So I have often been asked to explain to someone how to be sure that a program or application that they download is safe and not infected with a virus or a trojan.
First of all, Always
1. Download from the official site or source of the program.
and you “can sometimes”…
2. Use a tool to check that the md5 or Sha hash of the application is the same as the software manufacturers advertised I use a very simple tool called Febooti File Tweak Hash and CRC… but there are many tools out there that do this and I have not tested these types of programs, I don’t even use it that often, but some people will swear that it is very important to always check your md5 or sha hashes to verify an application’s authenticity. The reason I do not use this method often is that I have not personally experienced infected software that often, and also many application vendors do not even offer you the original hash with which to check.
However, I use other methods to be sure that my software is authentic, including but not limited to expensive security software, HIPS, NIPS, Anti-malware and sandbox software, etc. I try to always download from trusted sources. I must point out, however, that it is possible that the original download source of an application can become corrupt or infected, but this is not common, (it is up to the software company to secure the servers that are hosting the download.)
So, in summary, you should always download from the site of the company that actually developed the software you are downloading. Now, there are certain cases where I have often seen software companies package something called opencandy with their software, however, and it is debatable whether this is in fact spyware.(it is flagged as malware by ESET). I have had several debates with the opencandy developers about this software, so i do not intend to devote any more of my time into explaining why I feel it is indeed malware. The reason that software developers sometimes package their free software with some type of adware is that it makes them money. Just be aware that when you download free software, it may indeed include some type of monetizing code that may attempt to steal your data. This is not alarmingly common however, and any “reputable” software developer will often notify you of their applications contents. I always tend to look for an Open Source alternative, (one that has its actual code available for anyone to look at and read.)