Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

How Can I Tell If a Download is Safe?

//
Someone’s pointing me to a downloadable program as solution for a problem I’m having. I’m really hesitant to download and run unknown EXE files. Is there any way I can scan it with some program or otherwise ascertain if it’s clean or riddled with subtle spyware, viruses, or what ever else could be bad?

I was somewhat taken aback by this question. It’s a perfectly good question — it’s one that more people should be asking more often.

No, my reaction was due to the lack of a good answer.

It turns out that it’s fairly difficult to ascertain whether or not something you’ve downloaded is about to play havoc with your system, particularly before you download it.

But it’s getting better.

Become a Patron of Ask Leo! and go ad-free!

What anti-malware tools do

Anti-malware scanners look at the contents of the files on your system to see if they have what look to be viruses or not. The files don’t have to be installed or running; they just have to be accessible to the scanner. You can and should scan that file before you run it.

But they do have to be on your system, or (in some rare cases) in the process of being downloaded to your system.

Before you download? There’s effectively no solution. You at least have to download it in order to be able to scan it.

What to do?

So, what do you do? What do I do, for that matter?

It turns out our best defense is to fall back on common sense and best practices for avoiding malware in the first place.

  • Only download from sites you trust. Knowing who to trust is a difficult problem. My recommendation is to avoid downloading from third parties. If a piece of software is created by XYZ corp, then download it directly from XYZ corp’s website. If it’s available directly from the creator, there’s no reason to get it anywhere else. Avoid “download sites” if at all possible.
  • Only download from companies you trust. A variation on the previous point. Even if you do download directly from the creator’s website, not all creators are ethical or above-board. If you’ve not heard of the company before, it’s worth a quick search to see if other people have experienced problems. Much free software is “free” because it’s loaded with PUPs, for example. It might be legal, but it can certainly be annoying.
  • Never download illegal software. You shouldn’t anyway — because it’s illegal — but even if that doesn’t stop you, the risks should. Illegal software is lucrative because it’s free or dirt cheap. Malware creators know this, and often use it as an opportunity to distribute their wares.
  • Scan your download. This is the easy one. Anti-malware tools can easily and quickly scan a file, or a download, and tell you whether or not it contains any known viruses. Make sure to keep your virus program, and its database, up to date.
  • Back up. Even though you might trust what you’ve just downloaded, prepare for the worst anyway. Assume that what you’re about to install will cause your machine to crash and become unbootable. Would you lose important data? Then you better make sure that’s backed up first.

It’s getting a little better

I recently downloaded an update to a (legitimate) program I use, and received the following warning:

Windows protected your PC
“Windows protected your PC.”

That’s Windows Defender warning me that it didn’t “recognize” the application that I was about to run.

That doesn’t mean it’s malware, or that there’s anything wrong with it at all — it just means that Windows Defender (meaning Microsoft) was unfamiliar with the vendor, or perhaps the software wasn’t digitally signed. All it really means is to take a breath and consider whether you recognize and trust the application and its vendor. (In this case, you can click “More info” which will expose a “Run anyway” button, which is what I used.)

Other security tools use a more aggressive form of application white-listing, meaning that only applications that have been somehow pre-vetted and confirmed not to be malicious are allowed to run.

The best advice? Skepticism

In some ways, it’s not surprising malware is as common as it is. Absolute prevention is difficult, at best. Even with the best tools, we often hear of people actively circumventing warnings and other blocks to download whatever it is they (apparently desperately) want.

Most remedies are nothing more than damage control once malware arrives.

The best defense is … you. You are both the weakest link and the strongest hope for security. Be skeptical, take the time, and make the effort to choose your downloads with care.

Podcast audio

Play

Video Narration

20 comments on “How Can I Tell If a Download is Safe?”

  1. “….download it from the XYZ corp website.”

    One point. A fair number of devs will have their programs hosted by a download site such as tucows. A link to a thirdparty site from the author’s website can be as trusted.

    Reply
  2. I have been using a program called Sandboxie http://www.sandboxie.com for years. I generally test all new programs in a sandbox, but especially those I have the slightest doubts about. It takes just a second or two to set up a test sandbox, and scan with AV/AS programs. (I also use Jotti and virustotal from time to time). Even if I install a program with malware in the sandbox, I can just delete the sandbox and there is no impact on my operating system. In fact I run almost every program sandboxed. might add that there are ways to get data out of the sandbox, unlike virtual machines. I was last infected using DOS in 1987.

