Beware of free tools on the internet

The internet offers a wealth of free tools but sometimes the tools come packaged together with hidden threats. Learn more in this message from ISD about identifying trustworthy sources and avoiding malware.

The internet is an awesome place. It has an endless supply of information and resources, most of which are readily available free of cost. It is also a source of all kinds of applications and tools that can help us accomplish myriad tasks. The down side to all this is that a lot of the information is not vetted and a lot of the tools and resources are unverified. This means that phrases like “take it with a grain of salt," “you get what you pay for," and “Caveat Emptor (buyer beware)” have never been truer.

As an example, a task that many people turn to is the need to convert a PDF to some other document format. If you search the internet, there are a number of online resources that allow you to upload a PDF file and convert it to a Word document. But what is that service really doing to your document. In a recent article on SANS Internet Storm Center, a security researcher tested five of these online conversion tools. His results showed that three out of the five sites that he used for this resulted in malware being inserted in the converted document. So once you have converted the document, downloaded it and opened it on your PC, your PC is now infected with malware. If you distribute the document, you also potentially infect anyone you send it to. Given that Word documents with embedded malicious macros are still the primary source for Ransomware, that isn’t all that surprising. The other thing to consider is what if your PDF document contains sensitive information? Are you confident that the site is not keeping a copy of your information? Many of these sites are also nothing more than click bait, meaning that the site advertises a useful service to get people to click on it. In reality, the site is nothing but a digital billboard, bloated with banner ads and other advertising elements. All of these are a prime source for drive-by malware.

Does all this mean you should never use anything free on the internet? No, but it does mean you need to do some research and identify trusted sources. It usually isn’t too difficult to do an internet search for the resource or tool and get a pretty good idea of its reputation. Keep in mind if you don’t find any information, good or bad, it would probably be a good idea to avoid the site just as if you found bad reviews for it. If you are looking for free applications, again, make sure it comes from a trusted source. There are many application repositories on the internet. Some of them do a great job of weeding out the dangerous applications. Others are simply a cesspool of applications loaded with malware, adware, and other undesirable content. Again, do your homework and see what others are saying about the application and the repository before downloading anything.

Filed under: ,