back to article Leaked Windows 10 build hints at peer-to-peer patching

A new build of Windows 10, number 10036, appears to have somehow found its way beyond Redmond's firewalls, and folks running it report it has all manner of interesting additions. The main eyebrow-raiser is a new dialog titled “Choose how you download updates” that offers an option to “Download apps and OS updates from multiple …

  1. razorfishsl

    So would they ask the permission of the 'hosting system' or would they just steal the electricity and bandwidth without asking?

    1. big_D Silver badge

      I would guess, if you don't decide to use the sharing to download patches from others, they won't be able to use your PC as a source either. If you opt in to sharing, then you are sharing as well, like a Torrent.

      That said, for small businesses and families with more than 1 PC, it makes a lot of sense. If you have 4 PCs at home, you have to download each patch 4 times, unless you set up a WSUS server, but how many small businesses or families have a Windows Server running WSUS? Make one PC the master and it downloads directly from MS, the others on the network then slave off of that one.

      That saves you a lot of bandwidth / data volume.

      1. Chris Miller

        Saving bandwidth

        True, but only if you have a standard domestic configuration. I've got 2 x Win7 Ultimate, 1 x Win8.1 & 1 x Win7 Home Premium; so that means 3 different patches in many cases (and at least they're all 64-bit). It may be more effective for small businesses.

      2. Hans 1

        @big_D

        Very interesting ... now, who would enable this feature? Those on low bandwidth allowances and "multiple computers" who choose "internet peers" will have to watch out. Cause they will be "mirroring the patches" for Windows update, gone is their bandwidth.

        We understand this, of course, but do mon and pop or the car mechanic ? Not so sure ...

        1. big_D Silver badge

          Which is why there should be a "driving" licence for computers. But they'll soon notice that the Internet is "slow" and ask their tech friend, who will sort it out for them - although such people would probably never find the option for sharing in the first place.

      3. Anonymous Coward
        Anonymous Coward

        I agree. For a home network, the ability for one machine to act as a proxy for the updates of others makes a lot of sense however I'd like to see some safeguards on that so it doesn't go hunting for an update proxy when taking your laptop to someone elses' house or to a public internet connection. Imagine a hacker spoofing this role while sat on a poorly secured wireless network without client isolation, and then streaming malware infected updates to the surrounding machines.

    2. phuzz Silver badge

      You know that license agreement that you* just click 'Accept' on without reading when you install? It'll be in there somewhere.

      * along with everyone else

    3. Anonymous Coward
      Anonymous Coward

      "Criminals are probably salivating, as they are likely to remember Microsoft messes like leaving Stuxnet imperfectly patched for five years"

      The vulnerability used by Stuxnet was patched. The article makes it clear that this was actually a different vulnerability if you bother to read through the apparently deliberately misleading FUD.

  2. Oldfogey

    Could be useful... if under control

    On my home network I have 6 windows machines (and others). To be able to download updates to one machine, and, if satisfied, allow other machines to take it from the "master" would save a lot of traffic coming in from outside.

    Always assuming I could get proper control over what, when, and where.

    1. Mark 85

      Re: Could be useful... if under control

      Therein is the problem... "proper control". I have 3 PC's and the scariest update method is the one: "PCs on the Internet”. I have to wonder what MS thinks the intelligence is of the average user as not all PC's are under corporate control for updates, where they come from, etc. And is there anything to prevent a hack/hijack from changing that setting to "PCs on the Internet”? Given MS history of having a totally secure OS, I'm doubtful.

      1. Sandtitz Silver badge

        Re: Could be useful... if under control

        > And is there anything to prevent a hack/hijack from changing that setting to "PCs on the Internet”?

        Any settings can be changed if malware is run with elevated rights, that's not exclusively a Windows feature...

        Windows Update packages are signed by MS and presumably the hashes are also checked before installation. The delivery system sounds vaguely like Bittorrent which is commonly used to download distros (and nothing else, honest!) and I have no such security issues with the Bittorrent protocol.

        In the end this "PCs on the internet" setting won't probably bring any benefit to most end users since the Windows Update is quite speedy. I certainly hope there is some sort of mechanism to protect users with slow upload speeds and/or metered usage. The "PCs on my local network" setting may be of great benefit to people with multiple computers and slow/metered download connections

        > Given MS history of having a totally secure OS, I'm doubtful.

