Is the Updater, of Sumatra PDF reader, secure?

[JohnPlanetary]

I like the very small size of Sumatra PDF reader, and does the job.

I've seen several security problems with Notepad++, and one of them made me come here to make the question:

Is Sumatra PDF reader retrieving a XML (or similar) to verify if there is a newer version? If yes, is it digitally signed such that even if someone has illegal access to the server they can't send/ redirect all/ some user(s) to a malware version of Sumatra PDF reader?

After downloading a newer version of Sumatra PDF reader, does the current Sumatra PDF reader updater performs a security check on the digital signature to make sure it is a legit version, before installing it?

Are both the XML file and the Sumatra PDF reader file signed using a HSM (Hardware Security Module) to prevent some malware from stealing the private key?
I'm guessing that the Certum Code Signing does require a HSM to be used when signing the executable, but the XML file (or similar format) may not be signed using a HSM.

[kjk]

Yes, it's secure. You can see for yourself: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/src/UpdateCheck.cpp

[JohnPlanetary]

I'm not a programmer, so excuse me if I don't see it in the code, but the only protection I could see is that if the download is made from another domain it will display a error and advice people to download from the official web site.

I'm not seeing any sort of signature or signature checking in the code, like verifying some GnuPG or for example minisign signature, in the updatecheck-pre-release.txt and update-check-rel.txt to be sure no hacker modify it to give a malware version.

I also couldn't spot the place in the code where the program check the "exe" file or zip file downloaded to make sure it is a legit version without malware. The exe file already includes a digital signature, the zip file would either need some exterior signature or compare the hash from some server url with the hashes of the file to be sure it is the correct version, of course these hash file would need to be digitally signed to be sure it wasn't malicious changed by hackers. It could be included in the updatecheck-pre-release.txt and update-check-rel.txt files.

Theses should stop the scenario where malicious hackers attack the server and can control everything from the up higher levels of the server.

[rmmbr]

@JohnPlanetary
General tip for software like this that isn't frequently updated per release: Disable auto-update, download new versions first, check the checksum against VirusTotal, and only then install the software ...