P2P windows updates are not risky

Anything not related to map making or Blizzard games should be posted here.
Fun • Forum games • Images • Films • Music • Humor • Videos
The off topic has no rules :)

P2P windows updates are not risky

New postby 3ICE on Mon Sep 10, 2018 7:06 pm

Someone complained:
Microsoft itself use unsafe methods updating Windows 10.

The default choice is to allow code from private computers to be downloaded and installed as part of the update-process of Win 10.

For those that have not disabled this "feature" that "speeds up" the win 10 update process, Windows 10 itself becomes an unsafe program. No?

As long as you allow this to continue, I question your concern for consumer security. And I am correct to do so. Stop using this unsafe practice, and only allow updates directly from a safe Microsoft server. THEN I will consider your motives to be honourable.
I reply:

Nah. A simple checksum (which is in use today, among more robust security solutions) check easily defeats your idea. Imagine you're the attacker, trying to trick me into downloading a malicious update: It would take a lot of effort to fool this P2P system. You'd need to find a multi-tier hash collision. (Part and also the whole file.) And be near me, physically. Neither of these is easy or a viable attack method.

Edit: Unfortunately nobody near me is a Windows Insider, so my updates don't benefit from P2P currently. There are hundreds of regular Windows 10 machines around the neighborhood though, so they boost each other, I'm sure. Just not me :(
ImageImageImageImageImage
Image
ImageImage
User avatar
3ICE
Admin
 
Posts: 2357
Joined: Sat Mar 01, 2008 11:34 pm
Location: Hungary
Realm: US East
Account: 3ICE
Clan: 3ICE

Return to Off Topic



Who is online

Users browsing this forum: Google Adsense [Bot] and 24 guests

cron