Accessing new software usually requires downloading the relevant files directly from the websites hosting them. Unfortunately, these are sometimes a little suspicious-looking. The worry then is that maybe, just maybe, you could be downloading a nasty piece of malware. This worry is one many of us have experienced.
This guide will tell you how to safely download and install software you find online. All it takes is a little bit of common sense mixed with a touch of uncommon knowledge to get the best and safest results.
Check the website address
We’ve written rather extensively on the differences between secured and unsecured websites, so we won’t rehash the whole spiel here. Simply put: before downloading software from a website, check the website address.
Look either for an HTTPS at the beginning of the address, or in the situations where your browser doesn’t always display the hypertext transfer protocol, look for a lock symbol. Websites with an HTTPS or lock symbol (often both) are secured through SSL/TLS encryption and have purchased a certificate to verify this fact.
This means they are, for all intents and purposes, far more difficult to hack. The files you download from those pages are far less likely to have been hijacked and less likely to be a safety concern. Websites without SSL/TLS encryption or without the requisite certificates to prove they utilize that type of security cannot guarantee you anything, even if they say they can.
Many sites have historically tried to avoid forking out for SSL certificates — which aren’t exactly cheap to purchase. Even the lowest level SSL certificate, “Secure Site” can cost several hundred dollars a year, if not more.
However, in 2017, browser began warning users when they were visiting certificate-less sites. This change, together with Google’s punishment of sites without SSL/TLS encryption, means that you’ll be hard-pressed to find sites not using appropriate security. If you do, then be very wary.
Make a visual assessment
This might seem a bit trite to say, but let your gut do the talking when you’ve hopped onto a website. Does it look and feel suspicious? Do you feel like your computer is catching viruses just by being connected to the web page? If so, you might want to consider moving away from that website as fast as possible. That is, of course, if your built-in web browser or antivirus software hasn’t already alerted you to the fact that the website is not safe or secure. On that note…
Use active virus and malware scanners
There’s almost no substitute for active virus and malware scanners. Not only can they scan your files before you install them, many will actually prevent you from downloading files that contain viruses and malware in them. This is a boon to you, and one of your best defenses against this kind of thing.
We’ve covered windows malware and adware removal extensively, with a few options we can recommend and some we don’t. If you are on a tight budget there are good products available from $20 yearly as we uncovered in our recent TotalAV review.
If you’re a Windows user, you should turn on Windows Defender. Windows Defender is Microsoft’s built-in active malware scanner. It will actively block any attempt to download suspicious files.
If you don’t trust the site, look for the software elsewhere
Simple, right? Sometimes, it’s easier to try to locate the same program hosted on a more secure website. However, there will be times where that’s simply not possible.
Some programs are so rare or uncommon that the only websites that do host them are exactly the ones you want to steer clear of. In those cases, it may still be in your best interest to use those websites but to employ a few methods to avoid getting duped into downloading the malware or files and programs you don’t actually want.
Some sites include very large advertisements on download pages that will occasionally look like download links. This is a common practice among many software hosting sites, and it’s not exactly a good one.
Instead of just giving you an obvious download link, these sites might place advertisements right beside the actual download link. Sometimes the ads are unrelated, and it’s easy to identify which link is the correct one almost immediately. Other times, it’s not.
This method is used to build advertising revenue through more clicks, playing on the fact that the human eye tends to scan websites quickly. Many people will instinctively click the first link that looks like the right download button without thinking about it first.
While you may not end up downloading unwanted software or malware if you click on such a link, this has been known to occur with many other websites utilizing this revenue tactic.
There are plenty of websites that don’t offer misleading download links. For example, TechSpot.
The download link you see on this website is the download link you want. You don’t get any misleading advertisements moving your eyes to other directions to trick you into hitting a link and downloading a file you don’t want.
In most cases, you can check the download link by hovering over what looks like the download, then checking the bottom of your browser. For example, when we hover over the download link on TechSpot, this is what we get at the bottom of the screen:
Here, we are on the BitDefender download page for TechSpot. Positively, the download link is to BitDefender. Some websites do not bring up the actual link when you hover, although you can still right-click the link, select “Copy Address” and paste the link into your address bar or a word processor to see what the link actually says.
Avoid download programs and installers
Repeat after me: I do not need a downloader or installer to install a program. Keep saying that to yourself. That way, when you run into a website that attempts to make you download a program with an installer or a download program, you’ll remember to avoid that site altogether and find that file hosted somewhere else.
These types of programs are often referred to as “potentially unwanted programs,” or PUPs. To be clear, you don’t need a download program or installer. This is because every operating system you might use is designed to unpack that software file and install it, while the program itself should have installation methods built into the software. Download programs and installers are essentially extraneous pieces of software that often pair the program you want into a piece of unneeded software — commonly adware.
Here are some simple definitions for you:
Freeware: any software that is completely free. You do not have to purchase it to use it.
Shareware: any software that is designed for limited, evaluation use, after which you must pay for the software to continue using it.
Trialware: a modern iteration of shareware. You can use the terms interchangeably.
Open source: any program that has openly published source code, which is available for free, and which is often continuously in development by the community.
Commercial software: any software that you must purchase in order to use.
Note that free downloads don’t necessarily mean free software. If a website tells you that you can download a program for free, be wary. Almost all software is available to download for free. Nobody makes you pay for the action of downloading. Pay attention to that tricky wording.
Installing software safely
Once you’ve found a reputable site to download your software and you’ve hit the download button, you’re still going to have to install the program. Here are a few quick tips for when you’re at the final stage.
Make sure your active malware or virus scanner has scanned the file
If this was not done, or you lack an active scanner, some programs do let you scan the file after downloading, but before installation. Some will even allow you to single out specific programs to scan by right clicking on the file name or icon.
During installation, always choose the “Custom” installation process
Many programs will come with multiple installation options. Instead of going for the “Quick” install option, instead, choose the “Custom” option. This will let you pick and choose which features you want to be installed. Sometimes, you may find that pieces of software come packed with additional software you don’t actually want and that may actually be malware. Examine the list of options when doing a “Custom” install and uncheck anything you don’t want.
Avoid giving out your email address during installation if you can
Some programs will ask for your email address once the download is nearly complete. In some cases, this is to sign up for an account with the website or service, yet far too often it’s just so that the company behind the software can spam your email. If the software requires no account, it’s best to avoid providing your contact information.
Of course, there are exceptions to this rule. Free software which requires no registration keys to install and use certainly doesn’t need to have your email address. However, for paid software that requires a registration key to operate, such as the latest game or a high-quality piece of creative software, like Adobe Photoshop, it’s in your best interest to register.
The main reason is data loss. If your computer crashes, or you lose all of your data, you may be forced to reinstall the program. Some programs have one-time use registration keys that are randomly generated upon purchase. Registration can help you avoid having to repurchase an expensive piece of software.
Trustworthy software sites
Not sure which sites you should trust the most? Here’s a list of those we consider to be trustworthy:
- SourceForge.net (may use downloaders/installers)
- FreewareFiles.com (may use downloaders/installers)