- Be cautious of malware disguised as popular software or websites promoted through search ads.
- Avoid downloading software from mirror sites and instead use the original source or trusted app stores.
It’s easy to accidentally download malware when searching for an application or game, even when you think you’re being careful. There are a few ways you can make sure you download software on your computer from the original source or a trusted repository.
Hackers and malware developers have been using Google search ads to promote pages for 7-Zip, VLC Media Player, CCleaner, and other popular software. The duplicate pages often look nearly identical to the actual websites, but with downloads that can harm your computer if it’s not automatically detected as malware. The same method is also being used to create fake links to Facebook, YouTube, and other sites. Security researchers have found malware being promoted in Bing search ads as well.
The malicious search ads are just one way hackers can trick you into installing maclicious software, on top of all the other classic methods: fake emails, ads on other web content, social media, and more.
Don’t Download from Mirror Sites
There are many sites that host copies of popular free software, which were especially popular in the 1990s and early 2000s. They were helpful in the era before search engines became more prevelant, but many of them used custom installers for software that would load up your PC with extra junk. Back in 2015, we tried downloading the top 10 apps from Download.com, which installed conflicting malware/virus protection software and browser redirects.
Some popular download sites have cleaned up their act since then, while others have shut down entirely, but it’s still not a good idea to download software from anywhere other than the original source or an approved mirror. For example, if you want VLC Media Player, you should be downloading directly from VideoLAN.org or the project’s own listings on the Google Play Store, Apple App Store, or other official sources linked from that website.
Avoid Search Engine Ads
There’s a simple way to avoid the scam download links that are becoming more common on search engine results: don’t click anything that says “Sponsored” or “Ad”. Those are results from companies paying to be at the top of a certain search query—for example, Ford paying to be the top result for someone searching for competing Chevy vehicles in the below screenshot.
Google, Bing, and other search engines are not great at validating these links, so sponsored/ad links for software could lead you to malware. It’s safer to scroll past them and check the top non-sponsored results for a given search query.
Check App Stores
Microsoft Windows has had its own app store since the Windows 8 days, now known as the Microsoft Store, and the Mac App Store was introduced in 2011. If you need to download a popular app on your Windows PC or Mac, it might be the first place you should look.
The official app stores on Windows and macOS are generally the safest places to find and install software for your computer. Microsoft has policies and automated checks designed to block malware and other malicious software from appearing in the Microsoft Store on Windows, and Apple also has strict requirements about what can be listed in its App Store.
There are definitely apps in both stores that can be regarded as spam or not useful, but actual malware is exceedingly rare. The Microsoft Store has occasional problems with sketchy software, but they are removed when issues are discovered, and it has definitely been cleaned up over the past few years. Most big app developers ignored the Store for its first few years of existence, but now there are official listings for Adobe Photoshop, iTunes, TikTok, VLC Media Player, Mozilla Firefox, and more.
Most desktop Linux distributions have integrated software repositories and package managers that effectively act like app stores, and there are third-party software repositories for many platforms . Homebrew is a popular software repository for macOS, primarily aimed at command-line tools and developer utilities, and Chocolatey is a similar alternative for Windows. However, you have to trust that malware isn’t sneaking into those repositories.
Scan Your Downloads with VirusTotal
VirusTotal scans submitted files and links using a variety of different antivirus programs and compares the submitted file to other files on record. If you do download apps from potentially suspect places, or you just want to be extra sure, you can always upload the file to VirusTotal to confirm that it is safe. It isn’t a perfect option, and may not catch every piece of malware out there, but it does provide another layer of security if you want it.
It’s more important than ever to double-check where you’re downloading software. Be alert for suspect behavior. Even though we’ve come a long way, and platforms like Windows and macOS are trying to keep users safe, it’s a cat-and-mouse battle that will probably go on forever.