# Windows 10 PCs Being used as Endpoint Update Servers



## eidairaman1 (Oct 23, 2017)

I'm unaware if this has been posted but I thought I'd share it.

https://blog.techygeekshome.info/20...cebook_page#1447484412146375-fp#1508438510994

I think it's bogus that MS is snooping and Hogging upload bandwidth, sort of reminds me of comcast making their modems enable General public access to home users wifi.


----------



## Aquinus (Oct 23, 2017)

Isn't that not supposed to upload to the internet but, to share updates already downloaded with other machines on the same network? I thought the idea was to limit how much needed to be downloaded by seeing if someone has it on the local network first.


----------



## eidairaman1 (Oct 23, 2017)

Yeah its same concept as a torrent works


----------



## dorsetknob (Oct 23, 2017)

been mentioned by a few people in the various win 10 rant threads 
Cost Cutting Update method
Let the General public bare most of the Bandwidth costs of Updating win 10 by microsoft torrenting the updates via the public


----------



## FYFI13 (Oct 23, 2017)

eidairaman1 said:


> sort of reminds me of comcast making their modems enable General public access to home users wifi.


Virgin Media still doing this here in Ireland. They call it “WiFree”. And it’s quite difficult to disable it, took me a couple of months.


----------



## Frick (Oct 23, 2017)

eidairaman1 said:


> Yeah its same concept as a torrent works



But locally, which I'm fine with.


----------



## EarthDog (Oct 23, 2017)

And knowing is half the battle... Go Joe!!!


----------



## eidairaman1 (Oct 23, 2017)

FYFI13 said:


> Virgin Media still doing this here in Ireland. They call it “WiFree”. And it’s quite difficult to disable it, took me a couple of months.




 yeah that's why I don't use a company-provided modem I bought my own and tell them to keep their modem I'm not on Comcast though

 Jermaine Microsoft is killing themselves off slow with all this garbage that they're doing I'm sorry to say it but when it was under Bill Gates control things were working pretty well but you know how he is it rather have a foundation try to make himself look better to the world


----------



## Kursah (Oct 23, 2017)

Considering they strapped patch management down to maintaining with emulating or deploying WSUS traffic, them doing this doesn't surprise me one bit. Though I do think they should give the end-users a more clearly visible option to enable Internet Distributed Patch Sharing rather than enabling that by default. 

Not surprised by this. I run WSUS at home, and it works great..especially once the ESD streaming issue is resolved which is fairly easy now. But folks that don't run a home lab, probably aren't going to take the same route I am.

I also wouldn't see as big of an issue here if more folks had higher upload speed provisions, the choice for how updates are distributed and obtained on their systems, and no data caps. Unfortunately, I'm stuck with 60/5 for now in my area for standard Charter cable Internet...so I'm not about to compete with Windows update AND my son uploading his YouTube videos as we compete for WAN-facing bandwidth. Hopefully they'll at least change the defaults to LAN sharing only...hopefully.


----------



## StrayKAT (Oct 23, 2017)

eidairaman1 said:


> yeah that's why I don't use a company-provided modem I bought my own and tell them to keep their modem I'm not on Comcast though
> 
> Jermaine Microsoft is killing themselves off slow with all this garbage that they're doing I'm sorry to say it but when it was under Bill Gates control things were working pretty well but you know how he is it rather have a foundation try to make himself look better to the world



Bill Gates also went overboard during the Vista era and the beginnings of .NET too. If anything, Windows 10 is trying to get back to basics.

Read this... great article. Everyone should read it actually, just for fun (well, "fun" by this site's interests and standards ). Also the Vanity Fair/Atlantic articles linked in the beginning of this one.

https://hackernoon.com/what-really-happened-with-vista-4ca7ffb5a1a


----------



## Papahyooie (Oct 23, 2017)

Frick said:


> But locally, which I'm fine with.


That is actually incorrect. It shares the updates locally yes, but also over the internet to other PC's outside your network. A torrent protocol is a good analogy. 

I'd be ok with this, since there is a toggle to turn it off if wanted... However, I have caught this one twice now, turning itself back on after an update. I have also personally seen the "install popular apps from the app store automatically" switch toggle itself back on, and heard people say several others have turned themselves back on. That's totally not cool.


----------



## Sasqui (Oct 23, 2017)

FYFI13 said:


> Virgin Media still doing this here in Ireland. They call it “WiFree”. And it’s quite difficult to disable it, took me a couple of months.



Even after setting my Comcast modem in "bridge" mode, the Comcast Wifi is still available.  I never bothered to try and log into it, maybe I'll check it tonight.

Sorry... getting OT


----------



## newtekie1 (Oct 23, 2017)

eidairaman1 said:


> I think it's bogus that MS is snooping and Hogging upload bandwidth



This has been in several version of Windows 10 for years now.  It doesn't use any upload bandwidth if you are behind a NAT firewall, and it in fact saves download bandwidth if you have multiple Windows 10 computers on the same LAN.



