Michael Meade

Cloud download in progress with loading bar on a digital screen, representing data transfer or software update

How to Safely Download Files

by

Michael Meade
in ,

Check out this article about how to safety limit information about your kids on social media.

Introduction

Downloading files is necessary for tasks to be completed while on the computer. However, it is also the most dangerous, as it often opens the door for unknown software to access your computer. Your computer is not only valuable because of the hardware or the logo on your computer, but the data on the computer is probably the most valuable data. It contains information like your banking passwords, accounts, and even private photos. You should be careful when installing any software on your computer.

Scan the file for malware

Cybersecurity warning screen showing malware alert with code in background.
Digital cybersecurity warning screen highlighting a malware threat with code running in the background.

Before running any software on your precious computer, upload the EXE file to a site called Virustotal.com. This site is owned by Google will check in a couple of different ways to see if the file is malicious. It will allow you to see what actions the EXE takes after you run the file.

Of course, you should also have Antivirus software installed on your machine to check for malicious files. After downloading any file or exe, run your Antivirus to make sure that it is not malicious.

Only download any EXE from trusted sources, and double-check if you are at the correct site. One mistype and you could of visited a fake site that looks exactly like the real site, but it includes a malicious file.

Checking hash sum

Wooden blocks spelling 'CHECKSUM' in front of a background filled with programming code and technical terms.
Understanding checksum in programming: A crucial tool for data integrity and error detection in software development.

A checksum or hash sum represents the file; if even one bit or letter is changed in the program, the whole hash sum would be different. A site hosting an EXE will likely have the file’s hash sum on the site. It should match the one on the site with the one you downloaded. If it does not match the one on the site, delete it from your computer and do not run the EXE.

Open the command prompt to the directory where the file is and run the following command:

certutil -hashfile "WhatsApp Installer.exe" SHA256

If you do not want to run the command, you can also use this site to get the SHA256 hash of the file. If the EXE has a space in the name, you might need to add “” to the name of the EXE.

Be Aware what you are Downloading

3D yellow warning triangle with black exclamation mark symbol on a gray background.
3D warning sign with exclamation mark symbol indicating caution or alert.

Before downloading a file from anywhere, you should ask yourself do you trust the source? If you received an email from someone you do not know saying you have been invited to a party, your suspicions should be very high.

Also, be aware of what you are inserting into your computer. If you find a USB drive on the ground or somewhere, you may be curious what is on the drive, but DO NOT insert it into your computer. If you feel you really need to know what is on the drive, set up a virtual machine and set it up so that it is not connected to your network, and set it up to read the USB port on the virtual machine.

Illustration of a USB flash drive labeled Universal Serial Bus on a black background.
USB flash drive illustration showing Universal Serial Bus storage device.

There is a type of attack where a threat actor will drop USB drives at a business, where they hope that someone working at the place will insert the USB drive into their work computers. If they insert the USB drive, it could auto-run a script or EXE. Or they might have a doc or file whose goal is to get the person to open the file, but when the file is opened, it will run a VBS script or some type of EXE that will infect the computer with malware.

Downloading apps on your phone.

Smartphone screen with green download icon symbolizing file download on mobile device.
Mobile phone with green download icon representing secure file downloading on smartphones.

On Android, you can enable a setting on your phone that allows you to download and install apps not on the Google Play Store. But do not enable it or download apps from unknown sources. Changes are it’s laced with malware. The Google Play Store has methods in place that scan and look for malicious when they are uploaded. While they are not perfect, it is still a good idea to download apps from official sources.

Even when downloading for trusted sources, be wary and check the reviews and see if there’s anything fishy with the reviews. Also, check the download count and who made the app. While these are not perfect methods to detect malicious apps, it will surely decrease the chances.

Before downloading an image on any type of phone, ask yourself:

  • Do you trust and know this person?
  • Does it make sense for the person to send you an image or text?
  • Is the text in the message spammy?

In 2025 there was a zero click exploit in iPhone that could compromised an iPhone just by viewing or downloading the image. You would not even need to click it for the vulnerability to be exploited. Be careful of images from strangers or unknown phone numbers.

iPhones are not the only phones that have vulnerabilities; Android also has had zero click exploits. For example in 2015, a security researcher discovered a vulnerability he called “Stagefright”. Before the vulnerability was patched, just receiving a specially crafted message could exploit the vulnerability and give the threat actors access to your phone.

Some malicious apps are able to get on the Play Store or Apple Store. By looking into the app you want to install, you can determine if it could be malicious.

One way to check is to look at the app’s permissions. If the app has many permissions that probably should not be for the type of app it is, this is a red flag. Another good habit to get into is to read the privacy policy, which can be long, boring, and filled with unfamiliar jargon. It can also tell you how the app uses your data.

Another good tip is to always keep your phone up to date, and also make sure the apps on your phone are also up to date.

Wooden blocks spelling the word trust on a wooden table background.
Wooden letter blocks spelling trust, symbolizing security and reliability.

Before downloading an app from any app store or site, ask yourself these questions:

  • Who made the app?
  • Does the publisher have a site or other apps?
  • Do the reviews of the app seem fake, or have people complained about suspicious behavior?
  • Take a gander at the permissions the app wants.
  • Do you trust the source of the app came from?
  • Does the app have intrusive ads?

With the intrusive ads point, it is important to know that ADs on apps are a way for the app dev to earn money; it is only a problem when the app engages in click fraud, shows ads in the notifications, fills the screen with ads, or creates hidden ads where they earn a commission for each ghost click.