Samsung Program Disables Windows Update on PCs

Samsung’s update mechanism for Windows PCs and laptops silently disables Windows Update, computing enthusiast Patrick Barker has discovered.

Samsung PC owners could soon find themselves in an endless carousel of enabling Windows Update with each reboot of their machine after a computing enthusiast discovered that a Samsung feature disables Microsoft’s update mechanism by default.

Windows Update is a service that delivers, among other features, security updates and patches to Windows machines. On Samsung machines, however, it’s been usurped by a program called Disable_Windowsupdate.exe that is part of Samsung’s SW Update mechanism; the manufacturer uses its service to update pre-installed software and Samsung drivers, and is installed on Windows XP, Vista, 7, 8 and 8.1 machines.

The Disable executable is downloaded at each reboot—the file is signed by Samsung—and overrides any changes a user may institute, such as re-enabling Windows Update, said Patrick Barker, a self-proclaimed “22-year-old cashier with a love for Windows internals.” Barker posted a technical explanation of what he had found to his personal website, including a transcript of a chat with a Samsung support representative who explained the behavior.

“When you enable Windows updates, it will install the Default Drivers for all the hardware [on] laptop which may or may not work. For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates,” Barker quoted the transcript.

SW Update, Barker said, forces the user to manually choose whether to download and install updates, and this must be done regularly. The likelihood of that happening is low and it’s equally likely that many Samsung Windows machines would be behind current patch levels.

“Windows Update remains a critical component of our security commitment to our customers. We do not recommend disabling or modifying Windows Update in any way as this could expose a customer to increased security risks. We are in contact with Samsung to address this issue.” said a Microsoft spokesperson in an email to Threatpost.

According to a number of comments on Barker’s post, several people have reported or are planning to report this behavior as malware to Microsoft.

Samsung said in a statement provided to Threatpost: “It is not true that we are blocking a Windows 8.1 operating system update on our computers. As part of our commitment to consumer satisfaction, we are providing our users with the option to choose if and when they want to update the Windows software on their products.

“We take product security very seriously and we encourage any Samsung customer with product questions or concerns to contact us directly at 1-800-SAMSUNG.”

The incident hearkens back to February’s disclosure of vulnerability in the Superfish software installed by another computer manufacturer, Lenovo. Superfish is pre-installed adware that analyzes images from the web and concurrently serves advertising for products similar to the image. Superfish, however, also had an odd behavior in which it acts as a proxy of sorts, generating digital certificates for HTTPS connections. Researcher Rob Graham explained how he was able to crack the private key guarding the certificate, which is the same on all Lenovo laptops shipped with Superfish through January of this year. Users were put at risk of man-in-the-middle attacks because an attacker sitting on the same network and in possession of the private key could decrypt encrypted traffic.

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.