Earlier this week, a Microsoft security researcher wrote a scathing account of how Samsung's SW Update tool (installed by default on all Samsung PCs) is disabling Windows Update, potentially leaving millions of computers vulnerable to critical security flaws. Thankfully, Samsung's crack bloatware programmers have seen the light, and are pushing an update.
Samsung provided the following statement to Gizmodo, confirming the update:
"Samsung has a commitment to security and we continue to value our partnership with Microsoft. We will be issuing a patch through the Samsung Software Update notification process to revert back to the recommended automatic Windows Update settings within a few days."
An apology (or admission that breaking Windows Update in the first place was a really dick move) would have been nice, but we'll take our functioning Windows Updates in either case. If you're using a Samsung PC and haven't uninstalled SW Update yet, keep your eyes peeled for an update in the next few days.
Windows updates are simultaneously very boring and incredibly important: they have a habit of shutting down your computer at the wrong moment, but also patch critical security flaws with alarming regularity. So if a manufacturer decided to disable Windows Update to favour its own crappy bloatware, that would be incredibly fucked. Oh hey there, Samsung!
Every Samsung laptop ships with a little utility called 'SW Updater', which is there to update drivers, firmware, and the bloatware that every laptop (unfortunately) ships with. It's pretty standard fare for a Windows laptop. This is how Samsung describes the program:
Find easy ways to install and maintain the latest software, protect your computer, and back up your music, movies, photos, and files. Plus, learn how to share music, videos, and pictures between your computer and other devices, such as your mobile phone and TV. The best way to keep up-to-date with product releases, software updates, and other information about Samsung Notebook Computer.
But as a researcher noted in a teardown on his blog, SW Update features one decidedly non-standard thing: a lovely program called 'Disable_Windowsupdate.exe', which -- surprise surprise! -- disables Windows Update, preventing it from finding or installing new updates. And even if you notice this, and re-enable Windows Update, SW Update will disable it whenever you reboot your computer.
It's unclear exactly why SW Update chooses to do this; most likely, Windows Update and SW Update didn't play nice with each other, as an untimely Windows update could break some proprietary piece of Samsung software. So, the best (and worst) half-assed fix is simply to disable Windows Update altogether -- no updates, no problem! (This is basically pure speculation, but it's also exactly the kind of corner-cutting I would resort to if I wrote bloatware updaters for a living.)
Whatever the reasoning, disabling Windows Update creates all kinds of security problems, because it fixes major security flaws almost every Tuesday. Just two weeks ago, a patch was deployed to fix 20 (!!!) 'critical' problems with Internet Explorer that would allow hackers to remotely execute code. February and April saw similarly gaping holes fixed. Of course, in an ideal world, Windows would be vulnerability-free when it ships; but because we don't live in a coding utopia, updating your computer is about the most effective thing you could do for security.
Coming just a few months after Lenovo's infamous Superfish malware, this is really just another example of why bloatware needs to die, yesterday. Sure, SW Update itself isn't bloatware -- in theory, it exists to download potentially useful updates to things like trackpads. But messing up your laptop's security by denying it updates? That's mostly just a byproduct of manufacturers wanting to cram more and more resource-and-soul-sucking crap onto everything they sell you.
We reached out to Samsung for comment, and will update with its response.
Update: A Samsung spokesperson replied with the following empty shell of a comment:
"We are aware of Mr. Barker's claim regarding Windows 8.1 updates on our computers. We take security concerns very seriously and we are working with Microsoft to address this matter."