At the moment I have to go down to the computer store to download my GOG games, and sometimes the only machine I have available to download them on is a Linux setup with a flaky network connection. I don't believe there's a Linux version of the downloader, and I hate installing the downloader on their machines, anyway.

So, is there some way to get the downloads (like Planescape Torment) to self-test now, or is the GOG downloader's file check the only one we have?

I thought I'd ask here before I go to customer support.

The best solution is to download using a download manager (by copying the file URL from the browser's download window and pasting it into the download manager); it verifies each piece of the file as it saves them and automatically discards and re-downloads any pieces that are incomplete, so corrupted files are very unlikely. I recommend Free Download Manager Portable; I'm not sure about a Linux equivalent but most download managers have this sort of built-in verification.

To verify a file once downloaded, one option is to check the file checksums with a checksum verifier (e.g. Checksum Control Portable); I'm not sure about a Linux equivalent but there will be some.

For the new 2.x installers you can use the file's digital signature to verify its integrity (right click, Properties, Digital Signatures tab, details); if it says "This digital signature is OK" you have a perfect copy. This only works on Windows, however; when downloading using Linux you'll have to resort to checksum verification.

The last suggestion regarding digital signatures is the best I can think of, myself. Which would not be of much use in the case of older installers without digital signatures. But then I guess the older installers do the old-style self-verification and this whole question does not apply to them. I also do not know what the situation would be with large multi-part installers, either.

As for the first 2 suggestions, well, that's not how download managers or checksums work, actually.

For a download manager to do something like this, you need a specialized one that has integration with the service you're downloading from. Sort of like the GOG Downloader, in fact.

In case of checksums, one needs a list of known-good checksums for the files to be verified. As far as I am aware, GOG does not provide these. If one could somehow get these known-good checksums, however, and they did match the downloaded files, one could then be reasonably sure the files are OK.

That said, it's possible that the new installers do self-verification on-the-fly when installing and will throw an error if they are corrupted. Doesn't help when you do not always have the bandwidth and need to download the files long before they're to be used, though.

Edit: A quick Google shows that there are ways of automating digital signature checking of multiple files on both Windows and Linux. I will not point out anything specific, because this is the result of "a quick Google", as I said, and not anything I have used before.

It does not require Internet, actually. A digital signature is a sort-of built-in checksum of the file. Think of it as the file's checksum being appended to it. When you check the signature, the checksum is re-calculated and compared to the value stored and if they match the signature is OK.

It's a bit more complex than this of course, but this approximation will do for the application at hand... ;)

Well, when I tried to do the check for the digital signature on the other computer, offline, it says the digital signature is not valid.

Then the file is corrupted. This is the simple and most-likely explanation.

Or the computer is defective, I guess: if the file checks out OK on other computers, or sometimes checks out OK and sometimes not on the same computer, then there's probably something wrong with the machine; RAM would be the prime suspect, to my eyes.

Edit: To give you some extra confidence, I just did some testing and digital signatures work just fine on a system not connected to the Internet. That's to say a digital signature will be verified as OK if the file is unmodified and will fail to do so if the file has been modified or otherwise corrupted.

Unfortunately, my suspicion regarding multi-part installers also checks out: the digital signature verification only affects the .EXE installer bit and does not cover the large .BIN files... :-( I really was hoping there was something I do not know or did not think of that would somehow prove me wrong, in this regard.

Well, my description isn't exactly accurate, but the end result is that download managers are more reliable (and often faster) than downloading through a browser. I've yet to have a corrupted file download with Free Download Manager, whether from GOG or elsewhere.

The user-compiled checksum list is unofficial but overall very accurate and certainly better than nothing. The GOG Wiki also lists checksums but it isn't necessarily as up to date as the list in that topic.The new installers are digitally signed so you'll know as soon as you launch it whether it is intact or not; intact installers will show a blue UAC prompt with "Verified publisher: GOG Limited" whereas damaged installers will show a yellow UAC prompt with "Publisher: Unknown"; even the slightest variation from the original file will break the signature.

You won't see this prompt if you're still running XP, of course, but even on that you can still manually check the signature in the file properties. Digital signatures don't need the internet for verification, the file itself contains all the necessary information. :)

Strictly speaking, this type of digital signature doesn't require an internet connection. Some other forms which allow for signatures to be revoked in case of compromise do.

But, I suppose if GOG gets that compromised we may have other things to worry about as well.