Samsung disables Windows Update, undermines the security of your devices

Another example of how vendors sometimes choose to improve usability to the detriment of user security has been recently discovered by security researcher and Microsoft MVP Patrick Barker.

Spurred by a user asking for assistance because his Windows Update kept being disabled, he searched for the reason for the unexpected behavior and found it: Samsung’s SW Update software for Windows PCs.

To be exact, it’s the Disable_Windowsupdate.exe file in the software, which according to Barker “creates a scheduled task that runs at every logon to ensure that Windows Update is indeed disabled.”

After the discovery, he asked Samsung tech support the reason behind this action, and received the following reply: “When you enable Windows updates, it will install the Default Drivers for all the hardware no laptop which may or may not work. For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates.”

Effectively, having Windows Update and Samsung’s SW Update software active at the same time can lead to conflicts that can result in the machine not working as Samsung (and presumably the users) would want to. Instead of figuring out a way to make it work, Samsung (silently) opted for disabling Windows Update.

After the revelation, Samsung replied with the following statement: “It is not true that we are blocking a Windows 8.1 operating system update on our computers. As part of our commitment to consumer satisfaction, we are providing our users with the option to choose if and when they want to update the Windows software on their products.

Barker noted that even if the users get the initial choice of choosing whether to update Windows software on their products, Windows Update will still be switched off after a reboot. As he succinctly commented: “I mean, come on, the exe is named Disable_Windowsupdate.exe.”

Microsoft is, expectedly, not happy with this, and has contacted Samsung to hammer out a solution.

“The news that a Samsung OEM-installed software is purposefully, and irrevocably, disabling Windows Update (WU) is very troubling,” Tod Beardsley, Engineering Manager at Rapid 7, commented.

“The investigation by security researcher Patrick Barker indicates that this behavior is not strictly malicious, but is part of a work-around to avoid installing possibly incompatible USB drivers on Samsung equipment. The problem, of course, is that this is a heavy-handed approach that completely disables future security updates to Windows, a process that represents years of hard-won security maturity from Microsoft and computer vendors, which is something a major hardware vendor like Samsung should consider more seriously.”

“Independent researchers like Patrick perform an incredibly valuable service by choosing to investigate how technology works, and pointing out when short-sighted design decisions undermine the security of the devices that we all rely on to live our lives. It’s unknown today how many Samsung customers have been accidentally skipping critical software updates, or for how long,” he added.

“This episode with Samsung is reminiscent of the Superfish scandal of February in 2015. In that case, Lenovo was bundling adware with new computers, which was, in turn, inserting a self-signed certificate in order to man-in-the-middle (MITM) web traffic and serve ads. This behavior had the side effect of completely disabling endpoint SSL security for secure websites. Like with Samsung, Lenovo offered no practical mechanisms for end-users to opt out of this behavior short of reinstalling with a fresh operating system.”

Another similar situation was flagged this April, when developer Christopher Bachner discovered that LG Split Screen software that comes with the company’s ultra wide monitors stealthily weakens Windows users’ defenses by deactivating the OS’ User Account Control (UAC) feature.

Don't miss