monline

Windows Update is a tricky thing. It can use a proxy server (see one of my previous posts on this), but it won't use the same proxy as you've set in "Control Panel" / "Internet Options" (aka. IE's proxy settings). Windows XP has a "hidden" HTTP service (it's actually a driver visible in "Device Manager" under "Non-Plug and Play Drivers") and Windows Update uses this service to access Microsoft's servers. To set a proxy for this service, you've to use the proxycfg command line program. However setting a SOCKS proxy won't take any effect (at least it did not for me, neither for airwin). But there're ways to get around this.

I've found two methods.

1. Windows Update does work through a HTTP proxy, thus you could use a local HTTP proxy that supports chaining to SOCKS proxies. You could set Windows Update with proxycfg to use the local HTTP proxy, and set the HTTP proxy to use the given SOCKS proxy. There're a few such tools. Eg. Privoxy can do this ... or you could pick any HTTP proxy and use a "sockisfier" to add SOCKS capabilities to it (there're quite a few ... eg. free ones are FreeCap, Hummingbird SOCKS client, SocksCap ... a commercial one is ProxyCap).
   
   
2. You can use a "low-level" socksifier that can add SOCKS capability even to Windows services. For this one to work the socksifier program has to load before the first service loads that uses svchost.exe (the "Generic Host Process for Win32 Services"), since an instance of this executable tries to connect to MS's webservers, when you start the Windows Update process. One program capable of socksifying svchost.exe (aka. Windows services) is WideCap. It comes from the developer of FreeCap, but he rewrote the whole thing. WideCap hijacks Winsock (the socket subsystem of Windows networking), thus it's like a virtual network driver on top of Windows' TCP stack. It can redirect all TCP connections to a SOCKS server right from the start ... including all Windows services. However this tool is shareware (you can use it for free only in a 30-day trial period) and due to a small design glitch you've to hack its settings a little bit to make it socksify the services running through svchost.exe. The problem is that WideCap stores all of its settings in the user's registry that installed the application. You've to set up WideCap, export the program's registry from the current user's tree to disk (it's HKEY_CURRENT_USER\Software\Bert's Software\WideCap for me), replace the registry key pathes with the path of the SYSTEM user's registry (it's HKEY_USERS\S-1-5-18\Software\Bert's Software\WideCap for me) and import it back to the Windows registry. The SYSTEM user comes into the game, because the given svchost.exe (that makes the connection to the MS Windows Update servers) runs with SYSTEM's credentials ... thus when the service (svchost.exe) starts, the WideCap driver will have access only to SYSTEM's registry. This method is definitely not for novice users. However I'm happy to have learnt about WideCap, it's a very nice piece of software ... a sort of Swiss army knife for socksifying programs ... even Windows services.

P.S.: you might want to check out this Wiki page for some other socks proxies and socksifiers.