aded, even totally free software can end wrong if you download them with the suspects sources. Let us remember that the basic principle is always download applications from the manufacturer, do not use aggregators such eg. Softonic.
the sites have the possibility of annoying - not enough that no download of such sites proper software just web-installer depending on which site they call it "download assistant" which only the start process for downloading applications in a similar way as file managers it another annoying thing is pressing us on the strength of additional software which we had intended to do to download as suspicious unknown applications" cleansing "of the computer or toolbars, change homesite in web browser and more useless things.
checksums make it possible to verify that the data contained in the file have not been changed during the transfer of information from one medium to another. It is produced by the summation or perform other mathematical operations on data transferred, transmitted together with the data and used to validate the data being processed.
In Windows checksum can check app eg. md5sum.exe
In Linux can check checksum for app hash:
md5sum FILE shasum FILE sha256sum -b FILE cksum FILE
GPG - import:
gpg --keyserver keyserver.domain.com --recv-key "4655 4C4C 204B 4559 0A" gpg --verify sha256sum.txt.gpg sha256sum.txt