A number of people have asked me “can we REALLY trust the Windows Update site? What if it were hacked and fake “updates” were put on for users to download which were actually spyware/viruses/worms and the like? Has it ever been compromised by a 3rd party? Is it possible that it could be? Is it 100% hack free? A lot of computer users rely on this site so would assume all the downloads on there are 100% microsoft – a hacker’s dream; 100’s of unsuspecting computer users…”
There are a number of precautions taken by the update mechanism to mitigate these threats. But of course I would say that! Specifically the updates are digitally signed (with the private key of the author – held only by the update author), the client machines all have a copy of the public key which can be used to verify that the source of the updates is indeed Windows Update (and not a spoofed site) and that their content has not changed. We use this technique to validate software delivery of both updates and the original software at install time – this is what’s mean by the marketing term Authenticode. It’s pretty cool as it all happens behind the scenes – the user is only involved if there’s a compromise.