    Reply
  3. I forgot to mention…you can always do a web search for the name of the .exe program, like abcd.exe and add a comma followed by virus, spyware, rogue, malware to see if anything bad about the program turns up in the search results.

    Reply
  4. I use Avira and it’s notified me when a file might contain a virus before it’s opened. It’s worked on .exe and zip files. Now I didn’t open any of them to check, but a beep and a virus screen and came up asking me what I wanted to do with this file. Never had a .com or .bat beep yet.

    Reply
  5. I use free Returnil to “screen” all applications (.exe’s) before I run them “for real.” By turning on Returnil everything that happpens thereafter happens only in memory. Nothing can be written to the C: drive.

    I run or install the application, see what happens, and if I like it enough I then reboot (to turn off Returnil) and run or install the program on my hard drive.

    Reply
  6. Great article on “exe’s” ~being able to tell if they are “safe” or not..Leo,could you expand,explain how to set up a “sandbox”-so that us newbie geeks can quickly,and safely check downloaded programs/apps…before they are “run”,or opened,and installed to the hdd,thus preventing infected files from wreaking havoc on us.I understand that a “sandbox” thoroughly filters a application/program-sort of like running the app. through a sieve…is this accurate?? Would appreciate any feedback.Keep up the GeeK~~Brianisbeecube@yahoo

    Reply
  7. Like Howiem (May 19, 2009, post), I also thought smart-ip.net no longer had the online virus scan as I received a 404 page not found when going to the link. However, the link in ipodboy’s post (July 22, 2008) works if one deletes the period which was apparently mistakenly underlined and thus included in the link. Try http://smart-ip.net/en/tools/virus-scan without the period at the end.

    (I discovered this by checking “Tools” and then “Scan file for viruses” under “Tools” at the home page — http://smart-ip.net/en/ — and then comparing what I had found with what I had tried previously.)

    Reply
    • This on-line file scanner is still available ten years later, as of April 2019. It has the unusual facility of being able to test a file through its download link, thus achieving Leo’s Holy Grail of enabling us to test files before downloading them to our computers. Just right-click on the download link or button, copy the url, paste it into the scanner, and it will do the rest. A brilliant idea!
      After seeing this, I went back to Virus Total, an old standby: https://www.virustotal.com. I found that it too now offers this service and in addition, like Jotti, gives a list of results from multiple scanners, and thus a very high level of confidence in the result.

      Reply
  8. Visiting unfamiliar websites and especially downloading I always do on a Virtual OS. I use both Oracle Virtualbox and MS Virtual PC. Then I scan for malware within the virtual and install the program for testing, always on the virtual. If everything checks out I can them move the software program to a shared folder on the real hard drive, but only after testing.

    Reply
  9. I’ve always scanned any downloaded files for viruses and malware. But I have encountered a number of applications I have wanted to install just download an installer executable which is clear of malware, but when executing the installer, it downloads the files of the application to be installed. Is there any way to test the safety of these downloaded files?

    Reply
    • Other than security software that tries to scan as downloads happen, I’m not aware of a way. The best thing is to always download from reputable sources, and if you’re not sure, don’t download.

      Reply
  10. Thanks for the reply Leo. I haven’t found any security software that checks as a download happens. It seems to be a common place way to download apps these days.

    Reply
  11. Hi Leo,
    I just wanted to bring this to your attention regarding scanning a file before it is downloaded.
    I use a Firefox add on named VT Zilla. The program scans the item before it it downloaded. After downloading to my desktop I then right click it and scan it with both Avast Free Antivirus and Malwarebytes Free Antivirus before I install the program. Let me know what you think about VT Zilla.

    Reply
    • I don’t understand how an add-on can scan something before it’s downloaded. The file would have to be on your machine — i.e. downloaded — for the extension to be able to do its job. The only way it could work perhaps is if the add on works in conjunction with some kind of online service.

      Reply
  12. Before, I would download many programs with the idea that would benefit the system, cleaning, defragmenting, etc. But after having two pc with errors and corrupted files, I have gotten to the conclusion that those are worthless to the less. Now that I got a new Dell Inspiron and installed a Windows 10 on my laptop, I have made a resolution to no download anything, and let Windows solve anything that’s needed. What do you think? Am I right?

    Reply
  13. Unfortunately a recent Windows 10 update (?March 2019) notified me with an error message that it was not compatible with Sandboxie and I had to uninstall it to complete the update.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.