This post is a work in progress.
Recommendations
(Wear a helmet when you download)
1. Download from good sources
Whenever possible you want to download software from reputable sites that try to maintain a database of tested and verified software. Getting software direct from the developer or download hosting services like Softpedia and Snapfiles is generally safe.
However, it is possible to get software from anyone or anywhere with a test via the VirusTotal service ...
2. Check VirusTotal
Almost every program on the internet has some kind of reputation on VirusTotal (aka VT). The service represents a meta-score for applications by various anti-virus companies. A perfect score is 0/?, where ? is the current number of virus engines, (currently 70 at this writing).
Question: What if the file size is very large? I don't want to upload that entire file.
To save time and bandwidth, you can get a "hash" or file fingerprint using a program like 7zip and use the Search tab to view the file reputation:
Screenshot: 7zip right-click menu
SHA-256 Value
Pasted SHA-256 into VirusTotal Search tab
Question: How do I evaluate the score? What if it's not 0/70?
There are a variety of reasons that the program can be perfectly safe but not have a perfect score (for example: Ultimate++ has a score of 1/70). Generally speaking, newer applications will have either a poor or unclear reputation because they haven't been through the kind of intense scrutiny that older software has achieved.
Some programs never escape this status fully just because anti-virus companies behind this analysis are in the business of keeping out unknowns and ongoing, deep software analysis is expensive and time-consuming.
Some programs never escape this status fully just because anti-virus companies behind this analysis are in the business of keeping out unknowns and ongoing, deep software analysis is expensive and time-consuming.
Question: What if the program has no reputation at all ("No Matches Found")
If you you don't know the author, you should either wait to see if it develops a reputation (maybe you were one of the first people to download the program) or just delete it.
3. Block Internet access
If you have a program on your computer that doesn't need Internet access, it's more secure to block access entirely. For example, a calculator program doesn't require Internet while Firefox does. Two programs:
- SimpleWall - a firewall application that can be configured to prompt the user to allow or block all new connections.
- Firewall App Blocker (FAB) - a easy manager for Windows' own firewall that lets you block multiple applications at once. NOTE: make sure to block software on both inbound and outbound tabs.
4. Launch with reduced permissions
In the same folder as the program you wish to run, create a text file and save the following text, replacing programname.exe with the executable name (e.g. vlc.exe) (thanks lautrepay)
runas /trustlevel:0x20000 "programname.exe"
In testing, this function will sometimes not actually launch the program. If this fails, it doesn't mean there's necessarily a security problem, just that the program requires standard / admin level permissions to function.
5. Maintain anti-virus software
For reasons that are unclear even within the software community, the best anti-virus options change every year. We recommend researching current reviews, but Windows default "Defender" option has historically been an effective deterrent.
---
Other options
* Run the program inside a sandbox
The term "sandbox" comes from a variety of real-world tests that use real sand as a buffer. In software, it's just a virtual separation between the computer -- when a program misbehaves, the operating system just ignores the request.
Windows comes with it's own simple and easy to use sandbox program in Windows 10, but the excellent and mature freeware Sandboxie Plus is also available. Many commercial sandbox tools are also available that include more controls.
While it's possible to run problematic or insecure software in these environments, good security is made up of more than one shield, so it's recommended that the steps above are followed and the sandbox treated as yet another barrier.
* Run the program inside of a virtual machine
There are dozens of programs and tools, but a great free option is VirtualBox with snapshots feature enabled. This can allow reversal of the system to an earlier state after using a program. More on VirtualBox.
Questions
What if an application is signed? Does it mean it's safe?
Signatures just mean you can verify where a source originated from, not whether or not the program is safe or will do exactly what you expect (e.g. adware, spyware, etc.). You can read more about software signatures and verification in this ghacks article.
What if I get it from Windows Store?
Although Windows Store software does go through some level of analysis before posting, we don't recommend Windows Store for multiple reasons, mostly the fact that it hurts open source developers.
Related
- Addressing malware
- Hashing use cases (why would I want to hash my files?)
- Portable PGP?
- Open letter to security freeware developers
- VPN experiences so far (seeking recommendations)
- SecurityXploded issue (encrypted downloads)
- https://www.portablefreeware.com/forums/viewtopic.php?p=103544#p103544]Blocking services