Let’s start out with a real world example and discuss the process one would go through when making a decision to download software. I love to download free games on my computer and my smart phone, so today I’m going to look at a game that is new to me called Wild West Story – The Beginning. I’ve never heard of this game, and I’m not familiar with the developer. I just stumbled across the game while doing a google search for western themed games. I have no idea if I can find a trusted software download but the game sounds fantastic, so I’m going to try.
As awesome as it may sound, I’m not ready to pull the trigger and download this game from any old site. I’ll keep my pistol holstered until I’ve done a bit more research. The first thing I need to do is find a site to download from. Googling Wild West Story gives me 57,900,000 results and a lot of websites I’ve never heard of. I have outlaws to shoot and a ghost town to rebuild, so I’m sure not going to compare 58 million web pages to find the most trustworthy. I’m going to focus on finding a website on the first search page and work my way down if I need to. The search results are listed by popularity, so I’m going to assume they are popular because they are reputable.
Although I have assumed the sites are reputable, I will still verify their integrity before clicking any URL’s. There are many sites that can verify a URL to tell you if a site contains malware. My favorite is virustotal.com. I’m going to copy the first URL into the scanner at VirusTotal to verify the URL. Running a scan on the link made me feel pretty confident that this is a safe site. Of the 66 sites that VirusTotal used to scan the URL, there were zero results listing this site as a potential threat.
Since the site checks out as safe, I’m going to go back to my google search and click on the URL to access the website. I’m now at a web page with a large download button.
Scan all Links
I really want to click that download button, but I’m not ready to yet. This software resides on another page, and I need to inspect the link and find out if it is safe as well. I right clicked the download button and chose “copy link location” and then I pasted that link into VirusTotal as well. VirusTotal confirmed this second link is safe. At this point, I’m ready to hit download and copy the installation to my hard drive. After the file has finished downloading, I will also go back to VirusTotal one last time and do a file scan on the downloaded file itself. Just because the site was safe doesn’t mean the software isn’t laden with malware and viruses.
Scan the File, Too
To test the file itself you have to run a cryptographic check against the file to verify that the checksum value matches the checksum value given by the software developer. If the values match; the file can be considered safe. Take a look at the SHA 256-bit checksum value produced by this application.
After I felt comfortable running the application, I proceeded to complete the software installation. This install was pretty easy, and I’m ready to clear this ghost town of heathens and bandits, but before I do, I have a few other installation tips to cover, so you don’t get caught in some common install traps.
Choose “Custom” Installation and decline Addition Software
Anytime you are given the option to install based on a “default” or “custom” installation, always choose the latter. After you click next in the software installation, you will most likely see checked boxes somewhere that are ready to install other software that you don’t want like virus scanners and toolbars.
Don’t Use Installers and Download Managers
I would also recommend that you do not use custom installers or download managers if given the option. There are websites that host software for many different vendors. They bombard you with advertisements on their websites while generating income for themselves. These companies are known to place wrappers around the software you were originally looking for which further generates revenue for the host website.
Download directly from the developer whenever possible
With this said my last tip to you would be to always download directly from the software developer whenever possible. Following these tips should keep you pretty safe on the Wild, Wild….I mean World Wide Web.