5 Ways to Safely Download Software on Linux
It is a common misconception that there are no viruses in Linux. The point is, they exist. Even though it is possible for you to check your program files for the infected file, it may take you months to realize that your Linux system has been compromised.
Confidence is a tricky thing, and you shouldn’t just give it away easily. Just because something has been provided over the internet doesn’t mean you can trust it. There are certain steps you need to take to protect yourself and your operating system.
The security risks of neglect range from information theft and virus detection, to unauthorized user access to your Linux machine. Therefore, this article lists the safe ways to download software on Linux.
1. Check the hash value
A hash (or checksum) value is an alphanumeric string of characters produced when certain data is transmitted through a cryptographic function. It acts as a digital signature for your file.
To make sure that you haven’t downloaded a corrupted file, a number of open source sites usually provide an expected hash that you should get after the file has finished downloading. Let’s take an example.
Suppose you download Tomcat 10 which is a popular web server. The hash value for Tomcat version 10.0.6 is:
The section * apache-tomcat-10.0.6.tar.gz is just the name of the file. The values of 3d39 … 2f2 include the hash value.
To get this value, you need to go to the directory where you downloaded the archive file and run the following command:
You should get the hash value mentioned above. If you get a different value, it means your download has been corrupted and you should delete it immediately.
In this particular example, the hash function we used is sha512. This is because this is the function that the Apache Tomcat foundation decided to use to protect the integrity of their downloads.
Other sites may use different hash functions, such as the popular sha256 and sha384 functions.
If the website uses other hash functions, you just need to replace the name of the command with the hash function.
It should also be noted that the file we used is a TAR file (that is, an archive file). But what if you downloaded a binary file instead? The good news is that on Linux you will get the same hash result regardless of the file type.
The default mode for hash functions in Linux is text. Therefore, to switch to binary mode, use the -b option as follows:
sha256sum -b filename
2. Use secure sites
Getting your downloads from safe sites greatly reduces the risk of catching malware. Generally, you should always use the official download site for the software you want to download. If for some reason you are unable to find the official site, consider using a trusted site.
Download sites like FileHorse and SourceForge are examples of trusted sites you can visit. These sites have been around for a long time and have earned the trust of their users.
3. Compile the source code yourself
One of the main reasons the open source community exists is that you don’t have to trust the big software companies and hope that they aren’t doing anything unauthorized on your PC.
When you download binary files, you have given some power to whoever compiled the code. But if you have access to the source code, you can take the power back into your own hands.
With open source, you can independently verify that the software does exactly what its author says. The only downside is that you must have above average programming skills. You will also need to be well learned in the given field.
You can also decide to be strategic and only consult the key files that interest you.
For example, suppose you have C source code cloned from a GitHub repository. Here is how you would compile it yourself.
Run the command below to install the build-essential package. The package contains important tools needed when building software in Linux.
sudo apt-get install build-essential
Now compile the C code using the gcc compiler.
gcc program-name.c -o program-name
After compilation, you can run the program by typing:
4. Use an official package manager
The easiest way to install, update, and uninstall software is to use a package manager. There are a number of them such as pacman, dpkg, DNF, and APT. Package managers work directly with official software repositories and app stores.
Package handlers do a lot of the work for you. They handle standard operations such as managing dependencies that the software needs, ensuring download integrity and authenticity, and version management.
Another good thing is that your distro usually comes with a package manager pre-installed. For example, Debian 10 ships with APT and Arch-based systems ship with pacman.
5. Personal research
The software world is a constantly changing place and keeping up with security trends is a key aspect of protecting yourself. There are several installation options that you can choose from in different scenarios. For example, installing software on a virtual machine or using application containerization.
Containerization of applications is a particularly exciting trend because it ensures that your applications run the same in different runtime environments.
Being able to isolate the execution of the software core and the dependencies of the underlying infrastructure provides unprecedented security. For example, you only need to worry about checking the security of your dependencies once and then expect it to resonate in different environments.
It is also recommended to check software reviews and follow discussions on GitHub. Software reviews give you a good idea of what to expect after a download, unexpected behavior that users may have observed, and their recommendations.
Discussions on GitHub can also inform you of proactive steps to take after / during software installation. You can also get a host of other security considerations not included in the official documentation.
You should also take note of the ranges with many contributors on GitHub. Protocol changes may be in progress and your inability to keep up to date with these updates will compromise your security.
Recommendations and good practices
It is always recommended to update your system’s packages and repository list first before downloading any major software. Each package manager, pacman in Arch Linux for example, gives you the ability to install, update, and remove packages.
After making sure that the installed packages are up to date, you can go ahead and download the software you need. If possible, if you can download a package using your package manager, do so. It is the easiest and most secure way to install and update software in Linux.
Regular application updates are important for any Linux system. Here’s how to easily update one or all applications in Linux.
About the Author