A 22-year-old Microsoft Most Valuable Professional (MVP) who calls himself Patrick has hit the media spotlight with a blog article about Samsung’s updating software.
As a result, Samsung is in the computer security news again for all the wrong reasons.
Last week it was bad press over its exploitable keyboard on Android.
Samsung phones, it seems, regularly call home looking for keyboard updates, even if you turn the built-in keyboard off (you can’t uninstall it altogether) and replace it with your own.
The problem is that when your phone calls home, it doesn’t verify that it got through to the right number, metaphorically speaking.
Crooks with a hacked-up Wi-Fi access point, for example, could intercept the call home, feed you a fake update, and run just about any sort of malware they wanted, with system-level privileges.
But it seems that phones aren’t the only place where Samsung has its own ideas about how to keep you up-to-date.
Windows Update considered harmful
The latest brouhaha affects Windows, and is covered in some detail by Patrick, who describes himself as having a “love for Windows internals.”
Patrick’s article is mildly affected by the exuberance of youth (the transcript of his support session with Samsung has “attack is the best form of attack” written all over it), but it’s interesting nevertheless, because he took the trouble to investigate in detail.
His headline makes the problem pretty clear:
Samsung deliberately disabling Windows Update
Actually, there’s an amusing irony that Patrick’s headline misses, namely that the Samsung component that turns Windows Update off is Samsung’s own “SW Update” application.
According to Patrick, SW Update goes one step further, and makes jolly sure it keeps Windows Update off by setting up a program that runs every time you logon and makes sure it’s still turned off.
To be fair to Samsung for a moment: there’s nothing underhand about this behaviour, because the run-at-login program is explicitly named Disable_Windowsupdate.exe.
Why turn off Windows Update?
The obvious question, of course, is, “Why?”
Turning off Windows Update in favour of your own software implies that you intend to take the job over from Microsoft, presumably with the intention of offering additional features and controls that make fetching and installing critical updates even more reliable.
According to Patrick’s support call with Samsung, however, the reason for turning Windows Update off is much more mundane:
When you enable Windows Update, it will install the Default Drivers for all the hardware on your laptop, which may or may not work. For example if there is USB 3.0 on the laptop, the ports may not work after the installation of updates. So to prevent this, SW Update tool will prevent Windows updates.
According to various news stories, Microsoft has now weighed into the discussion, dispassionately stating that:
We do not recommend disabling or modifying Windows Update in any way as this could expose a customer to increased security risks. We are in contact with Samsung to address this issue.
What to do?
The quick fix you can implement right now is to uninstall SW Update and to turn Windows Update back on.
Unlike Samsung’s defective Android keyboard, which is baked into the base Android distribution and can’t be removed like a regular app, SW Update does show up in the Uninstall or change a program list under Control Panel | Programs | Programs and Features.
But there are two possible problems with that approach:
- Patrick claims to have had reliability problems with the uninstaller, so your mileage may vary.
- You won’t get any Samsung updates, which could leave you at risk of already-fixed bugs.
So, if you decide to leave things as they are, you probably want to set yourself a reminder (a Post-it note will do!) to run Windows Update by hand every now and then.
To do that on Windows 8.1, try this:
- Do a search for Windows Update.
- Launch the Windows Update application.
- Use the Check for updates option.
And keep your eyes open for how Microsoft and Samsung resolve this impasse.
John P
Maybe I missed something but isn’t the reverse also true.
Uninstall the Samsung Update killer (Disable_Windowsupdate.exe), leave Windows update alone and manually run the Samsung Updater?
Why uninstall the whole Samsung Update application just because they have an app in the startup group?
Maybe use MSConfig to disable the update killer from running at boot?
My daughters HP laptop did something similar with the HP updater. They also had an “app” to manually run and a button on the HP toolbar.
Paul Ducklin
I don’t have a Samsung device handy to try this on…but if you can find a reliable way to get rid of that WU disabler program (a way that doesn’t get “corrected” next time SW Update updates itself :-) and to run the Samsung updates by hand, as one can with Windows Update (at least, until Windows 10 Home comes out), please let us know!
We’ll add it to the tips section.
John P
Having read Patricks blog (again), I think your assertion that the article is “mildly affected by the exuberance of youth” is a mild understatement. Too many leaps of faith/assumptions, not enough actual research (dog with a bone approach is obvious).
Disabling automatic Windows updates is not necessarily a terrible thing.
Not communicating that clearly to users is at best questionable (or maybe they do at setup time/in the EULA everyone reads/etc).
Good start but more research and more discussion of impacts and options required before it should become a “thing”…
Paul Ducklin
I’m not convinced. Turning off Windows Update altogether as a way of “protecting” your own updates seems like a rather lazy way to solve compatibility problems, wouldn’t you say?
John P
I think you’re missing my point. I’m not saying I support turning off Windows Update. In fact, probably the oppostie. What I am saying is that this is a tempest in a teapot that can, most likely, be resolved via Msconfig.
Paul Ducklin
What you seem to be saying is that Samsung’s approach wasn’t a such great idea but with a bit of manual intervention you can deal with it.
Which I _think_ is pretty much what I suggested in the article :-)
Andrew Ludgate
Added to this, I’d like to highlight Microsoft’s Objective Criteria:
https://www.microsoft.com/security/portal/mmpc/shared/objectivecriteria.aspx
Samsung’s software as described unfortunately meets a number of the objective criteria for Unwanted Software. Most of this could have been avoided with a clear dialog on first use explaining what had been done, and an option in the Samsung Update settings to re-enable Windows Update (with the appropriate disclaimer as to why it may not be a good idea).
Tony Gill
I saw this article yesterday, but discredited it because my personal experience does not reconcile with the article — I have a Samsung Chronos Series 7 laptop with SW Update running, and I get Windows 8.1 Updates just fine.
Paul Ducklin
That’s handy to know…once we hear back from Samsung/Microsoft, we’ll try to give you more precise details.
The fact that Samsung’s official support script seems to acknowledge that there’s a reason for zapping Windows Update (which may depend on which hardware you have for all we know) suggests that it can and does happen to some users.
Anyone else with a Samsung device and the same version of SW Update as explored in the linked-to blog article?
Lutz
To be fair, this Samsung program actually does not disable WU completely. While it does turn off the automatic installation of updates, WU will still check for updates and prompt the user to install them.
Still a bad naming for that .exe-file…
Anonymous
Which makes me wonder, “Why?” If the goal is to avoid conflict because WU might trample on Samsung’s drivers…then the conflict is going to happen anyway. It’s almost as though by making the conflict happen only when the user says [OK] you’re hoping to transfer blame and responsibility on the user…
John P
Tin hat conspiracies aside, maybe there trying to be pro-active and give the users an opportunity to question which update to install. Not every corporate decision begins on the grassy knoll.
Michael Perry
The best reason for turning automatic updates OFF is to avoid the unwanted software being pushed out supposedly to assist users to upgrade to W10. Plus to disallow updating during periods when the system is in use for critical or important tasks that would be interrupted by the Windows Update processes.
I have recommended setting it to show when updates are available, then you have the option to download and install them when it is convenient to you and your tasks. Far safer than completely disabling updates and far more user friendly than updating when Redmond think you should!
Laurence Marks
I don’t understand this approach. Why didn’t Samsung just periodically check to see if Windows had overwritten only_their_required_drivers, and simply reinstall the ones they needed?
solidworks
Thank you for news.
I like samsung