How can you be sure that the file or program you want to download is exactly what it seems? Mike Plant explains how to avoid nasty surprises
The internet is bursting with all kinds of downloadable content. PC programs, videos, music, photos, games and more are all just a click away. But with hackers using legitimate-looking downloads to smuggle viruses and malware on to your PC, will you get more than you bargained for when you hit the download button? Thankfully, there are ways you can make sure the file or program you’re about to download won’t damage your PC. In this feature we’ll introduce you to the tools you need and the habits you should adopt to thwart the hackers.
Check downloads with VirusTotal
Unless you’re sure that the file you’re about to download can be trusted – and even if you are – we recommend checking it with VirusTotal (www.virustotal.com). This will scan the file for viruses (using 68 online virus checkers) before you download it.
First, you need to get the web address of the file you want to download. To do this, right-click the download link then click ‘Copy link address’. Next go to VirusTotal’s website, click the URL tab, paste the URL you just copied into the search bar and click the ‘Scan it!’ button.
VirusTotal will display a report that tells you when the URL was last analysed and show you a ‘Detection ratio’. A genuine download will have a ratio of zero. If the file has a low ratio, for example, 1/68 (meaning only one of the 68 online checkers questioned its veracity), this is probably a false positive. This is more likely with a program that has only just been released and is therefore not known to the viruscheckers’ databases. If you see a low ratio, it might be a good idea to wait for a few days and rescan the file after VirusTotal’s checkers have been updated.
VirusTotal has a browser extension for Firefox (www.snipca.com/22517), Chrome (www.snipca.com/22516) and Internet Explorer (www.snipca.com/22518). To install it, open your browser, go to the relevant link and click the Install button. Now, whenever you want to check a download link, rightclick the link and click ‘Scan with VirusTotal’. A report on the file will open in a new tab within your browser.
Find out if a website is genuine
Before you download any file it’s also worth checking the background of the website you’re downloading from. The free tool urlQuery (www.urlquery.net) will analyse any website and tell you whether it contains malware or should be avoided for other reasons.
To use it, go to the website you want to check and copy the URL. Next go to www.urlquery.net, paste the website’s address into the Profile URL bar, then click Go. A new web page will be displayed with the word ‘Processing’ in red. It can take about a minute to return any results. Once the results have come in, look at the box next to urlQuery Alerts. If the site is safe you’ll see ‘No alerts detected’. If there’s anything to be concerned about, you’ll see a list of alerts. Scroll down the results page for more information.
If you want a second opinion, you can try Google’s Safe Browsing Site Status tool (www.snipca.com/22523). Copy the URL of the site you want to check into the ‘Status of’ search bar. The URL will be checked against Google’s blacklist of unsafe sites and any security concerns will be shown in the ‘Current status’ section. If a website is safe, it will simply say ‘Not dangerous’.
Avoid annoying downloads
PUPs may not represent the same level of threat as malware and viruses, but they can be very irritating all the same. These are the ‘bonus’ programs and browser extensions that are smuggled on to your PC when you download a program. You can usually opt out of these by unticking boxes during the installation process, but they can be cunningly worded and often hidden.
We expose these tricks in Named & Shamed every issue (page 10), but for added protection, you should install Unchecky (www.unchecky.com, click the orange Download button and doubleclick the setup file to install it). From now on any tick boxes you come across on websites and installers will be unticked by default. Despite the fact that Checky will have done most of the hard work for you when it comes to blocking PUPs, we suggest you still always opt for the ‘Custom’ version of the installation and read through the options carefully when you install a program.
Don’t trust email links
One of the golden rules of email is: never download an attachment unless you trust the source. Even then, be careful. Banks, insurance companies and services will never email you with unsolicited requests for your account details and passwords – so never trust an email that does.
Of course, friends and family will send you attachments that they believe are completely harmless. However, if your friend’s PC is not as well protected from threats as yours, you should be aware that viruses on their PC can easily attach themselves to the photos, videos and documents that they are sharing with you.
To check an attachment before you download it, you can use another handy VirusTotal tool. Open the email and click Forward, then delete the body copy of the email completely, so that only the attachment remains, and change the subject line to SCAN. Then forward the email to scan@virustotal.com. In a few minutes you’ll receive a detailed email containing analysis from 54 online virus scanners. A safe file will have ‘found nothing’ next to each checker.
STOP HACKERS USING YOUR PC
Despite all your best efforts, the time may come when you fall victim to a particularly well-disguised piece of malware. Many of the more dangerous examples of malware will try to connect to the internet so that the hacker responsible for it can monitor or operate your PC without your knowledge. To receive notifications whenever a program, malware or anything else on your PC tries to access the internet, install Sphinx Software’s Windows 10 Firewall Control (www.snipca.com/22524, click the Download button under Free, to the right of ‘Desktop/Setup 32/64-bit’).
Windows 10 Firewall Control looks complicated, but it’s easy to get to grips with. Once it’s installed, open it and you’ll see a series of Edit Application notification screens. At the top left you’ll see the name of the software trying to access the internet (most of these will be browsers and familiar programs).
To let a program access the internet click the EnableAll button in the Quick Apply section. That program will now be able to access the internet without notifying you first. For any software you don’t recognise, enter its name into Google search, and look for sites like ‘Should I Remove It?’ and ‘Should I Block It?’ in the results to see what actions others have taken. While most of these programs will be Windows-related or program-specific processes, you may just identify a known virus and save yourself from a lot of pain.