This article has been written by Chaitanya Suri, pursuing the Diploma Programme in Cyber Law, FinTech Regulations and Technology Contracts from LawSikho.

Introduction

On the internet, security and convenience are never on the same page. The more one bends for comfort, the simpler it becomes to be the target of a malicious cyber. Downloads have been a way of life in the modern world. It’s unusual to see anyone without a gadget, and since so many of us have digital gadgets, without sparing a second thought, we always download stuff. Take all the games that you have on your cell and smart TV, the applications built on your desktop, or the images and videos that you have downloaded on your tablet, for example. As with anything that becomes routine, it may be easy to circumvent tried and proven protection precautions when uploading files from the internet, however it should not. You can be equally cautious when you copy files to your laptop, just as you will take precautions for secure online shopping. Viruses, ransomware, and Trojans (misleading malware) are more common than ever, so when you download anything, you should be vigilant. 

Protection from risks

It is important to protect your PC because of the following risks:

• Allowing malware on your machine unintentionally – both from sites and peer-to-peer file-sharing systems.
• Adware that causes irritating popup ads to be installed unintentionally.
• Installing spyware to collect confidential details for financial gain or data fraud by offenders.
• Having breached your firewall, particularly when using file-sharing programmes from peer to peer.
• Downloading offensive/illegal content disguised as something else, or viruses.
• Copyright breach.

Methods to prevent hacking

For the next time you download something online, here are tips to build into your everyday digital routine:

Always look for authentic sources, including reliable websites

There are ample links available for downloading with a convenient Google search. We click on the first link more often than not and are good to go. It’s unlikely that the website from which we retrieve the file is examined. It’s a simple case of over reliance on Google. While several of these connections are authentic, there is always a risk that you will become a target of a malicious software. Downloading a file from official sources is strongly recommended. For eg, if you choose to download a video editor such as filmora, instead of a third party file hosting server/website, it is suggested to download it from the official filmora website. If necessary, type in the address as an extra layer of authentication to be 100 percent confident of its validity.

And if one wants to retrieve a file from a website hosting a file, use a common server at all times. If in such a file there is a virus or a malware, there is a strong chance that it will have already been detected and reported. The spectrum of finding a potential virus/malware is incredibly limited if the website contains just a few downloads.

To verify whether a domain is trustworthy, search the “About” or “Contact Us” page of the website to verify the credibility of the site. Check for contact numbers, physical addresses, press reports, or other indications that this is a page that is trustworthy. If an unknown email address gives you a downloadable attachment, do not open or download it without checking what it is with the sender. If an unknown email address gives you a downloadable attachment, do not open or download it without checking what it is with the sender. 

Check the extensions to the file 

Viruses and ransomware also imitate other forms of data. Extensions can be defined by alphabets after a dot in the name of the downloaded file. The most dangerous files are executables. Per the description, while not all executable files contain viruses or malware, these are more vulnerable because of their ease of getting into a device. Your executable has the same permissions as you do and maybe harmed by a malicious file. Therefore one must not download such files from unknown sources because it can be easily renamed to something else by the downloader. The file forms include:

• .exe — An extension for all executable forms.
• .app — An “Application” folder that includes all the data required to operate an Application, displayed to the user as though it were a single file.
• .ipa — The iOS app file type.
• .war — Archives of existing Java applications.
• .bin — Extension used for binary data.

