checksum questions

hello i recently DLed hashcal after reading this thread.
in post 9. it appears that peakaboo had the checksum before the download. how do you do that?
also, i have kerio's MD5 checker, would that mean that im fairy safe and dont really need to use hashcal?
and, one more question, could you point me in the right direction to read-up on this subject?
thank you

 

Hi,

You can find some Checksum-tools here at the List of Lists:
http://lists.gpick.com./pages/Checksum_Tools.htm

I would certainly advice also to have a look at CryptoSuite from DiamondSC !
http://www.diamondcs.com.au/cryptosuite/

I don't have Kerio.

But in general : there are differences in the way Checksums are used:

1.
You download a file from a website.
That website gives the checksum of that file and the HASH algorithm used to calculate that checksum.
Now you want to verify whether the file that you have downloaded, has the same checksum as mentioned on that site.
So you need a simply utility to do that for you. It calculates that checksum (of course it has use the same HASH algorithm as used on that website!!!).
Usually the HASH algorithm used for this, is MD5.
It is easy if your Checksum utility has the option to put it in the right-click-context-menu of Windows Explorer.

2.
Now about your firewall (Kerio in your case).
This is a completely different situation.
Most modern firewalls has this ability.
What it does, is:
It checks whether a program that you have allowed to get access to the internet, has been changed.
It does this automatically by calculating its checksum (usually using the MD5 HASH algorithm) and comparing that checksum to the one your firewall previously calculated for that program.
If those checksums are not the same, then there is certainly reason to be worried (unless the program was legitimate upgraded of course). Your firewall will alert you about this. It could be that you have a Trojan on your system. So you have to check by all kind of ways (AV/AT/Anti-spyware, etc) what has happened.
As you see, this is a completely different use of checksum-checking.

3.
And here comes another way for using checksums:
It is another layer of your security set-up.
First some examples:
- FileChecker from Javacool.
- NIS File Check (see the now archieved forum at the bottom of the Wilders-forum).
- Inspector in KAV Personal Pro.
- ADInf32 (pro) from the same company that makes the AV Dr.Web.
What do these programs?
They make a database (each in their own way) of files on your system with their checksum.
You can run them frequently to see whether a file has been changed.
It is always up to you to decide whether such a change is legitimate or not.
But it is most definitely a great other layer to your security.
Of course there are all kind of differences between those programs.

4.
And again another way to use checksums:
Now we are talking about great security programs like for example ProcessGuard from DiamondCS.
It adds most definitely a very great amount of security to your system.
I would like to point to the PG-forum here at Wilders, and to its site:
http://www.diamondcs.com.au/processguard/
(Other people use for example SSM or TineTrojanTrap).


I hope this all helps you a little bit
Cheers, Jan.

 

thank you very much for taking the time to help, FanJ. lots of infomation to take in . but, say i want to download here i dont understand where the checksum is, so how do i check to see if the downloaded file has the correct checksum after the download is complete? this is the way i understand it

• before downloading, you take the checksum
• after downloading you check to see if they have the same checksum

also, have you, or anyone used HashCalc?

Major features:

* Support of 12 well-known and documented hash and checksum algorithms: MD2, MD4, MD5, SHA-1, SHA-2( 256, 384, 512), RIPEMD-160, PANAMA, TIGER, ADLER32, CRC32.
* Support of a custom hash algorithm (MD4-based) used in eDonkey and eMule applications. (New in Version 2.0)
* Support of 2 modes of calculations: HASH/CHECKSUM and HMAC.
* Support of 3 input data formats: files, text strings and hex strings.
* Work with large size files. (Tested on files with size up to 15 GB.).
* Support of files drag-and-drop functionality.
* Quick and simple installation.
thank you

 

Hi iceni60,

I had a quick look there.
I didn't seem to see a checksum mentioned there (nor with which algorithm it was calculated).
So there is no way to check it !!!

It is the website that tells you the checksum of a file (and the algorithm used).
If the website doesn't do that, there is no way for you to check whether you have the right file. Well, of course you could (AFTER downloading the file) calculate a checksum for it and then ask other people whether they have the same

No, I don't have that one, sorry...
I have for example: CryptoSuite from DCS, Hasher from Karen, DigestIt2003, and a few more

Cheers, Jan.

 

i just downloaded one of the right-clicking Checksum Verifiers(thanks for the advice FanJ)
the checksum was given next to the download. so, it looks like not all downloads give the checksum before the download?

i was able to check the checksum useing hashcal and they matched-up . although the checksum next to the download had all the letters in capitals, whereas, hashcal gave them in small letters; thats ok isn't it?

id been meaning to ask about this for a while. im very happy to be finally understanding this subject. thanks
EDIT i just saw your post. thank you for your time

 

Hi,

About capitals : no problem !

I take for example my Ad-Aware SE Pro file Ad-Aware.exe
I calculate the MD5 HASH with both DigestIt2003 and CryptoSuite:

DigestIt:
75979f32ffe257b544d0da158bc3169e

CryptoSuite:
75979F32FFE257B544D0DA158BC3169E

 

A side-note about websites mentioning the checksum of a file:

More than once I have noticed that a website does not give the right checksum (maybe due to the fact that the file was updated but they forgot to also update its checksum ).

 

FanJ, i have a copy of fingerprint that i downloaded, but havent installed, from a while ago. would you suggest useing that to make a databse?

 

if the checksums output in hex, that would explain the use of capital or lowercase letters. a=10, b=11, c=12, d=13, e=14, f=15

md5 is probably the most common checksum for files. a lot of open-source software will provide an md5sum. it's best to get that md5sum from an official source. if you just need file integrity on downloads, a mirror site will be fine.

 

thank you, xmp

 

As useful as this thread is, I see that one rather major area is not addressed.

Assuming you intend to run one of those on demand MD5 hash checkers say once a week, what are the critical files you should check?

Obviously antiviruses, firewalls, browsers?? etc are one of those you should check? Should you check everything in the antivirus directory? Or just the main exe?

When it comes to critical windows files it's get even more murky, Do you just check everything in the windows directory?

The problem is , if you check stuff that changes too often, you will never know if it's due to "normal" changes, or if something fishy is going on.

 

thanks for the links LowWaterMark