Thanks for the update.
In all honesty, it does sound a bit strange, but there are so many applications using trusted/protected installation locations and still offer acceptable update notifications like: "hey, there is an update, you should download this".
One of these applications is notepad++.
Another thing is an important downside of using the .msi, which is you apparently do not get notified of updates in the first place, which I think makes this option pretty unusable for the average home user in the first place. It would really help to at least get a simple check if the running version is actually the latest version available.
All together, I just can't understand why and how you guys came to this decision-making. It's either fragile and risky (local attack) with auto-updates, or it's protected without updates and notifications to update. Another thing is how you're handling and delaying a high risk finding of a security audit "somewhere" in your backlog. I'm expecting something different from a company offering "secure" products.
Enough said. Have a great day yourself :)
