From: "Robert Comer" 

> Well, then maybe I'm not being overly paranoid after all.
>
> ?

No, you're not.  That's why one would want to isolate an entire LAN from
the internet, much less our valuable servers, if they really need to be
secure. I used to do just that, but I gave up and now only just fix the
problems that arise.

- Bob Comer


"Ellen K"  wrote in message
news:c094ee.50abf4{at}harborwebs.com...
>
> "   In regard to anything else, there is no difference between that =
> visiting any random web site."
>
> Well, then maybe I'm not being overly paranoid after all.
>
> ?
>
>
>> From: "Rich" 
>> This is a multi-part message in MIME format.
>> ------=_NextPart_000_0497_01C51401.49A4D830
>> Content-Type: text/plain;
>> charset="iso-8859-1"
>> Content-Transfer-Encoding: quoted-printable
>> The checking is before that point.  Windows Update will reject the =
>> download if it isn't properly signed.
>> In regard to anything else, there is no difference between that =
>> visiting any random web site.
>> Rich
>> "Ellen K."  wrote in message =
>> news:mdb6115vpjcs57tceasi4hl4nhu8vk2j3r{at}4ax.com...
>> Question:   I understand that the updates themselves would not install
>> if not validly signed.   But following up the hypothetical case of the
>> WU server getting rooted, could something OTHER than the update not =
>> get
>> onto the client machine?
>> On Tue, 15 Feb 2005 20:20:11 -0800, "Rich" 
wrote in message
>> :
>>> updates, which I believe aren't even served by the Windows Update =
>> servers, are cryptographically signed and will not install if not =
>> validly signed.  This is in contrast to the linux distros to which you =
>> made an analogy which require users to find an independent source for =
>> the hashes of the valid content and to validate the downloads =
>> themselves.=20
>> ------=_NextPart_000_0497_01C51401.49A4D830
>> Content-Type: text/html;
>> charset="iso-8859-1"
>> Content-Transfer-Encoding: quoted-printable
>> 
>> 
>> > charset=3Diso-8859-1">
>> 
>> 
>> 
>> 
>>   
The checking is before =
>> that=20
>> point.  Windows Update will reject the download if it isn't =
>> properly=20
>> signed.
>>  
>>   
In regard to anything =
>> else, there is=20
>> no difference between that visiting any random web =
>> site.
>>  
>> Rich
>>  
>> > style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
>> BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
>> "Ellen K." <> =
>>
href=3D"72322.1016{at}compuserve.com&g=">mailto:72322.1016{at}compuserve.com">72322.1016{at}compuserve.com&g=
>> t;=20
>> wrote in message > =
>>
href=3D"news:mdb6115vpjcs57tceasi4hl4nhu8vk2j3r{at}4ax.com">news:mdb6115vpjc=
>>
s57tceasi4hl4nhu8vk2j3r{at}4ax.com...Question:  =20
>> I understand that the updates themselves would not installif not =
>> validly=20
>> signed.   But following up the hypothetical case of =
>> theWU server=20
>> getting rooted, could something OTHER than the update not
getonto =
>> the=20
>> client machine?On Tue, 15 Feb 2005 20:20:11
-0800, "Rich" =
>> <{at}>=20
>> wrote in message<> =
>>
href=3D"4212c9c0{at}w3.nls.net>:&=">mailto:4212c9c0{at}w3.nls.net">4212c9c0{at}w3.nls.net>:&=
>> gt;updates,=20
>> which I believe aren't even served by the Windows Update servers, are=20
>> cryptographically signed and will not install if not validly =
>> signed. =20
>> This is in contrast to the linux distros to which you made an analogy =
>> which=20
>> require users to find an independent source for the hashes of the =
>> valid=20
>> content and to validate the downloads themselves.=20
>> 

--- BBBS/NT v4.01 Flag-5