Some executable files are also disguised under double extensions such as ‘filename.pdf.exe’. These are equally dangerous as the name is used to deceive the user into believing the file is not an executable file. Such files are probably a virus. Here is a list of some more SAFE file extensions:

• .jpg — a picture
• .jpeg — a picture
• .gif — a picture
• .png — a picture
• .tif — a picture
• .tiff — a picture
• .txt — a notepad text file
• .doc — a word document file
• .pps — a powerpoint presentation file
• .pdf — an adobe acrobat readable document
• .mp3 — music or audio
• .wav — music or audio
• .avi — a video
• .mpg — a video
• .mpeg — a video
• .wmv — a video
• .iso — a video (disc image file used to burn a copy of a DVD)
• .flv — a video (flash video)
• .mov — a video (apple quicktime video)
• .dvr-ms — a video (tv program for windows media player)
• .vob — encrypted video and audio files used on current DVD’s

Any compressed file could also be dangerous, depending on what information is contained therein. Examples of compressed files include those ending with .zip, .rar, .r01 and so on. Fortunately, it is easy to access these file types inside our computer by right clicking on the PC. If it mentions anything like “programme”, “executable”, “code”, or anything that sounds like it could be a programme… don’t use it. If you can’t recognise the type of file as one of the types listed above, don’t download it, don’t open it.

Backup Devices at multiple locations

The device can be rendered useless if a virus or malware penetrates through the diverse security measures adopted. Accessing the data may therefore be difficult. It has been known that Morden malicious attacks put a paywall for accessing the stored data. An alternative backed up data storage may be of enormous advantage in such a situation, thus defeating the virus and malware very intent.

Free isn’t necessarily safe

Downloading offensive/illegal content disguised as something else, or viruses. Although it is frowned upon, lots of us share unauthorised material from dubious sites online – legitimately and otherwise. There is no lack of shady distributors of pirated material online, be it through BitTorrent trackers, Usenet, IRC or file sharing forums.

Software obtained from these shady pages is often hacked to have backdoors and malware. And lately, bogus audio and video files in zipped repositories that download spyware in the guise of possessing codecs when extracted and played.

In addition, much of the way, those downloads are breaches of copyright. This indicates that you are becoming an accomplice to such criminal activity by uploading such material.

Check if the site is secure (eg. https)

The web address is usually a great indicator of the nature of the website. If the connection to the websites is secure, the chances of the virus-infected file are low. Always check for the ‘https://’ in the address bar.

Additionally, if you are using chrome browser, look for the following signs just alongside the address bar before downloading from the website: 

• ‘Secure’ ensures that the data you send or obtain via the web is confidential.
• The ‘Info or not safe’ sign is seen when a private link is not used by the site. Someone may be able to view or modify the data you submit or obtain from this website. A more stable edition of the page can be visited on certain sites:
  • Select the address bar.
  • Remove http://, and now, enter https://.

If that doesn’t work, email the owner of the platform and ask for HTTPS to encrypt the site and your info.

• The sign ‘Not secure’ demands vigilance. Something is drastically wrong with the confidentiality of this page’s connection. Someone may be able to see the data you send or obtain from this website. You might see a “Login not secure” or “Payment not secure” message.  It is recommended that on this page you should not enter any confidential or personal information. Don’t use the website if necessary.

Check for junk attachments and bundled tools 

If the file is overly large (calculated in bytes), there is a strong risk of accessing additional resources that will possibly be ransomware or viruses in such a situation. It is also likely that these packaged resources are found in original files downloaded from authentic sources. By design, several free games, applications and even updates instal garbage along with them. You should opt-out of downloading these additional items much of the time, however. It is straightforward, thankfully, to opt-out of it. When asked to install the other things, search for a Decline button or checkbox to uncheck.

Always have the latest version of your browser

Browsers such as Chrome and Firefox have a built-in powerful domain name management engine. If the file is likely to contain a virus or malware, an alert is shown that prevents entry to the website. The shown alerts are as follows: 

Verify file integrity 

The Windows operating system can immediately open the User Account Control dialogue box when we run the .exe programme for a downloaded file. We don’t usually spend time reviewing what this dialogue box is, we just press ‘Yes’. The User Account access dialogue box informs us whether or not the file we downloaded and installed above is digitally registered. We should make sure that files which are not digitally signed are not installed.

Utilize a link checker offered with Anti-virus program

Many antivirus packages come with a connection checker that shows a status icon next to search results links and other web pages to indicate the validity of the domain that the link leads to. For eg, when the page seems to be okay, they typically display a green icon and then a red icon if there is proof of viruses or other foul play.

