dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
228
Aprel
join:2013-09-14

Aprel

Member

BIOS and drivers over HTTP in 2014?

Needed to get the latest BIOS for one of my mobos, only to find out my vendor's download page has absolutely no HTTPS support and no gpg signatures or integrity checking of any kind. /sigh

For curiosity, this led me to check the sites of Gigabyte, ASUS, and MSI, three of the biggest motherboard vendors. None supports any downloads over HTTPS. Part of ASUS's site is available over HTTPS, but none of the support section.

I checked Intel, too, which is a hodgepodge of HTTP and HTTPS, but from what I could tell, their download center supports HTTPS and by default. Hooray for Intel!

Is it being paranoid to expect that some of the most critical binaries on your system be delivered to you over a secure channel?

Now I get that most of the Internet is not encrypted, and the majority of users don't really care. But these are tech companies. What sucks is I can't contact any of them about it without getting redirected to a generic support form asking a million questions about my hardware.

One can hope that the binaries are signed and the BIOS checks the integrity on the flash, which is probably the case. But really, these companies should know better. Have they been under a rock for the last 12 months? It's just the principle that's frustrating, not the chances of getting a tampered binary times your tinfoil-hat multiplier.