Why is it crap? It works on TCP/IP, provides an exact local copy of the updates without risking MS changing the content of a file without changing the name, and provides a reporting tool to check update status on client machines (can anyone say "stop to botnet"?). Even without the reporting features, you can provide full Microsoft Update to people who only would normally check Windows Update using WSUS, so you can also make sure they patch other vulnerable programs. -joe ------------------------------------------------- Joseph A. Johnson, MCSE, MCP, A+ Chief Technology Officer Riverside Consulting Group, Ltd. Email: joe@riversidecg.com Web: www.riversidecg.com Phone: 312-231-8315 -----Original Message----- From: Adrian Chadd [mailto:adrian@creative.net.au] Sent: Friday, September 28, 2007 11:25 AM To: Joe Johnson Cc: Miguel Mata; nanog@nanog.org Subject: Re: windows update cache On Fri, Sep 28, 2007, Joe Johnson wrote:
Windows Software Update Services doesn't require the end-user to be
part
of a domain to get updates. You just need to define the WSUS server as the source for updates by changing a few registry entries and make sure the server is available via HTTP or HTTPS to your customers. You can read more at Microsoft's site.
Also, WSUS is free to run on any Windows server.
Great if you're running a windows IT type LAN; crap if you're running an ISP! http://www.advproxy.net/ - its a Squid distribution for ipcop with an optional Windows update cache redirector. I don't know how well it'll scale but it seems to work fine for small home/office environments. You can always get an Akamai cluster :) That'll serve windows updates to you, amongst other things. That said, I know how to make Squid properly cache stuff like Windows Updates; I just need some spare time over the new year to code it up. Sponsorship to make it happen sooner is definitely welcome. Adrian (One of the remaining public Squid developers.)