0

How To Verify The Integrity Of Downloaded Files

Posted by nik on May 10, 2018

In a world where we use the Internet for almost everything, data breaches, security vulnerabilities, malware and viruses have become so very common. For example, we remember the WannaCry ransomware that affected endless computers nationwide, including commercial systems. A piece of ransomware affecting endless computers worldwide is usually very rare, but ransomware, viruses, malware and others are not. In fact, people’s computers are infected by ransomware, viruses, malware and other types of harmful software on a daily basis — this is why anti-malware and virus protection is touted so regularly.

Malware and the like is easily transferred to your computer by way of downloading files, especially if you download from a website that isn’t trusted or appears sketchy. So, how can we know that the files we are downloading are actually what we wanted to download, or at least aren’t traced with malware? It can be hard to check on your own, but there are still ways to verify the integrity of a file.

Why Checking File Integrity Is Important

Just to reiterate, it is so important to check the integrity of a file (basically verifying its authenticity), so that you don’t accidentally download malware, viruses, ransomware and other harmful software to your computer. In most cases, your anti-virus or anti-malware software will catch any downloaded viruses before they can do harm, but they’re still something you don’t want to download willingly, especially if your anti-virus happened to pass over or miss the downloaded malware. Just one real-world example: operating systems and anti-malware programs didn’t have the information they needed to detect and get rid of WannaCry before it was too late.

With that in mind, you don’t need malware or viruses getting past your anti-virus, locking up your system, causing irreversible damage to important files, gaining access to information they shouldn’t have, etc. If you gave malware a chance to do that, getting rid of it and fixing the problem would cause you lots of time, potential file loss, and possibly a good chunk of change if you need to take your system to a computer repair shop.

As you can see, checking the integrity of files is so important. Spending just a couple of minutes to verify a file’s authenticity could potentially save you hours of time, file loss and possibly some money, too.

You Can’t Always Prevent Problems

Checking the integrity of files can prevent a lot of harm to your computer. However, it’s worth noting that you cannot 100% stop all problems — you cannot 100% stop all malware or viruses from harming your PC. There are precautions you can take, and by checking the integrity of files, you can prevent most problems.

Since you can’t 100% stop all problems from hitting your PC, let us just reiterate how important a good backup strategy is for your PC. After all, you don’t want to take the risk in losing important documents, whether that be financial, business or even precious memories. Take a moment to look over our article on creating your very own backup strategy, and once you follow those steps, no matter what happens to your PC, you’ll always at least be able to keep your important data safe.

Checking File Integrity

To check and make sure a file is genuine, we will need to use a checksum tool. Most checksum tools are command-line tools, but don’t let that scare you off. They’re extremely easy to use! Not only that, but most are free to download and won’t cost you a dime.

FCIV

We’re going to use a program called File Checksum Integrity Verifier. This is a free program, and you can download and install it here. It works in Windows 10, all the way down to Windows XP and Windows 2000, as well as most most Windows server operating systems.

To install it, navigate to your download location (normally the Downloads folder in most versions of Windows), and double-click it to start the installation. Follow the steps to install the program, and when it asks where to extract it to, extract it to your desktop.

Once the installation is finished, we’ll to move to the program so that Windows can use it in Command Line like any other tool. We’ll need to right-click on the fciv.exe file we just extracted to the Desktop and select Copy.

Next, we’ll want to open File Explorer and navigate to C:. In this directory, you should see a Windows folder, simply right-click it and press Paste. Congratulations, we should now be able to access our File Checksum Integrity Verifier from anywhere in Windows.

Using FCIV

Now that FCIV is setup, we can begin checking the integrity of files we download. First, it’s worth noting that we can’t always check the integrity of file. To be able to check integrity, the original owner of the file (i.e. the company or developer) needs to provide you with a checksum. A friend with the file can do this, too. If we don’t have a checksum of the file, we’ll have nothing to compare our own checksum to, therefore making this process useless. Usually, the download provider will provide you with a checksum on the Downloads page of whatever program you’re downloading — in 99% of cases, it’s a simple text file with the checksum value in it. This will usually be marked as either a SHA-1 has or a MD5 hash, which is basically an output of a bunch of strings and numbers (more on this in a minute).

Next, we need to create a checksum of the file we’re checking. In Windows 10, head into your Downloads folder. Hold the Shift key down while right-clicking any whitespace in the Downloads folder. In the context menu, select Open Command Window Here. Here, we can use FCIV to create a checksum for our file.

