And there’s this. Some people are taking popular free, open-source software, planting malware in it, and distributing it to unsuspecting people.
A couple of suggestions immediately come to mind. One is not to download software off an ad banner. Second is to make sure you’re actually downloading software from the original author/publisher. And if you don’t know how to vet software for safety, ask questions. Of course if you’re reading this, you probably already know this, so pass this advice along to your less-knowledgeable friends.
If you want to know how to vet software, knowledge is power. Be familiar with the program–who wrote it, how it’s distributed, stuff like that. I know off the top of my head that Firefox is normally distributed from mozilla.com, and most smaller open-source programs are hosted off Sourceforge. At the very least, visit the Wikipedia page for any given program–most popular software programs have one–to learn more about it.
And know how to tell a good, reputable tech journalist from a hack, then take their recommendations. If Dan Gillmor recommends a program, I’m pretty confident that it’s not going to wreck my computer. If a guy whose only credits are a dozen self-published get-rich-quick e-books (and he’s endorsed 40 or 50 others) recommends a piece of software, I’m sure not downloading it off his site, at the very least. I’m a small name, so if this is the first you’ve heard of me, I hope you’d be a little suspicious even of me. Click around here a little, and you’ll see I’ve been doing this for a while, that I’ve been published by reputable publishers (O’Reilly in the United States, among others, and Dennis Publishing in the United Kingdom), and that I have a journalism degree from a reputable school and a certification from a reputable agency.
What are the hallmarks of a huckster? Ads in the middle of copy in an attempt to mislead you to click on them, excessive hyperlinking to affiliate programs, and lots of pressure to buy e-books or sign up for “special reports” via e-mail(that way they get your e-mail address) are some hallmarks. Limited time special offers and lots of exclamation points are other things that make me suspicious. Look at enough of those sites and you learn to recognize their tactics. Spend an evening searching on things like “seo” and “ebay” and you’ll see.
If someone doesn’t have any credentials, it doesn’t mean they’re lying to you, but there’d better be someone else out there with better credentials recommending it before I’m going to install it.
There are web sites out there that will scan a file for viruses, but I wouldn’t count on them. The bad guys use those sites too, and if they’re making a living distributing booby-trapped software, you’d better believe they’re running their distribution files through those engines on a regular basis to make sure their stuff gets through. At least the guys who last more than a week do.
Most of all, remember this isn’t something you learn overnight. In this field, if you’re not moving forward, you’re moving backward.