It wasn’t malware that disabled Windows Update on your PC, it was Samsung

Graham Cluley

Samsung

When members of the Sysnative forum tried to help a user with a computer problem, they stumbled across something curious.

Windows Update kept randomly being disabled.

Was malware at work, turning off Windows Update to prevent Microsoft patches and security updates from being installed?

No, malware wasn’t to blame. It was Samsung.

Microsoft MVP Patrick Barker discovered that Samsung’s SW Update software was downloading and running a file with the unambiguous name of Disable_Windowsupdate.exe.

Samsung disables Windows Update

And yes, it really does appear to be Samsung’s software which is doing this. Barker confirmed that the executable file is signed by Samsung:

Samsung certificate

As there are many instances of malware trying to deliberately disable Windows Update in order to get on with their dirty work, I personally wouldn’t feel entirely comfortable if Samsung was going around doing the job for them.

Even if you notice that Windows Update has been turned off and re-enable it, Samsung SW Update will quick as a flash disable it again.

Samsung SW UpdateQuite why Samsung thinks it’s such a good idea to disable Windows Update is something of a mystery.

Presumably Windows Update can mess up Samsung SW Update – which has important jobs like updating the various bits of OEM bloatware which came pre-installed on your Samsung laptop – or cause some Samsung-specific drivers to suffer problems.

But turning off Windows Update in its entirety, the Microsoft software with the responsibility for keeping your Microsoft operating system and apps like Internet Explorer updated with the latest security patches, seems like a risky move to me.

Further reading:

Update: Sysnative Forums has been in touch, letting us know that two of its staffers – Brian Drab and Richard “neimro” Burgess – first identified and published information about this issue. Patrick Barker is another staffer on the forum, whose blog post brought the issue to a wider audience.

Here and here are links to posts on Sysnative Forums.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

3 Replies to “It wasn’t malware that disabled Windows Update on your PC, it was Samsung”

  1. Not again! Haven't vendors learnt their lesson yet? After the Lenovo SuperFish debacle performing unwanted MiTM operations on their customers computers you'd think companies like Samsung would steer clear from interfering with vital operating system processes. I own my system and don't want to be hamstrung in how I use it.

    Consumers are sick of crapware being installed on their systems. With Windows 10 I believe Microsoft are allowing consumers to wipe their system (if they choose to (many won't)) back to a clean state without vendor-specific applications leaving only essential drivers and the OS. The problem Microsoft will face is the potential for anti-trust suits by disgruntled manufacturers.

    Updates are critical and I'd encourage any user to ensure their system is up-to-date and patched. With Windows 10 rolling updates HOPEFULLY being denied access to update will become a thing of the past.

  2. I don't have it to hand, but believe my Samsung ultrabook has both SW Update and Windows Update working alongside each other, However, I was not alone in having to reinstate Windows 8 after first attempt to upgrade to 8.1 as Samsung hadn't rewritten crucial drivers on its wares. Also created difficulties with switchable graphics cards, ie Intel for normal usage, AMD for gaming. Fully expect this to happen again, unless Windows 10 clean slate supports switchable cards.

  3. Sound about right, Sony releases a virus rootkit on their CD's, Samsung aids virus and malware.
    De-install anything Samsung to be safe. Perhaps after they mend their ways test them again.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES