From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_0497_01C51401.49A4D830
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   The checking is before that point.  Windows Update will reject the =
download if it isn't properly signed.

   In regard to anything else, there is no difference between that =
visiting any random web site.

Rich

  "Ellen K."  wrote in message =
news:mdb6115vpjcs57tceasi4hl4nhu8vk2j3r{at}4ax.com...
  Question:   I understand that the updates themselves would not install
  if not validly signed.   But following up the hypothetical case of the
  WU server getting rooted, could something OTHER than the update not =
get
  onto the client machine?

  On Tue, 15 Feb 2005 20:20:11 -0800, "Rich"  wrote in message
  :

  >updates, which I believe aren't even served by the Windows Update =
servers, are cryptographically signed and will not install if not = validly
signed.  This is in contrast to the linux distros to which you = made an
analogy which require users to find an independent source for = the hashes
of the valid content and to validate the downloads = themselves.=20

------=_NextPart_000_0497_01C51401.49A4D830
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








   The
checking is before =
that=20
point.  Windows Update will reject the download if it isn't = properly=20
signed.
 
   In regard
to anything =
else, there is=20
no difference between that visiting any random web =
site.
 
Rich
 

  "Ellen K." <72322.1016{at}compuserve.com&g=">mailto:72322.1016{at}compuserve.com">72322.1016{at}compuserve.com&g=
t;=20
  wrote in message news:mdb6115vpjc=
s57tceasi4hl4nhu8vk2j3r{at}4ax.com...Question:  =20
  I understand that the updates themselves would not installif not =
validly=20
  signed.   But following up the hypothetical case of =
theWU server=20
  getting rooted, could something OTHER than the update not getonto =
the=20
  client machine?On Tue, 15 Feb 2005 20:20:11 -0800,
"Rich" =
<{at}>=20
  wrote in message<4212c9c0{at}w3.nls.net>:&=">mailto:4212c9c0{at}w3.nls.net">4212c9c0{at}w3.nls.net>:&=
gt;updates,=20
  which I believe aren't even served by the Windows Update servers, are=20
  cryptographically signed and will not install if not validly =
signed. =20
  This is in contrast to the linux distros to which you made an analogy =
which=20
  require users to find an independent source for the hashes of the =
valid=20
  content and to validate the downloads themselves.=20


------=_NextPart_000_0497_01C51401.49A4D830--

--- BBBS/NT v4.01 Flag-5