If you’ve ever had any kind of nasty-ware attach itself to your computer, you know how very annoying and potentially dangerous it can be for your privacy, and even your finances. Yet, despite all that, more and more software is being delivered via the Internet than before. Sometimes, the same software is available for download from a multitude of sites especially if they are open source.
Thus, the big question is…
How do you know the copy you downloaded and are about to install on your computer is an unaltered copy, free from additional nasty code?
One thing’s for sure. We aren’t developers so we can’t just pop it open and be able to tell what’s in it. That’s where checksums come in. Check what?
Simply put, a checksum – sometimes also called hash sum – is like a verification code.
When you run a program or any file through a checksum calculator, it will spit out a length of code. When you distribute that file and tell people your checksum code, they can use that code to verify if the copy they received is indeed the exact same one as the one you sent and thus, safe to use (assuming you didn’t send them malware to begin with – you wouldn’t do that right?).
Below are some step-by-step methods how to generate and verify checksums using a free tool called digestIT 2004.
Right click the file you want to calculate the checksum for
Hover over digestIT 2004 in the popup menu and click Calculate MD5 Hash or Calculate SHA-1 Hash it doesn’t matter which although, you must let people know which method you are using for them to properly verify the file.
digestIT 2004 will calculate a code for you which you can copy or save to a file to give to others.
Verifying A Checksum
I recently downloaded from the Internet called PDFBinder. Here’s the checksum published on their download page.
After the file has finished downloading to my computer, right click on the file.
This time, I’m going to click on Verify SHA-1 Hash. How do I know to use SHA-1 or MD5? Because the download page told me it is SHA1 (see screen shot above this one)
Now, I’ll copy the code from the download page and paste it into the dialog box here, then click OK
The tool will calculate everything and let me know if its calculation and the code I entered match. As you see from my screen shot, they match. Now I know the program has not been altered and I’m happy to install it.
There are plenty of checksum verifier tools out there. I heard there’s even a Firefox plugin. As for Mac users, I found HashTab that does the job. It can be found in the App Store. I haven’t tried it but if you’re looking for something that’s a good start.