Samsung has been accused of disabling Windows Update on some models of its laptops, potentially leaving customers exposed to unpatched security flaws. The company is reportedly shutting down Windows Update in favour of its own utility suite, which is bundled with selected models of Samsung's laptops.
The discovery was made by Microsoft Most Valuable Professional (MVP), Patrick Barker, who has documented how Samsung laptops run an executable called Disable_Windowsupdate.exe, which does exactly what it says on the tin. The executable is part of Samsung's SW Update software, which Barker describes as "your typical OEM updating software that will update your Samsung drivers, the bloatware that came on your Samsung machine, etc."
It seems Samsung is shutting down Windows Update to ensure it doesn't interfere with its own update procedures. In an online conversation with a Samsung support representative, the technician told Barker that: "When you enable Windows updates, it will install the Default Drivers for all the hardware no laptop which may or may not work [sic]. For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates."
The obvious danger is that by shutting down Windows Update, users are missing out on operating system updates and other security patches, which could leave their machines woefully exposed. "Why would you ever disable WU in such a fashion (or in general), in a way a generic user cannot control, leaving them vulnerable?," Barker asks on his blog.
That's certainly a question we've put to Samsung's press office, but the company hadn't returned our request for comment at the time of publication.
Samsung isn't the first PC maker to be accused of imperiling customers' security with bundled bloatware. Earlier this year, it was revealed that Lenovo had pre-installed a piece of software called Superfish on selected models of its laptops, which inadvertently made it possible for snoopers to monitor customers' web traffic. Lenovo pulled the software and distributed a utility to remove it from customers' machines.