FYFI13 said:


> Virgin Media still doing this here in Ireland.



Comcast still does it in the US.  It really isn't a big deal, it doesn't affect the customer in any way.



Sasqui said:


> Even after setting my Comcast modem in "bridge" mode, the Comcast Wifi is still available. I never bothered to try and log into it, maybe I'll check it tonight.



That's because the Comcast Hotspot is essentially a completely separate hardware device inside the same gateway case.  It has its own cable modem, and its own wifi radio.


----------



## EarthDog (Oct 23, 2017)

You need to ask them to disable it.. It's what i did...


----------



## dorsetknob (Oct 23, 2017)

newtekie1 said:


> That's because the Comcast Hotspot is essentially a completely separate hardware device inside the same gateway case. It has its own cable modem, and its own wifi radio.





newtekie1 said:


> Comcast still does it in the US. It really isn't a big deal, it doesn't affect the customer in any way.


except the customer IE THE COMCAST SUBSCRIBER who pays for the power Sipped by Comcast to power this hotspot
while it may not be much in terms of power usage  over a year it Mounts up then multiply that by all those comcast Clients


----------



## eidairaman1 (Oct 23, 2017)

newtekie1 said:


> This has been in several version of Windows 10 for years now.  It doesn't use any upload bandwidth if you are behind a NAT firewall, and it in fact saves download bandwidth if you have multiple Windows 10 computers on the same LAN.
> 
> 
> 
> ...



I don't have a problem with WUD sharing via intranet/ethernet but to have others download from your system via internet seems like a bandwidth hog and security compromise.

The option should remain off.

I guess thats why I'm still on 7...


----------



## EarthDog (Oct 23, 2017)

eidairaman1 said:


> I guess thats why I'm still on 7...


Because you dont want to toggle a button to disable it when installing windows?


----------



## eidairaman1 (Oct 23, 2017)

EarthDog said:


> Because you dont want to toggle a button to disable it when installing windows?



Nah numerous reasons I haven't switched, besides why fix what is not broken?

@Papayooie I wonder if there is a Administrator regedit or gpedit tweak to turn this option off indefinitely.


----------



## StrayKAT (Oct 23, 2017)

eidairaman1 said:


> Nah numerous reasons I haven't switched, besides why fix what is not broken?



As good a reason as any.

It's also why I'm not downgrading to Win 7 myself 

Personally, I think 10 is in the same likable category as 7. It's always the inbetween versions that suck.

Same theory goes for Mark Wahlberg movies.


----------



## newtekie1 (Oct 23, 2017)

dorsetknob said:


> except the customer IE THE COMCAST SUBSCRIBER who pays for the power Sipped by Comcast to power this hotspot
> while it may not be much in terms of power usage  over a year it Mounts up then multiply that by all those comcast Clients



The amount of power used is negligible.  The extra hardware uses about 10W of power, which amounts to something like $10 a year in electricity costs.



eidairaman1 said:


> I don't have a problem with WUD sharing via intranet/ethernet but to have others download from your system via internet seems like a bandwidth hog and security compromise.



Like I said, if your machine is behind a NAT firewall(and it should be) then no one will be downloading anything from you or using any of your bandwidth.


----------



## dorsetknob (Oct 23, 2017)

newtekie1 said:


> The amount of power used is negligible. The extra hardware uses about 10W of power, which amounts to something like $10 a year in electricity costs.



Overall, Comcast now has *22.3 million* video customers, *23.3 million* Internet customers, and 11.5 million phone customers. The phone business added 139,000 subscribers in the quarter and 282,000 during the full year. Many of the additions came from existing customers adding a service.3 Feb 2016

And if you cost those figures ( lets be Generous and say 11million customers allow Comcast to sip power)
is that small change over a year ????


----------



## EarthDog (Oct 23, 2017)

Considering the number is a lot smaller than that... as it has to be phone customers which use their own modem... which ill bet is not a very high percent of total users...

Still i get your point... as much of a reach it is to make a few watts an issue.


----------



## eidairaman1 (Oct 23, 2017)

newtekie1 said:


> The amount of power used is negligible.  The extra hardware uses about 10W of power, which amounts to something like $10 a year in electricity costs.
> 
> 
> 
> Like I said, if your machine is behind a NAT firewall(and it should be) then no one will be downloading anything from you or using any of your bandwidth.



 you don't think Microsoft will use a common Port that is open do you on a Nat


----------



## Vya Domus (Oct 23, 2017)

eidairaman1 said:


> The option should remain off.



It seems to have been set to off by default in my case.


