That is unlikely to fool anyone. The file size will be completely wrong, the download isn't that easy to catch (content-disposition isn't always set and some sites will have blablabla.exe as their request but will return a content-type of text/plain) and the network load would double (one packet from the user to the attacker, another packet from the attacker to the server), thus slowing down the traffic and alerting the user to a problem.
quote:
Originally posted by WDZ
Thread moved to Forum & Website since it's regarding a change to the FAQ.
In response to your concerns about getting malware via the auto-update system:
quote:
Originally posted by Patchou
As for binaries being downloaded, you may be happy to knwo that I'm not completely stupid and that no exe file downloaded by the auto-update system of Messenger Plus! will be executed if it's not digitally signed by myself.
(That was posted in a private forum, so I can't link to it)
Huzzah! In fact now I feel a little stupid for not thinking of that myself.
Nonetheless I still stick by my point that the FAQ is not accurate - there is not 100% guarantee that some exploit (no matter what it is, where it comes from or what medium it uses to get to the client) will not be found. There is no such thing as complete security on a networked system.
