Home » Software Security Blog » How Can I Tell If a Download Is Safe?
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Is it possible to tell whether a download is safe? In some cases, yes, it is possible. Here’s how to check if a download is safe

When you download something from the web, there are chances of accidentally downloading a virus that could harm your computer. More than 5.6 billion malware attacks were carried out in 2020, according to SonicWall’s 2021 Cyber Threat Report. Malware is commonly spread through emails and malicious downloads. Many users accidentally and unknowingly download software that could harm their devices.

If you’re unsure how to check if a download is safe, relax — we’ve got you covered. In this article, we’ll answer the question “how can I tell if a download is safe?” by exploring seven useful safety-checking methods.

7 Methods for How to Tell If a Download Is Safe

It is not always easy to figure out whether or not the software you are downloading is safe. The best way to ensure the software you are about to download is safe is by using anti-malware tools and trusting your intuition as well. In this section, we’ll walk you through several methods of how to check if a download is safe.

1. Check Whether the Source Website Is Legitimate

The website from which you are downloading the file matters a lot. Any time you download a file or software application from the internet, it’s important to download it from a reputable website and not a very basic site or a third-party site you have never heard of. For instance, if you are downloading something from a reputed software company like Microsoft, you will likely not be downloading something that’s unsafe — but this statement may not be the case with lesser-known companies or websites.

Similarly, if you wish to download software created by Microsoft, download from the official website — there is no good reason to download it from a third-party website.

Check the SSL/TLS Certificate Details

Newer, suspicious-looking third-party websites could trick you into downloading files that appear to be genuine but contain hidden viruses in them,. Trustworthy websites will be secured with SSL/TLS certificates. If you see a security padlock icon or “HTTPS” in the address bar before the website URL, you can be assured that the website is secure. However, that doesn’t necessarily mean it’s safe — this is where organization identity comes into play.

https security padlock

Digital identifiers (like organization validated and extended validation SSL/TLS certificates) enable you to see what organization a website’s certificate is issued to. If a site claims to be Microsoft but their SSL/TLS certificate’s subject line doesn’t say that, then you don’t know with certainty whether that site is trustworthy and should exercise caution.

ssl certificates verified business information

A screenshot of the SSL/TLS certificate’s verified organization information for Microsoft.com.

Check the Windows Defender SmartScreen Pop-Ups

Similarly, Windows Defender SmartScreen is a great tool to help protect your device from malicious software. So, make sure the Windows Defender SmartScreen is not disabled on your device or browser as it will warn you when you are about to download malicious software. This way, you can understand that the software is potentially dangerous and run away from it.

You will see something like this when Windows Defender SmartScreen warns you of a malicious app that could damage your device:

windows protected your pc

2. Beware Common Types of Malicious Files

Downloading and installing malicious software isn’t the only threat. Hackers use PDFs and Microsoft Office files (Word docs, Excel spreadsheets, etc.) to spread malicious code using macros. This means you can accidentally load malicious scripts just by opening malicious Office docs or PDFs that someone sends you via email. Data from Netskope Threat Labs shows that 43% of cloud-based malware downloads that occurred in Q2 2021 were Microsoft Office files.

The type of file you are downloading plays a major role in analyzing whether or not it is safe. If you are trying to download something illegal (like pirated software), the download could more likely be unsafe to your system. Remember, if the file looks suspicious, it could be dangerous.

beware common types of malicious files

3. Check the File Size and Extension to Ensure They’re Accurate

What is the size of the file you are about to download? File size matters when it comes to software downloads. If the file size is smaller or larger than expected, then it might indicate that the file isn’t a safe download. Cybercriminals commonly create look-alike files (files or software that’s named to mimic legitimate files or programs) to trick unsuspecting users into downloading them. So, if a file is smaller or larger than expected, it could indicate that the file isn’t legitimate.

Furthermore, double-check the extensions of all files to ensure they’re correct. If you’re downloading something that should be a Word doc, then it shouldn’t be labeled as an executable file (.exe). Opening malicious files can result in extensive damage to your device and potential data losses or theft.

4. Take a Look at the Software’s User Reviews

Check for forums and reviews where people who have downloaded the same file in the past share their experiences and feedback on the software. If the reviews are good and if users report having no issues with the particular file, you can go ahead and download it. 

If you are about to download a mobile app from the Apple App Store or the Google PlayStore, you can check the reviews before you download it. If the reviews do not seem satisfactory, run away! Similarly, review websites or Google reviews to understand better.

5. Use a Virus Scanner to Check Downloads For Malware

Anti-malware software and virus scanners will help detect and remove viruses and other types of malicious software. If you are about to download an executable like “.exe,” anything on that file could infect your system immediately after you install and activate it. Whenever you download executables, make sure to scan the download using a virus scanner before you install it.

Likewise, anti-malware software will scan the download and prevent you from installing malware onto your device.

virus scanner to check downloads for malware

6. Pay Attention While Downloading & Opening Email Attachments

Hackers love emails as they can easily infect a system by sending malicious files through emails. The best way to make sure you don’t download malicious email attachments is by not opening emails from unknown and unsolicited email contacts.

As we mentioned earlier, certain types of files — .exe files, compressed files, Office documents, and installers — are generally used by hackers to spread malware. More than 90% of malware is spread through emails, according to Data from Verizon’s 2018 Data Breach Investigations Report (DBIR). The best way to make sure you do not download malicious email attachments is by not downloading email attachments that you receive from unknown contacts.

email attachments phishing

7. Check for the Software’s Digital Signature

Check if the executable you are downloading is digitally signed. Although there is no guarantee that all signed executables are trustworthy and that unsigned ones are bad, the likelihood of an unsigned executable causing harm to your computer is high.

Code signing certificates are generally used to sign software. Software and executables that are signed using code signing certificates are deemed safe and secure as these certificates will protect the integrity of the file and ensure that no third party tampers with the downloadable file. If the executable opens a license warning, it means it is signed. If not, it could possibly be a threat to your device.

Windows Defender SmartScreen is another important security feature that will automatically check downloads to notify you about dangerous files and content. (So, make sure this feature is not disabled on your Windows PC or laptop!) If the software you are downloading isn’t signed at all, or if it’s signed using a standard code signing certificate, you will see something like this:

windows protected your pc

However, if a software developer signed their code using an extended validation code signing certificate, it will be automatically trusted by Microsoft. This means that the SmartScreen warning messages won’t display at all.

How Can I Tell If a Download Is Safe? Final Thoughts

With malware becoming more common, it may not be easy to completely stay away from it. You just have to be aware of what cyber threats exist and use the right tools and processes to stay safe online.

Here’s a quick review of some of the tips to remember whenever you download something from the internet:

  • Use an anti-malware software to scan the download before you install it.
  • If the download seems suspicious, don’t install it as it could harm your computer.
  • Do your research and be skeptical of emails, text message or other communications.
  • Make sure you do not blindly download anything from a random website and take the time to verify whether the software or the executable you are about to download is authentic and trustworthy.

Many people use antivirus programs to scan their downloads for malware, but they tend to ignore the warnings and go ahead with the installation. Make sure you do not do so as a malware infected software downloaded to your computer can wreak havoc on your device.

We hope this article will help you stay away from malware and other threats when it comes to downloads and has also answered your question “How can I tell if a download is safe.”