Download Hash Verifier

This is the first review of man I plan to do on this blog. I am trying to create a place for people to turn to before they download an use some of the tools in the hacking/security industry. Today we will be reviewing DownloadHashVerifier. This tool is supposed to verify the integrity of a file by it's "hash". You select the file you want to check and input the hash you were given at download then click the verify hash button.

I see some major problems with this. The first problem is most people don't offer a hash with files that are downloaded. Let's say Johnny wants to download mIRC but they're website is down. Johnny googles for it and finds a mirror and downloads mIRC. Johnny also got a hash from the mirror site and wants to make sure his file wasn't tampered with. How does Johnny know the hash he has will help verify that? he doesn't, he has NO IDEA. If malware was in the mIRC executable why wouldn't the person use the hash from the file AFTER it was backdoored?

I guess I am just failing to see how this is beneficial to anyone. Monitoring file hashes for single files is menial when compared to what file hashes are meant for, VERIFYING INTEGRITY. If you download a file from a website that  is malicious, you take your chances whether it has a file hash or not. File h ash integrity checking should be reserved for versioning and making sure directories of files haven't been compromised.

I don't see a reason to use this software.