        Hopefully no-one is expecting Win10 or its successors to be 'totally secure OS'.

        Hopefully no-one is expecting any other OS to be 'totally secure OS' either!

      2. big_D Silver badge

        Re: Could be useful... if under control

        It seems to have worked well enough for Linux distributions over the last decade or so.

    2. Kanhef

      Re: Could be useful... if under control

      Even better for enterprises with dozens or hundreds of computers all trying to update at the same time every Patch Tuesday. The LAN-only option makes me a lot more comfortable with this idea, since it's a lot harder to compromise than if it's willing to download from anywhere on the internet.

      1. Colin Miller

        Re: Could be useful... if under control

        Even better for enterprises with dozens or hundreds of computers all trying to update at the same time every Patch Tuesday.

        Enterprises are likely to be running WSUS which caches the patches.

      2. big_D Silver badge

        Re: Could be useful... if under control

        @Kanhef, businesses have not had that problem since around 2003. They just set up a Microsoft WSUS server or an alternative. They only ever download the patches once.

        1. Anonymous Coward
          Happy

          Re: Could be useful... if under control

          but it's still a centralized point.

          A better way is to push to a site then spawn out from there.

          1. Anonymous Coward
            Anonymous Coward

            Re: Could be useful... if under control

            "but it's still a centralized point.!"

            WSUS can be used to automatically load the patches into SCCM and then you have distribution points wherever you need them...

  3. Anonymous Coward
    Anonymous Coward

    Windows 10, now with preconfigured botnet...

  4. jason 7

    I'd be happy ...

    ...If I could just download an ISO of all the updates each month. That way I could get 95% of them at any time without having to wait to download. That really gets a pain after 3-4 years of updates.

    1. Afernie

      Re: I'd be happy ...

      I reckon you might quite like this, then. Not for Windows 10 yet, but I'm sure it will be come the RTM version.

      http://download.wsusoffline.net/

      1. Jordan Davenport

        Re: I'd be happy ...

        I tried that out in a VM this past weekend, and while it does save bandwidth if you're updating several machines, it certainly does not save time. It took me nearly as long to install all the important updates using that utility as it did to install all important and recommended updates from Microsoft Update, neglecting download times for both.

  5. zen1

    oh lord...

    absolutely nothing could go wrong with this "honey of an idea"... Sigh.... are there any intelligent adults running Microsoft anymore?

    1. dogged

      Re: oh lord...

      brighter than you, from the looks of it. Let's actually apply some thought to this, shall we?

      You have a small business with 20 desktops and two servers. You don't run WSUS because it's a bit beyond your pay grade and you don't really want the hassle of approving which updates go out. At the moment, you download 22 sets of full updates every month.

      This new thing comes in and suddenly you download 22 sets of SHA hashes for comparisons (directly from MS and nobody's got a MITM attack going on that, not even the linux jihadis on the Reg's forums) and one set of updates. You just reduced bandwidth and probably patching time (because your SME net connection is always going to be slower than the Gigabit network you've got in the office) and everyone's a winner.

      Or you have a network at home with one HTPC (always on for recording) and a bunch of laptops, meaning n+1 downloads just became 1 download. Why is this bad?

      BUT ZOMG THEY WANTZ TO PATCH MY BOXEN FROM TEH INTARWEBZ well yes, they do. But the SHA hashes come directly from MS so you're definitely just getting the patches you need and not any extra nasties.

      Are there any intelligent adults commenting on the Register?

      Or even writing for the Register, Mr Sharwood? Seriously, wtf was that? It read like the Daily Mail on Romanians.

      1. Anonymous Coward
        Anonymous Coward

        Re: oh lord...

        Exactly. We've been doing this for years with Linux without any problem.

        It's not like you're downloading an exe file from some server without any verification.

      2. Nick Ryan Silver badge

        Re: oh lord...

