Feeds

WindowsUpdate on Linux – an urban legend is born

Unexpected effects of the Big Red Switch...

  • alert
  • submit to reddit

High performance access to file storage

Somewhere in Redmond a highly-skilled network technician flips the Big Red Switch (BRS) marked 'Do not touch this switch,' the Blaster attack is foiled, and the 'Linux to the rescue' urban legend is born. As all you paranoid conspiracy-theorists can see here, on the eve of the onslaught windowsupdate.microsoft.com ceased to be a Windows Server 2003 site minding its own business and running Microsoft IIS, and instead became a Linux site running (hint) Microsoft IIS.

The BRS episode is being reported in some places, weirdly, as Microsoft foiling Blaster, while more imaginative and hopeful beings have concluded that in an exercise of quite awesome cynicism The Beast simply moved the whole Windows Update shooting match over to a Linux host. Whatever anybody says, that one's sufficiently tempting to run and run, despite the fact that engineering such a switch would likely involve the dismantling of much of the Windows Update infrastructure. (No really, it is an infrastructure, sort of...)

What actually happened, as we mentioned earlier, was that Microsoft removed the redirect from windowsupdate.com to windowsupdate.microsoft.com, thus cunningly frustrating the worm, which was written with a view to performing a denial of service operation on the former, but not the latter. The BRS approach to security, which owes much to the theory that viruses don't come out at night, is one we particularly like, as it's cheap and approximately 50 per cent effective, but the move did not make Windows Update unavailable as such.

In the absence of windowsupdate.com the first stop of incoming requests was the Akamai caching service which Microsoft uses. This runs on Linux, hence Netcraft report a Linux host, but behind this the Microsoft servers were still operational, hence the report of Microsoft IIS running on Linux. So Microsoft isn't running Windows Update on Linux, and although it's using a service provider that runs on Linux, those services are still fielding back to Windows 2003 servers, clear?

We presume the wielder of the BRS was unaware of the urban legend side-effects of the exercise, but although the approach worked this time thanks to the way Blaster was written, it's not exactly what you'd call a total solution. For those who are under the impression Windows Update is at windowsupdate.com, it vanished anyway, and if Blaster had been pointed at something Microsoft couldn't take down, then something more elaborate than the BRS option would have been necessary. Which in The Beast's defence would have been the case for Linux too, as DDoS is no respecter of operating systems... ®

Combat fraud and increase customer satisfaction

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Inside the Hekaton: SQL Server 2014's database engine deconstructed
Nadella's database sqares the circle of cheap memory vs speed
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
IRS boss on XP migration: 'Classic fix the airplane while you're flying it attempt'
Plus: Condoleezza Rice at Dropbox 'maybe she can find ... weapons of mass destruction'
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
New Facebook phone app allows you to stalk your mates
Nearby Friends feature goes live in a few weeks
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.