As for updates - my OS has a built-in package management system, which is responsible for installing and updating packages. Why should notepad++ bypass that and do its own independent update process?
Because other OSs do not and the notepad++ team wants all users to have a similar experience.
If you don’t need auto updates, just disable them.
More importantly, notepad++ being able to update itself is not the exploit here. Your OS’ package manager would download the same compromised binary as notepad++’s built in updater.
A browser can download updates and plugins to be installed locally. I too do not want all my apps making internet connections. Sandboxes / namespaces can help a little.
I think these days updates through the OS package manager is a better option, windows has had winget for 5+ years now, and obviously linux and macos both have their own established systems.
thegrim000|28 days ago
maronato|28 days ago
If you don’t need auto updates, just disable them.
More importantly, notepad++ being able to update itself is not the exploit here. Your OS’ package manager would download the same compromised binary as notepad++’s built in updater.
Bender|29 days ago
Saris|29 days ago
MisterTea|29 days ago
hulitu|28 days ago
Why ? CADT ?