slaughterteddy Posted February 20, 2020 Posted February 20, 2020 After a bit of mucking about, I've managed to work out That the installable's checksum matches when downloaded from Mirror 7 - from ImgBurn. But the downloads from Softpedia, Techspot and Digital Digest are incorrect, and the file sizes are 2.95MB, rather than 3.77MB: SHA1: 6A3D20796E1FCD4169D5D339AF6E491DCEA3367C MD5: 4BF2B8F4B46385BFDA4D65E423CFB868 CRC32: 1AF3CD36 Over at Elder Geeks the downloaded file has a different name (MG002.exe), a size of 2.68MB and these checksums: SHA1: 9CCD5C61C5F24F6EE027074C25B21F697F44D3F7 MD5: D8336041CD0BC994E3C30767A67DA0A2 CRC32: 6D1D4E42 I know these could be older versions, or whatever, but as the release date for 2.5.8.0 is June 2013, these should be stable by now. Watch out what you're downloading out there ...
Ch3vr0n Posted February 20, 2020 Posted February 20, 2020 That's because they serve a 'download manager's that then downloads the actual setup. Always has been.Sent from my Pixel 3 XL using Tapatalk
slaughterteddy Posted February 20, 2020 Author Posted February 20, 2020 Sites that offer checksums don't: or if they do, they say it's a loader and offer a checksum for that. Go to SourceForge: every download has its own checksums, and they're expected to match. Otherwise, there's no point in the whole checksum process: downloading a loader that can't be checked renders the entire process insecure. So "Always has been" depends on your environment: where I'm from checksums mean something - even if they aren't a perfect security solution. It implies that the ImgBurn site does understand checksum usage; which says something about their security. It also implies that the other three sites don't know or don't care: which also says something about their security.
dbminter Posted February 20, 2020 Posted February 20, 2020 Probably not really a "security" issue. The other sites have probably stripped out the actual ImgBurn installer and put in their own download agent. They'll serve you ImgBurn, but also probably all kinds of unwanted crap. Well, I guess one could categorize that a "security" issue.
slaughterteddy Posted February 21, 2020 Author Posted February 21, 2020 @dbminter I take your point, but don't forget that the "unwanted crap" could include some nice ransomware, or a blockchain miner, or some zombifier. So I'd put it firmly in the security domain: if we don't use the tools we're given - however limited - then we enhance the probability of something horrible happening. But it's horses for courses: if a guy uses his device for nothing but Facebook and playing Grand Theft Auto, then his security concerns are more or less zero. If he uses it for online banking, on the other hand ...
ianymaty Posted February 23, 2020 Posted February 23, 2020 Tried out all mirrors and the files are the same on first 6 mirrors exactly as LIGHTNING UK! say in the quote. At mirror 2 by BetaNews tried to force some "FileForum_installer". A blocker probably will solve this and you can get the correct file form the "click here to begin the download." link. At mirror 6 by MajorGeeks they tried to force their installer "MG002.exe" with the big "Download Now" button and their first mirror. The second and third mirror will get you the correct file. You can get it also with the yellow "Official Mirror" button placed after the "ImgBurn 2.5.8.0" on their site. Eventually you can get the same installer from all 6 mirrors.
slaughterteddy Posted February 28, 2020 Author Posted February 28, 2020 @Beta Team Members I'm sorry, but I'm are unsure what you're trying to say. The mirrors I quoted gave the checksums indicated. You refer to another discussion, but it's irrelevant. I didn't download ads, I specifically downloaded the installer, and the checksums didn't match. You seem to be saying that all the other mirrors give the same downloader except for ImgBurn's own, and Elder Geeks do their own thing. What I can say is on my run, IngBurn's downloader matched the checksum and none of the others I could be bothered to check did (if they do now, then that's a different issue). All I was trying to do was to warn people. Clearly, the general view on this forum is that checksums are for the birds. Great. Super. Go for it.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now