Hi
I built an auto-update feature to my program. It polling an xml in some http url, and in case there is new version is notifies the user and downloading the new files.
I want to allow redistributing of those updates in closed networks without internet connections. The administrators can download all update files and host in some HTTP server in the network.
The problem is that the xml URL will not be the same, so I want to allow change this URL in the program's config file. This is openning the door to malware publishers: they can redistribute my program with other URL in the config file, and then distribute some form of malware through the auto-update system of my program, then the people will say my program is a virus.
I want to block the chance to change the original auto-update xml to block this kind of malware distribution. How do I do that?