There are gazillions of programs available to download, many of them really useful and many completely free. But you have to tread carefully especially with tools you have never heard before, to avoid being scammed or hurt; there are dodgy and dangerous programs out there so you must not download and install willy-nilly.

We saw previously how you can shop on the internet safely following some common sense measures. When you come across an interesting download you can apply similar rules to evaluate it before installing:

• Check the website. There are many ways to assess the trustworthiness of a website, but recently I just go to site advisor and type the URL of the unknown website. If there's something fishy about it or it hosts questionable download files, steer away.
   
• Check the download. Before installing anything new, pass it through virus total, a free online virus checking service. VirusTotal uses around 40 different antivirus tools to check a download, so you can assess the risk by majority vote.

Some may claim that you should also check that the installer is digitally signed, which means that you know the program creator (e.g. the company who made it is HP or what have you). However digital signatures aren't worth too much especially for a company you've never heard before. For example xplorer² installer isn't digitally signed but you know that's not an issue since we are good eggs down here <g>

Improving VirusTotal

When you want to check a file with virustotal you must upload it (i.e. send it over) to a remote server so they can examine it for you. If the file is small that isn't a problem but what if the installer is 20MB or more? Upload speeds are always slower than download speeds.

The good news is that virustotal stores past virus scans so if you upload a file that has been checked before you see the scan results immediately. Even better, you don't have to upload the file at all, just check it against its hash (signature). So instead of uploading the whole file you just calculate its "fingerprint" and submit that to virustotal; if the file has been checked before you can access the scan results with minimum effort!

What are file hashes?

A hash is a number that "uniquely" identifies a message, or a file. There are mathematical algorithms that calculate hashes, some simpler others more complex. You may have heard of CRC32 checksums, MD5 sums and the like. These sums are calculated by adding up the bytes that make up the file in special ways and mixing them so that a short number (the digest) is obtained. I don't understand how it works either but let's hope the cryptographers know what they're doing. In the end of the day it is a fingerprint you can use to identify a file.

How do you calculate this fingerprint? I found a nice free shell extension called hashtab, which adds a page to files' properties listing various checksums like MD5, SHA-1, SHA-256 and others. Note that the checksum stock column available in xplorer² (View > Select columns menu) isn't a hard core checksum. It is only a quick and most probably not unique fingerprint. But this hashtab will calculate strong cryptographic hashes you can use with virustotal.

To cap it all, the hash virus check procedure is presented in a short demo video

ps Happy new year!

Post a comment on this topic