Downloading a single computer virus can spell disaster for your business and result in the theft of customers’ sensitive data. We’ll break down everything you need to know to safely download software, apps, and files from the web
How many times did you download a new app, your favorite song or, a free computer program by just going to a website and clicking on the download button? Most people consider it a normal thing to do, often relying solely on their antivirus software to warn them if they are about to download something that is infected.
They do not realize that having updated antivirus software isn’t enough. Why? Well, if we consider that the German AV-Test Institute identifies over 432,000 new malware every day (essentially one every 0.2 seconds), it’s easy to understand that it becomes basically impossible for even the best antivirus program to detect all threats immediately. What can you do then?
In this article, we’ll answer the question, “how can I tell if a download has a virus?” As such, we’ll walk you through a few methods of how to check if a file has a virus before downloading it. But first, let’s start by talking about why it’s so important to check files before downloading them onto your device.
Why Knowing How to Check If a File Has a Virus Before Downloading It Matters
To realize the danger that a simple task like downloading a file without checking it first can represent, all you have to do is to look at some threats reports published by well-known cybersecurity companies. At the time of writing this article, Microsoft’s Global Threat Activity statistics page shows that more than 94 million devices worldwide have been infected with malware in the last 30 days.
Image source: Microsoft Global threat activity statistics
Of those, more than 4 million were located in the United States.
Image source: Microsoft Global threat activity statistics
According to Trend Micro’s 2021 Midyear Cybersecurity Report, their security software identified and protected users from more than 40 billion threats between January and June 2021. Of those threats, nearly 20 billion were email threats, malicious files, and malicious URLs that they blocked.
Image source: TrendMicro’s 2021 Midyear Cybersecurity Report
Scary, right? Now, consider that their software may not have detected every threat — imagine how many threats could be out there that remain undiscovered. Needless to say, if you don’t take knowing how to check if a file has a virus before downloading it seriously, it can cost you and your company a lot of money, time, and resources.
What Happens If I Download Malware Onto My Device?
Malicious software comes in many forms and typically is categorized based on what it does when it infects your device. Some examples of common malicious software include:
- Rootkits, and
Many types of malware are typically hidden within infected applications and are spread via fake or hacked legitimate websites. (Email is another common attack vector that hackers use to spread malware.) Once downloaded on your computer, there are several ways that attackers can use malware to cause irreparable harm:
- Steal your sensitive information (bank account, credit card details, login credentials),
- Encrypt your files and make them inaccessible until you pay a ransom,
- Erase or destroy your data altogether.
- Take over your device or slow down your computer, or
- Use your inbox to send spam or malicious emails to other users.
Any devices connected to the computer or mobile phone can also be infected, including routers and wireless networks.
How can you tell then if a program or a file is safe then? In fact, there is a quick and easy way to check if a file has a virus before downloading it: you can use a tool like VirusTotal.
Check Files Before Downloading Them Using an Online Scanner Such As VirusTotal
The tool is both available as a stand-alone application for mobile phones running on Android and iOS, and as a web add-on that can be installed from the links below on the most popular browsers: Mozilla Firefox, Microsoft Edge and Google Chrome.
If you are an advanced user, like a developer or a security analyst, you may be interested in VirusTotal’s API. This programming interface allows you to scan files, codes and URLs to ensure that they are not identified as malware. You can also build scripts to access the information available on VirusTotal without using the website front-end.
For example, in case of a security incident, the API will help you to quickly analyze it without the need to download the infected file or software onto your computer. You will then be able to utilize the information gathered to implement additional security measures to prevent similar attacks.
How Can I Check If a File Has a Virus Before Downloading It Using VirusTotal?
Let’s say you want to make sure that the new software you are planning to download is free of malware. To do so, you just have to follow these steps:
- Open to the website where the file you want to download is located. Right-click on the download link (or button) and copy the URL address.
- Go to the VirusTotal website. You will see three options available: FILE, URL and SEARCH. Click on URL to switch to the appropriate tab.
- Paste the URL address you want to check. Simply paste the URL you just copied into the white box and hit Enter.
- Review the URL analysis. After a few seconds, VirusTotal will show you the results on a page like this one:
- Done! You can now check the report. Keep reading to learn what you’ll want to look out for when reviewing the report.
Tip: If you’re using the browser add-on, it’s even easier. You just have to right-click on any web page, select Scan with VirusTotal, view the results, and it’s done!
How to Read the VirusTotal Report: Breaking Down the 3 Report Components
Now that you know how to analyze a file before downloading it, let’s have a closer look at the VirusTotal report. At the top of the page, you will be able to determine whether the scanned website is safe immediately. In the example below, it looks pretty good:
- No security vendors flagged this URL as malicious,
- 91 VirusTotal partners reviewed the URL, and
- None of them rated it as dangerous.
There is no community score, which means that no registered users have voted on this URL. If you are interested, you can read more about the community score on the VirusTotal website.
There are three main sections to the report: 1) Detection, 2) Details, and 3) Community. We’ll explore each of these now.
1. Review the Detection Report Information
The report’s first section lists the partners and engines used to scan the URL and the outcome. In this case, the majority of the engines came out with a “clean” result (no malware detected), one partner rated the website as suspicious and a few as “unrated” (those partners have never analyzed the URL). Can I then trust this software? I would say yes.
