P2P windows updates are not risky

Anything not related to map making or Blizzard games should be posted here.
Fun • Forum games • Images • Films • Music • Humor • Videos
Forum rules
The off topic has no rules :)
User avatar
3ICE
Admin
Posts: 2629
Joined: Sat Mar 01, 2008 11:34 pm
Realm: Europe
Account: 3ICE
Clan: 3ICE
Location: Hungary
Contact:

P2P windows updates are not risky

Unread post by 3ICE »

Someone complained:
Microsoft itself use unsafe methods updating Windows 10.

The default choice is to allow code from private computers to be downloaded and installed as part of the update-process of Win 10.

For those that have not disabled this "feature" that "speeds up" the win 10 update process, Windows 10 itself becomes an unsafe program. No?

As long as you allow this to continue, I question your concern for consumer security. And I am correct to do so. Stop using this unsafe practice, and only allow updates directly from a safe Microsoft server. THEN I will consider your motives to be honourable.
I reply:

Nah. A simple checksum (which is in use today, among more robust security solutions) check easily defeats your idea. Imagine you're the attacker, trying to trick me into downloading a malicious update: It would take a lot of effort to fool this P2P system. You'd need to find a multi-tier hash collision. (Part and also the whole file.) And be near me, physically. Neither of these is easy or a viable attack method.

Edit: Unfortunately nobody near me is a Windows Insider, so my updates don't benefit from P2P currently. There are hundreds of regular Windows 10 machines around the neighborhood though, so they boost each other, I'm sure. Just not me :(
ImageImageImageImageImage
Image
ImageImage

Post Reply

Who is online

Users browsing this forum: No registered users and 60 guests