Downloading Operating Systems:
How To Protect Yourself By Checking Hash Values
Almost everyone can benefit from downloading an operating system (OS) at one time or another, regardless of the type of OS you use. Linux distributions (distros) come in all flavors from those intended to install on a Live CD or USB memory stick, to 4GB desktop and laptop systems. Trying out Linux OSs can become a veritable hobby.
Windows operating systems are also widely available as downloadable binaries, as Microsoft (MS) no longer provides a CD with new computer systems. Instead, users have a "hidden recovery partition" on the hard drive, occupying the first few gigabytes of the drive. When the system won't boot, which inevitably happens sooner or later from infections, corrupted files, or some other debacle, using the "recovery partition" restores the operating system back to what it was when the computer was new.
The problem with this is, your tweaked settings are not retained, nor is your data or added software. To remedy this, MS started making recovery CDs available from their website. One must download the .iso (disc image) and burn it to CD. This disc provides the option to repair the current installation, which retains everything. However, this often doesn't work and a full re-installation of the operating system becomes necessary.
When that's the case, many people prefer to install from a full, clean OS disc that does not include crapware or adware AND can be used to slipstream necessary drivers, programs and settings for a customized Windows backup disc.
There is one potential problem with downloading operating systems, however: you don't want to install an OS that is hiding malware. So how can you be sure the downloaded operating system .iso is clean? Check the hash value.
What Is A Hash Value?
A hash value or checksum is an alphanumeric string that is based on the exact contents of a file. Official hashes for operating systems are released by the manufacturer, and can be easily found by Googling for them. Each operating system has its own hash. For example, the hash value or checksum for Windows 7 32-bit English will be different than the hash for the Dutch version; and the 64-bit version will be different again. So too will be the Home, Premium, and Ultimate hashes.
There are three main types of hashes provided by publishers: CRC32, MD5 and SHA-1. Each type uses its own algorithm to arrive at its hash, but verifying just one of them -- usually the MD5 or SHA-1 -- is good enough.
Once you have tracked down the official, Microsoft, Mac or Linux hash of the operating system you are interested in, you need to determine the hash of the downloaded binary or .iso. A small freeware program like HashTab for Windows and Mac will do this for you. Linux users can avail themselves of md5sum, typically pre-installed in the distro.
For Windows users, once HashTab is installed, right-click on the downloaded iso file and choose Properties, then the File Hashes tab, and wait for the program to calculate the hashes. CRC32, MD5 and SHA-1 will all be displayed. Below are the hash values of FatDog64-500.iso, a Linux distro file.
Notice the Hash Comparison field just above the blue question mark. This is where you will paste an official MD5 or SHA-1 hash copied from the Web. HashTab will throw up a green check mark (as seen in the following jpeg) if the values match. This indicates the downloaded iso has not been altered from the original iso, and you are good to go. You can burn a the iso directly to a CD, or use it to slipstream a customized CD.
While Linux is not vulnerable to Windows viruses, it is susceptible to preinstalled rootkits that might be incorporated into a distro by a wayward uploader. Checking the hash from the official Linux distro page is wise.
If the official pasted hash does not match your downloaded file, you will get a red X instead of a green check mark. This indicates the downloaded file has been changed from the official distribution file. Discard the file and look for a clean one.
A downloaded Windows operating system with a good hash will not be pre-activated or pre-registered (i.e. it won't be hacked), and will require a valid key to use beyond the trial period. Use the key that came with the OS you legally purchased. Keys are specific to each version (e.g. XP, Vista or Windows 7; Home, Professional or Ultimate; and 32-bit or 64-bit) and will not be accepted by a different version.
An OS that has been hacked will not match the official hash. Aside from the legal issues, a rootkit, keylogger, Trojan, bot, Zeus banking software or other malware could be hiding within, ready to record your keystrokes and surreptitiously send your credentials and financial information to a remote client. Everything from poor performance, system crashes and loss of data, to ID theft and other serious consequences could result. Protect yourself by checking the hash.
Aside from operating systems, hash values are often provided by publishers to ensure the integrity of their software to downloaders. This is especially common in the open-source community where source code is made public, making it easy for malicious code to be interjected by a third party, then distributed or passed off as the original program. HashTab and hash-checking programs will work with any type of file.
Home
