Samsung bloatware disables Windows Update, claims researcher
Hardware vendor accused of leaving PCs open to attack in bid to control driver updates
Samsung's proprietary driver-update software stands accused of disabling Windows Update, potentially leaving users of the South Korean firm's PCs open to malware incursions, The Register reported.
Independent researcher Patrick Barker on Tuesday reported that a user on his forum was having difficulty with Windows Update, Microsoft's automatic-maintenance feature that periodically patches its OS.
Writing on his blog, Barker claimed that after running standard auditpol.exe and registry security auditing he found the culprit to be Disable_Windowsupdate.exe, which he said was part of Samsung's SW Update software. Barker also claimed that the disabling of Windows Update set Samsung apart from other OEM vendors.
Windows Update is vital to the security of a Windows system as it also patches known security vulnerabilities.
As Microsoft told The Register: "Windows Update remains a critical component of our security commitment to our customers. We do not recommend disabling or modifying Windows Update in any way as this could expose a customer to increased security risks. We are in contact with Samsung to address this issue."
A Samsung technical support agent had this to say: "When you enable Windows Update, it will install default drivers for all hardware... which may or may not work. For example, if there is USB 3.0 on a laptop, the ports may not work with the installation of updates. So, to prevent this, the SW Update tool will prevent the Windows updates."
But, in an official statement, Samsung later contradicted the agent.
"It is not true that we are blocking a Windows 8.1 operating system update on our computers," it claimed. "As part of our commitment to consumer satisfaction, we are providing our users with the option to choose if and when they want to update the Windows software on their products.
"We take product security very seriously and we encourage any Samsung customer with product questions or concerns to contact us directly at 1-800-SAMSUNG."
Samsung's SW Update software marks the second instance this year of a major PC manufacturer having to do damage control because of bloatware installed on its hardware. In February Lenovo had to release a software tool to automatically remove proprietary Superfish Visual Discovery adware from its PCs, after security specialists accused it of spying on traffic between browser and server, and faking certificates to plant adverts in secure websites.