Original URL: https://www.theregister.com/2003/08/27/windowsupdate_on_linux_an_urban/

WindowsUpdate on Linux – an urban legend is born

Unexpected effects of the Big Red Switch...

By John Lettice

Posted in Software, 27th August 2003 15:50 GMT

Somewhere in Redmond a highly-skilled network technician flips the Big Red Switch (BRS) marked 'Do not touch this switch,' the Blaster attack is foiled, and the 'Linux to the rescue' urban legend is born. As all you paranoid conspiracy-theorists can see here, on the eve of the onslaught windowsupdate.microsoft.com ceased to be a Windows Server 2003 site minding its own business and running Microsoft IIS, and instead became a Linux site running (hint) Microsoft IIS.

The BRS episode is being reported in some places, weirdly, as Microsoft foiling Blaster, while more imaginative and hopeful beings have concluded that in an exercise of quite awesome cynicism The Beast simply moved the whole Windows Update shooting match over to a Linux host. Whatever anybody says, that one's sufficiently tempting to run and run, despite the fact that engineering such a switch would likely involve the dismantling of much of the Windows Update infrastructure. (No really, it is an infrastructure, sort of...)

What actually happened, as we mentioned earlier, was that Microsoft removed the redirect from windowsupdate.com to windowsupdate.microsoft.com, thus cunningly frustrating the worm, which was written with a view to performing a denial of service operation on the former, but not the latter. The BRS approach to security, which owes much to the theory that viruses don't come out at night, is one we particularly like, as it's cheap and approximately 50 per cent effective, but the move did not make Windows Update unavailable as such.

In the absence of windowsupdate.com the first stop of incoming requests was the Akamai caching service which Microsoft uses. This runs on Linux, hence Netcraft report a Linux host, but behind this the Microsoft servers were still operational, hence the report of Microsoft IIS running on Linux. So Microsoft isn't running Windows Update on Linux, and although it's using a service provider that runs on Linux, those services are still fielding back to Windows 2003 servers, clear?

We presume the wielder of the BRS was unaware of the urban legend side-effects of the exercise, but although the approach worked this time thanks to the way Blaster was written, it's not exactly what you'd call a total solution. For those who are under the impression Windows Update is at windowsupdate.com, it vanished anyway, and if Blaster had been pointed at something Microsoft couldn't take down, then something more elaborate than the BRS option would have been necessary. Which in The Beast's defence would have been the case for Linux too, as DDoS is no respecter of operating systems... ®