        This may be something that is also intended to help non-first world Internet connection countries or regions. Just considering these situations there are a lot of instances where there will be quite a few locally networked PCs but with rather limited bandwidth - far better that the systems are patched and updated than not. Or another easy example in the first-world Internet sceneria on a HE campus of some form there will be thousands of non-domain controlled PCs downloading thousands of updates which eats a lot of bandwidth.

        This is actually rather a good idea from Microsoft (as long as it's done properly, but that's true for anything really).

      3. MacGyver

        Re: oh lord...

        You don't have to download 22 patches, simply download them once and remote push them onto your boxes via scripts.

        You really shouldn't let Microsoft push whatever they want to your boxes anyway, it's just a bad idea. (even if you do have enough money for WSUS or SCCM)

        For instance, say you have 22 ASUS 8.0 boxes and MS decides they are going to update them to 8.1 for you, well that's great if you have updated graphics drivers that won't make every single thing you have into a BSOD display, but you don't, so now everything you have needs to be re-imaged back to 8.0 until your vendor can create a driver that works correctly under 8.1.

        Do a search for PSEXEC and save yourself some trouble.

        1. Anonymous Coward
          Anonymous Coward

          Re: oh lord...

          "You really shouldn't let Microsoft push whatever they want to your boxes anyway, it's just a bad idea."

          You most definitely should unless you have a regular review / patching process in place.

          "well that's great if you have updated graphics drivers that won't make every single thing you have into a BSOD display"

          I think that was an Apple update you are thinking of...

          1. MacGyver

            Re: oh lord...

            "You most definitely should unless you have a regular review / patching process in place."

            If it's at the house, no problem, that's your risk and you are assuming it for yourself. If someone is paying you to "manage" their machines, then maybe it shouldn't be on MS's shoulders to keep your systems patched. You also can't complain about bandwidth usage if you have a way to negate it.

            1. Anonymous Coward
              Anonymous Coward

              Re: oh lord...

              "If it's at the house, no problem, that's your risk and you are assuming it for yourself"

              But then you also impact others if you become a bot net host / DOS node / Spam repeater....There is no justification for 99% of users to turn off automatic updates at home.

        2. Afernie
          WTF?

          Re: oh lord...

          "Do a search for PSEXEC and save yourself some trouble."

          No wonder you call yourself Macgyver. What do you wire patch panels with - three toothpicks, some chewing gum and a potato?

      4. Anonymous Coward
        Anonymous Coward

        Re: oh lord...

        @ dogged

        Here's hoping MS haven't left any whoopsie daisies in their P2P code as this could get ugly at a later date.

        SSL/TLS anyone ?

        1. dogged

          Re: oh lord...

          Considering that P2P code was first pushed in Win7 as Direct Cache, I suspect they've had plenty of time to refine it.

          And even if they haven't, the fact that is not BitTorrent is actually a bonus. Not in a security-thorugh-obscurity sense but rather simply because it is not as familiar as a BT clone would be. For example, suppose it can only host files cleared by by the main MS servers and which conform to SHA checksum? Would that be hard? No. Would it involve lots of throwing data around? Not really.

          In such a case, both client AND server are running security checks. Hard to corrupt, a system like that. Not impossible but very, very improbable.

          1. Anonymous Coward
            Anonymous Coward

            Re: oh lord...

            "There is no justification for 99% of users to turn off automatic updates at home"

            There is now. I think the original poster up there was a little fanatical, but until I see the normal user understand updating, or even how to operate ANY system menu, then I agree with the panic. People paniced and were litetally lost when the start button disappeared, I don't think they managed to understand the risks that can arise when "FunTimeEntertainment.cz" shows up in there repo (if they rven get to see this, they'd still probably think it's a installed game).

            1. MacGyver

              Re: oh lord... what?

              I think I've been misunderstood, I was not talking on behalf of a home user, I was talking to the point that he is some sort of IT guy in charge of at least 22 users. I even tried to make it clear that even an under-funded SA could "manage" patches with the lowest form of tools I could think someone could acquire, DOS and PSEXEC.

              Should home users leave their PCs set to auto-update, absolutely yes. Should an "SA" be letting MS push whatever the catch of the day is to the machines they "manage", no.

              There are a billion ways to manage patches, and when your Java-based data entry program stops working because Java pushed an update, it is the SA's fault for having them auto-install and not testing that patch on at least one test machine to know if it is going to impact their company's ability to work.

