Tuesday, 4 August 2015

Windows 10 silently uses your bandwidth to send updates to others

"Windows Update Delivery Optimization lets you get Windows updates and Windows Store apps from sources in addition to Microsoft. This can help you get updates and apps more quickly if you have a limited or unreliable Internet connection. And if you own more than one PC, it can reduce the amount of Internet bandwidth needed to keep all of your PCs up-to-date." A system that helps you save some bandwidth by sending updates to other PCs on your network. Sounds great, right? But then you read on [emphasis added]: "Delivery Optimization also sends updates and apps from your PC to other PCs on your local network or PCs on the Internet." So Microsoft is turning newly upgraded Windows 10 PCs into systems to effectively fileshare updates with others. Some aspects worth highlighting: Delivery Optimization is turned on by default in Windows 10. At no point during the Windows 10 installation process are users asked about this, which means that those with a restricted bandwidth don't get the chance to opt out. WUDO doesn't replace the existing Windows Update mechanism but instead is used to augment it. Microsoft states in the FAQ that WUDO "uses the same security measures as Windows Update and the Windows Store" and "doesn't access your personal files or folders or change any files on your PC". There are three options: Get and send updates from PCs on your local network and PCs on the internet, just with PCs on your network, or turn the feature off. For Windows 10 Enterprise and Windows 10 Education the default option is to download and share updates with PCs on your local network, while for all other versions Windows 10 with send and receive files from PCs on your local network and PCs on the internet. WUDO will not use connections marked as metered. To mark a connection as metered click Start > Settings > Network & Internet > Wi‑Fi > Advanced options and use the toggle switch under Set as metered connection. WUDO can be disabled. Go to Start > Settings > Updates & security > Windows Update > Advanced options and then select Choose how updates are delivered, and use the toggle to turn Delivery Optimization off. Beyond the ability to turn the feature off or mark connections a metered, I don't see any obvious method to control how much bandwidth this feature consumes. While WUDO doesn't present any known security risks at present, security expert Graham Cluley was keen to point out that hackers have previously managed to exploit weaknesses in the Windows Update mechanism, using it to spread the Flame malware.