Jump to content

Recommended Posts

Posted

After a bit of mucking about, I've managed to work out That the installable's checksum matches when downloaded from Mirror 7 - from ImgBurn.

But the downloads from Softpedia, Techspot and Digital Digest are incorrect, and the file sizes are 2.95MB, rather than 3.77MB:

SHA1: 6A3D20796E1FCD4169D5D339AF6E491DCEA3367C
MD5: 4BF2B8F4B46385BFDA4D65E423CFB868
CRC32: 1AF3CD36

Over at Elder Geeks the downloaded file has a different name (MG002.exe), a size of 2.68MB and these checksums:

SHA1: 9CCD5C61C5F24F6EE027074C25B21F697F44D3F7
MD5: D8336041CD0BC994E3C30767A67DA0A2
CRC32: 6D1D4E42

I know these could be older versions, or whatever, but as the release date for 2.5.8.0 is June 2013, these should be stable by now.

Watch out what you're downloading out there ...

 

Posted

That's because they serve a 'download manager's that then downloads the actual setup. Always has been.

Sent from my Pixel 3 XL using Tapatalk

Posted

Sites that offer checksums don't: or if they do, they say it's a loader and offer a checksum for that. Go to SourceForge: every download has its own checksums, and they're expected to match. Otherwise, there's no point in the whole checksum process: downloading a loader that can't be checked renders the entire process insecure. So "Always has been" depends on your environment: where I'm from checksums mean something - even if they aren't a perfect security solution.

It implies that the ImgBurn site does understand checksum usage; which says something about their security. It also implies that the other three sites don't know or don't care: which also says something about their security.

Posted

Probably not really a "security" issue.  The other sites have probably stripped out the actual ImgBurn installer and put in their own download agent.  They'll serve you ImgBurn, but also probably all kinds of unwanted crap.  Well, I guess one could categorize that a "security" issue.

 

Posted

@dbminter

I take your point, but don't forget that the "unwanted crap" could include some nice ransomware, or a blockchain miner, or some zombifier. So I'd put it firmly in the security domain: if we don't use the tools we're given - however limited - then we enhance the probability of something horrible happening. But it's horses for courses: if a guy uses his device for nothing but Facebook and playing Grand Theft Auto, then his security concerns are more or less zero. If he uses it for online banking, on the other hand ...

Posted

Tried out all mirrors and the files are the same on first 6 mirrors exactly as LIGHTNING UK! say in the quote.

At mirror 2 by BetaNews tried to force some "FileForum_installer". A blocker probably will solve this and you can get the correct file form the "click here to begin the download." link.

At mirror 6 by MajorGeeks they tried to force their installer "MG002.exe" with the big "Download Now" button and their first mirror. The second and third mirror will get you the correct file. You can get it also with the yellow "Official Mirror" button placed after the "ImgBurn 2.5.8.0" on their site.

Eventually you can get the same installer from all 6 mirrors.

Posted

@Beta Team Members

I'm sorry, but I'm are unsure what you're trying to say. The mirrors I quoted gave the checksums indicated. You refer to another discussion, but it's irrelevant. I didn't download ads, I specifically downloaded the installer, and the checksums didn't match. You seem to be saying that all the other mirrors give the same downloader except for ImgBurn's own, and Elder Geeks do their own thing. What I can say is on my run, IngBurn's downloader matched the checksum and none of the others I could be bothered to check did (if they do now, then that's a different issue).

All I was trying to do was to warn people. Clearly, the general view on this forum is that checksums are for the birds. Great. Super. Go for it.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.