Even though it is frowned upon, lots of us download copyrighted content online – legally and otherwise – from questionable sources. Be it may via BitTorrent trackers, Usenet, IRC or file sharing forums, there is no dearth of shady distributors of pirated content online.
Why are so many people willing to offer pirated content to you? To ensure that everyone of us can enjoy over-priced & DRM-ridden copyrighted material? Yes and no. Except for a few, the rest have an ulterior motive for peddling malware & spyware.
Often times software downloaded from these shady sites are tampered with to include backdoors and malware. And in recent times, fake audio and video files in zipped archives which when extracted and played, download spyware in the guise of acquiring codecs.
For the unsuspecting soul who thinks a file downloaded for free is awesome, here is an an opportunity to learn about the digital trapdoors, ways to avoid them and how to verify if it is the real deal before installing so that you can enjoy secure downloading.
Install Proper Tools
Getting an anti-virus is the first line of defense and it is better to get the comprehensive internet security pack complete with a firewall, anti-spyware etc. All of the downloaded files have to be scanned and make sure you have option to scan inside zipped archives turned on by default. Check out some free security tools here.
Secondly, use the most recent version of either Firefox or Chrome. Both the browsers have a fabulous built-in domain name checking engine. If there is a site that hosts & distributes malware, they are blocked and you will be shown a warning.
When you see either one of the following screens, find an alternate URL to download. If you want to be more immune to harmful sites consider installing some Firefox security addons.
Using Internet Explorer (definitely not IE 6) or Opera is alright but lack of security plugins takes them to the bottom of my list.
Find the Right Source
Pirating a copyrighted content is not a gimmick that every Tom, Dick and Harry can do. It needs exclusive access to pre-release material and some ninja reverse-engineering tricks. They are called SCENE groups and there are plenty of iconic names specializing in only one of the verticals (say movies, TV shows, software, games etc.).
Their first point of release would be leading Internet Relay Chat (IRC) channels, Usenet groups and Bittorrent trackers. Pointing you towards those sources is not exactly ethical and hence you should do some searching to find the right source.
For example, if you are looking for a TV show from a popular Bittorrent tracker, find the torrent files with the highest number of seeds and find who uploaded it. Check their track record, how long they have been uploading torrent files and most importantly if they have a verified account there. Checking the comments section of the torrent file also will save you a lot of time and bandwidth.
In the case of forums, find the ones with a lot of members and threads. It’s extremely easy to begin a file sharing forum and distribute malware. Also, make sure to get the links from threads started by moderators or long serving members with a significant number of posts and reputation points.
Verify File Integrity
SCENE groups in almost all cases add a checksum file to check the integrity of the file. Checksum is like a unique digital signature of a file generated using algorithms to indicate that the file is its intended form.
Now if the file is tampered with, the checksums will not match the ones that were originally generated. Even a tiny change like renaming a file will result in the checksum error. Some of the common checksum formats are EXF, MD5, SHA, SFV.
To verify the integrity of files using checksum, we will need a free tool like Exactfile. While installing, keep all the checksum formats to be associated checked as it makes it easy to run the verification in just a single click.
Once you have downloaded the file, scan for viruses and extract it. Now, since we have associated all the common checksum file formats to Exactfile, just click on the file with the Exactfile logo (a stylish X) and the file verification will begin.
As you can see, I renamed a file from the same folder and a error is shown after the verification. So you can be confident that the file is in its original form released by the reliable SCENE group and you are good to go.
I strongly suggest you to verify file integrity when it comes downloading software from questionable sources. And if you opt to download scripts & server software, I can assure that you will be exposed to serious danger if the files are installed without any verification.
I would not delve into preaching mode by saying that it is illegal & unethical to download pirated files. It’s a judgment call to be made by the individual, however, reckless pirating does hurt the developer/creator ecosystem which is definitely a bad thing. If you like the material you downloaded, fork out a few bucks to support the one who spent a chunk of life creating it in the first place.
Is there a tip you would like to share with the rest of us to escape from malware-ridden content?