Security of OS updates

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

When on MS Windows updates for some software, e.g. Firefox, come, one
is generally asked to initiate the installation and as a last step
to allow modification of some system file. On the other hand, for
updates of the Windows themselves, one is requested at log-off time
not to switch off the power so that the updates may have time to be
installed. Now in the later case, although one could easily block such
updates (as I am told), a normal user would certainly desire to have
all the updates installed, since the well-functioning of the operating
system is surely at least as important as that of other software running
on it.

I have however a humble question: How secure is this automatic
updating process of the operating system? That is, whether hackers'
malware couldn't masquerade as updates of operating systems and, if
so, what one could do to best prevent that.

(One index that led me to the question was the experience that years
ago my old PC (running Windows 98) for a time very very often had such
updates and the strange thing was that the number of the update (it
got displayed) was for a time the same. Another was a news I saw
( ) saying that a year ago somewhere a
declared network update of a provider of mobile phones sent out copies
of users' messages to certain particular addresses.)

M. K. Shen

Re: Security of OS updates

Mok-Kong Shen wrote:
Quoted text here. Click to load it

Don't be so paranoid! But...

... since you mention phones - your cell phone company can install
eavesdropping software onto your phone, without giving you any notice
that they're doing so. This allows the mic to be activated at any time,
anywhere, even when you're not using the phone and you think it's turned

GM's OnStar can eavesdrop on your conversations while you're in your car.

Re: Security of OS updates

On Wed, 15 Sep 2010 19:30:55 +0200, Mok-Kong Shen wrote:

Quoted text here. Click to load it

As far as it goes, reasonably secure, considering the Operating System. :(

Quoted text here. Click to load it

One hook, could be malware poisons your dns cache/system with criminal's Fake
ms update server which emulates MS's update server.

Quoted text here. Click to load it

Create a script to verify MS update site's ip address is valid just
before you do the download. :-)

Using perl you would call the gethostbyname function to convert MS
site to ip address and compare against known ip values.

As for resident malware, your malware scanner would have to check the
system before update. Problem with that is current new malware
creation rate is about a new one every 15 seconds. Anti-Virus vendors
have to catch a copy of new malware, verify scanning software can find
it, regression test software/database, roll out an update, you get
update, run scan.

Downside to this is AV people can take a month or more to get that fix
rolled out to users. You do the math on how reliable that is for your question.

Site Timeline