Always scan files for the virus before downloading 

Virus/malware can still be checked for files which have been downloaded. It is the last move, but a critical one nevertheless. If the virus or malware filters between the gaps, this serves as a last line of protection. In these cases, file scanners such as antivirus applications are highly beneficial.

Legal actions against ransomware attacks

The Information Technology Act,2000:

• Tampering with Computer Source documents – Section 65 : Anyone who deliberately or purposely conceals, removes or changes, or intentionally or knowingly allows someone to withhold, destroy or modify any computer source code used by a computer, computer device, computer system or computer network, shall be punished by imprisonment for up to three years if the computer source code is allowed to be kept or protected by statute for the time being.
• Receipt of stolen property – Section 66B : It allows for penalties for dishonestly receiving any stolen computer or communication device from a computer. This section requires that the person who acquired the stolen property should have done so dishonestly or should have cause to suspect that the property was stolen. Under Section 66B of the IT Act, the penalty for this crime is imprisonment of up to three (three) years or a fine of up to Rs. 1,00,000 (Rupees one lac) or both.
• Punishment for cheating by personation by using computer resource – Section 66D : Anyone who directly cheats by personation by means of any communication system or computer resource shall be punishable by imprisonment of either type for a period of up to three years and shall be liable for a fine which may extend to one lakh rupee.
• Unauthorised access to protected system ­­– Section 70 : Every person who, in violation of the provisions of this section, establishes or attempts to establish or seeks to secure access to a protected system shall be punishable by imprisonment of either description for a period which may be prolonged to 10 years and is also liable to a fine. As per the section, any ‘critical information infrastructure’ is a protected system. The term critical Information Infrastructure is defined as “the computer resource, the incapacitation or destruction of which shall have debilitating impact on national security, economy, public health or safety”.
• As per Sec43(c) of the Act, if any person introduces or causes to introduce any computer virus or contamination into any computer, computer system or computer network is punishable by way of providing compensation to the person so affected by such an action. The explanation for the same section provides the meaning of computer contamination and a computer virus. Computer contaminant means “any set of computer instructions that are designed:

(a) to modify, destroy, record, transmit data or programme residing within a computer, computer system or computer network; or

(b) by any means to usurp the normal operation of the computer, computer system, or computer network” whereas computer virus is defined as “any computer instruction, information, data or programme that destroys, damages, degrades or adversely affects the performance of a computer resource or attaches itself to another computer resource and operates when a programme, data or instruction is executed or some other event takes place in that computer resource” as per the Act.

Indian Penal Code

• Bogus websites, cyber frauds – Section 420 provides that any person who cheats and thereby dishonestly induces the person deceived to supply any asset to any person, or to make, modify or kill all or any part of valuable protection, or anything which is signed or sealed, and which is capable of being transformed into a valuable security, shall be punished by the imprisonment of either type for a period which may be extended to seven years and shall also be liable to fine.
• Section 425 of the IPC deals with mischief and states that “whoever with intent to cause, or knowing that he is likely to cause, wrongful loss or damage to the public or to any person, causes the destruction of any property, or any such change in any property or in the situation thereof as destroys or diminishes its value or utility, or affects it injuriously, commits mischief”. Needless to say, damaging computer systems and even denying access to a computer system will fall within the aforesaid section 425 of the IPC. The maximum punishment for mischief as per section 426 of the IPC is imprisonment of up to 3 (three) months or a fine or both.
• The penalty for dishonestly obtaining stolen goods is also prescribed in Section 411 of the IPC and is worded in a way that is almost equivalent to Section 66B of the IT Act. The sentence alluded to in section 411 of the IPC is either a summary of imprisonment for a term of up to 3 (three) years, or a fine, or both. Please note that the only distinction between the penalties prescribed is that there is no overall limit on the fine under the IPC.
• Extortion under Section 383 often occurs in ransomware attacks. According to Section 383 of the IPC, ‘Extortion’ is perpetrated by someone who purposely places another individual in fear of any harm to that person or any other party, and therefore dishonestly induces the person so placed in fear to deliver to some property or valuable protection, or something signed or sealed that can be transformed into valued security.

