Chester Wisniewski, Senior Security Consultant at Sophos explains about WUDO, which is short for Windows Update Delivery Optimization – a great feature that may very well make updates on the user’s home network much slicker. But it could cost the user money, and it’s opt-out, not opt-in, so they need to be aware of it.
Have you made the move to Windows 10 already? If so, and you live in a part of the world where internet connectivity isn’t merely “on” or “off”, but can be somewhere in between – in other words, if you have to keep your usage inside a data cap (a data transfer ceiling above which you typically either pay more, or endure a slowdown, until the end of the month.) – then you need to know about WUDO. WUDO is short for Windows Update Delivery Optimization, and it’s a great feature that may very well make updates on your home network much slicker. But it could cost you money, and it’s opt-out, not opt-in, so you need to be aware of it.
“The easiest way to explain WUDO is to say that it’s just like Bittorrent, or any similar peer-to-peer (P2P) file sharing network, only different. Your PC connects to Microsoft, downloads a trusted list of files that it needs for the update, and then asks around on the network to see if anyone else nearby has any of those files handy”, says Chester. At worst, your PC will end up downloading the latest patches all the way from Microsoft; at best, it will get the files straight from another computer on your home network that already fetched the update. This means that if you have three PCs to update, and each needs 1GB of updates, and 1GB takes three hours to download on your 1Mbit/sec internet link, you don’t have to wait nine hours for the update to come down the line three times. If you’re lucky, only one PC will need to visit the outside world, whereafter the other two will simply grab the matching files from their neighbours on your home network, typically 10 to 100 times faster. In fact, WUDO not only looks for other computers on your own internal network – it also tries, just like Bittorrent, to find other computers on the internet that can help you out. That not only spreads the load beyond Microsoft’s core servers, which is good for resilience, but also lets your PC choose update sources that are nearby, which is good for throughput.
But it raises three important issues:
• Is it safe to get trusted updates from untrusted computers?
• Do you have to give to receive?
• Is this the default setting?
The answers are, “Yes,” “Yes,” and “Yes.”
As long as your PC downloads a list of the files it needs – a so-called manifest, or cryptographically-signed catalog – directly from an official Microsoft server first, you’re safe. Your PC can validate cryptographically that it received the same file that it would have acquired directly from Microsoft, even if the download came from one or more unknown third parties. If any downloaded components are damaged or modified, whether by accident or design, they can be discarded and fetched again. The “giving to receive” issue could be a problem if you have a capped or metered data plan. If you have multiple PCs, you’re always likely to save bandwidth, provided that WUDO doesn’t let other people upload from you more than you download in total. But if you have just one Windows 10 computer and a metered connection, WUDO might end up costing you money. After all, you’ll always have to download the entire update from the outside at least once. So if you only get to make use of it once, anything you later upload to others, no matter how helpful to them, is additional update traffic for you.
In other words, if you have a metered conection, you need to know that full-blown WUDO is on by default in Windows 10. Fortunately, it’s easy to change…you know how. Go to the not-actually-very-obvious Settings → Updates and Security → Advanced options → Choose how you download updates → Get updates from more than one place.
Your choices are:
1. Off. Your computer calls home to Microsoft, and gets updates only from there.
2. PCs on my local network. WUDO will “torrent-share” files, but only between computers on your own LAN.
3. PCs on my local network and on the internet. You’ll potentially get files from, and offer file uploads to, computers anywhere in the world.
Which one should you use? Wisniewski gives some help: “If you have more than one PC on your own LAN, the middle option sounds like a good one, as you won’t incur any additional upload charges, but you will probably reduce your total internet download quota. That’s good for you, helpful to Microsoft, and beneficial to everyone else. If you can afford the altruism of torrent-style uploads for other people, go for option 3 and you’ll be doing the world a modest favour, as well as speeding up your own updates, especially if you have multiple PCs to patch. The thing to bear in mind: whether you’re willing or able to go for option 3, it’s the default, and you have to opt out if it doesn’t suit you.”
