It wasn't malware that disabled Windows Update on your PC, it was Samsung

Samsung

When members of the Sysnative forum tried to help a user with a computer problem, they stumbled across something curious.

Windows Update kept randomly being disabled.

Was malware at work, turning off Windows Update to prevent Microsoft patches and security updates from being installed?

No, malware wasn't to blame. It was Samsung.

Microsoft MVP Patrick Barker discovered that Samsung's SW Update software was downloading and running a file with the unambiguous name of Disable_Windowsupdate.exe.

Samsung disables Windows Update

And yes, it really does appear to be Samsung's software which is doing this. Barker confirmed that the executable file is signed by Samsung:

Samsung certificate

As there are many instances of malware trying to deliberately disable Windows Update in order to get on with their dirty work, I personally wouldn't feel entirely comfortable if Samsung was going around doing the job for them.

Even if you notice that Windows Update has been turned off and re-enable it, Samsung SW Update will quick as a flash disable it again.

Samsung SW UpdateQuite why Samsung thinks it's such a good idea to disable Windows Update is something of a mystery.

Presumably Windows Update can mess up Samsung SW Update - which has important jobs like updating the various bits of OEM bloatware which came pre-installed on your Samsung laptop - or cause some Samsung-specific drivers to suffer problems.

But turning off Windows Update in its entirety, the Microsoft software with the responsibility for keeping your Microsoft operating system and apps like Internet Explorer updated with the latest security patches, seems like a risky move to me.

Further reading:

Update: Sysnative Forums has been in touch, letting us know that two of its staffers - Brian Drab and Richard "neimro" Burgess - first identified and published information about this issue. Patrick Barker is another staffer on the forum, whose blog post brought the issue to a wider audience.

Here and here are links to posts on Sysnative Forums.

Tags: , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , ,

3 Responses

  1. Bob

    June 24, 2015 at 10:03 am #

    Not again! Haven't vendors learnt their lesson yet? After the Lenovo SuperFish debacle performing unwanted MiTM operations on their customers computers you'd think companies like Samsung would steer clear from interfering with vital operating system processes. I own my system and don't want to be hamstrung in how I use it.

    Consumers are sick of crapware being installed on their systems. With Windows 10 I believe Microsoft are allowing consumers to wipe their system (if they choose to (many won't)) back to a clean state without vendor-specific applications leaving only essential drivers and the OS. The problem Microsoft will face is the potential for anti-trust suits by disgruntled manufacturers.

    Updates are critical and I'd encourage any user to ensure their system is up-to-date and patched. With Windows 10 rolling updates HOPEFULLY being denied access to update will become a thing of the past.

  2. Paul Nettleton

    June 24, 2015 at 3:26 pm #

    I don't have it to hand, but believe my Samsung ultrabook has both SW Update and Windows Update working alongside each other, However, I was not alone in having to reinstate Windows 8 after first attempt to upgrade to 8.1 as Samsung hadn't rewritten crucial drivers on its wares. Also created difficulties with switchable graphics cards, ie Intel for normal usage, AMD for gaming. Fully expect this to happen again, unless Windows 10 clean slate supports switchable cards.

  3. Reality Bites

    June 25, 2015 at 12:10 am #

    Sound about right, Sony releases a virus rootkit on their CD's, Samsung aids virus and malware.
    De-install anything Samsung to be safe. Perhaps after they mend their ways test them again.

Leave a Reply