Hacker News new | ask | show | jobs
by teraflop 3929 days ago
Right, but assuming Windows isn't dumb enough to accept a remotely downloaded version that's older than the one it already has locally, the effect would be the same as if the attacker just prevented you from receiving new updates. And HTTPS wouldn't make it any harder for them to do that.
2 comments
Natsu 3929 days ago
> the effect would be the same as if the attacker just prevented you from receiving new updates.

True, but it might be slightly less visible because you'd get an "update" instead of a failure. Also, I wonder if anyone has actually tested that scenario?

I'd like to believe that's true and that should be true, but I'd also have to actually test it before trusting it to be true.

link
alcari 3929 days ago
Additionally, old versions will expire, so there's a limit to how far back you can keep someone, even if you continuously intercept the update attempts.
link
cxseven 3929 days ago
What happens if all versions someone has are expired?
link