InsideTech

Automated updates: Why they may not be such a good idea

the following is an excerpt from TechRepublic

How Ippon works

Ippon looks for computers that are asking for updates and tries to replace the update with malware. One thing in Ippon’s favor is that most applications are setup to check for updates automatically. Kotler and Bitton have ported Ippon to scan open Wi-Fi networks specifically for Hyper Text Transport Protocol (HTTP) update request traffic. When traffic is detected, it becomes a race to see if Ippon can respond before the update server for that particular application.

If Ippon wins, a message is sent informing the application that an update is available, even if it’s not. To avoid suspicion, Kotler and Bitton have built in a reference library to allow Ippon’s response to closely mimic the actual one. Once the connection is established a malicious file is then downloaded from the attacker’s server and game over.

Here is the link for the article, but I think you have to be a member to access it. Membership is free and IMHO anyone in the tech world should be a member of techrepublic, they have some great newsletters and they don't spam you!

here is the link:     http://blogs.techrepublic.com.com/security/?p=2056&tag=nl.e036

These don't include windows or other updates that are digitaly signed.

I don't do automatic either, I always choose notify me and let me choose when to download. If they don't have that option then I set not to update and then depend on memory to update.

Just paranoid I guess, I wan't to know what is being installed and when and why and what It is suposed to do.

I guess it comes from the old AOL days when you would try to log out and then be stuck for an hour while Aol downloaded and installed updates, at what was it then??? 24k download speed.

and then after the download something was always broken.