![]() ![]() Recently, both the popular BitTorrent client Transmission and the Linux Mint distribution were corrupted the former by a ransomware and the latter with a backdoor. In any case, by choosing to host their software on the web, developers also accept the risk that it could be accidentally or intentionally modified in an unpredictable way. This scenario is not limited to the case where the software is hosted on a malicious platform, but can also happen if a legitimate hosting platform is compromised. Users could be tricked into downloading corrupted software that contains malware, which could impair the performance of their machine or even steal personal data from it. In particular, security is an important concern when downloading files from the Internet. ![]() Hosting software on a website has several advantages for the developers, but it could also negatively affect the users. For developers, a common alternative for distributing their software is to include a download link on their own websites, like for the popular VLC program in this case, the program file can be hosted either on the website itself or on a third-party web hosting platform (e.g., mirrors, content delivery networks). Furthermore, developers may face additional challenges when publishing on them, such as long review and validation times, technical restrictions (e.g., sandboxing), incompatibility with software licenses, and substantial commissions. However, app stores usually impose certain conditions on the software they are willing to publish. The most popular ones-such as Apple's, Google's, and Microsoft's -offer a curated set of apps that are easy to access for users, and they simplify the distribution for developers. ![]() It also confirms that, sadly, only a tiny minority of websites that link to executable files in our sample provide checksums (0.01%), which is a strong call to action for web standards bodies, service providers, and content creators to increase the use of file integrity verification on their properties.Īpp stores are a very popular means for Internet users to get access to millions of apps for their computers and mobile devices. Second, after a 4-month-long in-the-wild experiment with 134 participants, we demonstrate how our proposed solution-a Chrome extension that verifies checksums automatically-significantly reduces human errors, improves coverage, and has only limited impact on usability. First, by means of an in-situ experiment with 40 participants and eye-tracking technology, we show that the process is cumbersome and error-prone. In this article, we provide the first comprehensive study that assesses the usability and effectiveness of the manual checksum verification process. Even worse, very few usability studies about it exist. To date, however, there is little evidence to suggest that such a process is effective. One way to accomplish this is to check that the published file's integrity verification code-the checksum-matches that (if provided) of the downloaded file. In the latter case, as users download the software without any vetting from the developers, they should take the necessary precautions to ensure that it is authentic. Developers can also make their programs available for download on their websites and host the program files either directly on their website or on third-party platforms, such as mirrors. App stores provide access to millions of different programs that users can download on their computers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |