You search for 'free VLC download' and find a result. The page says 'Download VLC 3.0 now' and the button looks official. What is the most important thing to check before clicking the download link?
AThat the page has a professional-looking design and company logo
BThat the actual URL in the address bar points to the developer's official domain
CThat the file size listed seems reasonable for the software
DThat the download link opens in a new tab
The visible appearance of a page — logos, professional design, even the text of the link — can all be faked. The actual URL in the browser's address bar is the only reliable indicator of where the file will come from. A link can say 'Download VLC' while pointing to a malicious domain rather than videolan.org. Always verify the domain in the address bar before downloading from a new source.
Question 2 Multiple Choice
You download a file called 'invoice.pdf' from an email attachment. When you try to open it, Windows asks if you want to 'Run' the file rather than opening it in a PDF reader. What does this most likely indicate?
AThe PDF is corrupted and needs to be re-downloaded
BThe file is actually an executable program disguised with a .pdf name, such as invoice.pdf.exe
CYour PDF reader is not installed correctly
DLarge PDFs always prompt for permission before opening
Legitimate PDFs open in a PDF viewer, not as executable programs. A 'Run' prompt means the file is an executable (.exe, .msi, etc.) — its actual extension reveals this. Many systems hide file extensions by default, so 'invoice.pdf' might actually be 'invoice.pdf.exe' with the .exe suffix hidden. The OS behavior (asking to run rather than open) exposes what the file really is. This is a classic malware delivery technique.
Question 3 True / False
A file that has a .pdf extension is safe to open because PDF files cannot contain malware.
TTrue
FFalse
Answer: False
This is false on two counts. First, PDF files can contain malicious code — PDFs support JavaScript and other active content that has been exploited in attacks. Second, a file named 'document.pdf' might actually be 'document.pdf.exe' with the true extension hidden by the operating system. The file name and visible extension are not reliable guarantees of what a file contains or will do when opened.
Question 4 True / False
Downloading software directly from the developer's official website is generally safer than downloading the same software from a third-party aggregator or file-sharing site.
TTrue
FFalse
Answer: True
True. When you download from the official developer's website, you get the file the developer published. Third-party aggregator sites may bundle malware, adware, or modified installers alongside the original software. The distribution chain matters: every step away from the original source is an opportunity for tampering. For well-known software (browsers, media players, office tools), the developer's official domain is the authoritative and safest source.
Question 5 Short Answer
Why is checking the displayed text of a download link — such as 'Download Chrome Now' — insufficient for verifying that the download is safe?
Think about your answer, then reveal below.
Model answer: The visible text of a link can say anything, regardless of where the link actually points. The underlying URL — what the browser will actually navigate to — is what determines the source. A link displaying 'Download Chrome Now' could point to any domain, including one that distributes malware. Only the actual URL in the browser's address bar (not the link text) tells you where the file comes from.
This is the core deception technique in phishing and malware distribution: make the visible presentation look legitimate while pointing to a malicious destination. Trust is built on the destination, not the label. Verifying the actual URL is the primary habit that separates safe from unsafe downloading.