Normally, you have to download it in order to check it. Can that be avoided?
In a word, no, not really.
There are some tools that claim to allow you to do so, and I’ll touch on those, but the pragmatic reality is that downloads get checked either as or after they’re downloaded.
That’s OK, though, because there are precautions you can and should take to deal with downloads safely.
Become a Patron of Ask Leo! and go ad-free!
Checking for malware before downloading
There’s generally no way to check a download for malware without downloading it first. Services that claim to do so appear to download to your computer anyway before they perform their checks. As long as you don’t run or open it, it’s usually safe to download and then run a scan on what you’ve downloaded before using it. As always, only download from sources you trust to decrease the odds of ever encountering malware to begin with.
A download must be on your machine before you can scan it for malware.
With that in mind, here’s how you download safely.
- Download only from sites you trust. This means downloading from major hardware and software vendors, sites, and companies you know and trust.
- Download/Save, never Run/Open. “Download” just saves the file to your hard disk. Running or opening the file does that, but then runs whatever it is you’ve just downloaded before you’ve had a chance to find out whether it’s malicious or not.
- Scan the download for for malware. Most security software has ability to scan a single file or directory.
- Assuming your security software reported no problems, run or otherwise use the download.
- If you’re still concerned, re-run a security scan on your system.
If it’s malicious
If your download shows up as being malicious, delete the copy you just downloaded immediately so it doesn’t get run by accident. If you can, see if you can find the same download from another source. Sometimes malware is present only in some downloads of a particular piece of software.
If you can’t find a clean download, don’t fall into the temptation of installing it anyway. It’s not worth the risk unless you really know what you’re doing. Contact the supplier or manufacturer of whatever you’re downloading, and report the issue to them. If they’re at all reputable, they’ll deal with the issue quickly.
Pre-download checking tools
I received several comments mentioning a tool called Dr.Web, a Firefox browser extension that claims to check download links for you. The wording from the extension page:
Dr.Web Link Checker is a free extension that can instantly scan webpages and files downloaded from the Internet, and block website attempts to monitor user activity and display advertisements.
The highlighting is mine; it implies that it’s checking files after you’ve downloaded them to your computer. Perhaps I’m misunderstanding.
It might be a decent tool, but of course it has detractors as well, expressing concerns about privacy and tracking since it requires full access to everything you’re doing in order to deliver on its tracking and advertising claims. My concerns if the malware check is really happening prior to download include:
- That can be very complex to have happen correctly.
- It’s scanning with their tool, not the tool you’ve chosen to protect your system.
- It’s yet another browser extension that I believe you don’t need.
But it’s worth knowing about.
Sandboxing and virtual machines
Another commenter mentioned sandboxes, and that’s a great solution if you’re up for the additional work. I use virtual machines for this when needed. (See What’s the Difference Between a Sandbox and a Virtual Machine? for more on the distinction.)
If I really want to download something I suspect might be malicious — particularly if I want to run it — I create a dedicated virtual machine for it. That’s the moral equivalent of having an entire PC dedicated to the task. The reason this is helpful is it’s isolated from my “real” PC and can be easily discarded if the download does indeed prove to be malicious.
The most practical solution is simple:
- Download, don’t run or open.
- Scan the download with your security software.
If it’s malicious, delete it. Otherwise, carry on.
Definitely not malicious: Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.