linux host with or without...
Sponsored by AT&T
Sponsored by Brocade
One analyst firm has pegged the value of a standalone Amazon Web Services at between $40 billion and...
Even the most savvy IT professionals can fall victim to social engineering attacks. Here’s how to...
Broadcom's latest chipset will run 2.4 and 5 GHz Wi-Fi simultaneously. That changes everything in terms...
When a Xen vulnerability is found, Amazon security engineers scramble to respond.