![]() |
MS-DEFCON 2:
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
|
-
1000006: Checksum Verification of Downloaded Files
Home › Forums › Knowledge Base › 1000006: Checksum Verification of Downloaded Files
Tagged: checksums
- This topic has 16 replies, 5 voices, and was last updated 3 years, 6 months ago by
anonymous.
Viewing 11 reply threads-
AuthorPosts
-
-
July 4, 2017 at 12:39 am #123155
Kirsty
Da BossAKB1000006: Checksum Verification of Downloaded Files
by Kirsty
Published 4 July 2017 | Rev 1.0
What are Checksums?
When files are downloaded from the internet, it is possible to check the files for integrity and data corruption errors, by verifying their checksum, before you run the file.Checksums are often published by authors, and if a computed checksum matches the given checksum, it is probable that the file has not been corrupted or accidentally altered.
If a download is from a public source, rather than a password-protected site log-in, this precaution reduces the risk of exposing your computer to tampered or corrupted files.
Where is the Checksum found?
Often, checksums are published on the download pages, and may be called a File Hash or similar. For instance, on KB4012558, the information is visible after clicking on the down arrow at “File Hash” near the bottom of the page; Ubuntu builds have the numbers on their web pages.
Which Checksum Type?
Checksums differ, according to their type. SHA1 has been deprecated being less than secure, but is still offered by Microsoft and others.The new standard is SHA256, but SHA-3 family already exists. MD5 is now only considered suitable for checks against corrupt downloads, not for file security, due to extensive vulnerabilities. Other options also exist, but are less commonly used.
Calculate a Checksum to Compare:
There are several ways to generate checksums, to verify against the published checksum. Some are:1) PowerShell
Using PowerShell 4.0 or later, the cmdlet “get-filehash [drive]:\[folder]\[filename]” gives the result as a SHA256 checksum by default, which may take some time, and other types can also be obtained with the use of parameters.
(For more about Powershell, see PowerShell- Learning Virtually on MV Academy & MSDN Channel 9 from Videos, eBook)2) MD5 & SHA Checksum Utility
This popular utility for checking checksums is available as a limited-option free or a full-featured paid version, and is referred to by many sites discussing this subject. It is also Woody’s go-to solution.3) Multihasher
This is another freeware utility, available from the author’s site and also from the major download sites. MrBrian uses this one.4) 7-Zip
7-Zip is a file archiver, which has the option to calculate a checksum. Open the program, navigate to the downloaded file, right click on the file, select Calculate Checksum. Alternatively, right click on the file, click 7-Zip, then Open Archive, where you can also right click the file, to select Calculate Checksum.
What about Digital Signatures:
Digital signatures on files can be verified by right-clicking on the file from Explorer, click Properties, select the Digital Signature tab, select the signer’s name, then click on Details. View Certificate is available in the new window that opens. This is for both the signer and the counter-signer.
Really Advanced Checking – Verifying Cyrptographically Signed Hashes:
To protect from tampered hashes, such as in hacked websites, some checksums (hashes) are cryptographically signed.
Additional resources:
bhoover.com
maketecheasier.com -
July 4, 2017 at 9:15 am #123201
AlexEiffel
AskWoody_MVPTo add the checksum to context menu in Windows:
http://winaero.com/blog/add-file-hash-context-menu-windows-10/
No, you don’t have any reason no more to not check the checksum. If you find it too hard to right-click on the file and select the checksum you want, there is nothing else that can help you.
-
July 8, 2017 at 8:14 am #123818
anonymous
Guest-
July 9, 2017 at 11:14 pm #124101
-
-
July 8, 2017 at 8:26 am #123820
anonymous
Guest-
July 8, 2017 at 2:23 pm #123860
Kirsty
Da BossThe file’s checksum is provided by many software developers.
Where is the Checksum found?
Often, checksums are published on the download pages, and may be called a File Hash or similar.i.e., from Multihasher’s download page (linked above)
Attachments:
You must be logged in to access attached files.
-
-
July 8, 2017 at 9:04 am #123827
anonymous
GuestLet’s not forget that it is always important to consider the source of anything downloaded from the Internet. Verification of hashes/checksums is useful but it not a guarantee that the downloaded item is free of malware. It only serves to establish that the download received is the content that the person/service/company/hosting website intended to distribute. One should also consider the possibility that if a site has been compromised to serve up a tampered file then the hashes/checksums posted on the site for verification purposes could also have been altered to match with the compromised file. Even if hashes/checksums verify one should consider running a scanner on the downloaded item as an added measure of security. Again, consider the source. A high risk source justifies extra caution.
There is always an element of risk involved and we are, unfortunately, substantially dependent on the security precautions of the data providers to ensure the integrity of offered downloads.
3 users thanked author for this post.