              1. dogged

                Re: oh lord... what?

                what's the cut-off point?

                If it's not 22 installs (not users, most workplaces have more installs than users because of servers (however limited, a fileserver is still a server as is a backup server), laptops, other mobile stuff..

                Is it 10? What about 10 users? Should you be MacGuyvering your own patch solution for ten users? How about five? A lot of households have more than five..

                There are a lot of companies out there with a fileserver, a backup server and potentially a print server and < 25 users. 25 being the "Essentials" seat limitation so it seemed appropriate.

              2. Afernie

                Re: oh lord... what?

                " I even tried to make it clear that even an under-funded SA could "manage" patches with the lowest form of tools I could think someone could acquire, DOS and PSEXEC.

                Should home users leave their PCs set to auto-update, absolutely yes. Should an "SA" be letting MS push whatever the catch of the day is to the machines they "manage", no."

                That's what WSUS is for, with its astronomical additional price tag of £0.00. If you're managing a PC estate on a scale where a bad patch would result in significant rollback issues, you can surely manage to deploy WSUS and use it to selectively deploy and test. You don't even need a domain if you're in the improbable situation where you don't have one. If you are seriously wasting time using psexec to patch remote machines manually, I'd be discussing cost of man hours lost versus the cost of an additional server or extra resource for an existing one at the next review meeting.

  6. streaky

    Update Security

    What is it makes you think Microsoft's (or Apple's, Debian's or BSD's) update servers can't be compromised? This is why we have package signing in all it's guises.

    Updating from some random Chinese user's PC shouldn't - in theory - be more dangerous than getting them from Microsoft directly.

    There's ethical issues but that's the start and finish of it. Can we find grip?

    1. Avatar of They
      Meh

      Re: Update Security

      I think if M$ servers are compromised then you have a point, however M$ have an interest in making sure they are secure.

      Random chinese kid who downloads dodgy apps not knowing that they are actually targeting his peer to peer protocol won't be secure on any real set of measure to a multi billion dollar enterprise like M$

      ...and if say a hundred M$ servers are watched daily, the 10 million lazy / ignorant PC owners who haven't updated AV or got a decent update cycle) you can see which of them becomes a more likely target for script kiddies.

      Bit torrent, you take what you get. M$ has at least a dedicated server and security team (you hope)

      More interestingly, peer to peer are heavily traffic shaped in the UK, so would this fall into that? Steam, bit torrent and Windows traffic, all in one? Certainly makes the legitimate and dodgy downloads harder to track.

      More worryingly the amount of people on the feedback process means we might actually end up back with TIFKAM, Oh heck!!!!

      1. Anonymous Coward
        Anonymous Coward

        Re: Update Security

        I'm not sure what you're saying here, but there seems to be a lot of witchery around something that is relatively simple and has been done on Linux for years. Linux packages are distributed by what are effectively "untrusted" mirrors all over the globe. The fact these mirrors can't be trusted is irrelevant:

        - All packages are signed with a private key for the distro

        - The public key is retrieved only from the distro (or shipped with it)

        - Packages are downloaded from the mirror

        - Their key is compared to the distro key, if it matches and the package hasn't been altered, it is installed

        - If the package has been altered or the key doesn't match, another mirror is used

        The source of the package is irrelevant so long as the package can be reliably verified and there are enough sources with the legitimate package.

      2. wikkity

        Re: Random chinese kid

        Would "Random kid" not have acheived your point or did the word "Chinese" in there add to your point somehow?

      3. Jess--

        Re: Update Security

        @avatar of they

        Updating wouldn't happen from the "10 million lazy / ignorant PC owners who haven't updated AV or got a decent update cycle" since they will not have the current updates that your machine would be attempting to download.

      4. streaky

        Re: Update Security

        Random chinese kid who downloads dodgy apps not knowing that they are actually targeting his peer to peer protocol won't be secure on any real set of measure to a multi billion dollar enterprise like M$

        In the occasion that you are pushing viruses, all other users will get a piece or pieces of junk that doesn't fit with the rest of the update. The protocol itself will discard those pieces because they're nonsense, ignoring signing and overall file hashing.

