slaughterteddy

@Beta Team Members I'm sorry, but I'm are unsure what you're trying to say. The mirrors I quoted gave the checksums indicated. You refer to another discussion, but it's irrelevant. I didn't download ads, I specifically downloaded the installer, and the checksums didn't match. You seem to be saying that all the other mirrors give the same downloader except for ImgBurn's own, and Elder Geeks do their own thing. What I can say is on my run, IngBurn's downloader matched the checksum and none of the others I could be bothered to check did (if they do now, then that's a different issue). All I was trying to do was to warn people. Clearly, the general view on this forum is that checksums are for the birds. Great. Super. Go for it.

@dbminter I take your point, but don't forget that the "unwanted crap" could include some nice ransomware, or a blockchain miner, or some zombifier. So I'd put it firmly in the security domain: if we don't use the tools we're given - however limited - then we enhance the probability of something horrible happening. But it's horses for courses: if a guy uses his device for nothing but Facebook and playing Grand Theft Auto, then his security concerns are more or less zero. If he uses it for online banking, on the other hand ...

Sites that offer checksums don't: or if they do, they say it's a loader and offer a checksum for that. Go to SourceForge: every download has its own checksums, and they're expected to match. Otherwise, there's no point in the whole checksum process: downloading a loader that can't be checked renders the entire process insecure. So "Always has been" depends on your environment: where I'm from checksums mean something - even if they aren't a perfect security solution. It implies that the ImgBurn site does understand checksum usage; which says something about their security. It also implies that the other three sites don't know or don't care: which also says something about their security.

After a bit of mucking about, I've managed to work out That the installable's checksum matches when downloaded from Mirror 7 - from ImgBurn. But the downloads from Softpedia, Techspot and Digital Digest are incorrect, and the file sizes are 2.95MB, rather than 3.77MB: SHA1: 6A3D20796E1FCD4169D5D339AF6E491DCEA3367C MD5: 4BF2B8F4B46385BFDA4D65E423CFB868 CRC32: 1AF3CD36 Over at Elder Geeks the downloaded file has a different name (MG002.exe), a size of 2.68MB and these checksums: SHA1: 9CCD5C61C5F24F6EE027074C25B21F697F44D3F7 MD5: D8336041CD0BC994E3C30767A67DA0A2 CRC32: 6D1D4E42 I know these could be older versions, or whatever, but as the release date for 2.5.8.0 is June 2013, these should be stable by now. Watch out what you're downloading out there ...