Do Safe Download Sites for Software Really Exist?

Data from a Symantec report shows that 99% of the discovered mobile malware is found in third-party app stores. Learning how to recognize safe download websites and following a few best practices can protect you and your business from the danger of downloading malware

When was the last time you downloaded a piece of software or an application from a website? Probably not too long ago. Downloading software and apps is quick, easy and convenient — and we’re used to doing so without a second thought to security (especially when something we want is available for free). But doing so is inherently dangerous if we’re not downloading resources from safe download sites.

From file sharing sites to websites offering free software and apps, it’s easy to be tempted by the latest tool that will simplify your life without having to spend money on it. But are these safe software download sites? If you’re lucky, nothing will happen. But in many cases, things could go wrong very quickly.

Data from Trend Micro’s “Attacks From All Angles: 2021 Midyear Cybersecurity Report” states that in the first half of 2021, they detected more than 3 million mobile device malicious samples and saw an increase of harmful Android apps in circulation.

Let’s consider one specific example: TeaBot. Discovered in January 2021, it looks like other legitimate applications (e.g., TeaTV app, VLC MediaPlayer, DHL, etc.) that are available to download from third-party app stores. However, the reality is that it’s just one of numerous banker trojan examples out there that are used to steal banking credentials to gain access to customers’ financial information and resources.

As you can imagine, the consequences of a malware infection can be disastrous both from a cost and reputational perspective for businesses and individuals alike. Think about ransomware: The Coveware Quarterly Ransomware Report calculated that the average ransomware payment in Q2 2020 was $178,254, with an increase of 60% compared to the Q1 2020 average. Shocking right?

Is this the end then? Are there really no safe software download sites? The fact is that there are sites you can use to safely download software, thereby minimizing the risk of harm to your devices. Here are a few tips and tricks to make your download experience truly secure and how to know what constitutes a safe download site.

What Are Safe Download Sites? Examples of Safe Software Download Sites

There are millions of download websites out there. It may seem complicated to identify the good ones, but as long as you use some common sense, it’s not so difficult.

Think about it: where would you buy an authentic iPhone? You’d get them at the Apple Store or at an authorized third-party distributor like Best Buy, T-Mobile, or Verizon, right? That’s the same for software and apps — you should only download them directly from authentic sources, which means:

From a vendor’s official website:

• Microsoft Download Center. Your one-stop-shop for add-ons, extensions, service packs, and much more to use with your Windows operating system.
• Mozilla. Add-ons, Firefox products, extensions, and more — all available on one page.
• Adobe download page. All Adobe products, free trials, Creative Cloud, business solutions, and other tools that are ready to explore and download.

From other official native or authorized app stores:

• Apple App Store. Apple’s original and safe download site where you can discover and download millions of apps, games, and more.
• Google Play. Where you can get official and trusted digital content, apps, games, music, etc. for your Android device.
• Amazon Appstore. Another official app store for Android that offers apps for the Fire OS tablets and includes a few of the most popular apps available on Google and Apple app store.
• Samsung Galaxy Store. Apps, tools, games and more for all Samsung devices.

Even better — these official app stores are often already pre-installed on users’ devices (this is the case for the Samsung Galaxy store and Apple App store, for example), making it even easier to use and find.

Now that we’ve seen a few quick examples of safe download sites, it’s time to explore a few ways to keep yourself safe when downloading executables on the internet.

7 Golden Rules to Follow for a Safe Download Site Experience

Knowledge is power. Here’s a breakdown of seven things to look out for to recognize safe download sites. Following these rules will help you avoid bad surprises like cyber attacks and data breaches.

Rule Number 1: Download Software Only From Known Safe Download Sites

Following this rule should be easy now as you’ve already seen a few examples of safe download sites: vendors’ official websites and native or authorized app stores.

Let’s be clear: not all third-party websites are dangerous or offer only infected software. However, the level of risk of downloading an infected file from these sites is much higher than it would be from downloading it from an official vendor’s website.

We also have to consider that not all official app stores are available in all countries (e.g., Google Play store). Therefore, users in those countries will have no choice but to rely on third-party app stores to download Google apps, for example. Once again, though, the chance of running into an app infected with malware or injected with unwanted ads is definitely higher on a third-party app store.