        I don't think Microsoft is planning on letting users push their own files to other users for other users to update with. Somebody trying to mess with the process is irrelevant as long as Microsoft isn't losing private keys they use to sign updates and also that they're still in control of the list of updates. Three things have to go very wrong all at the same time for it to be a security hazard and they're no easier than the things that have to go wrong with getting updates directly from MS.

        Thinking about this a bit more - if somebody installs a root cert and screws with your dns it's actually easier to mess with than if you're getting updates from "foreign" sources because there's nothing in HTTP to defeat this, whereas in torrent-alike protocols there is; pieces are individually hashed - nonsense data won't passively migrate through a swarm.

  7. Anonymous Coward
    Anonymous Coward

    So I suppose bit-torrent is bad then?

  8. bearded beercan

    Let go

    The world belongs to Google, Apple and Putin now. Tomorrow it will belong to someone else, and it won't be Microsoft. So long and thank you for the fish!

  9. Anonymous Coward
    Anonymous Coward

    "Making it possible to restore TIFKAM doesn't bespeak quality feedbac"

    Err I don't know about that. I've noticed that there are plenty who hate TIFKAM (as do I) but also a significant number who actually like it.

    That being so, making it possible to restore TIFKAM would seem to be a sensible approach to giving as many users as possible what they want. Provided, of course, that they also satisfy the greater (apparently) number who want something closer to Windows 7.

    I get the feeling that there are opposing camps at Microsoft - one that believes user feedback and one that goes by whatever UX book they're reading and ignores any contrary feedback. Hence the builds seem to be oscillating in this area.

    As for peer-to-peer windows updates - I'd just be happy if they could fix whatever is currently causing updates to fail on Windows 10.

  10. Alan Bourke

    Peer to peer updates

    well, I'm sure they'll employ some sort of centralised signature verification

  11. phuzz Silver badge

    So, a mixture of Branch Cache and WSUS then. This seems to be the new Microsoft way, add features to windows, and don't publicise them for a couple of versions of the OS.

    1. Anonymous Coward
      Anonymous Coward

      "add features to windows, and don't publicise them for a couple of versions of the OS."

      Wait until features are mature and well tested before promoting them you mean? That's been the Microsoft way for a long time. Ditto ReFS and many other new features.

  12. Hans 1
    Windows

    Also for Server ?

    Does this apply to server as well ?

    I was looking up on the next Windows server, to get the name right etc (could have been windows 2015 server, for example) and saw the following blog entry from the MS server team:

    http://blogs.technet.com/b/server-cloud/archive/2014/10/01/announcing-availability-of-windows-server-technical-preview-and-system-center-technical-preview.aspx?WT.mc_id=Blog_ServerCloud_Announce_CEA

    You'd expect a product like that to get attention - the blog entry was posted nearly 7 months ago and currently has been tweeted twice, has one single facebook like, and nobody has thought of leaving a comment.

    To put this into perspective: The blog entry announcing a technical preview to the next major release of Windows server seems to have mustered less interest than the average blog entry on my blog. I have been talking about the sinking platform ... now, if this is anything to go by ...

  13. MacGyver

    No-fly list

    "I don't know why my computer was in communication with that known criminal's computer officer, but could you please take me off your watch-list and no-fly-list anyway?"

    1. Anonymous Coward
      Anonymous Coward

      Re: No-fly list

      Presumably the whole point of this is bandwidth reduction, so hopefully it's smart enough to work as locally as possible, i.e. locating sources on the LAN, then with the same ISP/geographical region and hopefully at least within your country etc.

      1. MacGyver
        Facepalm

        Re: No-fly list

        "locating sources on the LAN"

        The first time MS uses a machine on my internal network to circumvent my firewall rules for the other machines on my internal network I'm going to be very angry. Using one machine as a proxy for the others without my permission has to be some sort of agreement violation.

        I'm sure there are bad people in every region, and I want no record of my machine talking to any of them. Ever.

        At the minimum an attacker could watch their own outgoing connections to find other machines, machines that they now know are missing specific patches. Facepalm. I don't think they've thought this through.

