Altering the updater to utilize https rather than current plaintext http could well be very good and simple starting point. It truly is good bonus if it also checks new exe's signature, but in very first place, it mustn't enable any person on the way in which to intercept requests so conveniently.It is feasible to detach window if you open the drop