On 27/06/2018 16:48, degski wrote:
That is indeed much better [than I thought], but those people who download the .exe will not check that as this requires quite a bit of knowledge. Just a question of a lay-man in this matter. Can't the server make this check before serving the file, or does a setup like that actually weaken the security?
If the server is hacked to the point that it is serving a malicious file, how could you trust it to perform signature validation on an associated hashfile? The Right Way™ to handle this case for the layperson is to authenticode-sign the exe file, such that when you try to run it, Windows will verify the signature and tell you who it was signed by. Even this still requires that person to (a) know that it was supposed to be signed and (b) recognise the name of the person or organisation who signed it and (c) trust that no malicious party has been able to obtain a certificate with a sufficiently-plausible-sounding name from a certificate vendor trusted by their OS. I can't actually check whether the current files are signed or not (or who by) since apparently my Chrome hates the files and they forever sit in 100%-downloaded-but-trying-to-virus-scan limbo.