The security researcher Patrick Barker discovered that Samsung is disabling Windows Update to run its own bloatware leaving is customers wide open to cyber attack.
Barker discovered that Samsung disable Windows update after a Windows user complained that the update system was being randomly disabled.
“SW Update is your typical OEM updating software that will update your Samsung drivers, the bloatware that came on your Samsung machine, etc. The only difference between other OEM updating software is, Samsung’s disables WU.” Barker wrote in a blog post.
The expert discovered that the update service was disabled by a software procedure called SWUpdate that Samsung bundles on its computers to handle driver updates for the Samsung hardware.
The SWUpdate code runs the executable called Disable_Windowsupdate.exe.
- GENERAL_EXECUTION - EXCUTION_FILE_NAME 64\Disable_Windowsupdate.exe <FromProductDate/>
When the expert discovered the executable was concerned that it might be a malware, but further analysis revealed that the suspect code is signed by Samsung.
The expert contacted the Samsung technical support for comment and this is the reply:
“When you enable Windows updates, it will install the Default Drivers for all the hardware no laptop which may or may not work. For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates.”
Windows Update is a critical component for the security of computers running the popular OS, it is necessary to verify that is is enabled to download the security patches.
It’s not the first time that stub of code, or entire applications, pre-installed on PCs expose users to the risk of attack.
Why Samsung was disabling Windows Update? No doubts that by disabling Windows Update the popular OS will not receive any security fix with serious consequences.
(Security Affairs – Windows Update, security)