|
|
|
|
|
|
by htns
3992 days ago
|
|
|
Every user downloads and runs arbitrary code constantly, as updates. In the far future updates might come with a formal proof of their security, machine-verified on download, but for quite a few years still we will be stuck with just cryptography. A front door would be using Microsoft's signing keys. As long as you don't leak the keys, you aren't diluting security in general. A back door would be just leaving vulnerabilities around. It's a meaningful distinction. |
|
|
Moreover, the ability of software vendors to push malicious updates is a security vulnerability. Just because we haven't eradicated it yet doesn't mean we should codify our inability to address it in the future, e.g. by allowing users to choose what party they trust to verify and sign updates.