[beauHD]

> SHA256 checksums do not verify the authenticity of the downloaded software

Well after googling for various SHA256 sums, and seeing many results that other people have got, it is at least some peace of mind. Then you know you aren't targeted specifically. There are 'known good' hashes of things like Windows ISOs for example, so you can install a clean 'untouched' Windows that isn't trojanized or laden with malware.

I am aware that simply seeing 100s of the same sum on various sites doesn't mean the executable is 'clean', it just means you weren't MITM'd specifically and targeted with malware that is baked into the executable/ISO/installer/whatever.

[NickRandom]

I've seen those same Windows ISO sites push false 'known good' hashes and to make matters worse Microsoft makes it almost impossible to find an easy to check source on hashes unless you are downloading the U.S. version nor do they avoid so many sub-domains that you aren't really sure if it is or isn't an MS site/redirect. Foot, meet Gun.