Download Precautions and Hash Checking

In this video we’re taking a look at download precautions, and also hash checking. So whenever you download software, some tips to follow. Always download from a trusted site. A trusted site would be something like the actual vendor website. Or if it’s from a publisher, such as if you’re getting a game, things like Steam, Epic Store, whatnot, are all going to be trusted sites. If a paid program shows up on a site for free, it’s probably fake, especially if you’re getting something over, say, BitTorrent, or a particularly shady website. More than likely, either it won’t be the program that you’re looking for, or it’s going to come with a virus of some sort. So definitely stay away from those sites.

Your antivirus should always be set to scan inbound files. What that means is if a file comes in, your antivirus should be scanning it, which is going to be the default config for most antiviruses. And finally, check the hash value if possible. Now, if you’re not familiar with what a hash file is, let’s take a look. So more and more websites are beginning to do this. Every programme will have a hash value to it, meaning there is a cryptographic number associated to the file. So in this case, we’re over on the Raspberry Pi website here. And I have the download bootloader here. And we see a Sha 256 extension next to it. So that’s the value of that particular file.

Now, when it comes to hashing, there’s different hashing algorithms. There is Sha 128, 256, MD5. These are all variations of hash files. And there’s a few others out there. But those tend to be the more popular ones. Now, what this means is, when I download this file, and I check the hash file, it should come out to be this if I’m looking at the Sha 256 value. So what does that mean to us? So if anything changes that file, if say the text document in that file, one letter is changed in it, that hash value is going to change. So if I download the file, and I take a look at the hash file, it should be exactly that number.

Now, if anything changes, if I download the file and it doesn’t match it– say, for example, a malicious hacker gets a hold of the website, they upload a bad file, and this guy says that. I download the file. I check the hash value. It doesn’t match that. I don’t run it. That means something has altered it. And again, that’s a really good way to check if your file is indeed what it’s supposed to be. Now, I already went ahead and downloaded this. And I have a hash calculator here. And you can find over at MD5file.com/calculator. Now, there’s a lot of hash calculators online. Also, there is a bunch that you can download for your operating system, Linux, Mac, OSX.

But for this demonstration, I’m using the one online. So again, I have the Raspberry Pi boot file here. I’m going to just drag it here. OK, and there we go. So it came up with the Sha 1, Sha 256 hash algorithm. I could also click MD5 to give me the MD5 value. But what we’re interested in is this one right here, Sha 256, because that’s the one that they represent on the site. So if we look here, the last few numbers are 4881C. And if we go here, it is 4881C. So those numbers actually match, which means it hasn’t been changed in any way.

So that’s a really good way to check to see if the file is what it’s supposed to be. And again, more and more sites are beginning to do this. So I do recommend if there’s any question at all, check the hash value. Another thing you could do is if you don’t have an antivirus that’ll scan inbound files, you can make sure you can manually scan the file. Or you could use an online scanner, like VirusTotal. So this is VirusTotal.com/gui/home. And what VirusTotal does is it’ll scan whatever files, URLs, and whatnot. So let’s take a look. I’m going to do “Choose File” here. I’m going to click on our file here. And it’s going to run a scan.

Now, the nice thing about VirusTotal is it’s running against 63 different antiviruses. So I can scroll down here. Adware undetected, I can see BitDefender’s on here, Avira, Comodo, ClamAV, eScan, F-Protect, FireEye, McAfee, Microsoft, Panda. Again, there’s like 63 different antiviruses running against it. And there is no virus detected on here. So that’s another easy way to check if there is anything fishy with your software. Finally, an easy way is to check the value. Check the actual file size. Because most times when you download a file, it will tell you what the file size is supposed to be. This particular one doesn’t have it. But again, we do have the Sha 256 value that we can compare it against.

So these are all different ways that you could help run to make sure that your file that you’re downloading is, indeed, safe. And finally, again, checking the hash value, always the easy way to see if anything’s been tampered with. So in the next video we’re going to be taking a look at fake error messages and scareware, and talk about what it is. Thank you for watching. I’ll see you in the next video.