Stopping BitTorrent distro of SP2…wrong? I don’t think so.

John Dvorak is apparently of the opinion that it was “wrong on so many levels” for Microsoft to tell file-swapper sites to stop distributing XP SP2 via BitTorrent. I heartily disagree. Microsoft is already battling a perception that our software is not secure. SP2 is designed to help address this perception, by substantially increasing the security of the OS, which will hopefully gradually improve the perception (can’t change perceptions overnight, at least from bad to good). While it’s incredibly important to get security right technically, perception is also very important. Why the emphasis on perception? Because all it would take to create a perception that XP SP2 is a problem, rather than a solution, would be for one person to have a bad experience with it after getting it from a third party. It wouldn’t matter if the third-party site was not officially sanctioned or not. If such an incident became publicized, it would erode users’ trust in SP2 by creating a perception that it can’t be trusted.


By requiring that these sites stop distributing SP2, users can be sure that they’re obtaining the service pack through an official channel, and this reduces the risk that they will run into problems. It’s pretty easy for Dvorak to sit back and criticize when he doesn’t have to deal with the consequences of making the wrong choice. I understand the enthusiasm of both the file-swappers and Dvorak in looking for at this as a potentially compelling demonstration of the technology, but I think the downside risks with allowing this to continue were pretty substantial.


Comments (16)
  1. That sounds really easy, Brant. Until you consider that the vast majority of users have no idea what hashing or MD5 are. Heck, even some IT pros that I know don’t know what hashing is.

    As for it being "the user’s problem", that’s just not true. Not from the standpoint of responsibility, but from the standpoint of perception. It doesn’t matter if the user *should have* know that the download was not official. If it causes them problems, Microsoft will take the blame. That’s makes it our problem.

  2. Joku says:

    I agree with you when talking about majority of users, however the people who take the effort of figuring out what a torrent is, are likely to also go read some "torrent faq" or ask what MD5 could mean. MS could have also embraced the torrent type of distribution on their own adding some suitable and easy to understand authenticity verification.

  3. Jerry Pisk says:

    Brant, if you distribute the hash with the file what’s going to stop somebody from creating a valid hash to their version of SP2? This also applies to all the open source projects that think that this is a secure way to make sure files haven’t been altered, as long as you host both the file and the hash on the same server it brings you very false sense of security. Nothing else.

    But still – a lot of users will get the SP from somebody else than Microsoft, so what’s the point of stopping just one channel? If I get WinXP SP2 from Dell and it screws up my applications I’m still going to blame Microsoft, not Dell.

  4. Bryan Reese says:

    MD5 is built into Bittorrent, which was the technology being used to distribute the files. Bittorrent clients will check each piece against the MD5 from the torrent, and if it does not match, will download again. Then, after the whole, most clients will check again to make sure the file is correct.

    The checks are all client side, and can not be gotten around through a server side hack if the original torrent was made of the correct file.

  5. Chris Nelson says:

    You also have to remember that a lot of people who don’t know what hashing or MD5 are, also won’t know what Bittorrent is. They’ll be getting SP2 whenever it turns up on Windows Update or on the cover of their local PC magazine.

  6. Ross says:

    "Until you consider that the vast majority of users have no idea what hashing or MD5 are."

    The vast majority of users also have no idea what BitTorrent is 😛

  7. Eric Newton says:

    I’d guess most of the people using BitTorrent are capable anyways. Perhaps the MD5 hash should truly be built into the BitTorrent protocol, and Microsoft themselves should release it.

    Embrace and extend!

  8. Andrew says:

    Im sure its not so difficult to give the hash on the download page, and a free tool to auto find the .exe file and check its hash.

  9. if possible, MS should have worked with them to setup a "secure" P2P "channel" for MS software to be downloaded …

  10. Brant, I understand the benefits of bit torrent distribution. However, if I have to go to that much work to make sure that I have the "official" version I am not going to. I don’t get my virus identity updates through unofficial channels or updates to any other applications either. Of course I wouldn’t take the word of somebody I know giving me a copy of anything without "knowing" that it is real so I doubt I would ever trust something from somebody I didn’t know (or even worse, several people I don’t know).

    The real thing to remember is that XP is not an open source project. Microsoft controls it and that includes how it and its patches are distributed. That is their right and going through other means to obtain a copy is a violation of the license agreement.

  11. Tom says:

    I even got SP2 from the eDonkey network a few days before the official release. After the download I checked the signature in Explorer (something not easily manipulated) and after the official release compared MD5s. They matched.

  12. this is microsoft.. the great corporate "we do things our way even if there is another better way, why? because we can"..

  13. I have to agree with this. Considering that there is no way to make sure that the distro you are getting is a valid one i would rather have users grab it through official channels.

    Now i know MSFT could release the hash to a valid package but still poses security risks.

    And anyways, why bother with a full 200MB distro when Windows Update will take care of downloading only what you need, thus saving everybody bandwidth?

  14. The only bad experience I can think of in this case is that the package does not contain what it’s supposed to contain.

    That can be achieved in two different ways: 1) somebody replaces content in the package before the file is being routed through p2p networks (bad guys doing bad things) 2) something goes wrong during the transfer and a "1" becomes a "0" (caused by a whale chewing on one of those trans-atlantic lines)

    So at one point something should check the integrity of the package the user downloaded and this should happen, hopefully, before the installation of SP2 starts. Number 2) above can happen no matter how sophisticated MS’s distribution system is, so an integrity check is necessary even if the file is only distributed through MS.

    Which leads me to the question: What’s wrong with distributing the file through P2P if the correct integrity measures are in place? Or are you saying the integrity of the package is not checked?

  15. Sorry for the delay in unmoderating all of your comments. I was out of the office this week with limited internet access…

    "What’s wrong with distributing the file through P2P if the correct integrity measures are in place? Or are you saying the integrity of the package is not checked?"

    IMO, the problem is lack of control. Again, any measures that could be put in place for integrity checking have the potential to be beyond the capabilities of some of our users to use reliably. I can’t even imagine trying to talk my father through checking an MD5 hash. But I also know that he’s sometimes likely to try new things he hears about, and downloading via BitTorrent or something like that might be one of them.

    This is not about whether P2P is or isn’t a good idea. It’s about someone attempting to decide for Microsoft how SP2 will be distributed, which has the potential to impact our customers. Regardless of how enthusiastic you may be about P2P and its potential to make distribution easier, I would hope that you could also see the downsides, and understand why Microsoft chose not to take those risks.

Comments are closed.

Skip to main content