The Windows Update
web site has been experiencing performance problems again today, with our monitoring showing lengthy response times and brief outages.
Windows Update site was slowed by heavy traffic last month following the release of four Microsoft security updates fixing critical holes in Windows software. Saturday's Sasser worm used one of those flaws, a buffer overflow in the LSASS Windows networking service, to compromise unpatched machines. It's not yet clear whether today's delays are due to increased patching by tardy network administrators, or some other cause. Microsoft said it addressed last month's performance problems by "adding resources to support Windows Update."
Dynamically updating performance charts for Windows Update are available here.
web site is experiencing the latest in a series of outages, which began April 24 and have intensified since Tuesday, with the www.above.net site either exhibiting very slow response times or being unreachable. The duration of the performance problems is unusual for a network provider the size of Above.net (previously Metromedia Fiber Network). The company has not yet responded to an inquiry about its site performance.
Our Hosting Provider Network Performance summary provides current information on the uptime for web sites of major hosting companies.
E-commerce firm 2Checkout
, which processes credit card payments for online merchants, says it has been hit with a distributed denial of service ((DDoS) attack after it rebuffed an extortion attempt. The 2Checkout site experienced rolling outages from the attack, which began on April 9 and was still ongoing as of April 16, according to a statement on the company's web site
"2Checkout continues to fight an extortion based ('Pay us or else we will continue to attack') DDOS attack," the company said earlier this week. "We apologize for any service interruptions. Rest assured that our full staff in addition to some consultants are working relentlessly in conjunction with our providers to combat and minimize any effects of the attack."
Microsoft's Windows Update
web site has been experiencing slow response times
in the wake of yesterday's release of critical security updates. A browser request through Internet Explorer eventually raises the site after an extended wait, and in some cases it is possible to successfully download and install updates over a broadband connection. Dynamically updating performance charts for Windows Update are available here
The service is struggling for availability at a crucial moment of need for Windows users. Microsoft yesterday released four security updates, including three critical patches that Microsoft urged customers to install immediately. They include a patch for an SSL vulnerability that leaves Windows 2000 and NT4 SSL sites open to remote compromise. The current sluggish performance of Windows Update is a particular challenge for Windows users on dial-up Internet connections, as the Windows XP download is 3 megabytes.
"After the release of yesterday's security updates, the number of requests to Windows Update was double the usual volume," said a Microsoft spokesperson. "The slowdowns didn't last very long. We've added some system resources to support Windows Update, and are not seeing much trouble anymore."
This morning the DNS for windowsupdate.microsoft.com was being managed by Savvis Communications though its Digital Island content distribution network (CDN). CDNs help manage Internet traffic (including DDoS attacks) by using large, geographically distributed networks of servers to move files closer to the end user. Microsoft used a CDN service from Akamai to keep its web site online last August, when the Blaster worm programmed machines to launch a DDoS on the Windows Update site. Microsoft's strategy drew considerable attention, as the front page of the www.microsoft.com site was served by Linux machines on Akamai's network. Today Savvis was using Windows Server 2003 to manage the Windows Update traffic. This evening the site is being served from a netblock assigned to Hotmail, Microsoft's e-mail service.
Ranking by Failed Requests and Connection time,
March 1st - 31st 2004
During March, Komplex, a leading German hosting company site went through the month without any failed requests.
Apart from Komplex, which runs Linux, the Top 10 places were almost evenly split between FreeBSD and Windows, with five of the top 10 hosting company sites running FreeBSD, and four on Windows.
The Recording Industry Association of America (RIAA)'s site is now transiently available after an extended outage and now appears to be running Linux
Inevitably, this will lead to speculation that SCO might add the RIAA to the list of Linux using organizations currently receiving attention from its lawyers.
Of course, the RIAA is itself well endowed with lawyers should it need to defend itself, and just yesterday announced the latest in its own series of lawsuits against Internet users it believes are improperly sharing copyrighted music files.
The RIAA site has been offline since March 17 in an outage that closely tracked a scheduled distributed denial of service (DDoS) attack from computers infected by the MyDoom.F virus.
If MyDoom.F was indeed the culprit, it raises an ongoing threat for the RIAA site, as the malware is programmed to launch its DDoS between the 17th and 22nd days of every month.