Tip: It is important to know that when there is only one “suspicious” response, it is usually a false positive and you can ignore it.
According to VirusTotal, the other possible ratings you may find in the report are the following:
- Malware site (the site is infected with malware),
- Phishing site (the website tries to steal users’ login credentials),
- Malicious site (the site contains exploits or other malicious artifacts),
- Spam site (the URL is known to be involved in unsolicited emails, popups, and other communications).
2. Review the Details Report Information
The second part of the report basically provides you with useful, technical information about the scanned resource. It’s divided into three main sections:
1. Categories: This information shares categorical information shared by multiple virus scanning engines regarding the scanned URL.
2. History: This category showcases the historical data of the analysis with dates and times.
3. HTTP response: This information relates to the HTTP response headers that the server sends when a user’s client asks for the URL. You can see an example below:
3. Review the Detection Report Information
In the third and last section, you will find the comments and votes added by the members of the VirusTotal Community about the analyzed URL or file. In our example (as shown below), there are no comments available:
Red Alert: What to Do If a Scan Shows a File or URL Is Malicious
If the report from VirusTotal shows you a red alert, it means that some scanning engines have detected malicious software. What should you do? Stay away from it — don’t download anything from the analyzed URL. This recommendation is also true when you get mixed results from the scan. It’s better to err on the side of caution than to proceed and be sorry later because you downloaded a harmful file.
What if you really do need that software or file? You can always look for an alternative link (ideally, you should only download software from a legitimate developer or publisher.). Think about it: would you buy a car making a strange noise when started? Probably not. This is the same thing: a red alert is a no-go, even in the case of mixed results.
Let’s have a look at a new example below. What would you do? Would you risk downloading this file? We wouldn’t. In this case, despite a lot of security vendors coming forward with a “clean” rating for the site, six rated the URL as “Malicious” (the site contains exploits or other malicious artifacts). In addition, the Community score is red and there are more than 13 comments listed, nearly all negative.
Once again, if you are not 100% sure, the best thing to do is avoid those websites.
6 Ways to Avoid Downloading Viruses and Other Malware
It is very important to understand that if the report from VirusTotal says that the URL is clean, it means that no scanning engine has identified any virus from it. However, this doesn’t mean that you are 100% safe and you can just go ahead with the download blindfolded. No antivirus software is perfect; it simply can’t be because there are too many different types of malware out there (and more being created every day).
What can you do then? The following tips should help you feel safer and enable you to make an informed decision.
1. Avoid Visiting Untrusted Websites
Stay away from untrusted websites, they are never safe, even if they look nice and professionally made. Prefer the top-level domain (TLD) websites (i.e., only visit sites with TLDs like .com, .net, .org, .eu).
2. Only Download Files From Official Sources
Always download your software and apps from official websites; there is no point in downloading a Microsoft product from a third-party website or, even worst, from peer-to-peer file transfer networks and put your device at risk, even if it is free. But how can you tell whether a website is legitimate? Look for indicators of the organization’s digital identity.
An SSL certificate (or, more accurately, a TLS certificate) is a small digital file that a company installs on their websites to enable HTTPS. HTTPS is a secure data transfer protocol that protects data in transit using encryption. But another useful aspect of SSL/TLS certificates is that certain types of certificates provide verified information about the organization’s digital identity. For example, here’s the type of organizational information that displays for sites using extended validation SSL/TL certificates:
3. Never Share Data With or Download Files From Insecure Websites
Small details matter, including the “s” in the website URL’s “https.” A URL starting with a security padlock and “https://” is safer than one starting with “https://” because it means requests and responses are sent using a secure, encrypted connection.
4. Read User Reviews to See What Others Have to Say
Many websites give users an opportunity to leave a review after downloading an app or software program. Make sure you check them! Positive feedback is another sign that you can trust the vendor.
5. Only Download Software From Verified Publishers
When you download software from a reputable vendor, it’s usually digitally signed to guarantee that a legitimate organization signed the software and that it hasn’t been manipulated. Basically, it works like a guarantee seal or tamper-proof product packaging. This means that if you try to download any unsigned software, you should see a warning pop up similar to the one below:
Don’t Ignore Windows Defender SmartScreen Warnings
The Windows Defender SmartScreen is an additional layer of protection already installed on your computer with many interesting features. For example, it initiates popup warnings when you try to install malicious software onto your device:
When you surf the web using the Microsoft Edge browser and try to visit a suspicious website, it will show you a popup warning message informing you that the site is potentially unsafe. SmartScreen checks URLs against a dynamic list of known malicious and phishing websites. It will also warn you if you try to download any software from an unknown publisher and will block you from downloading the file.
Do you want to know more? Check this article to better understand how Windows Defender SmartScreen can help you to protect your device.
How to Check If a File Has a Virus Before Downloading It – Final Observations
Malware isn’t going anywhere. It will evolve as technologies change, but it’s likely never to disappear.
The best defense is a good offense when it comes to downloading anything on the internet. This is why you need to know how to protect your device from these threats:
- Be aware of the risks,
- Use multiple layers of security (antivirus and anti-malware software),
- Follow the steps highlighted in this article, and
- Always remember the “Golden Rule” of internet safety for downloads: download software, apps, and files only from known and trusted sources.
Do not forget: prevention is always better than a cure!