windows update cache

Joe Johnson joe at
Fri Sep 28 19:08:46 UTC 2007

Why is it crap? It works on TCP/IP, provides an exact local copy of the
updates without risking MS changing the content of a file without
changing the name, and provides a reporting tool to check update status
on client machines (can anyone say "stop to botnet"?). Even without the
reporting features, you can provide full Microsoft Update to people who
only would normally check Windows Update using WSUS, so you can also
make sure they patch other vulnerable programs.


Joseph A. Johnson, MCSE, MCP, A+
Chief Technology Officer
Riverside Consulting Group, Ltd.

Email:   joe at
Phone:   312-231-8315

-----Original Message-----
From: Adrian Chadd [mailto:adrian at] 
Sent: Friday, September 28, 2007 11:25 AM
To: Joe Johnson
Cc: Miguel Mata; nanog at
Subject: Re: windows update cache

On Fri, Sep 28, 2007, Joe Johnson wrote:
> Windows Software Update Services doesn't require the end-user to be
> of a domain to get updates. You just need to define the WSUS server as
> the source for updates by changing a few registry entries and make
> the server is available via HTTP or HTTPS to your customers. You can
> read more at Microsoft's site.
> Also, WSUS is free to run on any Windows server.

Great if you're running a windows IT type LAN; crap if you're running an
ISP! - its a Squid distribution for ipcop with an
optional Windows update cache redirector. I don't know how well it'll
but it seems to work fine for small home/office environments.

You can always get an Akamai cluster :) That'll serve windows updates
to you, amongst other things.

That said, I know how to make Squid properly cache stuff like Windows
I just need some spare time over the new year to code it up. Sponsorship
make it happen sooner is definitely welcome.

(One of the remaining public Squid developers.)

More information about the NANOG mailing list