| Subscribe via RSS

Checksum software for Windows

August 7th, 2008 Posted in Software, Windows

If you download a lot of software, I hope you verify the checksum of the files before you install them.  Developers that publish files usually will create a checksum of the program and post a copy of the checksum in the download package or below the download link.

For example if you download a distribution of Linux, lets say Ubuntu, before you install that desktop or server software you want to know that you have an authentic copy.  It is possible that maybe the copy you downloaded has been modified and could have Spyware, Malware or Trojan hidden in the software.

It’s also possible the software you think you downloaded is something else completely.  Maybe instead of Ubuntu you downloaded a pirated copy of Windows Vista.  Now that would really make me mad.  What if you installed that copy of Windows Vista…your system would really be screwed. :P

So when you download software, if the publisher offers a checksum, verify what you have. For Windows I use a program called HashCalc by SlavaSoftHashCalc is a free “HASH, CRC, AND HMAC CALCULATOR” all rolled into one simple GUI based application.  [TIP: If you copy the hashcalc.exe you can even run it from a USB thumb drive.]

Using HashCalc is simple.

  • Download the file you want to validate.  In my example I’m using the BackTrack3 ISO.
  • Select the file you want to validate, make sure MD5 and/or SHA1 are check (they should be by default)
  • Then click “Calculate”

Screenshot 1

nichosonsecuritycom_hashcalc_screenshot.png

  • Depending on the size of the file being checked and the computer your using this can take a second or a few minutes.
  • After HashCac calculates the checksum I copy it to my Windows clipboard and then open the file or web page in this example and do a “Find” for the checksum I copied.

Screenshot 2

nicholsonsecuritycom-_backtrack3_checksum_screenshot.png

  • If I get a match then I know the software I downloaded is authentic.

I hope that this post motivates you to start validating your software before you install it.  This is another layer of security we can add to keeping our systems safe.  Let me know what you think about HashCalc in the comments.  I would also like to know if you use another program and how you like it.  Be sure to checkout all the other great free software on the SlavaSoft website.

Random Posts

This entry was posted on Thursday, August 7th, 2008 at 2:52 pm and is filed under Software, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply