Skip to main content

Samsung caught secretly disabling Windows Updates

Windows Update has long been pushed as the way to make sure that Windows is fully patched and secure as possible. It is recommended that it be left in Automatic mode so updates are downloaded as they are released. Samsung, however, has different ideas.

The company has been found disabling Windows Update on a number of the computers it sells, channeling people to use its own SW Update tool instead. Microsoft MVP Patrick Barker noted the activity when he found a program called Disable_Windowsupdate.exe on his computer. The culprit was Samsung's crapware.

Writing on his blog, Barker transcribes a web chat with a Samsung customer service representative who confirmed that the company's own update tools disabled Windows update. After initially denying that the tool made changes to the registry or Windows Update (in fact a registry entry is used to start Samsung's update tool which in turn disables Windows Update) they then admitted that this was precisely what was happening. They also gave a brief - and somewhat weak - explanation for the activity:

"When you enable Windows updates, it will install the Default Drivers for all the hardware on laptop which may or may not work. For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates."

A computer manufacturer shipping its own software update tool is nothing out of the ordinary. It is often done to keep machine-specific applications up to date as well as to deliver tailored drivers. Disabling Windows Update and taking over the entire updating process, however, is rather more unusual.

As suggested by VentureBeat (and hinted at by the Samsung representative), is seems that Samsung noticed that Windows Update had a tendency to overwrite the drivers the company wanted to use. Rather than trying to address the problem properly, the sledge-hammer-to-crack-a-nut approach was to simply disable Windows Update altogether - a foolhardy and potentially calamitous solution.

Few people would fail to see this as a security risk, and it will be interesting to see what Samsung does next. We have reached out to the company for comment and will update this story when we hear back.

UPDATE: Tod Beardsley, security engineering manager at Rapid7 commented: "The news that a Samsung OEM-installed software is purposefully, and irrevocably, disabling Windows Update (WU) is very troubling. The investigation by security researcher Patrick Barker indicates that this behaviour is not strictly malicious, but is part of a work-around to avoid installing possibly incompatible USB drivers on Samsung equipment.

"The problem, of course, is that this is a heavy-handed approach that completely disables future security updates to Windows, a process that represents years of hard-won security maturity from Microsoft and computer vendors, which is something a major hardware vendor like Samsung should consider more seriously.

"This episode with Samsung is reminiscent of the Superfish scandal of February in 2015. In that case, Lenovo was bundling adware with new computers, which was, in turn, inserting a self-signed certificate in order to man-in-the-middle (MITM) web traffic and serve ads. This behaviour had the side effect of completely disabling endpoint SSL security for secure websites. Like with Samsung, Lenovo offered no practical mechanisms for end-users to opt out of this behaviour short of reinstalling with a fresh operating system.

"Independent researchers like Patrick perform an incredibly valuable service by choosing to investigate how technology works, and pointing out when short-sighted design decisions undermine the security of the devices that we all rely on to live our lives. It's unknown today how many Samsung customers have been accidentally skipping critical software updates, or for how long."

Photo credit: Anton Watman /