[peter_d_sherman]

In theory, you could probably call Gigabyte and ask them to mail you the BIOS update on disk or CD or something (you know, the old fashioned way), and/or you might be able to tell them that you feel insecure with plain http, and maybe they'd change it for you...

But what you're saying points to a larger problem. How do you know that anything you download from any vendor (and that includes such hallowed things in the industry as Apple/Ubuntu/Red Hat/Microsoft/Google updates), is really secure?

The only way to get true security for anything is to build your own processor, build your own PC, write your own operating system, build your own network card, and then hope that there aren't any bugs...

Historically, things that were once thought to be secure -- have been proven over and over again not to be. Case in point: Windows NT -- it had labels all over the box, to the effect, "It's secure, it's secure". Well, fast forward 17 years or so. Numerous incidents and issues have historically proven those assertions to be in error... don't take my word for it... look at the history... Google "Windows NT security vulnerabilities" and you can also add the word "historical" in there, if you want.

That, and I'm pretty sure as a novice computer historian, that history repeats itself, although chances are that your BIOS might be perfectly safe even if you do download it with http (although, make no mistake about it, you are taking a chance, so "chance-taker beware", as the old saying goes...)

Computer security is a tough business, because on the one hand there's too little security, and on the other is outright paranoia... what's the correct balance between those two extremes? I sure as heck don't know...

Anyway... good luck with your BIOS update...

[rxlim]

Good points. I must admit that I have not contacted Gigabyte as my experience with such large companies tells me that I will only get elevated blood pressure and absolutely no usable answer.

My main concern is not if the BIOS is secure, I'm very sure it's full of security vulnerabilities like most other software I use, but I have decided to trust Gigabyte like I have decided to trust the developers who build the Linux distro I'm using in that they are not malicious and trying to steal my information. The packages in my Linux distro are signed, so I can verify that they have not been modified since they left the developers machine, but I can't do the same thing with the BIOS update and that's what makes me uncomfortable.