We are often asked from concerned customers if our installers have been infected with malware, or if third parties have included toolbars and additional download items to our installer.
We take the provenance of our downloads seriously. If you believe that a download has been compromised, please contact us immediately, after finding that any of the following checks fail.
The following steps will enable to you confirm that the file you downloaded is byte for byte, the one created by our build process.
If any of the checks below fail, then the file is not to be trusted; please re-download using only links on www.macrium.com
You can read more about code signing and the assurance it confers here.
http://msdn.microsoft.com/en-us/library/ie/ms537361%28v=vs.85%29.aspx
- Right click on the downloaded file, and chose properties:
- Check that the file has a digital signature (if not, the digital signature tab is not present).
- Select digital signatures tab.
- Select the only signature in the signature list.
- Click details.
- Check that the Signer name is Paramount Software UK Ltd.
- Check the digital signature is valid (right image below).
If the file originally came from us, but has been modified or is corrupt, then the signature check will fail (left image below).
- Check that the file has a digital signature (if not, the digital signature tab is not present).
- Verify the code signing, confirming that the file hasn't been modified and then resigned with a certificate that resembles ours:
- Click view certificate button.
- Click details tab.
- The thumbprint should be: fa 3f f7 a2 5e 16 7f 41 3a e8 a4 1b 1b 99 f5 aa d3 a9 7f 0e for all versions of Macrium Reflect signed before March 2016.
- The thumbprint should f4 3d a6 7c 75 97 64 29 42 f5 e2 15 7f a8 af 13 ad 35 fb b1 for all versions of Macrium Reflect signed after March 2016.
- The thumbprint should be: fa 3f f7 a2 5e 16 7f 41 3a e8 a4 1b 1b 99 f5 aa d3 a9 7f 0e for all versions of Macrium Reflect signed before March 2016.
- Click view certificate button.