alt Hacker NewsVindicated once again for turning off any update checks the moment I install any new piece of software.
Even if this sort of (obviously rare) attack is not a concern, it baffles me how few otherwise-intelligent people fail to see the way these updaters provide the network (which itself is always listening, see Room 641A and friends) with a fingerprint of your specific computer and a way to track its physical location based on the set of software you have installed, all of which want to check for updates every goddamn day.
Replies
If the people with access to Room 641A want you, you're toast unless you're ready to make some REALLY big digital lifestyle changes that most people would not be amenable to, because you would have to be extremely paranoid on multiple fronts all the time. That kind of heightened vigilance is exhausting and really not worth it.
Threat modeling: it keeps things realistic.
How do you deal with the opposite, software that you forget to update but contains vulnerabilities discovered/exploited later?
It is baffling to me, as well. You know how you get a remote-code-execution vulnerability? You give a bunch of software permission to fetch code remotely and execute it.