It’s simple: in the Command Prompt window type in fciv <file name> -sha1 > filename.txt. Here’s what this command is doing: we’re telling the FCIV program to create a checksum with the SHA-1 hash of the selected file, and output that value to a text file with the name of your choice (it should show up in your Downloads folder). In real-world use, it would look something like this: fciv steam.exe -sha1 > steamchecksum1.txt.

Next, you would open that .txt file, and you should see a long string of numbers and letters. It will show you the version of File Checksum Integrity Verifier you’re using, below that it will give you the checksum value (the string of numbers and letters) followed by the file name you verified. Next, you can take that value and make sure it matches up with the checksum value you got from a friend or from the company who owned the file.

If it doesn’t match up, download the file again (something could’ve went wrong during the download process), and if it still isn’t matching up, you’re not getting the original file for some reason (possibly because something malicious happened to it). In this case, you can try another download source and try the checksum process again. If you can’t get the checksum to match, do not install the file. You could be putting your computer (as well as all of your data) at serious risk. If your checksum value that you got from FCIV does not match up to the checksum value provided to you, that means that the contents of the file has changed from someone other than the developer.

Unfortunately, while FCIV is still quite commonly used, it hasn’t been updated for new hashes, such as SHA256 — that said, you might have more luck with CertUtil or a function for PowerShell (we’ll get into this in a minute).

CertUtil

Another Microsoft program built into Windows is CertUtil. It’s another command-line tool, operates similarly to FCIV, but can check the newer hashes like SHA256 and SHA512. Specifically, you can generate and check the following hashes: MD2, MD4, MD5, SHA1, SHA256, SHA384, and SHA 512.

Again, it operates in a similar fashion to FCIV, but the commands are slightly different. To use it, you’ll want to open up Command Prompt, and type this formula: certutil -hashfile filepath hashtype. So, in real-world use, it would look something like this: certutil -hashfile C:DownloadsSteam.exe SHA512. Under the hashtype portion, or instead of SHA512, you would want to use the same hash type of what the developer provided with their program.

CertUtil will then give you the long string of numbers and letters, and then you’ll need to match that up with the checksum that the developer gave you. If it matches, you should be good to go to install the file. If it doesn’t, do not proceed with installation (either try re-downloading, or re-downloading from another site, or report a problem to the developer).

PowerShell

If you’ve moved on beyond Command Prompt and are using PowerShell for all of your Command Line programs and commands, the process is a little different. Instead of using CertUtil, we’re going to use the built-in Get-FileHash function. By default, PowerShell uses SHA256, so if you were to enter in the command to generate the checksum without the defined algorithm (i.e. SHA512), it would default to SHA256.

To generate your checksum hash, open PowerShell. Next, simply type Get-FileHash filepath to get your hash result — in real-world use, it would look something like this: Get-FileHash C:UsersNameDownloadsexplorer.jpg, and it would produce the above result (image above).

To change the algorithm used, you would type your file path, followed by the -Algorithm command and the type of algorithm you want to use. It would look like this: Get-FileHash C:UsersNameDownloadsexplorer.jpg -Algorithm SHA512

Now, just make sure the hash is identical to the hash that was provided to you by the developer of whatever program you’re downloading.

Linux

The process is similar in most Linux distributions; however, you can skip quite a few steps, as the MD5 Sums program comes pre-installed as part of the GNU Core Utilities package.

It’s actually quite easy to use. Simply open up Terminal, type md5sum filename.exe and it’ll output the checksum value in Terminal. You can compare two checksum values by typing in two file names, like this: md5sum budget1.csv budget1copy.csv. This will output both checksum values into Terminal, allowing you to check that they’re both identical. To check a file, you may or may not need to make sure Terminal is in the directory of said file — you can change directories by using the cd command (i.e. cd public_html).

Closing

By following the steps above, we showed you how you can compare checksum values on specific files to verify if they are genuine files, or if they’ve been modified maliciously. Keep in mind that an altered checksum value doesn’t always mean something malicious happened to the file — this can come from errors in the download process as well. By re-downloading the file and re-running the checksum, you can narrow down the altered value to an error in the download or a possible (and potential) malicious attack. Remember, if a checksum value does not match up, do not install the file — you really could be putting your PC at risk! And remember, you can’t prevent all malicious problems, so make sure you have a good backup strategy in place before the worst happens!

Leave a Reply

Your email address will not be published. Required fields are marked *