Use A Hazel Script To Automatically Verify Downloads On A Mac

Use a Hazel Script to Automatically Verify Downloads on a Mac

Mac: Over the weekend, nasty, but small scale little piece of ransomware was found in the Transmission BitTorrent client. One way to avoid this type of malware infection is to verify the checksums for anything you download. Blogger Jacob Salmela created a script for the Mac file manager, Hazel that verifies downloads automatically. A lot of developers post checksums or hashes alongside their download links so you can verify that what you download is legit software. A checksum is a mathematical calculation run on a file. If a file has been altered, the checksum will be different than what the developer posts. That means you can usually verify the validity of a file you download by comparing the two numbers. You can do this verification on your Mac super easily with a few terminal commands, but Salmela's Hazel script automatically scrubs your downloads folder for you. Once you set it up, Hazel creates a pop-up so you can compare the numbers. It makes that simple precaution of verifying checksums a little easier. Head over to Salmela's site for the full guide.

Prevent Ransomware By Automatically Finding the Checksum of Downloaded Files [Jacob Salmela]


Comments

    If someone has taken the time to hack a site and replace a download with a dodgy file, they are going to replace the checksum as well. Checking a file against a checksum on the same site is next to pointless. The only thing you'd be checking against is if the file has been modified in transit. SSL should be dealing with that, these days.

    The only way a hash check could be useful is if you can get the hash from an independent source, assuming that source hasn't been hacked as well.

    Bottom line is that these MD5 files, well intentioned as they are, can't actually achieve what they purport to. Like a lot of things on the web, the fact that 'everybody's doing it' doesn't make it useful.

Join the discussion!

Trending Stories Right Now