Happy New Year! I hope you are all enjoying the start to, hopefully, a wonderful year. I thought I’d start my first real “content” piece with something that isn’t really about virtualization, but incredibly important for anyone: How do you ensure that software or file you downloaded is authentic and not Malware/Ransomware? There have been a lot of articles in the news lately about various industries hit with these malicious attacks. What you never really hear about are the many many users who suffer from these same attacks, but may not realize it until it’s too late. No matter which OS you use, there are readily available tools to help you ensure the files you download are unchanged from the company/developer/friend that is providing it.
Now, my first recommendation for anyone downloading software is to ensure you are sticking to verified sources. By this, I mean:
- Direct from Vendor (Micrrosoft.com, VMware.com, RedHat.com, etc.)
- Authorized Software Store (Apple App Store, Google Play, Microsoft Store, etc.)
A large company has a lot on the line with their reputation, so they invest in security to ensure the software they sell and distribute is free from malware. This isn’t always the case, but it is for 99% of the time. Just because you have a friend who knows this website offering really cheap software, you have to be careful. Sometimes that “really cheap” software can contain malicious code (viruses, etc.) and end up costing you a whole lot more.
But what happens when you find a piece of software that you just need to have, but it can’t be found through one of these locations? Well, many developers will share what is called either a Hash, a Digest, or a Checksum for each of the files they share. Every file will have a different hash value. If even a single bit is changed within the file, a new hash value will be returned. These hashes are a one-way cryptographic calculation and are used for ensuring integrity of data. The following image shows how Tenable shares this information for their downloads:
The “Checksum” link brings up a pop-up block that shows both the MD5 and SHA256 hashes for the listed file. You should copy these values down when you download the file. You will run your own hash function against the file you download and ensure they match the values the vendor provided. It doesn’t matter if you are running Windows, Linux, or macOS. Each of these OSs offer a way to calculate the hash value for a file.
The hash values from their site for the three test values are:
Nessus-8.13.1-x64.msi: MD5: 4ece8cdf1b0c9af46e3cf05011d89e37 SHA256: 5ab7b4077cd58ce435c91eaf8818bf050575a475aba12a225c7bd78e5c2f57ef Nessus-8.13.1-ubuntu1110_amd64.deb: MD5: f3d521f95319d498145f70fe59a0a21d SHA256: 52f4fcb298b98bba4873d057df4f0b7eb3a55f6fc803309ecf7a70e16d25ec97 Nessus-8.13.1.dmg: MD5: 066eb84abb97c6e745a8d96962080120 SHA256: 9c3e7e0360c0cfeeba4a49108369dd626cb76269bca4d00eb5179f63a0c7d93b
Although I only show calculating the hash values for the specific files, I could have done the same hash function on all of the files and received the same result. The OS does not determine the value–the file being checked does.
As shown in the image above, PowerShell has the Get-FileHash command. It takes a parameter for “-Algorithm” to determine which hash function should be used.
In the image above, I have connected to my Ubuntu server with the PuTTY program. The programs used to generate the hash are md5sum and sha256sum. Although there are many differences between distributions, these two commands are common across most.
If you are a macOS user, the commands are slightly different. The md5 command is used to calculate the MD5 hash and the shasum command is used to calculate a SHA-based hash. For that command though, you have to specify which algorithm to use. In the image above, I chose the SHA256 algorithm since that is what Tenable used for their hash.
That is it! As you can see, it’s a simple process to check the integrity of a file you downloaded against what the vendor said it should be. You don’t have to purchase any special software to do it as each of the major OS families include this tool in their suite. I hope you find this helpful and have a great day!