Showing posts with label Checksum. Show all posts
Showing posts with label Checksum. Show all posts

Wednesday, March 9, 2016

How to verify checksums when you download an app for your Mac

checksums

Open Source Transmission BitTorrent Infected with Malware


Some of the Mac users seemed to have received a surprise last week when they discovered that a latest version of the open source Transmission BitTorrent client had infected their computer with malware, a condition which had been avoided with suitable securities. Most of the computer savvy are aware of the vigilant about where the download software are from though few of them pause to verify that the files received are the file which they are supposed to receive.

 This could be a grave last step in the prevention of malware infection seen in Transmission. Often, developers tend to post checksums or hashes together with the download links for their projects in order to simplify this type of verification. Generally, a checksum is the outcome of a mathematical calculation that tends to run a certain file, if the file has not been changed. The checksum calculated will tend to match the checksum provided by the developer.

It has not been made known how the infected download made its way on the Transmission’s website, though those who seemed to have received it first in the processhave informed that the checksum of the bad file does not seem to match the checksum given by the Transmission team.

Checksum Validator – Easy to Use Utility – Calculating/Validating Checksum


Checksum Validator is an easy to use utility for calculating and validating checksum – SHA-1 or MDS digests, for files which one downloads or uploads. On comparing a site’s published checksum with one’s calculated checksum one can verify that the download matches with the official copy of the site, which is free from corruption or tampering, unless of course the site’s checksum is also tampered.

All that is essential to calculate checksum is in MAS OS X which is quick and easy and the quicker and easier, the more possibility of actually verifying downloads. If the checksum is verified prior to installing, they would be aware of something being inappropriate. It is worth being aware that this is not a reliable process and if a website is compromised, the attacker can easily change the checksum also.

 Users can learn to verify checksum or SHA-1 which is a software update, provided on Apple software updates for those who intend to verify the authenticity of an update and is optional. Users need to note that for updates that are delivered by Automatic software Update, SHA-1 digest verification is accomplished automatically for you.

SHA-1 Secured Checksum for Data File


In order to verify a manually downloaded software update form Apple Downloads, that seems to comprise of SHA-1 digest, the following steps need to be done:
  • Open Terminal which is located in/Applications/Utilities
  • Type the following at the Terminal prompt
  • About SHA-1
SHA-1 is a secure checksum for a data file which is based on a cryptographic average and for a given file; SHA-1 creates a 160 bit encrypted output which is known as a `message digest’. It is unlikely that a modified data set would create the same message digest. If a file seems to have changed at the time of transit, its message digest also tends to change.

Users can download manually-installable updates from Apple Downloads. Apple tend to use SHA-1 digest on definite Apple Downloads in order that users can verify with great amount of possibility that the software downloaded is the same software one intended to download. When the SHA-1 digest for the file downloaded seems to match the digest for the file displayed on Apple Downloads, one can be assured that the file is reliable. For security purpose, users can utilise the secure https download page for manual updates.