When members of the Sysnative forum tried to help a user with a computer problem, they stumbled across something curious.
Windows Update kept randomly being disabled.
Was malware at work, turning off Windows Update to prevent Microsoft patches and security updates from being installed?
No, malware wasn’t to blame. It was Samsung.
Microsoft MVP Patrick Barker discovered that Samsung’s SW Update software was downloading and running a file with the unambiguous name of Disable_Windowsupdate.exe.
And yes, it really does appear to be Samsung’s software which is doing this. Barker confirmed that the executable file is signed by Samsung:
As there are many instances of malware trying to deliberately disable Windows Update in order to get on with their dirty work, I personally wouldn’t feel entirely comfortable if Samsung was going around doing the job for them.
Even if you notice that Windows Update has been turned off and re-enable it, Samsung SW Update will quick as a flash disable it again.
Quite why Samsung thinks it’s such a good idea to disable Windows Update is something of a mystery.
Presumably Windows Update can mess up Samsung SW Update – which has important jobs like updating the various bits of OEM bloatware which came pre-installed on your Samsung laptop – or cause some Samsung-specific drivers to suffer problems.
But turning off Windows Update in its entirety, the Microsoft software with the responsibility for keeping your Microsoft operating system and apps like Internet Explorer updated with the latest security patches, seems like a risky move to me.
Update: Sysnative Forums has been in touch, letting us know that two of its staffers – Brian Drab and Richard “neimro” Burgess – first identified and published information about this issue. Patrick Barker is another staffer on the forum, whose blog post brought the issue to a wider audience.
Here and here are links to posts on Sysnative Forums.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
3 comments on “It wasn’t malware that disabled Windows Update on your PC, it was Samsung”
Not again! Haven't vendors learnt their lesson yet? After the Lenovo SuperFish debacle performing unwanted MiTM operations on their customers computers you'd think companies like Samsung would steer clear from interfering with vital operating system processes. I own my system and don't want to be hamstrung in how I use it.
Consumers are sick of crapware being installed on their systems. With Windows 10 I believe Microsoft are allowing consumers to wipe their system (if they choose to (many won't)) back to a clean state without vendor-specific applications leaving only essential drivers and the OS. The problem Microsoft will face is the potential for anti-trust suits by disgruntled manufacturers.
Updates are critical and I'd encourage any user to ensure their system is up-to-date and patched. With Windows 10 rolling updates HOPEFULLY being denied access to update will become a thing of the past.
I don't have it to hand, but believe my Samsung ultrabook has both SW Update and Windows Update working alongside each other, However, I was not alone in having to reinstate Windows 8 after first attempt to upgrade to 8.1 as Samsung hadn't rewritten crucial drivers on its wares. Also created difficulties with switchable graphics cards, ie Intel for normal usage, AMD for gaming. Fully expect this to happen again, unless Windows 10 clean slate supports switchable cards.
Sound about right, Sony releases a virus rootkit on their CD's, Samsung aids virus and malware.
De-install anything Samsung to be safe. Perhaps after they mend their ways test them again.