Samsung Deliberately Disables Windows Update on Laptops
A user's call for help on an online support forum has unraveled what could prove to be a serious headache for Samsung, after it was discovered that the South Korean electronics giant has deliberately disabled Windows Update on some of its laptops to favor its own bloatware.
That could leave many Samsung users vulnerable to hack attacks, viruses and other security problems that Microsoft's regular Windows updates are aimed at resolving.
The problem came to light Tuesday after independent Microsoft debugger/reverse engineer Patrick Barker posted a summary on his blog. The post described how a Samsung-signed program named Disable_Windowsupdate.exe is automatically launched when users' computers execute Samsung's own driver-updating software, SW Update.
We reached out to Samsung for comment on the matter but have not yet heard back from the company. The revelation is a potential black eye for Samsung, especially in light of the PR lashing Lenovo took earlier this year after its notebooks were found to include security-compromising, pre-loaded adware called Superfish.
'Report Samsung Update as Malware'
The matter began when a user called "wavly" described a problem with Windows Update settings on Barker's support forum, Sysnative, earlier this month. After several attempts to identify the source, forum moderators traced the issue to the Windows Update-disabling program launched by Samsung's own software.
In his blog post, Barker described contacting Samsung support via online chat to ask about the software. Initially the support representative said that Samsung's SW Update has "no effect" on Windows Updates. However, after checking further the representative told Barker, "When you enable Windows updates, it will install the default drivers for all the hardware no [sic] laptop which may or may not work. For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates."
Barker's response on his blog: "OEMs, come on . . . has Superfish taught us nothing?" He added that SW Update should be reported to Microsoft as malware "because that's exactly what is is. Why would you ever disable WU in such a fashion (or in general), in a way a generic user cannot control, leaving them vulnerable?"
Earlier this year, customers of Lenovo, the world's largest maker of consumer PCs, had been reporting a program installed on their PCs called Superfish, software that automatically displays advertisements in the name of helping consumers find products online.
Superfish is designed to intercept all encrypted connections and leaves the door open for spies to hack into PCs through man-in-the-middle attacks. Lenovo issued an apology after the Superfish adware was discovered on its devices and said it would make it a priority to provide "cleaner, safer PCs."
Solution: Turn off Registry Auditing
One commenter on Barker's blog said he had "reported this to the Microsoft security team. Hopefully they'll take action." In the meantime, Samsung users can avoid the problem by turning off registry auditing on their computers, according to Sysnative.
It's unknown which Samsung devices the Windows Update problem affects, or how many users might have had their security compromised because of it. Samsung holds only a small portion of the PC/laptop market, and last year discontinued sales of such devices in Europe.
Microsoft has historically issued automatic updates of its software every Tuesday, although after it releases Windows 10 later this month future updates are expected to come out on an ongoing basis after it releases Windows 10 late next month.