Dangit! The power went out in the middle of the new episode of "Game of Thrones," leaving only half the episode on your DVR. Your friends are coming over tomorrow night for a watching party, so you decide to download the episode illegally -- just this once -- to save your shindig.
Everything's going well until you try to use your computer after the download. You get weird pop-ups; programs that normally open up instantly are acting sluggish, and then your whole computer crashes. Chances are you picked up some malware -- a computer virus, spyware, or other damaging software -- along with Tyrion Lannister's latest scheme.
How can you tell if you're opening up a legit download site or if the file you grabbed is packed with viruses? The short answer is that you can rarely be 100 percent certain a download itself is OK.
Think of peer to peer sites as big locker rooms: the site provides a place for individuals to share files, and the site owners don't monitor each file that a user uploads. Sure, the room itself could have hazards, but even at a reputable gym, the owner can't control what customers are keeping in every locker. If you want a truly safe download, you need to find not only a trustworthy site but remember that each file you download could contain malware.
Downloading files isn't the only way to get malware on your machine, though. Sometimes just loading a website can expose your computer to malicious software [source: Google]. This is sometimes called a "drive by download," because it happens without you doing anything but loading the website [source: Malware Prevention]. That means that before you download a thing, you should look for a trusted file-sharing site. Here are other some signals that should give you pause before you download:
The Site is Covered in Ads and Pop-Ups
Bad design alone doesn't make a website malicious, but here are some cues that you might want to navigate away. If you're bombarded with flashing ads and pop-ups, and the focus of the site is to advertise and not to provide content, beware!
Pop-up ads on a Web site are annoying, but chances are they're not hurting your computer, unless the site serves up so many that your computer slows down dealing with all of those new browser windows. The sort of pop-up that should send up a red flag, though, is any dialog box that appears when you first pull up the site, before you've tried to actively download anything. If you load a download site and a dialog box -- a pop up box with a message or warning and the option to click either "OK" or "cancel" -- appears, do not click OK! You could be giving permission to install something – which could be malware. Instead, close the website immediately [source: Malware Prevention].
There are some pop-up ads that masquerade as these dialog boxes, and these external ads don't necessarily mean the download site is malicious. These ads look like mini browser windows and may appear without the address bar at the top. A real dialog box will just contain the message and the OK and Cancel buttons.
It's a Peer to Peer Site
Not all download sites are peer to peer sharing sites. Peer to peer file sharing is the locker room scenario we talked about earlier. Peer to peer, or P2P, sites are just conduits for users to upload and download files. Even if the site itself isn't malicious, you're trusting hundreds or even thousands of strangers to only share what they say they're sharing and nothing more.
There are more reputable peer to peer download sites out there, like RapidShare and MediaFire. Just visiting these sites shouldn't put your computer at risk, but a lot of the material on there is illegal, like pirated TV shows, movies, and software. There's nothing stopping users from sharing infected files, sometimes without even knowing it. If one user downloads a pirated episode of "Weeds" that's infected with malware, he can then share that file on a peer to peer site without realizing that he's spreading malware around.
If you're looking to download music from your favorite band, you might want to check out their official website before you do any illegal downloading. Services like Bandcamp allow bands to offer their music to fans for free, a set price or using a "pay what you want" model [source: Bandcamp]. The Bandcamp site itself isn't a file-sharing website, though. It's just a tool that bands can use to sell their music or offer it to fans for free.
The URL looks a Little Bit Fishy
Sometimes you can tell if a site is malicious just by taking a look at the URL: the actual web address. For example, a site with a name like BitTorrent.com is more trustworthy than something like free-movie-downloads-for-you.com.bz. A 2009 study looked at properties of a URL that could indicate a malicious website and found a few naming styles that should set off alarm bells in your head [source: Ma].
- Is the .com (or .net or .org) in the wrong place? For example, is the URL ebay.com or ebay.com.phishy.biz? In the second scenario, the .com isn't the suffix for the URL, it's a subdomain they're using to make the URL intentionally misleading.
- Does the domain name seem way too long? Researchers found that extremely long domain names, like freedownloadsforyouandyourfriends.com, are more risky than shorter names like rapidshare.com.
- Are there a lot of delimiters in the domain name? A delimiter is a symbol like a dash, underscore, or even a question mark to break up text. This kind of goes hand in hand with long domain names. You want to avoid sites with names like download_your-favorite?movies.com.
Another red flag is something called "keyword stuffing." This is a search engine optimization tool that shady web designers sometimes use to get their sites to rank high in search engines like Google [source: Emisoft]. A reputable site doesn't have to call itself free-music-downloads.com and use the phrase "free music downloads" in every sentence on the site's main page to come up as the top search result when you Google "free music downloads."
Your Browser Doesn't Trust It
Modern browsers like Firefox, Google Chrome, and Safari can protect you from malicious websites by stopping you before you open a potentially harmful page. Developers build some security right into the web browser by maintaining and constantly updating lists of blacklisted websites.
Chrome's Safe Browsing feature is a great example. Using Google's web indexing power, Chrome checks every site you visit to see if it's been flagged for malware or phishing scams, and if you click on a suspect site, it takes you to a warning window before it takes you to the page itself [source: Provos]. You can still choose to visit the site, but if you're visiting a new-to-you download site and you get Chrome's red warning window, you're better off staying away.
