HashTab

Does anyone use this? Is it any good? Anyone know where I can find the MD5 hash of installers I download? Thanks.

 

I have used it for a while. Haven't noticed any problems.

I have also used this-

http://www.marxio-tools.net/en/marxio-fcv.php

 

Which do you prefer? Also how do I find the MD5 checksum of programs I want to install? Not all developers reveal this information. Am I going to have to individually contact each developer?

 

The checksum file should get saved in the same folder of the file you are calculating the checksum of.

I do not use the above mentioned utility, but I use something similar. Here http://code.kliu.org/hashcheck/

I recommend this above mentioned hashcheck utility, as I have used it extensively. The process is very simple. After installing the utility, you go to a file or a set of files and right click. either go to properties and checksums tab or if you want the checksum to be saved in a separate file, right click on the file and select "create checksum file". The checksum file should appear in the same folder.

EDIT: I am sorry, I misunderstood your question. Ignore the above. Typically software venders do not publish hash checksums of their softwares, as hash check is usually used to check whether the file is original (not tempered with) and venders assume that a customer downloading software installer from their website does not need this information, as obviously the installer from their site is original (authentic).

 

If you are referring to the tool that puts a hash tab on the properties window of any file, I use it now for maybe 4 years? It includes md5, sha1 and crc32 hashes in a tab labeled file hashes. Each hash also has a compare method to allow you to choose another file to compare against. I have never ever had an issue with it, and when checked against a known hash as like one from the vendor, it has always been correct. I don't even know what the program is called, as I put it into my unattended install years ago and have subsequently forgotten its name.

Sul.

 

Hi Raza,

There is always the possibility that someone has hacked into their site and bundled malware into the installer. Also if one happens to have downloaded the installer from a third party site, a hash check can help confirm that the installer has not been tempered with. I know the former scenario is unlikely but there are vendors who provide this information (eg syncback) on the basis that anything is possible.

 

Yea I think its the same program.

 

In that case it is a great tool. Like has been said, not everyone just posts the checksum. I most often use it though for comparing either versions or if something is named a little different. For example Intel drivers will sometimes be labeled differently after a year or so. I check on driver updates, and if in doubt I just download it. Then I compare the checksums of the one I downloaded to the one I already had. Often I find the same file with a different name. I do use it for checksums when the file actually has one published with it.

HTH.

Sul.

 

Hi Sully thanks for your contribution. I was wondering do you think its worthwhile getting in touch with vendors to get a checksum? Or should it be safe enough to download from the vendors site?

 

I ran the HashTab installer through virustotal and McAfee GW Edition, whatever that is identified it as Heuristic.BehavesLike.Win32.Dropper.K. Is this an FP?

Heres the download site:

http://beeblebrox.org/hashtab/

I was lead to this site by the memclean site. It is the vendors website. I think its prolly an fp so do you guys concur? Shall I go ahead and install it on my system?

 

Yeah but most software vendors do not think like that. So, you have to look at the situation from the vendors point of view. Microsoft on their MSDN site always release installers with their haskchecksums. I am assuming this is because they are afraid someone can take the installer modify it and redistribute it as genuine. Since MSDN is a developers site and the software is meant for techs and developers to run on their systems and see if the software is buggy etc, hence the need for microsoft to post cheksums. I notice that they usually do not post checksums for their retail installers.

I just ran the installer through norton 360 and it passed clean. It must be a false positive.

 

Beeblebrox is the site, has been for a long time now. This tool has been extensively promoted in unattended forums as a great tool. It is where I learned of it. Some of the unattended people creating those great tools are excellent coders with a ton of knowledge. I don't know if the latest version is a trojan or maybe they are bundling garbage with it. My version is quite old now, but I can attest to never having it pose an issue when using it in confines of many HIPS programs. I would suspect if a HIPS does not pay attention to it when it runs that it must mundane. But then I can only speak for the older version I have.

Sul.

 

Hi,

I wrote and maintain hashtab. For being such a simple tool it gets used by A LOT of people. I can tell you that I try very hard to make sure that there is no tampering with the package distribution. I maintain my own local copies of the MD5's for each release. I'm paranoid of the site being hacked and someone posting a bogus package. When my computer starts up, it downloads the hashes from the website and compares them to the local master... if they differ a dialog pops up and scares me.

The better way to do this is to sign the package with a private certificate, but getting a certificate costs more money than I make by giving hashtab away.

Every once in a while people will email me about virus checkers reporting that the hashtab package has a virus. As far as I can tell those are false positives associated with the way the NullSoft installer creates executables. If you have any specific questions you can email me at beta@beeblebrox.org.

Cody

 

Wow. The developer visits. That is awesome.

That is a great tool you have. Since I have this opportunity, I wish to say thanks, very much. And it is great that you take the time to inform peeps about your tool. Admirable.

Sul.

 

Yes, I agree with you Sully.

Thanks Cody for coming here !
Keep up the good work !

 

Thanks for dropping by Cody, i've been using your HashTab for a very long time and love it thanks. Actually i had to reformat 2 days ago, and it was among the first 5 things i installed on my machine. This way i could use it to help verify all the packages involved when reinstalling everything on the machine.

I can see why it's so popular, it's one of those things MS "should" of built in to the shell from day one.

 

Wow!! That was quick. Since this is your first post here I am wondering how you found out people were discussing hashtab here? Either you regularly browse Wilders but have never posted before or the thread showed up on google (cant be as the first post has not been 24 hrs old yet).

 

Id say either Google Alerts for the for the HashTab keyword (Google emails you instantly), or clicks from his URL.

This thread got indexed 4 hours ago.

 

Hi Cody,

When I ran the installer though virustotal it returned a MD5 hash that was the same as that posted on your site. The only difference was that all the alphabets on virustotal were in caps and all the alphabets on your site were not in caps. I am going to assume that this is just a coincidence, just a difference in how the two sites display the information and its the same hash whether the alphabets are capitalised or not.

 

With the hash case doesn't matter, in HashTab you can change the display to appear in upper/lower case.



The most "common" is displaying it in lower case, well that's the way Microsoft and most major companies display them.

FWIW i scanned the .dll that HashTab produces after the install, and it came up clean in all VT scanners.

The only thing missing in HashTab, is the ability to is right click a folder and recursively compute the hashes for all files inside it.

 

All right thanks Sully, Raza and 1Boss1! I think its safe and Im gonna install it. McAfee arent exactly known for their stellar detection so Im gonna assume it was an fp. Also Thanks to Cody for replying to this thread!