Add a checksum to the download page so we can verify the downloaded image

Discussion in 'Parallels Desktop for Mac Feature Suggestions' started by RyanL5, Nov 23, 2018.

  1. RyanL5

    RyanL5 Bit Poster

    Messages:
    1
    A simple listing of md5sum, sha256, etc for each download would strengthen my faith in an uncorrupted (non-tampered) install.
    It would make it easier for me to enter my admin password when the time comes, knowing that I have a 'certified' download.
     
  2. alev

    alev Parallels Developers

    Messages:
    375
    Hi Ryan,

    Thank you for your suggestion!

    Checksum verification is required when you download file from third party sites/mirrors, you then take hash from original site (where download link is posted), download a file from the mirror, and then verify that the file is not tampered. In case you download from parallels.com, it is not required, we don't have mirrors as Parallels pays for CDN service to ensure your trouble-free and fast download. Transport protocol cares about accidental corruption while downloading.

    Your concern on having only genuine software and providing admin password to make install is absolutely valid. I would like to emphasise the work that Apple does to protect its users from tempered downloads and malware. With GateKeeper and necessity to sign application with Developer ID, it is not that easy to install software from pirates and hackers. And it seems that with Apple Notarization service that was introduced last year your security will further improve .
     

Share This Page