I have been trying out a demo of your product and like it a lot. It is very simple to use yet provides a lot of features. Something I have been stuck on though that I can't seem to find any answer too:
1) Is it possible to obfuscate (or remove totally) the ini file required on client side for auto update component? If a threat actor were to gain access to a machine (and lets assume they gained elevated privs), what would stop them making changes to the client side ini file so that it would look like updates were not available or even change the URL of the server side xml so that my updater would download other malicious software?
2) Is there a way to use client side certificates to authenticate with server. I read that user name / password can be passed by command line call by this would be simple to find (e.g. auditd).
Please sign in to leave a comment.