People need computers to get anything done in today’s world. Technology has made life much easier for us all, but we are slaves to it, there’s no denying that. There are so many applications that make it simpler to do things in modern society. You just have to download them and avail their services. Even if one was to disregard and neglect these apps, there are millions of songs and important documents and software that people are attracted to. Any computer user will download thousands of files in their lifetime, and this figure is set to increase. So then, in this age where cybercrime is at an all-time high, and computer security is so important, how do you ensure whether the file you are about to download is clean? Read on to find out.
How To Ensure A File Is Clean
It will be wrong to say that people are absolutely clueless about the dangers they face when they browse the internet. Almost everyone today has a good antivirus installed in their systems (if you haven’t, let this article be your cue to do so). But if you rely on your antivirus’s malware fighting capability and use it to scan a file for viruses right after you download it, then there are chances of things going wrong for you, especially if that file is an executable. It’s best to know about a file’s nature before you download it, and the best way to do that is by using VirusTotal.
Defeat False Positives with VirusTotal
False positives, in this instance, are cases of a file wrongly deemed malicious. It happens quite often that your antivirus will shoot a malware warning when you scan a file. This could be because of a number of reasons. However, many malicious file developers use this to their own advantage. They’ll put up a line near the file’s download link, saying that you might encounter a warning from your antivirus when you download this file, but it’s a false positive. You would then ignore the antivirus warning, and the malware would infect your system.
To keep yourself safe from this, you can use VirusTotal. It is an online tool that uses a number of antivirus tools to scan a file and give you a report regarding its nature. VirusTotal is owned by Google and uses around 60 engines to thoroughly scan a file. The report will show how many of these engines found a problem with the file, based on which you can decide upon a course of action.
To use VirusTotal, follow these steps:
- Find the download link of the file you want to scan. To do so, right click on the link (not the URL) and copy the download link. If you use Chrome, select Copy Link Address. If you use Firefox, select Copy Link Location. If you use Edge, select Copy Link
- Enter VirusTotal.com in the address of your browser
- Click on the URL tab on the VirusTotal website
- Paste the link you copied earlier here before clicking on Search
Once you have done this, VirusTotal will conduct its analysis and give you a detailed report. You can read this report and see what VirusTotal and its 60 engines think about the download link you have entered. While it is ideal to get a 0/60 rating (meaning no engine found anything wrong), it’s common to get lower single digit warnings. But you should note that even though a 0/60 rating is the best case, it is no guarantee that the file is clear. The malware might be so sophisticated that VirusTotal’s engines cannot discover it or don’t know about it yet.
In order to make using VirusTotal even simpler, you can integrate it into your browser by adding the VirusTotal extension. Once you do that, you will only have to the right click on download links and then select Scan with VirusTotal to get the analysis done.
Other Precautions To Take
While VirusTotal is one of the best ways of vetting a downloadable file before actually downloading it, there are other things you can do to conduct a better analysis and secure yourself against online threats.
1. Check The Source
There are many things you might download from the internet. This can range from an internet browser to sophisticated software and files for getting a particular job done. While you can always trust the big organizations with their downloadable files, the same can never be said about other sources. Thus, you should always consider the source of the downloadable file and think how reliable and secure it is. The layout of the web page, the use of correct grammar, the composition of the link, etc. are small giveaways of websites that are there only to get users to download certain malicious files. While the absence of these signs isn’t a stamp of approval, you should always check for these.
You would do even better to check virus forums and archives for matches against the file you are about to download. If it is a software you wish to download, interact with others in the field to discuss the reliability of the source.
2. Watch Out For Executables
Files ending in .exe are the most dangerous when it comes to possible malicious downloadable files. Executables can contain many packed files, a number of which can be malicious in nature. These files can create a lot of havoc and cause all kinds of damage to your system and the files within. For example, modern malware can send your personal file to a remote server through the internet, encrypt your files and prevent you from accessing them unless you pay the malicious developer (an instance of ransomware), take up memory space, conflict with existing important apps in your system, etc.
The possibilities are too many to list here, which is why you should always be careful when downloading .exe files. Check the source, scan it with VirusTotal, look for its name in virus forums and archives, and scan it with your antivirus the moment you download it.
VirusTotal Isn’t Always The Answer
We have recommended using VirusTotal to check whether the file you wish to download is malicious in nature or not, but we will also say that VirusTotal is a one-stop solution and 100% reliable. While there are instances when the 0/60 result isn’t entirely accurate, there are also instances when a clean file is stamped malicious by a few of VirusTotal’s engines. This is something that happens with some regularity.
The most common example of this occurrence is with AutoHotkey. For those unfamiliar with it, AutoHotkey is a free and open-source scripting language that allows users to automate a lot of small things using keyboard shortcuts. You can use it to look up words or phrases using Google, automate recursive Excel operations, fill in forms with your personal information, etc. It can also be used for the distribution of self-contained software. This usage requires the software to include the part that understands and uses AutoHotkey scripts. When malware is written using AutoHotkey, problems arise.
Anti-malware software earmarks AutoHotkey as the culprit behind the malware rather than the malware itself. While this can result in the malware going through the scan and infecting the system, it also means that many clean files and programs developed using AutoHotkey are labeled malicious. A lot of AutoHotkey developers face this issue, highlighting how VirusTotal isn’t the absolute answer for all your virus related doubts about downloadable files.
Verifying VirusTotal Results
When things like the case mentioned in the section above happen, you have to take a few steps yourself to come to a decision about the integrity of the file.
1. Prompt the Developers
You might wish to download a file, a tool, or software that is necessary for your line of work but is labeled dangerous by VirusTotal. The number of engines saying so could be fairly small, which could raise doubts in your mind regarding the report. To draw a clearer picture, ask the developers about the file. Send them your report and ask them whether this is something that happens to them quite often. If there’s a website with a blog, there might be a post regarding this. Alternatively, you can visit forums about the file and ask other users about it. This is a good precaution to take in case the file is really malicious, as the developers would brandish it a false positive and encourage you to go ahead with the download.
2. Verify the Integrity of the File
You should do a thorough background check of the file to know more about its nature. If it’s something other people are also likely to use, then some information about it has got to be there on the web. Look for resources that mention the file and/or its developers, and see if you can trust them with the download. This is especially important if you are downloading a kind of file you have no idea of but is important for you.
3. Find the right source
When you follow some of the precautionary steps mentioned above, you might discover that the report by VirusTotal was actually accurate and that the file really is malicious. If it is a tool or software you require for work, then you don’t have to be disheartened. The report only means that the file on the link you pasted is malicious. You can always find another source – the right source – to download the file from. It goes without saying that you should follow all the safety checks before you download the file from an alternative source.
4. Use The Best Antivirus Software
If you download the file labeled dangerous by some VirusTotal engines, make sure you at least have a good antivirus as the first line of defense. The second that file is downloaded scan it with your antivirus. Don’t bother using free antivirus if you are downloading files regularly and disregard VirusTotal warnings with the same regularity. There is free antivirus software that is good, but it’s always better to pay for the service since it gives you quality assurance and assistance.
Downloads are an important aspect of using the internet. With close to 4 billion internet users, the number of downloads per day is quite high. The kind of threats that you face with these downloadable files are manifold as well. You might think that it’s a harmless PDF file or a song, but outward appearances can be misleading. It’s best to integrate VirusTotal in your browser and check all files before you download them. Study the reports carefully to make an informed decision and stay as safe as possible from malware.