If a website does kotnhave the signature, there is no way you can know that the file on the site to download has not been replaced by hackers.
True. I wonder if we have a website or database where users submit a hash of a file manually as a way to cross-check download files. I know the responsibility should lie with the company to provide that stuff, especially with the possibility of scammers uploading misleading hash. I'm just curious if someone has built a tool like that. Another option is to use malware scanner to check them I guess (other than making sure you visit the right website, double checking on social media, etc).
I don't know this is working since I never tried to use this site as I have no interest to click any random link or even shortened links for security purposes.
But if people want to check if the link they are downloading maybe they should try to use this sites to check if the files they are trying to download is not contaminated by malwares.
www.virustotal.comopentip.kaspersky.com
www.hybrid-analysis.comProper verification is important since its hard to regret late and experience losses due to this malwares.