File-sharing and cloud storage sites: How safe are they?

File-sharing and cloud storage sites: How safe are they?

There it is again—that annoying message that pops up when your email client informs you that a file is too big to attach. Those of us that are confronted with this problem on a regular basis—and those of us that want to attach files that could get picked up by anti-malware scanners along the way—have probably resorted to using file-sharing sites to help solve this issue. But is file-sharing secure?

How do file-sharing sites work?

The procedure for such file-sharing sites is simple enough. You upload the file, copy the download link, and send that link to the person you want to have the file. Some sites offer you a range of options to prevent your files from falling in the wrong hands like encryption, password protection, and others.

Closely related and more than a few times used for the same purpose are cloud storage sites. These could be ideal to backup those files you can’t do without should your hard-drive fail. Personally, I prefer a physical hard drive to backup my more personal files, but I would have no reservations about storing my installers and configuration files online.

Follow the money

It’s not hard to imagine that it will cost money to run such a site. So, when this service is provided to you for free you would be wise to ask yourself how they pay the bills. As in many other online services, when they are offered for free there is a good chance that your data are used to pay the bills.

But there are other means for these sites to earn revenue:

  • Advertising: Sometimes it’s easy to see how the bills are paid. It is hard to find the controls between the advertisements, though.
advertisements
advertisements
advertisements
  • Web push notifications: A special form of advertising that can be very annoying. Often used in conjunction with regular advertising. Depending on the advertising network these can vary from slightly annoying to downright malicious.
notifications prompt
  • Altered files: The file you download is not the same as the file that was uploaded. This can be very embarrassing. You don’t want to send your business relations a link that gets them infected with adware or some potentially unwanted program.
  • Not the requested file at all: Some file-sharing sites simply replace the requested files with malware. This often happens on sites that are notorious for sharing cracks and keygens. Sometimes they don’t replace all the files to give the visitor the idea that he could “get lucky.”
  • Some sites require you to register and provide an email address, social media account, or to install a program that enables the usage of the site. All these options could result in additional advertising.
  • Some file sharing sites offer free accounts for small files but will ask a fee if you want to store bigger files. Or they will offer an improved user experience for paid users, for example higher speeds, simultaneous uploads, or an ad-free site. This seems like a fair deal and a good alternative for the users that only need this occasionally.

Inform yourself beforehand

To keep your data and computer secure, before you decide on which site to use for sharing files or storing online for yourself, follow these pointers:

  • Look at reviews about the site and skip the ones that are all good

Even with an outstanding product people will find flaws and complain about them. If you can’t find any negative reviews, there is a good chance these will be barred or removed, or in some cases buried by good reviews posted by the people running the site.

  • Check out the security options you can use as a free user.

The more the better, obviously. Look for encryption, limited number of downloads, password protection, or anything else you would like to see. There are many providers out there and it’s worth looking for the one that is ideal for you.

  • Try the service out yourself before sending someone else a file.

Upload a file and then download it again, preferably from a different computer and other IP address. Sites may treat the uploader different from other downloaders. Don’t embarrass yourself by using an untested service and getting someone you know infected.

Finally, when you download something uploaded by another user, there are some pointers to minimize the privacy and security risks involved:

  • Make sure to click the correct button on the site. PUPs love using those big green buttons that tell you to “start here” when in fact that’s not where you want to go at all.
  • Check the file extension, does the filetype match with what you are expecting? When you were promised an mp3 and get a file with the .exe extension that should raise all kinds of alarms? In fact, executable files are best avoided entirely unless you know and trust the sender.
  • Check the file size. A movie with a size of 8 MB is not likely to be what it claims to be.
  • Scan the downloaded file with a trusted antimalware solution before running it.
  • Should you decide to run a file, read the installation or download screens carefully. Sometimes there are additional surprises announced in small print.

So, what’s the end verdict on file-sharing?

We feel it’s not our place to make recommendations about which ones are the best, but we feel it is our duty to make you aware of the risks and pitfalls that are very common in this area, most of which you can spot easily by doing a test round or two.

Basic services for limited use are available for free if you are willing to look for them. With an ad blocker or Browser Guard you can navigate the sites that would normally be full of advertisements a lot easier.

Further, web push notifications can easily be controlled and managed from within the browser. If you want to know how, you should read our blogpost about web push notifications.

Also, a quick inspection of the downloaded file can save you some occasional grief as well.

All in all, we think it is possible to share files or use online storage for non-professional purposes without paying for these services. For more regular and professional usage there are many paid options available. The only thing we do want to warn about is downloading desirable files from “unknown” sources. Sites offering cracks, keygens, movies, music, and other desirable files do have a bad reputation for a reason.

Stay safe everyone!

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.