Automatic Updates security concern

Giganews Newsgroups
Subject: Automatic Updates security concern
Posted by:  rusga (on…@newsgroup)
Date: Thu, 29 Nov 2007

Hi,

Is there any way of setting the AU repository so it never uses https (tcp
443) and only uses http (tcp 80)?
Or, it uses only admin allowed update servers?

This might be a bit strange, but on a highly security strict LAN with
content filtering proxy (as in this case), this imposes a security risk
since https doesn't permit content parsing. Meaning that tcp 443 rules
*must* be set at the routers/firewalls and so, default configured http
clients (browsers on out-of-the box installs for instance) end up rendering
content that they weren't suposed to.

Thank you,
rusga

Replies