PaulR said:
AFAIK the padlock only shows if it's a secure connection and any address beginninh http isn't. Secure connections always (I think!) begin https.
True enough, but I think this is going to confuse poor Mikk !
What I was saying was, if you've made a particular TCP connection, then this can't be directly "hijacked" by a 3rd party! For, example, if your browser window URL shows that you're connected to the Microsoft website, then it must really be Microsoft, this can't be faked!
However, once you're on the Internet, it's then possible for various "malware" to independently open additional connections, maybe invisibly to the computer's owner, quite apart from the browser's open window! That's why we use protection software, eg Winpatrol!
Of course, a HTTP link sends just plain text, which can be "read" at points it travels though (by reading router table records, using network analysers, various other software, etc). So, secure socket layer (https) additionally encrypts the data using public/private key. For example, when sending credit card details for shopping. However, that's a different issue, about keeping sent data secret, not about the hi-jacking of an existing connection.
Whether Microsft send windows updates https I don't know, have never actually looked (!), but there seems little point, I suspect as usual they use their own secret proprietry system .........