Conclusion

As the saying goes, while protecting your pc, one needs to be always lucky whereas a hacker needs to be lucky always once. To diminish the possibility of you being a victim of a malicious cyber programme ensure that the hacker isn’t given an easy way into your PC. Always search for authentic sources on the internet, like websites that are accurate. Unintentionally enabling malware on your device will contribute to the transfer by perpetrators of sensitive information for financial benefit or data theft. 

It is more often used when accessing pirated material disguised as viruses. When downloading from third-party pages, search for official references. If you get a downloaded attachment from an unfamiliar email address, do not open or download it after verifying whether it is with the source. Executables are the most harmful files. Due to their simplicity of getting into a system, they are more susceptible. Depending on what material is stored inside, any compressed file may even be hazardous. If the address bar has ‘Https:/’, the risks of infecting the file with a virus are slim. Check for dependencies and packaged equipment for junk. Always have your device or phone with the newest update of your browser. 

There is a high possibility of accessing additional services that could be malware or malware in such a scenario if the file size is excessively huge. Malware, Virus, and trojans are rampant, so be careful when installing something and always maintain a backup of resources.

References

1. Arntz, Pieter. “Dubious Downloads: How To Check If A Website And Its Files Are Malicious.” Malwarebytes Labs, 7 Jan. 2020, https://blog.malwarebytes.com/how-tos-2/2020/01/dubious-downloads-how-to-check-if-a-website-and-its-files-are-malicious/.
2. “Dangers Of Free Downloads.” NortonLideLock, https://www.nortonsecurityonline.com/security-center/dangers-of-free-downloads.html. Accessed 3 Jan. 2021.
3. Geier, Eric. Tips for Safely Downloading from the Internet. 24 Sept. 2016, https://www.daytondailynews.com/lifestyles/tips-for-safely-downloading-from-the-internet/r1iuMvrruPRlhMnqNsI7mL/.
4. “Get Safe Online.” Get Safe Online, https://www.getsafeonline.org/protecting-your-computer/downloading/. Accessed 3 Jan. 2021.
5. Greogery, Peter. “How To Scan For Computer Viruses – Dummies.” Dummies, https://www.dummies.com/computers/pcs/computer-security/how-to-scan-for-computer-viruses/. Accessed 3 Jan. 2021.
6. “How To Know When It Is Safe To Download Something.” WikiHow, 4 June 2020, https://www.wikihow.com/Know-when-It-Is-Safe-to-Download-Something.
7. Kelland, Matt. “Seven Tips For Safe Downloading | PRR Computers, LLC.” PRR Computers, LLC, Jan. 2011, https://www.prrcomputers.com/blog/seven-tips-for-safe-downloading/.
8. Ken. “5 Simple Ways To Check If An .Exe File Is Safe.” Glasswire, 17 Oct. 2020, https://www.glasswire.com/processes/.
9. Muir, Nancy. “How To Download Files Safely From The Internet – Dummies.” Dummies, https://www.dummies.com/computers/how-to-download-files-safely-from-the-internet/. Accessed 3 Jan. 2021.
10. Ramkumar, Mohan. “3 Smart Tips To Keep Your PC Secure When Downloading Files Online.” MakeUseOf, 26 July 2010, https://www.makeuseof.com/tag/3-tips-ensure-safe-online-file-downloading/.
11. Williams, Allice. “4 Things You Must Do Every Time You Download Something From the Internet.” Real Simple, 3 Mar. 2020, https://www.realsimple.com/work-life/technology/safety-family/digital-downloads-safety.

---

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skill.

LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join: