I just had a radical idea
Char Jackson wrote:
Thanks for the detailed reply. As for the possibility of corrupt updates
being shared within the LAN, I assume each update package is signed so
that a host knows if it can be trusted. However, if MS isn't taking
advantage of the other hosts on the LAN in this way, then I might as
well just disable the whole thing.
They're signed. Doesn't matter how they're sliced and diced,
a package cannot be installed without the signature working.
Change 1 bit of content, the signature will fail.
Even when materials come straight from a Windows Update
server, we have to assume the delivery method could be
compromised in flight. The signing step, is the ultimate
protection for that path. That covers MITM attacks.
Paul
|