Sunday, February 10, 2008

Vista SP1 FAQ

Ed Bott published a handy set of answers to questions he has received on Windows Vista SP1. One of the questions relates to the file names and MD5 hashes of the standalone updaters. Whether it is Windows Vista SP1 or another program or update, if you are downloading it from a source other than the official one, you need to be sure that you are getting what you expect and not a "virus-infested fake." As Ed wrote:

"One way to increase your chances of getting a legitimate download is to compare the MD5 checksum of the file you download against an MD5 checksum for the file, published by a known and trusted source.

An MD5 checksum is a mathematical hash of a file that reduces it to a series of numbers and letters. If even a single bit is changed, the hash won’t match and you should be suspicious."

It is important to note that you should also check the digital signature of any executable file tomake sure it is from the claimed source. Right-click an executable file that has been digitally signed to see the Digital Signatures tab. If it matches, you will know that the file has not been tampered with since it was signed, not that it is safe.

Of course the best practice is to download software programs and updates only from the originating vendor. When it comes to Microsoft software/updates, this is even more critical. Too many people are fooled by the phony e-mails claiming to be from Microsoft. As I have written before,
Microsoft Does NOT Send Updates Via Email.

See Ed's A Vista SP1 FAQ. If you have a question that Ed hasn't answered already, ask in the Talkback section.

Information and instructions on MD5 checksum is available in
A useful file integrity checker.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: