Switching the updater to make use of https rather than existing plaintext http can be excellent and easy first step. It truly is great reward if Furthermore, it checks new exe's signature, but in first put, it shouldn't permit any one on the way to intercept requests so conveniently.Also some thing as simple as adding a firewall rule takes a whole