Is there any valid reason to still be using 3DES in 2026?
It was formally deprecated in 2018 and has been surpassed in just about every single way by AES long before that.
At this point I feel like it's use is such a huge red flag
Is there a valid reason to use any encryption at all if you generally can't sniff the traffic unless you can also sniff the key, and if the key is arbitrary and not verified against anything?
I mean they're still using Inno Setup which was pretty cool in 2004.
It was an architectural problem, not an encryption problem. Even with AES instead of 3DES, the same issue would exist, which is spoofing the commands of any of the legitimate MSI services.