----------



## jboydgolfer (Oct 23, 2017)

isnt this the option? if so it can be disabled from within windows ,after installation.personally i uncheck ALL boxes when intalling Win, but this somehow got turned back on, maybe in the recent FCU


notice the 2nd option has "internet" added , i dont want ANYONE DL'ing updates from My PC/PC's or network. 

this function/option has "vulnerability" written all over it IMO...i cant say how, but if there was a way for a hacker to exploit a system/systems, this seems like it would eb a likely starting point.


----------



## EarthDog (Oct 23, 2017)

There is an option on install and in settings, yes. I dont recall if it is enabled by default...


----------



## jboydgolfer (Oct 23, 2017)

i think it is enabled, but is a check box iirc. i turned it off, as i specifically recall not liking the "sound of this function"  it screams bad news for some reason......im sure its fine, and im just likely being paranoid, but its off for Me.


----------



## EarthDog (Oct 23, 2017)

I beleieve it is too as i recall toggling it upon installation.


----------



## newtekie1 (Oct 23, 2017)

dorsetknob said:


> Overall, Comcast now has *22.3 million* video customers, *23.3 million* Internet customers, and 11.5 million phone customers. The phone business added 139,000 subscribers in the quarter and 282,000 during the full year. Many of the additions came from existing customers adding a service.3 Feb 2016
> 
> And if you cost those figures ( lets be Generous and say 11million customers allow Comcast to sip power)
> is that small change over a year ????



To each individual customer, the amount of power means nothing.  Unless you are saying that one person is paying for all that power, then you point doesn't matter.  No one has any reason to complain about the power used by the extra hardware in the Comcast gateway.  It is _maybe_ $10 a year in cost to a person.  There are bigger things to complain about.



eidairaman1 said:


> you don't think Microsoft will use a common Port that is open do you on a Nat



You say "will" like this is something new that is just coming out.  It has been in Windows 10 for a long while.  And, no, they aren't using a common port.  It uses something in the 8000 range IIRC.



Vya Domus said:


> It seems to have been set to off by default in my case.



I believe it depends on the settings you pick when Windows is first set up.  I'm pretty sure it is one of those options when you first setup Windows that are all on by default but give the user the option to turn them off when setting up Windows for the first time.  Basically, the let the user decide, if they don't bother reading, it isn't really Microsoft's fault.


----------



## R-T-B (Oct 23, 2017)

jboydgolfer said:


> isnt this the option? if so it can be disabled from within windows ,after installation.personally i uncheck ALL boxes when intalling Win, but this somehow got turned back on, maybe in the recent FCU
> 
> 
> notice the 2nd option has "internet" added , i dont want ANYONE DL'ing updates from My PC/PC's or network.
> ...



Just confirmed that default with a fresh install today:


----------



## Papahyooie (Oct 23, 2017)

eidairaman1 said:


> Nah numerous reasons I haven't switched, besides why fix what is not broken?
> 
> @Papayooie I wonder if there is a Administrator regedit or gpedit tweak to turn this option off indefinitely.



I'm sure there is an registry setting for it (as pretty much all windows settings do) but it isn't likely to be any more permanent than flipping the switch in the GUI, as they probably reenable it through the registry anyway. 




newtekie1 said:


> Like I said, if your machine is behind a NAT firewall(and it should be) then no one will be downloading anything from you or using any of your bandwidth.



I'm curious as to how you got that information. Because the setting in the GUI clearly has an option to allow users over the internet to download from you. A NAT will do nothing to stop it if your own machine reaches out and makes itself available.


----------



## R-T-B (Oct 23, 2017)

Papahyooie said:


> I'm curious as to how you got that information. Because the setting in the GUI clearly has an option to allow users over the internet to download from you. A NAT will do nothing to stop it if your own machine reaches out and makes itself available.



There are ways to prevent it with a good firewall, but those are proactive measures.  Any home router with Upnp is gonna let it right through.


----------



## newtekie1 (Oct 23, 2017)

Papahyooie said:


> I'm curious as to how you got that information. Because the setting in the GUI clearly has an option to allow users over the internet to download from you. A NAT will do nothing to stop it if your own machine reaches out and makes itself available.



It is the way the handshake works.  It was discussed in several network security articles back when the feature first came to light back when Windows 10 came out(yes, this feature has been in Win10 from the beginning).

First, it communicates on the standard WSUS ports.  It basically works very similarly to how torrents work.  Microsoft has several "trackers" that track computers that have the option enabled to share updates.  When the option to share over the internet is enabled, your computer announces to the trackers that it is enabled.  The problem comes when a computer actually tries to connect to your computer to download the updates.  Because the ports aren't forwarded on the router, the outside computers can't initiate the download.

It is exactly the same way torrents work.  You can set a torrent to see, but no one will actually connect to you and download anything from you, because they can't connect to you because of the NAT translation.  NAT translation is why we have to forward ports.

