Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Can I Check for Malware before Downloading Something?

Normally, you have to download it in order to check it. Can that be avoided?

Files cannot be checked for viruses before being downloaded, but there are precautions you can and should take.

Malware

I’d like to prevent viruses from ever reaching my machine. Can I test them before they’re downloaded? And if so, how?

In a word, no, not really.

There are some tools that claim to allow you to do so, and I’ll touch on those, but the pragmatic reality is that downloads get checked either as or after they’re downloaded.

That’s OK, though, because there are precautions you can and should take to deal with downloads safely.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Checking for malware before downloading

There’s generally no way to check a download for malware without downloading it first. Services that claim to do so appear to download to your computer anyway before they perform their checks. As long as you don’t run or open it, it’s usually safe to download and then run a scan on what you’ve downloaded before using it. As always, only download from sources you trust to decrease the odds of ever encountering malware to begin with.

Downloading safely

A download must be on your machine before you can scan it for malware.

With that in mind, here’s how you download safely.

  • Download only from sites you trust. This means downloading from major hardware and software vendors, sites, and companies you know and trust.
  • Download/Save, never Run/Open. “Download” just saves the file to your hard disk. Running or opening the file does that, but then runs whatever it is you’ve just downloaded before you’ve had a chance to find out whether it’s malicious or not.
  • Scan the download for for malware. Most security software has ability to scan a single file or directory.
Right click on a file to scan with Microsoft Defender.
Right-click on a file to scan it with Microsoft Defender.
  • Assuming your security software reported no problems, run or otherwise use the download.
  • If you’re still concerned, re-run a security scan on your system.

If it’s malicious

If your download shows up as being malicious, delete the copy you just downloaded immediately so it doesn’t get run by accident. If you can, see if you can find the same download from another source. Sometimes malware is present only in some downloads of a particular piece of software.

If you can’t find a clean download, don’t fall into the temptation of installing it anyway. It’s not worth the risk unless you really know what you’re doing. Contact the supplier or manufacturer of whatever you’re downloading, and report the issue to them. If they’re at all reputable, they’ll deal with the issue quickly.

Pre-download checking tools

I received several comments mentioning a tool called Dr.Web, a Firefox browser extension that claims to check download links for you. The wording from the extension page:

Dr.Web Link Checker is a free extension that can instantly scan webpages and files downloaded from the Internet, and block website attempts to monitor user activity and display advertisements.

The highlighting is mine; it implies that it’s checking files after you’ve downloaded them to your computer. Perhaps I’m misunderstanding.

It might be a decent tool, but of course it has detractors as well, expressing concerns about privacy and tracking since it requires full access to everything you’re doing in order to deliver on its tracking and advertising claims. My concerns if the malware check is really happening prior to download include:

  • That can be very complex to have happen correctly.
  • It’s scanning with their tool, not the tool you’ve chosen to protect your system.
  • It’s yet another browser extension that I believe you don’t need.

But it’s worth knowing about.

Sandboxing and virtual machines

Another commenter mentioned sandboxes, and that’s a great solution if you’re up for the additional work. I use virtual machines for this when needed. (See What’s the Difference Between a Sandbox and a Virtual Machine? for more on the distinction.)

If I really want to download something I suspect might be malicious — particularly if I want to run it — I create a dedicated virtual machine for it. That’s the moral equivalent of having an entire PC dedicated to the task. The reason this is helpful is it’s isolated from my “real” PC and can be easily discarded if the download does indeed prove to be malicious.

Do this

The most practical solution is simple:

  • Download, don’t run or open.
  • Scan the download with your security software.

If it’s malicious, delete it. Otherwise, carry on.

Definitely not malicious: Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.