forums.wsusoffline.net

Forums for questions, problems and suggestions concerning WSUS Offline Update
https://forums.wsusoffline.net/

Security of the WSUSOFFLINE UPDATER ?

https://forums.wsusoffline.net/viewtopic.php?f=2&t=4812

Page 1 of 1

Security of the WSUSOFFLINE UPDATER ?

PostPosted: 05.02.2015, 22:25
by DanielBaker
Has there ever been a formal risk assessment done on this tool? Is there any documentation on the software used or the authors? Is the programing code using secure standards? Great tool but my CORP is suspicious of downloading and using this tool from Germany. How can I convince them this software is not a threat or has been exploited in any way?

Re: Security of the WSUSOFFLINE UPDATER ?

PostPosted: 06.02.2015, 10:00
by aker
Just check the source code. wsusou is open source:
:arrow: http://trac.wsusoffline.net/browser

The updates are downloaded directly from MS:
:arrow: viewtopic.php?f=7&t=172
There are a few static links, but they all point to a MS server, and all files are signature checked (if verification is enabled).

Except for the self-update, wsusou just connects to MS servers.
:arrow: viewtopic.php?f=7&t=3863
All times are UTC + 1 hour
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/