PDA

View Full Version : Windows Updates @ Home - Bandwidth saving Measures



Darcy
27-07-2010, 03:56 PM
Hello All!:clap

I have had a recent question asked of me at work by a user, that I wasent sure of the answer, but thought it was a good question...

Scenario:
5 x Windows PC's at home all downloading from Microsoft monthly security updates and patches.

Question:
Is there an option out there to switch off Windows Updates on 4 of the 5 machines and just use the one machine to DOWNLOAD the updates from MS therefore saving bandwidth?

Note:
"User is not running any version of MS Server."
Only MS client OS's (Win7, Vista, XP)
Was wondering if there was functionality within Windows 7, Vista or XP to redirect WSUS pointers to other client machines within their Home network.

Thanks in advance for your help....

wainuitech
27-07-2010, 05:14 PM
You could do it manually, run windows updates on One PC, locate the KB numbers, download each file, then put them in one at a time on each Machine from ether a networked shared folder, CD or USB Drive.

You can also try something like Windows updater (http://www.windowsupdatesdownloader.com/) -- Not to sure how upto date it does though.

There are a few others as well -- One is WSUS Offline Update (http://download.wsusoffline.net/), makes a bootable CD, or you can manually install them.
There is also Autopatcher (http://www.autopatcher.com/), but have not used it in ages.

Deimos
27-07-2010, 05:18 PM
Updates can be downloaded "manually" from windows update, so in theory they could turn off windows updates on all client machines and download all updates by hand and install them individually on all the machines.

I would never recommend this, if there is a zero day exploit and the user forgets, or only checks once a month, thats 5 machines left vulnerable.

Also, the size of updates is relatively small for up to date machines, barely 50MB a month, so 250MB for 5 machines vs the alternative of being infected by a zero day exploit, its just not worth it IMO.

He may be able to install WSUS on a client OS but I have never tried it, and I don't know if it is a supported configuration (A client OS should meet the minimum requirements of IIS and Dot Net, but I don't know if active directory or DNS is required), at the very least I would expect the client machines would have to be a pro version of windows for the group policy side of it (I believe home editions don't have group policy, so are unable to be configured for retrieving updates from a server), if he is willing to investigate it might be an option.

Deimos
27-07-2010, 05:26 PM
I just had a look at the WSUS 3.0 SP2 release notes, it is only supported for install on a server OS.

Darcy
29-07-2010, 10:56 AM
Hey thanks very much guys! I'm gonna investigate the 3 products mentioned by WainuiTech. Appreciate all your help....

nofam
29-07-2010, 11:50 AM
I just had a look at the WSUS 3.0 SP2 release notes, it is only supported for install on a server OS.

I'd seriously look at this if I had 5 PC's in constant use at home - you can get servers pretty damn cheap off Trademe, and all you'd need is a very basic hardware platform with Server 2003, and enough disk space for the updates.

Hell, you could even get fancy, and put all your home PC's on a domain, and use GPO to stop the kids from buggering around with their hard drives etc!! :rolleyes:

pctek
29-07-2010, 12:31 PM
Updates can be downloaded "manually" from windows update

I would never recommend this, if there is a zero day exploit and the user forgets, or only checks once a month, thats 5 machines left vulnerable.
.

Come on - there is ALWAYS critical patches. None of it ever fixes the inherent non-security of Windows.
Having up to date 3rd party protection accomplishes far more than patching Windows.

I've seen up to date patched Windows stuffed full of malware.

Nothing wrong with a manual update at all.

Deimos
29-07-2010, 05:00 PM
Come on - there is ALWAYS critical patches. None of it ever fixes the inherent non-security of Windows.
Having up to date 3rd party protection accomplishes far more than patching Windows.

I've seen up to date patched Windows stuffed full of malware.

Nothing wrong with a manual update at all.

You can't make a fair comparison of malware to a legitimate virus that takes advantage of a windows flaw whether a patch is available or not.

A number of years ago I worked for a large multinational IT support company with more than 50,000 employees and they failed to keep their Windows XP machines patched, one single virus, that was known, and had been patched months before hand by Microsoft crippled the entire company including a major Telco here in NZ that this company was supporting, no antivirus software could stop it because it was propagating via a hole in Windows.
Every machine in the entire company was restarting 60 seconds after booting.

So while you may think that an unpatched machine with antivirus is "good enough" I can tell you from experience, there is no way I would ever recommend not updating Windows.

nmercer
29-07-2010, 06:58 PM
is Internet bandwidth/traffic still so expensive in NZ that you need to worry about doing this for your 5 machines connected at home over broadband?

It sounds to me like its just not worth the time and effort, just have them connect to Windows Update

Chilling_Silence
30-07-2010, 07:47 AM
At $2 per-GB, and no Big Time, I concur it's a worthwhile investment of a few hours ;)
Not to mention if you ever have to do a format (which happens), you've saved yourself all that bandwidth.

Then there's the general geek-factor of it, it's just *cool*! :D

nmercer
30-07-2010, 09:13 AM
At $2 per-GB, and no Big Time, I concur it's a worthwhile investment of a few hours ;)
Not to mention if you ever have to do a format (which happens), you've saved yourself all that bandwidth.

Then there's the general geek-factor of it, it's just *cool*! :D

you must have a cheap hourly rate!?

last time I checked an average monthly WU for a machine is just a few MBs

;)

Chilling_Silence
30-07-2010, 09:24 AM
Still doesn't help the "geek" factor of doing it ;)