"   In regard to anything else, there is no difference between that =
visiting any random web site."

Well, then maybe I'm not being overly paranoid after all.

?


> From: "Rich" 
> This is a multi-part message in MIME format.
> ------=_NextPart_000_0497_01C51401.49A4D830
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> The checking is before that point.  Windows Update will reject the =
> download if it isn't properly signed.
> In regard to anything else, there is no difference between that =
> visiting any random web site.
> Rich
> "Ellen K."  wrote in message =
> news:mdb6115vpjcs57tceasi4hl4nhu8vk2j3r{at}4ax.com...
> Question:   I understand that the updates themselves would not install
> if not validly signed.   But following up the hypothetical case of the
> WU server getting rooted, could something OTHER than the update not =
> get
> onto the client machine?
> On Tue, 15 Feb 2005 20:20:11 -0800, "Rich"  wrote in message
> :
>> updates, which I believe aren't even served by the Windows Update =
> servers, are cryptographically signed and will not install if not =
> validly signed.  This is in contrast to the linux distros to which you =
> made an analogy which require users to find an independent source for =
> the hashes of the valid content and to validate the downloads =
> themselves.=20
> ------=_NextPart_000_0497_01C51401.49A4D830
> Content-Type: text/html;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> 
> 
>  charset=3Diso-8859-1">
> 
> 
> 
> 
>    The
checking is before =
> that=20
> point.  Windows Update will reject the download if it isn't =
> properly=20
> signed.
>  
>    In
regard to anything =
> else, there is=20
> no difference between that visiting any random web =
> site.
>  
> Rich
>  
>  style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
> BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
> "Ellen K." < =
>
href=3D"72322.1016{at}compuserve.com&g=">mailto:72322.1016{at}compuserve.com">72322.1016{at}compuserve.com&g=
> t;=20
> wrote in message  =
>
href=3D"news:mdb6115vpjcs57tceasi4hl4nhu8vk2j3r{at}4ax.com">news:mdb6115vpjc=
>
s57tceasi4hl4nhu8vk2j3r{at}4ax.com...Question:  =20
> I understand that the updates themselves would not installif not =
> validly=20
> signed.   But following up the hypothetical case of =
> theWU server=20
> getting rooted, could something OTHER than the update not getonto =
> the=20
> client machine?On Tue, 15 Feb 2005 20:20:11 -0800,
"Rich" =
> <{at}>=20
> wrote in message< =
>
href=3D"4212c9c0{at}w3.nls.net>:&=">mailto:4212c9c0{at}w3.nls.net">4212c9c0{at}w3.nls.net>:&=
> gt;updates,=20
> which I believe aren't even served by the Windows Update servers, are=20
> cryptographically signed and will not install if not validly =
> signed. =20
> This is in contrast to the linux distros to which you made an analogy =
> which=20
> require users to find an independent source for the hashes of the =
> valid=20
> content and to validate the downloads themselves.=20
> 

--- BBBS/NT v4.01 Flag-5