A Microsoft MVP has discovered that a Samsung software utility is quietly disabling Windows Update on the firm’s PCs in order to ensure that only the correct drivers are installed. In disabling Windows Update, the Samsung software is of course behaving like malware. And the consequences of this change, which are made without the user’s knowledge, could be dire.
Patrick Barker discusses his discovery of this issue, and a rather tragic interaction with Samsung Support, on his blog. But the short version is that Samsung is faced with an issue that all PC makers face: it carefully curates the drivers that get applied to its PCs, only to have Windows Update overwrite them later with generic drivers that aren’t always as ideal for its particular configurations. Other PC makers, like HP, have worked with Microsoft to ensure that only the correct drivers are delivered over Windows Update to their PCs, and I wrote about this partnership recently in The HP Spectre x360 is What Happens When a PC Maker Collaborates with Microsoft. Samsung, however, chose a very different route.
Using the SW Update utility that Samsung provides on its PCs—all major PC makers provide a similar utility—Samsung has delivered a software package, imaginatively called Disable_Windowsupdate.exe, that—wait for it—disables Windows Update. That way, the only updates the system gets will come via SW Update.
Samsung Support confirmed the behavior to Mr. Barker.
“When you enable Windows updates, it will install the Default Drivers for all the hardware no laptop which may or may not work,” he was told. “For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates.”
Problem solved, right? Your Samsung PC will always get the correct drivers and everything works well.
Not quite. The trouble with Disable_Windowsupdate.exe is that disabling SW Update, or uninstalling the Disable_Windowsupdate.exe utility, doesn’t in fact re-enable Windows Update. So now no updates—security updates, new drivers, whatever—will be delivered. “Why would you ever disable [Windows Update] in such a fashion (or in general), in a way a generic user cannot control, leaving them vulnerable?” Mr. Barker asked. Semi-rhetorically, I assume, since there is no good answer to this question.
In disabling Windows Update, the Samsung utility is behaving like malware—is, in fact, malware—which of course opens this event up to a comparison with Lenovo’s Superfish fiasco. In that incident, Lenovo was found to have been delivering malware to PCs that display advertising in a web browser, and the PC maker was raked over the coals by privacy and security experts before issuing a public apology and changing its behavior.
Now, as the biggest PC maker in the world, Lenovo’s behavior of course impacted a very large audience. But Samsung’s behavior is, if anything, even more stupefying. In fact, it’s downright malicious given a user’s expectations and the reality of what the software delivers. And it apparently impacts virtually all Samsung PCs dating back to Windows XP, which was when the SW Update utility was introduced.
We can only assume that Samsung will learn from Lenovo and end this behavior immediately. But it should also learn from HP and partner with Microsoft to ensure that only the correct drivers are delivered via Windows Update. As Microsoft’s Gabe Aul told me this spring, Microsoft has “offered this collaboration to all of the [PC makers].” This one is on Samsung.