-
July 9, 2017 at 10:22 am #123975
JohnW
AskWoody LoungerAnother handy free utility for this task, courtesy of NirSoft, a reliable source of utilities.
HashMyFiles v2.23
http://www.nirsoft.net/utils/hash_my_files.html
-
July 10, 2017 at 6:22 am #124139
Spiff
AskWoody LoungerIn reply to JohnW, July 9, 2017,
You mention NirSoft’s HashMyFiles.
However, NirSoft’s HashMyFiles calculates only MD5 and SHA1 hashes.
As mentioned by Kirsty, MD5 and SHA1 hashes are no longer suitable for checking file security.
Therefore, NirSoft’s HashMyFiles is not suitable for checking file security.
-
-
July 10, 2017 at 6:14 am #124138
Spiff
AskWoody LoungerIn reply to AKB1000006: Checksum Verification of Downloaded Files, by Kirsty, published 4 July 2017 | Rev 1.0
If one wants to use a utility for checking checksums, shouldn’t that application be digitally signed?
The mentioned MD5 & SHA Checksum Utility, Multihasher and also 7-Zip are not digitally signed.Some other are utilities for checking checksums are digitally signed.
There is DigitalVolcano Hash Tool:
https://www.digitalvolcano.co.uk/hash.htmlAnd if you want a shell extension, that integrates into Windows Explorer file properties, there is Implbits HashTab:
http://implbits.com/products/hashtab/And another shell extension, that integrates into Windows Explorer file properties, is Febooti Hash & CRC:
http://www.febooti.com/products/filetweak/members/hash-and-crc/ -
July 10, 2017 at 8:18 am #124142
JohnW
AskWoody LoungerIn reply to JohnW, July 9, 2017, You mention NirSoft’s HashMyFiles. However, NirSoft’s HashMyFiles calculates only MD5 and SHA1 hashes. As mentioned by Kirsty, MD5 and SHA1 hashes are no longer suitable for checking file security. Therefore, NirSoft’s HashMyFiles is not suitable for checking file security.
With all due respect, you are clearly misinformed about that. I don’t know what version you are looking at, but he has added support for SHA-256, SHA-512, SHA-384, and CRC32.
I just dropped a file into HashMyFiles, and got all of those results…
1 user thanked author for this post.
-
July 10, 2017 at 8:30 am #124144
JohnW
AskWoody LoungerIn reply to AKB1000006: Checksum Verification of Downloaded Files, by Kirsty, published 4 July 2017 | Rev 1.0 If one wants to use a utility for checking checksums, shouldn’t that application be digitally signed? The mentioned MD5 & SHA Checksum Utility, Multihasher and also 7-Zip are not digitally signed. Some other are utilities for checking checksums are digitally signed. There is DigitalVolcano Hash Tool: https://www.digitalvolcano.co.uk/hash.html And if you want a shell extension, that integrates into Windows Explorer file properties, there is Implbits HashTab: http://implbits.com/products/hashtab/ And another shell extension, that integrates into Windows Explorer file properties, is Febooti Hash & CRC: http://www.febooti.com/products/filetweak/members/hash-and-crc/
HashMyFiles is digitally signed and passes VirusTotal scans.
It also has a optional Windows Explorer context menu so you can launch it from any file in Explorer. Also lets you add a context menu option to launch any file in the VirusTotal web site.
All in all, a simple, complete solution that is up to date and verified.
-
July 10, 2017 at 8:55 am #124147
Spiff
AskWoody LoungerWith all due respect, you are clearly misinformed about that. I don’t know what version you are looking at, but he has added support for SHA-256, SHA-512, SHA-384, and CRC32.
Thanks very much.
You are right, of course.
I based my earlier comment on NirSoft’s description, “HashMyFiles is small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. […]”
I missed the info regarding SHA-256, SHA-512, and SHA-384 in Versions History.
It would be welcome if NirSoft added that information under Description. -
July 11, 2017 at 6:34 am #124293
-
July 11, 2017 at 10:47 pm #124429
anonymous
GuestThere is also:
http://www.softdevlabs.com/downloads#HashCheck
I wrote it myself so I know it’s good. 😉
“Fish” (David B. Trout)
Software Development Laboratories
http://www.softdevlabs.comEDIT html to text
-
-
AuthorPosts
Viewing 11 reply threads - This topic has 16 replies, 5 voices, and was last updated 3 years, 6 months ago by
-
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.
Search The Lounge
Recent Replies
Alex5723 on Hard Drive at 100% usage
8 minutes agomn-- on Giving you the choice
12 minutes agoanonymous on Windows 10 Latest Patch: KB 4598242
21 minutes agoKirsty on Giving you the choice
23 minutes agoAlex5723 on Giving you the choice
30 minutes agodoriel on Is this the best science fiction show ever?
