Security of the WSUSOFFLINE UPDATER ?

Security of the WSUSOFFLINE UPDATER ?

Postby DanielBaker » 05.02.2015, 22:25

Has there ever been a formal risk assessment done on this tool? Is there any documentation on the software used or the authors? Is the programing code using secure standards? Great tool but my CORP is suspicious of downloading and using this tool from Germany. How can I convince them this software is not a threat or has been exploited in any way?
DanielBaker
 

Re: Security of the WSUSOFFLINE UPDATER ?

Postby aker » 06.02.2015, 10:00

Just check the source code. wsusou is open source:
:arrow: http://trac.wsusoffline.net/browser

The updates are downloaded directly from MS:
:arrow: viewtopic.php?f=7&t=172
There are a few static links, but they all point to a MS server, and all files are signature checked (if verification is enabled).

Except for the self-update, wsusou just connects to MS servers.
:arrow: viewtopic.php?f=7&t=3863
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to keep or sell it.
aker

WSUS Offline Update „Community Edition“
https://gitlab.com/wsusoffline/wsusoffline/-/releases
aker
 
Posts: 3999
Joined: 02.03.2011, 15:32


Return to Verschiedenes / Miscellaneous

Who is online

Users browsing this forum: No registered users and 34 guests