I mean, this isn't a new thing, it has been in Windows 10 since the beginning. There have been lots of articles about it, and lots of people far knowledgeable than you or I researching how it works.



R-T-B said:


> Any home router with Upnp is gonna let it right through.



Yes, it could use the IGD Protocol to add a port mapping, but last I heard it doesn't do that.


----------



## eidairaman1 (Oct 24, 2017)

newtekie1 said:


> It is the way the handshake works.  It was discussed in several network security articles back when the feature first came to light back when Windows 10 came out(yes, this feature has been in Win10 from the beginning).
> 
> First, it communicates on the standard WSUS ports.  It basically works very similarly to how torrents work.  Microsoft has several "trackers" that track computers that have the option enabled to share updates.  When the option to share over the internet is enabled, your computer announces to the trackers that it is enabled.  The problem comes when a computer actually tries to connect to your computer to download the updates.  Because the ports aren't forwarded on the router, the outside computers can't initiate the download.
> 
> ...



@R-T-B, @newtekie1, @Papahyooie, good to know.

Upnp can be disabled too


----------



## FYFI13 (Oct 24, 2017)

newtekie1 said:


> Comcast still does it in the US.  It really isn't a big deal, it doesn't affect the customer in any way.


Well, i tried to connect to my own "WiFree" hotspot and i was given same [public] IP address as my other machines. So basically anyone can connect to your router, do some funny things on the internet and then best of luck for you on trying to prove it wasn't you. Another problem - torrents.


----------



## jboydgolfer (Oct 24, 2017)

eidairaman1 said:


> @R-T-B, @newtekie1, @Papahyooie, good to know.
> 
> Upnp can be disabled too



 If you do disable uPNP ,it will cause issues with consoles like Xbox and PlayStation(Atleast it used ti) It won't do it immediately but it will eventually. If you have those, fwiw


----------



## dorsetknob (Oct 24, 2017)

jboydgolfer said:


> If you do disable uPNP ,it will cause issues with consoles like Xbox and PlayStation(Atleast it used ti) It won't do it immediately but it will eventually. If you have those, fwiw



Lots of ISP Supplied (cheap as chicken Sh*t ) modem/Routers don't have the Facility to port Froward for other Devices
They Try to (and Succeed) lock them Down in firmware to prevent User interaction
Its uPnP Because they  Know Best about your Security and you should not interfere with their Setting


----------



## newtekie1 (Oct 24, 2017)

FYFI13 said:


> Well, i tried to connect to my own "WiFree" hotspot and i was given same [public] IP address as my other machines. So basically anyone can connect to your router, do some funny things on the internet and then best of luck for you on trying to prove it wasn't you. Another problem - torrents.



With comcast you get a different public IP.  Plus, in the US, you can't be sued or blamed for anything based just on your IP.  The legal precedent has been set that an IP does not equal an identity because of the reasons you stated.


----------



## Papahyooie (Oct 24, 2017)

newtekie1 said:


> It is the way the handshake works.  It was discussed in several network security articles back when the feature first came to light back when Windows 10 came out(yes, this feature has been in Win10 from the beginning).
> 
> First, it communicates on the standard WSUS ports.  It basically works very similarly to how torrents work.  Microsoft has several "trackers" that track computers that have the option enabled to share updates.  When the option to share over the internet is enabled, your computer announces to the trackers that it is enabled.  The problem comes when a computer actually tries to connect to your computer to download the updates.  Because the ports aren't forwarded on the router, the outside computers can't initiate the download.
> It is exactly the same way torrents work.  You can set a torrent to see, but no one will actually connect to you and download anything from you, because they can't connect to you because of the NAT translation.  NAT translation is why we have to forward ports.
> ...



I see. I mean, that totally makes sense, technically speaking. I know it was there since the beginning, but as I said earlier in the thread, I have personally had it turn itself back on several times on multiple machines.

My next question then, is this: If it doesn't have functionality to use IGD, then the entire feature is a non-starter. So why create it in the first place? (the "online" part I mean, not the internal network sharing) It seems to me that it HAS to have some way of getting out without forwarding ports. And I don't think Microsoft would just put it out there if there was no way it could ever work, unless the user had no security whatsoever. I think I'll turn it on on one of my machines and see if I can't capture it doing whatever it does, because this doesn't make any sense to me.



newtekie1 said:


> With comcast you get a different public IP.  Plus, in the US, you can't be sued or blamed for anything based just on your IP.  The legal precedent has been set that an IP does not equal an identity because of the reasons you stated.



Not necessarily true. I tested mine as well, and it has the same public IP as my "home" one. Definitely disabled that as soon as I found it... But you are correct about legal precedent. If anything, it would work in your defense if you were to do something shady online.


----------

