Friday, September 17, 2010

Why and how to verify a file's checksum value

Over the last two or three years I've notice that many software vendors like Vmware are now including with the files they make available for download their corresponding checksum value. 


Website example with checksum values

So what's the big deal about that?  The checksum is a great tool and is used to verify whether or not the file you just downloaded is the exact copy the vendor intended you to have.  As organisations get stricter with what files are allowed to be installed, checking a file's checksum is becoming just as important as scanning the file with an antivirus program.

So, I searched around the internet and tried to find a cheap and easy way to view a file's checksum value.  There's a lot of info about this topic but I couldn't find anyone to put it all together in an easy to use and cost effective manner (ie: free).  So this is what I came up with for my Windows XP workstation:

Step 1: Download Microsoft File Checksum Integrity Verifier
Download and install Microsoft's free File Checksum Integrity Verifier program.  Last time I checked you could find it here.  This is a command line tool which is fine but I wanted to make this tool even easier and faster to use.

Step 2: Create batch file
First I created the subfoler C:\batch\checksum.  Then in this folder I created the following batch file.

@echo off
fciv.exe %1 -both
pause

Save the file.  I called mine checksumFileCheck.bat

Step 3: Add an item to the Send To menu
In Windows Explorer go to C:\Documents and Settings
Go to your user profile folder (ex: jdoe) then go to the SendTo folder
Click File menu, New, Shortcut
Click Browse and select the new batch file created earlier in step 2
Click Next
Enter a shortcut name.  I called mine View Checksum
You should now see a new shortcut in your SendTo folder




Step 4: The big test
(Author's note: If you've never seen a checksum value next to a file download before and you'd like to see one, go to http://www.iometer.org and go to the Downloads section.  You can download a file and continue on to the next step)

Ok, now we're ready to see the whole point of this exercises.  In Windows Explorer, find the file of which you'd like to view the checksum.  Right-click the file, choose Sent To and click View Checksum.  It should show you a nice command prompt windows with the file's MD5 and SHA-1 checksum.  Pretty cool, eh?  Compare that to the value provided on the software vendor's website and if they match you're good.

New 'View Checksum' Send To menu option


Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)