So ultraedit ehhh?
The problem here is apps are not properly containerized, andand can do basically anything..as if they were almost root. They do no need to change the system if they can pervert other apps...and here lies the design flaw!!
Microsoft's security team is urging developers to shore up their software update systems – after catching miscreants hijacking an editing application's download channels to inject malware into victims' PCs. In a security advisory, Redmond's infosec gurus describe Operation WilySupply: their mission to find, isolate and destroy …
There is an upper limit for containerizing applications, after which they become useless, especially when they aren't simple, wholly self-contained applications, and need to interact with the rest of the system. An installer, by definition, needs to modify the system. There are ways to improve the security of installers, but there are also many bad developers who do their best to cripple security. For example update services running as LocalSystem are enormously dangerous, if you can trick them to execute whatever you like. If you take that dangerous road, it's your responsibility to secure the chain fully, and properly. Still, other morons are lured into thinking that SecureBoot and code signing are the spawn of Satan (many only because they fear it makes wharez harder, yes, yes, it's all about running your own distro of Linux, not pirated games...), and yes, it adds complexity to your deployment workflow. Also, financial/payment companies (and not only them) should not really allow for non-approved updates downloaded directly from outside, they should be manged internally. Yes, more work to do....