News Windows 10 to get peer-to-peer patching

Security? Surely a would be hacker could just create an exploit and then get other Win 10 machines to share it and then stop themselves receiving further updates? MS then have to spread out a competing update through whats left of the network to avoid it spreading further. At which point the hacker owns the machines he hit. I'm sure people will say it can't be done, but this is MS's competency vs all those who are keen to exploit Windows.

 

I dunno. Doesn't peer to peer reduce the complexity of such an attack by removing the man in the middle component. So if someone discovers a zero day on the distribution system. They can develop the attack then sit back and wait.With no need to specifically target someone.

 

.

 

Not only what Gareth said but doesn't all P2P depend on creating a hash for each file being distributed, if the file is modified the hash's no longer match.

 

Firstly the p2p update can be turned off, so if there is an issue or you're a bit tinfoil hat you can just disable it...

And as Gareth points out [and as I've said elsewhere on the forum] - this is good for households/offices with multiple PCs, download one copy of the update and p2p it to the rest... WSUS without the hassle [or expense]...

 

This will likely make use of Microsoft's existing BranchCache technology as this does local P2P distribution of content retrieved from an upstream source.

In a simplified form BC works like this:

1. The BranchCache Content Server (BCS) breaks content into blocks with unique hashes for each block.
2. A BranchCache client requests content from the BCS. The BCS responds with a list of blocks and hashes.
3. The client queries local peers for any of the blocks.
4. If the blocks are found on the local subnet, they are retrieved from peers.
5. If the any block is not available from a peer, it is retrieved from the BCS. Once retrieved, it is made available to peers.

The only difference to the current system is that only one client (initially) gets the update from the internet and subsequent clients share that data locally.

Security wise it's no different to the existing method, as the client has to assemble the update from the blocks it receives and then performs the same verification of the update signing that it always has.

 

I agree with the above and it will definitely be a godsend in the LAN use case.

On the security case, I wasn't referring so much to modifying an existing update, as you say P2P would make that effectively impossible, but more about releasing a standalone malicious update.

You're right that the Digital signing issue is shared by both approaches, but my concern was that should you bypass it somehow, either you steal it from MS or discover that key 0 always evals to true etc, you can now begin to spread that malicious update from any machine in the world.

In the current setup you'd have to compromise the Windows Update servers, or redirect the DNS to you're own, which given my thought process above wouldn't have been an issue in the P2P setup.

Having read other comments though it seems like that's been well taken care of. Forgive me for being overly sceptical of Microsoft's Security efforts whenever something new is announced

 

When it comes to cryptographic things:

Generally coming in the front door is not the best approach.

Your point about the fragmented file is more compelling really, that is assuming that an attacker can't place malicious code within a file fragment. It also assumes that it is the file that would be manipulated and not the distribution mechanism or peer network. Maybe its impossible, I don't have the knowledge to determine that one way or another.

I'd probably turn it off as it doesn't offer a compelling reason to keep it on. I've never found the need to have faster updates. Which are frankly a pain in the arse. Necessary. But still a pain in the arse.
I'd be ok with updates coming at 10th whatever speed the currently do. I just let the quitely down load in the background and trigger the install whenever they are ready. This feature only really benefits Microsoft.

 

This. This is what I'm looking forward to!

 

Screw security concerns: If Microsoft think I'm going to let them leach some of my precious pitiful ADSL upload speed so some smug git with 160Meg cable can update a few seconds quicker (and they can in turn save money on bandwidth), they can think again

I like the idea of sharing updates over LAN though.

 

I know what you posted was meant in jest but i can't fight the urge.

As they can't drug and beat the passwords out of the whole country there still aiming to get around that annoying cryptographic thing, everyone can sleep well at night though as TPB that provide oversight don't understand the technical details of what there doing so they just let them.

So it amounts to we don't understand what there doing so we just trust that there doing the right thing.