In response to 'ShadowHammer' attack against ASUS notebook customers.
Experts Commented below:
Colin Little, Senior Threat Analyst at Centripetal Networks:
To mitigate risk from software updates, verify that the file you are installing is the file that the vendor intended, says Colin Little, senior threat analyst at Centripetal Networks. "A lot of popular software development companies will post the expected file hash of the package," when making the update available for download, he says.
The goal is to give recipients a way to verify that the file hash of the file they downloaded is the same as the expected value. Any change in the package would change the hash value.
To read more, please see the article