Publish Signed Files?

Question

Hi

I built an auto-update feature to my program. It polling an xml in some http url, and in case there is new version is notifies the user and downloading the new files.

I want to allow redistributing of those updates in closed networks without internet connections. The administrators can download all update files and host in some HTTP server in the network.

The problem is that the xml URL will not be the same, so I want to allow change this URL in the program's config file. This is openning the door to malware publishers: they can redistribute my program with other URL in the config file, and then distribute some form of malware through the auto-update system of my program, then the people will say my program is a virus.

I want to block the chance to change the original auto-update xml to block this kind of malware distribution. How do I do that?

Answer 1

I think I understood your problem. But this problem is not yours to handle. The users should only download your application from a trusted source. You cannot stop a user from downloading malware, its their problem if they do so. Also, it is the users that will add/change a URL to the config file and you cannot stop them from adding a malicious URL to the config file. And even if you have the original update URL hard coded in your application, it wouldn't be hard for a user with malicious intent to change it and recompile your application and distribute it. Or else you can use cryptography to ensure that the original URL is unchanged.