It is important to note that you should also check the digital signature of any executable file tomake sure it is from the claimed source. Right-click an executable file that has been digitally signed to see the Digital Signatures tab. If it matches, you will know that the file has not been tampered with since it was signed, not that it is safe.
"One way to increase your chances of getting a legitimate download is to compare the MD5 checksum of the file you download against an MD5 checksum for the file, published by a known and trusted source.
An MD5 checksum is a mathematical hash of a file that reduces it to a series of numbers and letters. If even a single bit is changed, the hash won’t match and you should be suspicious."
Of course the best practice is to download software programs and updates only from the originating vendor. When it comes to Microsoft software/updates, this is even more critical. Too many people are fooled by the phony e-mails claiming to be from Microsoft. As I have written before, Microsoft Does NOT Send Updates Via Email.
See Ed's A Vista SP1 FAQ. If you have a question that Ed hasn't answered already, ask in the Talkback section.
Information and instructions on MD5 checksum is available in A useful file integrity checker.
- Hotfixes and Security Updates in Windows Vista SP1
- Notable Changes in Windows Vista SP1
- TechNet: Windows Vista SP1
- TechNet Forums: Windows Vista Service Pack 1 (SP1)
- TechNet SP1: Windows Vista SP1 FAQ's
- Windows Vista SP1 RTM Announcement