Switching the updater to make use of https instead of recent plaintext http could be very good and simple first step. It's awesome bonus if What's more, it checks new exe's signature, but in first spot, it mustn't allow anybody on the best way to intercept requests so effortlessly... Also tab excess - consider opening all options working with that