mercredi 24 juin 2015

Samsung is disabling Windows Update without users' permission

samsung_logo_water

Windows Update has long been pushed as the way to make sure that Windows is fully patched and secure as possible. It is recommended that it be left in Automatic mode so updates are downloaded as they are released. Samsung, however, has different ideas.

The company has been found disabling Windows Update on a number of the computers it sells, channeling people to use its own SW Update tool instead. Microsoft MVP Patrick Barker noted the activity when he found a program called Disable_Windowsupdate.exe on his computer. The culprit was Samsung's crapware.

Writing on his blog, Barker transcribes a web chat with a Samsung customer service representative who confirmed that the company's own update tools disabled Windows update. After initially denying that the tool made changes to the registry or Windows Update (in fact a registry entry is used to start Samsung's update tool which in turn disables Windows Update) they then admitted that this was precisely what was happening. They also gave a brief -- and somewhat weak -- explanation for the activity:

When you enable Windows updates, it will install the Default Drivers for all the hardware on laptop which may or may not work. For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates.

A computer manufacturer shipping its own software update tool is nothing out of the ordinary. It is often done to keep machine-specific applications up to date as well as to deliver tailored drivers. Disabling Windows Update and taking over the entire updating process, however, is rather more unusual. As suggested by VentureBeat (and hinted at by the Samsung representative), is seems that Samsung noticed that Windows Update had a tendency to overwrite the drivers the company wanted to use. Rather than trying to address the problem properly, the sledge-hammer-to-crack-a-nut approach was to simply disable Windows Update altogether -- a foolhardy and potentially calamitous solution.

Few people would fail to see this as a security risk, and it will be interesting to see what Samsung does next. We have reached out to the company for comment and will update this story when we hear back.

Photo credit: Anton Watman / Shutterstock.com



Aucun commentaire:

Enregistrer un commentaire