        1. Anonymous Coward
          Anonymous Coward

          Re: No-fly list

          You were implying that your computer would be updating from terrorists outside of your country getting you on a no-fly list.

          Based on that I was talking about application logic as presumably this feature will be optional. If I developed this, it would look for update sources on your LAN, then based on ISP/geographical region, then country. Since most terrorist organisations (by NSA definition) are outside of the US, it should never need to go outside of the US for patches as the MS servers will always be a better match.

          If MS are sensible, they've split the client/server options, so you can have 1 machine patching direct from Microsoft, all other machines on your network patching from that and never needing to go past your LAN, i.e if the options were:

          Get my patches from: Microsoft, PCs on LAN, PCs on LAN/Internet

          Can patch from me: LAN, Internet, Nobody

          This is a good feature, provided it is configurable something like above, that way you're happy, you can continue updating from Microsoft directly with no inter-machine patching and others can use the LAN/Internet features if they want.

        2. MalPearce

          Re: No-fly list

          Er... I think the idea is you enable Windows Updates in the normal way on one machine, and you enable other machines in your home to talk to that machine before dialing out to the internet. If you have firewall rules to prevent machines on your own LAN from talking to each other, you wouldn't enable the peer download. Course, if you want all your machines to be downloading the same >100mb update independently of each other you can enable that too. Presumably, the wider internet peer download option is intended for ISPs to front a proxy server just for Windows Updates in which case the ISP's internal routing might direct you to their mirror in preference to any server on any different network.

  14. Hellcat

    Won't someone think of the chi.... firewalls?

    I'm not likely to add a nat rule to let this port out from my PCs, so internal distribution only for me.

  15. Little Mouse

    Peer Caching enabled

    ...available since Windows 7 Enterprise.

    This is news?

    1. dogged

      Peter Cushing enabled

      I read your title wrong.

      1. Anonymous Coward
        Anonymous Coward

        Re: Peter Cushing enabled

        Peer Caching definitely <> Peter Cushing.

        "I hate repetition, I really do. It's like asking a painter to paint he same picture every day of his life."

    2. Anonymous Coward
      Anonymous Coward

      Re: Peer Caching enabled

      "Peer Caching enabled

      ...available since Windows 7 Enterprise."

      Hopefully this version enables direct sync from TPB / KAT....

  16. Archaon

    Not a bad idea...

    Well, in part.

    Download updates once and share them between my own machines automatically so they don't have to be downloaded multiple times? Happy days, sign me up for some of that.

    Download updates from random PCs on the internet? Not on your life.

  17. Googyflip

    GREAT!

    This would be a great feature! A large cost to business is a comms link and slow links introduce issues with patching (and software installs) so anything that enables PC's to peer their patches locally would be an enormous boost to business.

  18. This post has been deleted by its author

  19. Craigness

    FYI

    Chrome OS already does this.

  20. zen1

    re: re:oh lord...

    Wow, looks like I set off a bit of a firestorm and a flurry of thumbs down... So much for sharing an opinion.

    OK, after I've had a chance to read some of the rebukes, let me respond with this: I can accept it as a way for people to upgrade small infrastructures, if they don't have an admin or the knowledge to accomplish this. I can can even accept the use of p2p to deliver updates to third world countries, or regions that have extremely limited bandwidth. I openly concede those two points.

    I do have to pose a question to all of the folks who felt it necessary to rip me up one side and down the other... Remember little things like imesh and kazaa, and how rampant malware became with that software? Sure, on paper it sounds like fantastic idea, but apparently there are a number of us who've completely forgotten how many times a microsoft platform has gotten shredded or spoofed. That being said, it's next to impossible to poison Microsoft at the source, but tack on a little something to updates sitting in the p2p staging area and you have an even more efficient vector for delivery.

    The *nix folks have always had their shit together, which is why a distributed upgrade methodology works.

    Microsoft, not so much. Unless it's in a managed environment, most machines under patched, most have antivirus sigs that are expired, so any person who develops a convincing enough piece of scare-ware it's quite possible that could be used that could be used to get the bad guys foot in the door, to deliver more malicious garbage.

    Just my opinion.

    1. Craigness

      Re: re: re:oh lord...

      Download updates from other users, download checksum from Microsoft secure site. Simples!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like