Does Skype's Windows update story fly?

VoIP service claims Microsoft patches triggered outage, but the facts don't add up, say outsiders

Analysts and rivals today said they were dubious of Skype Ltd.'s explanation that the voice-over-IP service's 48-hour outage was triggered by restarts after Microsoft's monthly security updates were delivered.

"Why this particular Tuesday?" asked Doug Williams, an analyst with JupiterResearch. "That doesn't really fly."

Skype's blackout -- which began Wednesday around midnight, Pacific time, and ended late Friday -- was caused by a software glitch provoked, said Skype, by machines rebooting after they had applied updates to Microsoft Corp.'s Windows operating system.

"The disruption was triggered by a massive restart of our users' computers across the globe within a very short timeframe as they re-booted after receiving a routine set of patches through Windows Update," Skype said in a statement posted this morning.

"I'm leery of that explanation on two counts," said Aron Rosenberg, chief technology officer of SightSpeed Inc., a Berkeley, Calif.-based VoIP competitor to Skype. "First, the timing of the patches."

Although Microsoft rolls out its monthly security updates before noon, Pacific time, on Patch Tuesday, those updates are by default downloaded and installed at 3 a.m. local time, often over a period of a day or two. "At the very least, then, systems would have rebooted time zone by time zone, not all at once," saiRosenberg said.

However, there may be a connection to the 3 a.m. default reboot. According to Skype's statistics, the outage began sometime between Wednesday at 10:30 p.m. and 3:05 a.m. Thursday, PDT. Between those two data points, the number of connected users dropped by 50%.

Second, said Rosenberg, is the fact that Microsoft has been releasing its security fixes on the second Tuesday of each month since October 2003. If the problem was triggered by Windows Update, as Skype claimed, why hadn't it happened before?

While he scoffed at Skype's excuse, Rosenberg also noted that the service's infrastructure may make it vulnerable to problems experienced by a minority of systems on the network. Like the Kazaa music file-sharing network, which was created by the same pair who founded Skype -- Swedish engineer Niklas Zennstrom and Danish entrepreneur Janus Friis -- the VoIP service uses "supernodes" to detect online Skype users, establish connections between users, and help route traffic. The supernodes, which are computers that Skype identifies as having surplus Internet bandwidth and processor cycles, serve as the directory servers and traffic cops of the network. If too many go offline in a short time -- whether from restarts or simply by being switched off -- Skype could suffer.

Skype's explanation hinted as much. "Normally Skype's peer-to-peer network has an inbuilt ability to self-heal," said spokesman Villu Arak in this morning's statement. "However, this event revealed a previously unseen software bug within the network resource allocation algorithm which prevented the self-healing function from working quickly."

What Skype describes as self-healing, said Rosenberg, is simply the ability of Skype to switch a user from one supernode to another, necessary, say, when the first supernode goes offline. If too many of those supernodes dropped off the network simultaneously, Skype might have had trouble switching users to other supernodes. In other words, there would have been too many nodes -- normal users -- chasing too few supernodes to allow the former to log on. Skype itself described it as "a chain reaction that had a critical impact."

"Skype is unusual in that one of its key components, the supernodes, are always going up and down," Rosenberg said. "Because it relies on the supernodes working, if Skype's [network] software wasn't load balancing across time zones, they could have had a massive loss of supernodes [when systems rebooted]," he added.

Microsoft also pooh-poohed the idea that there was anything out of the ordinary in last Tuesday's updates that might have triggered the Skype crash. "Windows Update is a routine service Microsoft provides to its users to receive software updates, including last Tuesday's security updates, which were not unique," said a company spokeswoman in an e-mail today. "As indicated in Skype's blog, their specific disruption was caused by a bug in their software."

Tallies of Microsoft's recent monthly updates seem to back up the company's claim that last week's were not unique, at least in the number which demanded restarts. Although five of August's nine updates required a reboot, that number wasn't out of line with July's four of six, or even February's five out of 12.

When asked to comment further, a Skype spokeswoman declined to add anything to the statement issued earlier in the day.

Related Articles and Opinion

Copyright © 2007 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon