Microsoft Download Center Archive

(legacyupdate.net)

192 points luu | 2 comments | 05 Dec 25 19:33 UTC | HN request time: 0s | source

Show context

socalgal2 ◴[08 Dec 25 20:08 UTC] No.46196958[source]▶

This is great! But, it feels like it's only a matter of time before it changes ownership and everything is re-bundled with malware. It sucks that I can't get old downloads but it would be nice if they came from official sources. I don't have a solution. But looking for old drivers etc, mostly leads to bad sources.

replies(2): >>46197178 #>>46199785 #

1. mook ◴[09 Dec 25 00:34 UTC] No.46199785[source]▶

>>46196958 #

Shouldn't the files be signed by Microsoft, with a timestamp signature? That should (barring somebody locating a relevant private key) still mark them as not having been modified.

Of course, how many people would know to check for the signature (especially in the case the site went malicious and therefore wouldn't tell you to do so) would be a different question…

replies(1): >>46214509 #

2. kirb ◴[10 Dec 25 05:47 UTC] No.46214509[source]▶

>>46199785 (TP) #

It’s hard to teach people it’s worth their time to double-check these things of course, but I try to show a chain of trust:

1. Files come from Wayback Machine, which is trusted to serve legitimate snapshots

2. There is a sha1 and size listed for most files (though these come from Wayback)

3. Checking signature is easy enough from Explorer

Perhaps a page on “how to know this is legit” is a good idea to help educate about this. The goal of the project is to have legitimate downloads with good SEO, without having to cut through ads/spam/sketchy redirects (still has a few ads but intentionally non-obtrusive), so people aren’t blindly downloading from sketchy sites.

↑