Updated Samsung computer users could find themselves wide open to attack because the software the Korean giant bundles on its systems disables Windows Update.
The problem was spotted by independent security researcher Patrick Barker after a Windows user complained that the Windows Update function, which automatically downloads patches and security fixes from Microsoft, was being randomly disabled.
The culprit turned out to be a piece of code called SWUpdate, which Samsung bundles on its machines to handle driver updates for its hardware. SWUpdate, in turn, runs an executable called Disable_Windowsupdate.exe as part of its standard operations. Guess what that does.
At first, the researchers were concerned that the software might be malware, although it did appear to be signed by Samsung itself. A call to Samsung technical support yielded the following response:
When you enable Windows updates, it will install the Default Drivers for all the hardware no laptop which may or may not work. For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates.
Samsung has not replied to The Reg's request for comment but a Microsoft spokesperson emailed us the following statement:
Windows Update remains a critical component of our security commitment to our customers. We do not recommend disabling or modifying Windows Update in any way as this could expose a customer to increased security risks. We are in contact with Samsung to address this issue.
The case highlights the longstanding problem of OEM bloatware coming pre-installed on PCs. And while it isn't as egregious as the Lenovo Superfish debacle, it's still a serious issue. It's hard to see why Samsung thought disabling Windows Update was a good idea, given that Microsoft regularly uses it to push critical security fixes for all of its major products, but some bright spark obviously pushed the idea through.
On a more positive note, it is possible to buy some Samsung laptops without all the OEM crapware installed under the Microsoft Signature Edition brand. The downside is that you can only get them at the Microsoft Store; buy elsewhere and you're on your own. ®
"It is not true that we are blocking a Windows 8.1 operating system update on our computers. As part of our commitment to consumer satisfaction, we are providing our users with the option to choose if and when they want to update the Windows software on their products," said Samsung.
"We take product security very seriously and we encourage any Samsung customer with product questions or concerns to contact us directly at 1-800-SAMSUNG."