top | item 46871553

(no title)

maronato | 26 days ago

Because other OSs do not and the notepad++ team wants all users to have a similar experience.

If you don’t need auto updates, just disable them.

More importantly, notepad++ being able to update itself is not the exploit here. Your OS’ package manager would download the same compromised binary as notepad++’s built in updater.

discuss

Saris|19 days ago

What OS doesn't have a package manager now? Windows, Linux, and MacOS all have their own systems.

On windows, the package manager downloads the release of notepad++ directly from github, so it would not have been compromised. The hijack was done on the notepad++ website at the webhost level as I understand it, and the built in updater pulled from there.