If you're a Firefox, Chrome, Internet Explorer, Safari, or Opera user, you can also download a free plugin or extension called Web of Trust (WOT). This plugin integrates with your search engine results to tell you if a site is safe to visit. It ranks sites using a traffic light system: green for safe, yellow if they aren't sure, and red if the site is dangerous. The colored icons appear right on your page of search results, so you'll know which sites -- download sites included -- you can and can't trust at a glance.
The trouble with malicious sites is that new ones pop up all the time, so it's important to keep your browser up to date. When you update your browser, you're not just getting new features. You're also updating that list of dangerous websites.
It Doesn't Pass the Pro Tests
Still not sure if the download site you're looking at is legit? You can get proactive! Check up on that Web site before you click.
There are services out there that will analyze a URL and tell you if it's blacklisted or contains malicious content. These services work in one of two ways. Some of them look at past data about the website -- if it's on any blacklists, for example -- to determine whether it's safe. Others actually scan the website on the spot to see if it contains malware. IT pro Lenny Zeltser has a list of tools that you can use to look up any website to find out if it's legit. Just go to any of the sites on his list, type in the download site's address, and see what results you get.
You can also see what other people are saying about the download site that you're considering. You'll find reviews and discussion about more reputable download sites like BitTorrent and Usenet, but chances are totallyawesomedownloads.biz won't get a mention. The trick here is to stick to reliable sources like PC Magazine, Mac World, CNET, ZDNET, and Tech Crunch. If you can't find mentions of the download site you want to use on any of these tech resources, you might want to do a little more Googling before you visit the site or download anything from it.
While download sites might be more likely to contain malicious software, pretty much any site on the Web has the potential to infect your computer. You should take extra care when you're browsing download sites, but really any time you're visiting an unfamiliar website for the first time, caution is key.
Google is redesigning the way we use email. HowStuffWorks delves into the changes.
Author's Note: 5 Signs that Download Site Isn't Legit
File sharing and media downloads really aren't my thing. I think the last time I downloaded free music was back in college during the original Napster days, and who knows what viruses my roommates and I unknowingly installed on our Gateway computers at the time. Luckily, I had a few anonymous sources for this article that pointed me towards a few reputable download sites that they trust and shared some common pitfalls when you're doing any kind of peer to peer file sharing.
You can consider this author's note a bonus tip on how to download free media safely: bribe a savvy friend into doing it for you. Save your computer and barter some homemade cupcakes for the files you want, because -- as you probably gleaned from this article -- if you don't know what you're doing, downloading files from the Internet is pretty risky.
- Bandcamp. "Features." (August 6, 2012) http://bandcamp.com/features/
- Emisoft. "May 21st the end of the world? (But malware still alive!)" May 18, 2011. (August 6, 2012) http://blog.emsisoft.com/2011/05/18/end-of-the-world-may-21st-but-malware-still-alive
- Geier, Eric. "How to Remove Malware from Your Windows PC." PC World. November 15, 2011. (Aug. 21, 2012) http://www.pcworld.com/article/243818/how_to_remove_malware_from_your_windows_pc.html
- Google. "Malware." Stay Safe Online. (Aug. 6, 2012) http://www.google.com/goodtoknow/online-safety/malware/
- Ma, J. "Identifying Suspicious URLs: An Application of Large-Scale Online Learning." Department of Science & Computer Engineering, UC San Diego. 2009. (Aug. 6, 2012) https://docs.google.com/viewer?a=v&q=cache:UTPe80Z6KkIJ:cseweb.ucsd.edu/~voelker/pubs/mal-URL-icml09.pdf+&hl=en&gl=us&pid=bl&srcid=ADGEESg7fHTmeg4toh9ThJb1aW89Ks3rvuSEvdTu0Afrb8rdF8crd4w2Yoc9v43nyBLatbsI51aquFqugeoFtojTn6Hbe83RBLhckrQM7JZj7fQuLPP3h5jZPRFNW9pnvM7MTaHqCs97&sig=AHIEtbTBzAANG4DrtX6WIe7PZ7ug2801JQ
- Malware Prevention. "Malware Prevention and Avoidance" (Aug. 6, 2012) http://www.malwarevault.com/prevention.html
- Malware Prevention. "OK so how does malware end up on a computer?" (Aug. 6, 2012) http://www.malwarevault.com/ways.html
- Provos, Niels. "All About Safe Browsing." The Chromium Blog. Jan. 31, 2012. (Aug. 6, 2012) http://blog.chromium.org/2012/01/all-about-safe-browsing.html
- University of Rochester. "Illegal Downloading – How Can You Avoid Digital Piracy?" Security Tip of the Week Archive. (Aug. 6, 2012) http://www.rochester.edu/its/security/securitytipofweek_archive.html#yourself37
- Zeltser, Lenny. "Free Online Tools for Looking Up Potentially Malicious Websites." (Aug. 6, 2012) http://zeltser.com/combating-malicious-software/lookup-malicious-websites.html