Trusted and secure applications
"Planting" malware as part of another piece of software or application is a popular method of distributing it. There are several ways to insert such malicious code into an application, but the most common are the following ones:
- Modifying the code of the original software and making it available on unofficial sites (often as a "special offer" or even free of charge).
- Impersonating an application (similar appearance, logos and layout, but completely different operation).
Therefore, when dealing with computer software, always try to download it from the official websites of its authors. Many of them provide a so-called "hash", or checksum, for the file on their website. If you’re in doubt about the authenticity of the installation file you downloaded, you can check its checksum (just type file hash calculator in the browser and choose one of the free calculators) and then compare it with the one provided by the manufacturer. If they don’t match, don’t install the program using this file as it must have been altered in some way. The same solution can be applied to any file type.
When downloading apps from a store (Microsoft Store, Google Play, App Store, etc.), there are always a few aspects to consider:
- The publisher of the app – whether it’s a genuine app from a verified developer, or just a "fake" one pretending to be a popular piece of software and using its logo (as mentioned earlier). More often than not, applications added to app stores are only checked by an automatic engine, which sometimes performs an erroneous verification and allows such applications into the store (this problem particularly affects Google Play).
- The number of downloads, as well as other users’ ratings and comments. You should have more confidence in an app that has been downloaded millions of times with an average rating of 4 out of 5 stars than one with a hundred downloads, rated 5 by everyone. Comments can carry a great deal of useful information that isn’t mentioned by the authors. However, you should take into account the fact that people are much more willing to share negative opinions than positive ones.
- Before (or during) the installation of a program on a mobile device, you should pay attention to what permissions it requests and grant only those necessary for it to work properly. For example, a photo retouching application shouldn’t ask you to access your contact list. If it requires you to grant excessive authorisation without explaining why it’s needed, you should definitely look elsewhere.