June 14, 2024


The Joy of Technology

How to Make Sure a File Is Safe Before Downloading It



If you’re concerned a file might be malicious, you don’t need to download it and rely on your antivirus. You can scan the file for malware with over 90 antivirus engines before you download it—all with one single tool.

RELATED: Basic Computer Security: How to Protect Yourself from Viruses, Hackers, and Thieves

This is no substitute for basic online security practices that can keep you safe from phishing and other threats, but it’s a way to perform a more in-depth check if you’re concerned about a file.

Scan a Link For Malware Using VirusTotal

To do this, you’ll need to locate a file’s download link. That’s the direct link to download the file, not just the address of the file’s download page. For example, if you want to scan a .exe file, you’ll need the direct link to the .exe file. If you want to scan a .doc file, you’ll need the direct link to the .doc file. You can spot this by mousing over the link and looking at the address in your browser.

CCleaner download page.

Right-click the link and select “Copy link address” in Chrome, “Copy Link Location” in Firefox, or “Copy link” in Edge.

Right-click the download link, then click "Copy Link Address."

Next, head to VirusTotal.com in your web browser. This tool has been owned by Google since 2012.

Click the “URL” tab on the page and then paste the link you copied into the box. Click the search button or press Enter to scan the file.

Paste the download link into the VirusTotal website.

VirusTotal will download the file you specified to its servers and scan it with a large number of different antivirus engines. If other people have recently scanned the file, VirusTotal will show you the recent scan results.

If you see “No engines detected this URL”, that means that none of VirusTotal’s antivirus engines said there was a problem with the file.

Update: As of April 2022, VirusTotal now has more than 90 antivirus engines available.

The “0/65” means the file was detected as malicious by 0 of VirusTotal’s 65 antivirus engines. This means it should be clean. Of course, it’s possible that new and exotic malware may not be detected by any antivirus programs yet, so it’s always a good idea to be careful and only get software from sources you trust. (In fact, not two days after publishing this article, our example file—CCleaner 5.33—was found to contain malware. A perfect example of how VirusTotal, while useful, isn’t perfect!)

VirusTotal results with no malware detected.

If one of the antivirus engines detects a problem with a file, you’ll see a note saying that a number of antivirus engines detected the URL as a problem.

VirusTotal results with only 3/65 engines detecting some kind of malware.

In some cases, the opinion may be near unanimous. In other cases, only a few antivirus tools may have a problem with the file. This is often a false positive, though in certain circumstances it could be that some antivirus tools have spotted new malware before others. You can scroll down to see which antivirus tools had a problem with the file, view more details about the file, and see community comments about whether the URL is safe or not. (In some cases, for example, it may just be flagged for including bundled crapware, which is easily bypassable.)

A breakdown listing engine-by-engine results.

If you end up scanning a file download page instead of the downloaded file itself, you’ll see a “Downloaded file” link on the VirusTotal page. Click the icon to the right of “Downloaded file” to see more analysis about the file that web page downloads.

If you don't point it at a specific file, it'll try to find one, and then show you the file it checked.

Integrate VirusTotal Into Your Browser

To make this process easier, the VirusTotal project offers browser extensions. These will integrate VirusTotal into your browser, allowing you to right-click a link on any web page and select a “Scan with VirusTotal” option. You won’t have to visit the VirusTotal website and copy-paste a link.

Extensions are available for Google ChromeMozilla Firefox, and Internet Explorer. If you’re looking to install the VirtusTotal extension for Microsoft Edge, you need to enable Google Chrome extensions in Edge, and then install the Google Chrome version. Download the appropriate extension and you can right-click a link and select the VirusTotal option to quickly scan it and see the results.

The right-click option added by the extension.

If VirusTotal is unanimous that a file is dangerous, you should stay away. If the results are mixed, you should be careful, but you may want to examine the more detailed antivirus results to see why they say the file is dangerous.

If a file is clean, that means it’s not detected by any antiviruses as malware. That doesn’t mean it’s safe, of course—antivirus software isn’t perfect and may not detect new malware, so ensure you’re getting your programs from a trusted source.

RELATED: What is Typosquatting and How Do Scammers Use it?


Source link