2012/3/12 Maverick <myeaddr...@gmail.com>
> Like list of sites that operating systems or applications installed on > your machines go to update themselves. One way could be to go on each > vendors site and look at their update servers like > microsoft.update.com but it would be good if there is a list of such > servers for all OS and applications so that it could be used as a > whitelist. > > I stick with my original answer... sometimes. I'm not sure if this is different now, but I remember MS update being spoofed with bogus DNS entries because the process is died to that dns name. I think this is the most popular method combined with some sort of encryption and/or signing to verify the updates themselves. I'm sure there are applications that use a white list though. There are alot of shops that update via some kind of CDN, so the whitelist method is a bit combersome at scale and is not immune to spoofing or other attacks. The most secure thing is probably to protect the updates themselves.
