The most important line users cross with any software is the point of running (or installation). This is usually where you have a need to fulfill (like play video), and a software title in mind (like VLC Media Player). But, since you’re a cautious user who doesn’t assume a virus scanner is perfect, and you don’t wish to be infected by malicious software – you want to be proactive about protecting yourself. What do you, then? Here are some proven strategies to help ensure you stay safe.
1. Check out the source
Increasingly, bad or malicious software mimics that of legitimate. So, whenever you’re looking for an application – make sure you’re downloading it from the developer directly , or a more reputable download site like Sourceforge. If you have defined a need or a tool, and a link to a download is in an email message, endeavour to avoid using that link until you can verify its veracity.
2. Get the binary and test it on VirusTotal
VirusTotal is not a replacement for a full-blown virus scanner, but it can help you determine if something is not right. Often when downloading the software you can download a portable version or a version that can be decompressed. If you can, get access to the application’s main Windows executable files (.exe) or OS X app package (.app) and upload it to VirusTotal. You’ll get a report from various different virus scanners and, given a positive result, choose to avoid the application or do further testing.
3. Test it on an alternate computer
Chances are you have a main computer (the one you’re using now) to do everything from web browsing to banking. But, you’ve been worried that a newly introduced tool or application might be dangerous, you might want to take extra steps to verify the tool’s safety. This step was once considered very extreme, but with the advent of Virtual Machines, the ability o install and test programs on a non-production computer are easily in reach. This doesn’t solve all pains, but it’s a great strategy to triage suspect software.
4. Research the tool
Sometimes a little groundwork might save you pain later. If you need (or are interested) in an application, take the tool’s name and run it through Google and append the word “safe”. For example, take a look at the search results for “MacKeeper Safe”. You’ll notice that 3 of the 4 results include “Do not install”, “Fraud”, and “Uninstall”. This is a tool you’ll need to avoid or do a great deal more research on to understand if it’s safe. Don’t expect the results to be this obvious, so look for signs that this tool is dangerous.
5. Ask others for help
This can be especially useful if you have a friend in the technology industry. A quick question may provide you with a legitimate and trusted answer. If you don’t, look to online communities and possibly ask questions there. If you know someone who has used the program, as them if it’s safe or they’ve had issues. One simple question might alert you to possible dangers.
6. Read messages and errors
This is probably the most common-sense approach, but so many don’t do it. It’s especially true when installing new applications. When presented with a question, error, or another screen, read it all and take careful and appropriate action to back out of the process if something usual is happening. Learn to take screenshots, and save unusual screens to show that trusty “Tech Friend” of yours.
7. Be the barrier
Of all the advice here, this is the most passive one. You should treat everything you run or install on your computer as “Need to install”. If you don’t truly need what it provides, and can’t verify its safety, don’t install or run it. It’s that simple. The dangers of “try and see” are numerous. If you adopt this kind of strategy, many of the things that trip people up, like “Look at this video”, will not be YOUR undoing.
And, for those that download software from untrusted sources (you know who you are), this entire process should be ratcheted up further. You should have an alternate (ideally air-gapped) computer from which to run this software. At the very least, it should all be installed or run through a virtual machine. Untrusted sources don’t always equal malicious software, but you should assume that it’s the case and over-compensate.
The sad reality is, that after taking all of these steps, you may still run dangerous software. No strategy is 100% effective, so the need to be critical of what you use, and vigilant with how you decide to use it is paramount. This list likely doesn’t cover every strategy either, so if you have your own methods of protection, do share them in the comments for others.