[time-nuts] time.windows.com statistics

Tim Shoppa tshoppa at gmail.com
Mon Jul 14 06:38:28 EDT 2014


On the subject of "time.windows.com", it is usually up but it seems to be a
pretty cruddy source of NTP time. The actual source is somewhere in the
Akamai cloud (so even if it resolves to the same numeric address twice, tha
Akamai cloud may in fact be farming it out to geographically different
machines) and I often find responses from time.windows.com to be all over
the map, with a scatter of 100 milliseconds or more and often timing out,
making time.windows.com one of the cruddyist NTP servers out there.

Wonder out loud if using NTP server in a load-distributing cloud will just
intrinsically be randomly cruddy, or if this is somehow engineering a
source which is often good enough for SNTP users but obviously
inappropriate for NTP to prevent extra load from non-windows users.

Tim N3QE


On Sun, Jul 13, 2014 at 5:37 AM, Esa Heikkinen <tn1ajb at nic.fi> wrote:

> Hi!
>
> At first, Windows XP supports SNTP protocol (so it can be synchronized
> with NTP server, but not with "millisecond" grade accuracy) and it uses
> time.windows.com as default server. Maybe Microsoft is closed that server
> or something, if it doesn't work anymore. However it's easy to change the
> NTP server, like Ed Palmer alrady described.
>
> It's also possible to use local NTP server, I use Symmetricom/Datum
> TymServe 2100 to synchronize the system cloks for all Windows computers.
> Works fine and does not need connection outside local network.
>
> Any Windows computer can also act as NTP server, if "millisecond" grade
> time is not needed. Registry change is needed to enable the Windows NTP
> server, Google if you want to do this. In addition, the system running as
> NTP server must also have working NTP client configuration so that it
> syncrhonizes itself. But remember, integrated Windows NTP is not very
> accurate, the time may have even more than ten seconds offsets.
>
>
>  You do not want to have your XP box connected to the internet at all.
>> This is not something that can be dealt with by any anti-virus software
>> you
>> are running.
>>
>
> I even have Windows 2000 computer having 24/7 internet connection. This is
> a server computer running 24/7, doing certain tasks. Windows 2000 support
> is stopped many years ago and also there's not even anti-virus software
> compatible with Windows 2000 anymore. Sounds dangerous? Not necessary -
> there has not been any trouble ever...
>
> The secret is that this (and all other computers) are behind NAT firewall
> so there's no direct access to this (or other) Windows computers. Second
> thing is (maybe most important), that this computer is NOT used for any web
> browsing or e-mails (which are most common way to infect any unprotected
> computer).
>
> By the way, XP support is not fully stopped yet, there's still monthly
> malware removal updates coming. Last one happened just few days ago. We
> still use XP for work (with anti-virus software of course) and there's
> never been any problems with it. Any suspicious traffic from local network
> to the Internet will be noticed by network monitoring, but there's haven't
> been any. XP is safe, if it's behing network firewall.
>
> One easy trick to keep any Windows computer safe is to use Jotti's Malware
> Scan service before running any new .exe files downloaded from Internet:
>
> http://virusscan.jotti.org/
>
> This is an easy-to use online service, where you can send files for
> scanning. It uses more than 20 anti-virus tools to scan the file and
> reports the results from each tool. If the file is infected, there will be
> many alerts, even when the anti-virus software installed in own computer
> doesn't give any alert.
>
> Connecting any Windows computer directly to the Internet (without NAT or
> nework firewall) or DMZ is not recommended at all, even if it has most
> recent Windows version. There will be always new and undetected
> vulnerabilities. That's the reason why the Windows updates exists.
>
> --
> 73s!
> Esa
> OH4KJU
>
> _______________________________________________
> time-nuts mailing list -- time-nuts at febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/
> mailman/listinfo/time-nuts
> and follow the instructions there.
>


More information about the time-nuts mailing list