30 minutes agoanonymous on Windows 10 Latest Patch: KB 4598242
39 minutes agoPaul T on New Computer – Windows 10 1903
47 minutes agoRick Corbett on New Computer – Windows 10 1903
1 hour, 13 minutes agoMele20 on Giving you the choice
1 hour, 17 minutes agoMele20 on Giving you the choice
1 hour, 21 minutes agoanonymous on Hard Drive at 100% usage
1 hour, 24 minutes agoanonymous on Hard Drive at 100% usage
1 hour, 24 minutes agoRick Corbett on Hard Drive at 100% usage
1 hour, 56 minutes agoBundaburra on Windows 10 Latest Patch: KB 4598242
1 hour, 59 minutes agoSusan Bradley on Giving you the choice
2 hours, 1 minute agoanonymous on Giving you the choice
2 hours, 1 minute agoanonymous on Giving you the choice
2 hours, 1 minute agoKirsty on Giving you the choice
3 hours, Just nowECWS on New Computer – Windows 10 1903
3 hours, 30 minutes agoanonymous on Giving you the choice
3 hours, 38 minutes agoBob99 on New Computer – Windows 10 1903
3 hours, 55 minutes agoOscarCP on Giving you the choice
4 hours, 5 minutes agoECWS on New Computer – Windows 10 1903
4 hours, 6 minutes agoECWS on New Computer – Windows 10 1903
4 hours, 15 minutes agoBob99 on New Computer – Windows 10 1903
4 hours, 16 minutes agoOscarCP on Giving you the choice
4 hours, 16 minutes agoBob99 on New Computer – Windows 10 1903
4 hours, 20 minutes agobratkinson on Hard Drive at 100% usage
4 hours, 21 minutes agoNathan Parker on Apple to block sideloading iOS apps on M1
4 hours, 21 minutes ago
Recent Topics
-
Hard Drive at 100% usage
9 minutes ago
-
Checking e-mail attachments with VirusTotal
10 hours, 58 minutes ago
-
Giving you the choice
13 minutes ago
-
outlook 365 emails not queueing
15 hours, 9 minutes ago
-
Need a Great Rules Add-in for Outlook 2019
17 hours, 25 minutes ago
-
Mouse settings NOT preserved after reboot
12 hours, 31 minutes ago
-
Apple News Wrap Up: January 17, 2021
14 hours, 50 minutes ago
-
Tasks for the weekend – January 16, 2021
21 hours, 7 minutes ago
-
Use Word to Create Awesome Signs
1 day, 5 hours ago
-
Zero day Windows 10 bug
8 hours, 24 minutes ago
-
KB4598242 fails to install, in rollback loop 2021-01 cum upate
11 hours, 2 minutes ago
-
Updates paused but not?
12 hours, 56 minutes ago
-
Security update for Secure Boot DBX can be skipped (KB4535680)
15 hours, 42 minutes ago
-
Copying Folder Names Into Excel
9 hours, 56 minutes ago
-
The iPhone Companion
1 day, 20 hours ago
-
Apple Tips : 9 tips to take control of your privacy on iPhone
1 day, 20 hours ago
-
Internet drops briefly
1 day, 20 hours ago
-
A Zero-day Windows 10 bug corrupts your hard drive on seeing this file’s icon
1 day, 3 hours ago
-
Windows 7 ESU year two oddities
14 hours, 4 minutes ago
-
Color Rendering in PowerPoint 2019 Export to Video Function
2 days, 9 hours ago
-
WiFi Security Alerts after moving from 1909 to 2004
1 day, 14 hours ago
-
The MacBook Pro pre-2016 is back
1 day, 9 hours ago
-
What Is the Latest Stable Version of Windows 10?
1 day, 13 hours ago
-
OOMA vs MagicJack
1 day, 9 hours ago
-
Want 7GB of extra disk space?
2 days, 17 hours ago
-
Windows 10X and its purpose
2 days, 20 hours ago
-
Neither Exchange nor GMail will connect
2 days, 13 hours ago
-
Tweaking spreadsheet data
17 hours, 2 minutes ago
-
Windows 10 Latest Patch: KB 4598242
40 minutes ago
-
Firefox Browser Replacement – Opera
3 days, 12 hours ago
Search for Topics
Recent blog posts
- Giving you the choice
- Tasks for the weekend – January 16, 2021
- Zero day Windows 10 bug
- Security update for Secure Boot DBX can be skipped (KB4535680)
- Windows 7 ESU year two oddities
- Attention partners: Microsoft really is coming for your clients this time
- January 2021 updates are here
- MS-DEFCON 2 – Get ready for January updates
Key Links
Copyright © 2004 – 2021 AskWoody Tech LLC. All rights reserved.