EDITOR’S NOTE: This page contains content that screen readers might not properly read in the context of this article.
As some say, “A kilobyte of prevention is worth a gigabyte of cure.” This saying is particularly relevant when it comes to cybersecurity and the prevention of malware infections. Some knowledge can significantly reduce the risk of downloading harmful files. Malware is distributed through various channels; no solution can offer complete protection. However, by practicing a few essential tips, you can protect yourself from many of the most common threats, especially those involving executable files, commonly known as “.exe” files.
The Prevalence of Malware Distribution.
According to Check Point Software, a company specializing in cybersecurity analysis, approximately 92% of malware is delivered via email, with the remaining 8% coming through web downloads. The types of files used for malware in emails versus the web vary significantly. For example, malicious archived files are often used in emails to bypass filters and trick users into executing the malware locally. On the web, direct downloads are more common, with .exe files being the most prevalent, accounting for 49% of web-based malware. Other file types used in web-based malware include script files such as .sh, which are more common on Linux and macOS, as well as PDFs, DLLs, DOC files, and PowerShell Scripts.
Verifying Executable Authenticity with Digital Signatures.
The most effective way to verify the authenticity of an Executable File is to check if it has a Digital Signature from a trusted source. This is straightforward on Windows. In the File Explorer, right-click the file, select “Properties,” go to the “Digital Signatures” tab, and click “Details.” If the Digital Signature information states “This digital signature is OK,” it means the root certificate is trusted by Windows. It is essential to enable file extensions in the “View” tab of File Explorer to identify Executables and other files correctly. While .exe files, DLLs, and PowerShell Scripts can be signed with a Digital Signature, not all files can be. For example, Batch Files cannot be signed. It’s crucial to use critical thinking, as not all unsigned executables are malicious. Many open-source or independent projects on GitHub lack Digital Signatures because obtaining an Extended Verification (EV) Certificate is costly, ranging from $300 to $500 annually. However, malware is rarely signed with a Trusted Certificate. If malware does have a Trusted Signature, it will quickly be invalidated upon detection. Always scrutinize the source and context of an unsigned file, especially if it claims to be from a well-known company like Microsoft or NVIDIA.
Evaluating Suspicious Digital Signatures.
If you encounter a Digital Signature that Windows does not trust, it could be self-signed or fraudulent. A self-signed certificate might be used by legitimate independent developers, but if a signature claims to be from a well-known company and is invalid, it is likely an impersonation. In such cases, it is wise to avoid trusting the file or to verify its legitimacy through the official website’s download page.
Mitigating Risks from Malicious PDFs.
Malicious PDFs can be particularly dangerous as they often use embedded JavaScript to exploit vulnerabilities. To protect yourself, disable JavaScript in your PDF reader. In Adobe Acrobat or Adobe Reader, go to the Edit menu, select Preferences, then Security (Enhanced), and enable Protected View for “All files.” While Protected View may cause some lag, it significantly reduces the risk of infection. In summary, Digital Signatures are a crucial tool in verifying the authenticity of executable files and avoiding malware. If an .exe file is signed and trusted by Windows, it is likely safe. If it is not signed, use your judgment and consider the file’s source. Practicing these tips and remaining vigilant can significantly reduce your risk of downloading and running malicious files.
