Not all applications and browser add-ons come in peace. So you need to know a few warning signs to look out for if you want to make sure that only legit software makes it onto your machine. Here's how to avoid bad actors and weed out any shady apps that have already taken root.
The key to making sure the software you're downloading is legit is to stick to reputable, trusted sources. If you want the latest version of Chrome, go straight to Google. If you need to reinstall Photoshop on a new machine, head to the Adobe website.
The official app stores for Windows and macOS make the job easier, and you can download software from those sources confident in the knowledge that the programs contained within have been rigorously checked — though it's a good idea to browse through user reviews and ratings anyway to see what to expect.
What if you need to go outside these carefully curated libraries though? How can you be sure what you're downloading isn't going to contain an unpleasant surprise?
The short answer is: you can't, not with certainty. The longer answer is to stick to well-established apps and official download pages, and to do some research (even a quick web search would do) before you download and install anything new.
Freeware download sites for Windows apps have a rather sketchy record, though they seem to have cleaned up their respective acts in recent times. If you do make use of them, stick to the major repositories like MajorGeeks and Softpedia, and click carefully through the installation wizards for whatever apps you choose — just make sure you're not installing anything you don't know about alongside the main program.
At the shadiest end of the scale you have your pirated software from the darkest corners of the web — install anything (whether an app or a movie) from these places and you're really running the risk of something untoward taking hold of your system.
This is another time when having a robust, reliable, respected antivirus program installed can prove worthwhile, even if it's just the Windows Defender tool built into the OS: anything particularly nasty should get flagged.
If you suspect you've downloaded something you shouldn't then again Windows Defender or another antivirus tool will be able to help you out. It's always worth getting a second opinion too: free on-demand scanners like Microsoft Safety Scanner or Kaspersky Security Scan can look for problems without adding the bulk of a whole new application.
If you stop and think about it, every time you install a browser extension you're putting a lot of trust in the add-on and its developer — that the software won't be spying on your browsing habits or injecting ads into the sites you visit. It's just as important to guard against rogue browser extensions as it is against bad desktop applications.
You can apply the same principles we've talked about already. Make sure you're downloading plug-ins from the official repositories for Chrome, Firefox or whatever browser you're using, and be wary of venturing outside these libraries.
If you do seek extensions elsewhere, look for user reviews and recommendations from the tech press, and be cautious about installing extensions that haven't been updated in a long time, or new extensions from developers you've never heard of — not that there's anything wrong with a new developer having a new extension on the market, but do some background research first.
Of course, as with websites, there are many shades of grey when it comes to extensions. Some developers will think it's entirely legitimate to gather a bit of anonymized user data in return for a free app — it's what Google does with Gmail after all — but they should absolutely be telling you about this in the terms and conditions for the add-on, so check the small print and the extension description carefully.
When you install an extension, you'll often be able to see the permissions it wants, just like when you install an app on your phone. These permissions aren't a guarantee one way or the other that something is or isn't safe, but they might raise a few red flags, so don't click through and approve them without a careful read.
Extensions usually auto-update too, which means older add-ons that were originally safe can morph into shady ones if they're taken over by another developer and modified. For that reason and others you should uninstall extensions you're not regularly to minimise the risk of them becoming a potential backdoor for bad actors.
Though not all extensions are a threat. Most of the time you can be confident sticking to the big-name extensions — from the Googles and the Facebooks and the Instapapers of this world — and if you pull these from official sources then you shouldn't have anything to worry about.
Keep your system's security software updated, and your browser updated, and you should get warnings about the worst offenders as far as shady extensions go. It's also a good idea to reset your browser back to its default settings if you think something has gone awry (your bookmarks and passwords won't be affected) — on Chrome it's Reset settings in the advanced section of the Settings pane, and in Firefox it's the Refresh Firefox option which you can find by entering "about:support" in the address bar.