Let’s have a look to the main differences between the official websites and app stores versus ones from third parties:

	Official Vendor Website	Official App Store	Third-Party Website	Other Third-Party App Store
Definition	A company, an individual or an entity that produces and sells software directly to customers or other businesses.	An official digital distribution platform where native applications and approved third-party apps are available to download for free or for a fee.	A company, individual or another entity that sells or distributes software to consumers.	A digital distribution platform where third-party apps are available to download for free or for a fee.
Role	Provides high quality native software, ensuring that each application is free of faults, safe, properly signed, licensed and that it meets all the business and security regulations.	Provides high quality apps, ensuring that they’re, safe, properly signed, malware free, licensed and that they meet all business and security regulations. It pays a percentage of the app revenue to the developers marketing their apps on the platform.	Acts as an intermediary and offers a large variety of software made by many different vendors.	Acts as an intermediary and offers a large variety of apps developed by many different vendors and developers.
Security Level	High	High	Low Limited or no check on the apps offered. Apps may contain adware or other types of malware.	Low Limited or no check on the apps offered. Apps may contain adware or other types of malware.
Development	It usually follows strict rules and criteria, including a vetting process.	It usually follows strict rules and criteria. Developers pay a fee to enroll, go through an approval process and when the app is submitted, a specific team reviews it.	The site owner has no influence on the development process of the software being sold or distributed.	The site owner has no influence on the development process of the software being sold or distributed.
Costs	The software available to download can be free of charges (in case of basic versions), free for a limited amount of time (i.e., test versions) or paid.	The majority of apps are usually free of charges, some cost a small fee.	The software or app offered is usually cheaper compared to the same ones that are available on the original vendor’s site or is completely free.	The apps on offer are usually free or much cheaper compared to the same ones available on the official app store.
Examples	Microsoft, Mozilla, Adobe, Red Hat, IBM, Google, Oracle, SAP, Cisco	The Apple AppStore, Google Play, Amazon Appstore, Microsoft Store, OpenStore	CNET Download, FileHippo, Softonic.com, Ninite, Softpedia, Snapfiles, MajorGeeks	Cydia, Getjar, SlideMe, MyApp, AllMyApps

Rule Number 2: Check Users’ Feedback and Reviews Before Downloading

Software and apps reviews are not only useful to developers and software companies — they also can be precious resources for users looking for safe software download sites, too.

Genuine user feedback helps you to identify the kind of software that meets all your needs (including confirming if it’s trustworthy). Whether you need to use it professionally or for personal use, reading the reviews can help you make an informed choice.

Reviews are usually available directly on the download page, but you can also simply search for the software name and the word “reviews” and have a look at the results.

Important! Do not limit yourself to only checking the feedback on the download website. Sometimes, these reviews may be controlled by the site owner or developer. As such, it’s always safer to have a broader picture by checking reviews on multiple websites. Also, beware of those sites listing only positive reviews — after all, no software is perfect, and we all have different expectations of what’s “good!” If all of the reviews are positive, it could be an indication that some or all of the reviews are fake.

Rule Number 3: Download and Install Only Digitally Signed Software and Scripts

Would you buy a USB flash drive sold without its original package and unsealed? That wouldn’t be a good idea because the device could be infected with malware. You should then apply the same precaution when downloading an app. But how do you know whether the software is safe on a download site? You can look for something known as a digital signature.

Check the Source: How Code Signing Helps Ensuring a Safe Download

Code signing helps you verify the authenticity and integrity of the software you download so that they can be sure that it’s safe to use and install. In fact, the most well-known official app stores and vendors sites offer only software and apps that have been code signed following a very strict procedure.

When users download digitally signed software, they’ll see a pop-up displaying information relating to the software developer’s identity:

If the software is unsigned, they’ll instead see an “unknown publisher” warning message like the one below:

Checking to see whether a software application is digitally signed is an easy and fast way to check whether an app’s authenticity (which helps you know whether it’s safe to run). But looking for a code signing certificate’s digital signature alone is not enough — however, it’s an important step towards a safe software download.

If you want to learn more about the benefits of code signing and how it works, check out our article that answers the question: What Is Code Signing?

Rule Number 4: Always Scan What You’re Planning to Download For Viruses

No matter what you want to download (a file, an app, a script or software program), always be sure to scan it for viruses and other types of malware. It’s paramount that you always scan downloads of any kind for viruses, even if you are on an official site or app store that is considered safe.

Why? Because, as the adage goes, an ounce of prevention is better than a pound of cure, and you should always minimize the risk of infection as much as you can. Scanning an executable for viruses doesn’t take long, and it may save you a lot of time and trouble down the road.

You can use the antivirus installed on your device or you can check the file using an online scanner like Virus Total, which analyzes files and URLs for malware. You will get the results in a few seconds and for free. Read more about Virus Total in our article about the different ways to check if a file has a virus before downloading it.

