Auto update: Is this secure?

Question

Dot Net Auto Update

I felt like .net was lacking a simple secure automatic update library so I\'ve implemented something and put it up here. Before anyone considers

Answer 1

Having build my own deployer in a corporate environment, here are a few use case I needed to address :

• support for digital signature

• support for all kind of proxy. Some big corps have complex proxy configurations (through the use of proxy configuration scripts for example). You should support all of those.

• encryption support. Your customers will probably want to have the deployed binaries available on a web-server, and they won't want to manage some sort of authentication or access control ; but they won't want unauthorized users to download the binaries either. An easy solution is to encrypt the binaries and have your tool deploy it

• support for pluggable additional steps. Corporate clients are usually not very comfortable using automatically deployed tools. They will want more control. Typically, allowing them to run customizable steps (like anti-virus checks, etc) will help

• support for different versions of the software based on the consumer identity. This is often needed in corporate environments, when you want to update the copies of a specific consumer (to fix a bug or add an extra-feature) very fast without running all your Q&A process (in this situation, you want to limit the update to this specific consumer)

• support limited privilege situations. Aside from the fact that your users may lack Administrator access to their computer, big corporations often use specific tools to limit what you can do. Be ready to deploy in a user-owned folder (or even a temporary folder) rather than the classic "program files".

• your tool should be signed by a strong certification authority.

Regarding the MITM attack you mentionned, it's easily solved through the use of public cryptography (as noted by unknown)