Rule Number 5: Be Extra Careful When Downloading Free Files

Somebody once said that the best things in life are free. This is true in some cases; however, it isn’t necessarily the case when it comes to free software. Freeware can be found nearly everywhere, including through the following examples:

• Shareware sites (we will talk more about it in the next chapter),
• Software and freeware websites,
• Questionable or inappropriate sites,
• Reputable app stores, and
• Safe software download sites, in some cases (like the ones we mentioned before — this is why many companies add disclaimers to their sites when they link off to third-party tools and applications).

Therefore, it goes without saying that not all free software on the internet is dangerous or infected.

Downloading and installing the following is generally pretty safe so long as you do so from the manufacturer or another trusted resource (i.e., safe download sites): 

• Patches and software updates,
• Drivers, or
• Well-known tools used by a high number of people like Adobe Reader, Flash Player, web browsers, OpenOffice, VLC, etc.

On the other hand, the danger of downloading malware, viruses, or spyware is very real. Before you decide to download any freeware, make sure you follow the steps we’ve covered up ‘til now and never download something that you received via an unsolicited email as an offer or as a pop-up on a site you visited.

An example of the code signing certificate and digital signature information for a Mozilla Firefox installer executable file.

Rule Number 6: Stay Away From File-Sharing Websites

File-sharing websites are always very tempting to the users: they offer plenty of popular paid software for free, even the very latest versions. However, there’s a catch: these free versions are usually “cracked” versions of the original software — meaning that the code has been manipulated in order to be used without a legitimate paid license.

Using cracked software is not only a crime (you’re using something without the developer’s or publisher’s consent), but it also represents a huge risk to the security of your device, data, and any network it connects to. Let’s pause and consider this for a moment: why would anyone spend so much time and effort cracking a piece of software or an app to make it available to you for free? The answer is very simple: bad guys can use cracked software to use any or all of the following because they want to gain unauthorized access to your device or sensitive data:

• Viruses: Programs that, once installed, can replicate themselves and seriously damage or cripple your device.
• Ransomware: One of the most dangerous and most common types of malware that, once downloaded, encrypts all the files on your device making them inaccessible to you till you pay a ransom. This had and still has devastating effects on individuals and businesses alike.
• Adware: An annoying form of malware forcing unwanted advertising in forms of  pop-ups or banners on your device, very often displaying offensive websites or fake promotions.
• Spyware: A program designed to monitor and collect data about the victim (including sensible information) and sends them to the attacker.
• Keyloggers: Another type of spyware but much more dangerous as it records everything you type in a browser, including password and sensible data like credit card details etc.
• Backdoors: The name says it all. A malware type that provides the hacker with remote access to your device without you even knowing it. Exploiting the backdoor, the attacker can see everything that is on your device, steal information and even install malicious software.

These are just a few examples of the danger of downloading freeware from shareware sites. Now that you know it, is getting software for free really worth the risk? In many cases, you’ll just wind up paying a different (and often more costly) price.

Rule Number 7: Always Check What You’re Installing For Bundled “Extras”

Have you ever installed a new app and ended up with additional software that you didn’t want? Microsoft calls these software programs potentially unwanted applications (PUAs), and they can be found on both known dangerous sites and what are believed to be safe software download sites.

Very often, software and applications available to download on the internet are not just a single piece of software or app; instead, they come as part of a larger bundle. This means that if you’re not careful, you may end up installing additional unintended applications or PUAs on your device instead of just the one you meant to install.

But why are PUAs and other software bundles potentially so dangerous? Some of these embedded applications can:

• Change your system settings like your internet connection setup and security settings.
• Modify your browser preferences, replacing your selected homepage with something else.
• Show annoying pop-ups with fake warnings or advertisements.
• Monitor your activities and steal sensitive information such as login credentials and banking account information.

And these are just a few examples. Some others, though not dangerous, are software programs that you may not need that consume valuable computing resources and bog down your device.

How can you avoid this? You just need to pay attention at the time of installation: make sure you check the list of the software that it’s going to be installed and uncheck the boxes opting you in for services or additional unwanted software by default. Then, and only then, you should go ahead with the installation.

Final Thoughts on Safe Software Download Sites

In the title of this article, we asked if safe download sites for software really existed. As you can see, there isn’t a clear-cut answer. Yes, there are websites that are definitely more reliable than others and, as we’ve seen, if you stick to downloading software only from the original sites, you may never experience a security issue.

However, you must always bear in mind that internet, as a whole, will never be 100% safe and dangerous apps and software are not going away. Therefore, ultimately, it’s up to you to ensure you know how to protect yourself when downloading software from any website.

Following the steps described in this article, using some common sense methods (such as being vigilant and keeping your software up to date) can already make the difference between a safe download and a risky one.

Remember: prevention and knowledge are always key to staying safe when downloading software and other executables online. Following these seven simple rules can save you and your company a lot of money and headaches in the long run.