Who Got Caught Disabling Windows Update?
Caught red-handed, one computer vendor has admitted that it covertly disables the automatic-update feature of Windows Update, forcing users of some, perhaps all, of its Windows computers to download and install critical updates manually. Of course, many won’t, and they will leave themselves open to hackers and malware. Here's what you need to know...
Don't Touch My Windows Update!
To answer the question posed in the title of this article: Samsung. But don’t think this doesn’t apply to you because your PC wasn’t made by Samsung. The hardware maker’s excuse for this breach of customers’ security (not to mention its contract with Microsoft) has implications for all Windows users. I’ll explain after outlining how Samsung’s deliberate weakening of users’ security was discovered.
Patrick Barker, a Microsoft MVP (Most Valued Partner), was troubleshooting a client’s Samsung computer; Windows Update “no longer worked,” the client said. Barker found that Windows Update was set to “Check for updates but let me choose whether to download and install them.” The only worse setting is “Never check for updates.” Barker reset Windows Update to the preferred setting, “Install updates automatically.”
But when the PC was rebooted, the setting went right back to the “let me choose” option! Thinking his client might have a malware infection, Barker ran some expert diagnostic tools to see what was going on.
He found the culprit in plain sight: an executable file actually named Disable_WindowsUpdate.exe forced Windows Update to the dangerously user-dependent setting every time the machine was rebooted. But it wasn’t malware stealthily injected by an anonymous hacker.
Barker discovered that Disable_WindowsUpdate.exe was digitally signed by Samsung, and was part of the Samsung’s SW Update Tool. Every computer hardware vendor bundles its own system maintenance software with its machines. These proprietary programs duplicate many functions built into Windows, and many people consider them to be bloatware that can be removed without repercussions. But there’s one important difference between Windows Update and proprietary maintenance toolkits.
Why Would Samsung Disable Windows Update?
Samsung’s SW Update Tools fetches certain updates from Samsung’s servers, not the Windows Update server. Drivers for Samsung USB 3.0 ports, for instance, are different from the generic USB drivers that Windows Update installs. Samsung’s drivers are written to get the best performance out of the USB 3.0 hardware that Samsung has designed. A generic Windows driver may not work at all with some highly engineered hardware; you must use the manufacturer’s driver.
Samsung says that automatic Windows Updates were overriding some of Samsung’s proprietary drivers with generic ones. The result was that come hardware features might no longer work, or would not run as well as designed. So the company “gave users the choice” to skip automatic Windows Updates and use SW Update Tool instead.
The dastardly thing is, Samsung doesn’t tell users what it’s doing. One could go nuts resetting Windows Update to “automatic” and wondering why in the world it keeps reverting to “let me choose…”
Microsoft is not at all happy about Samsung’s interference with the default, automatic mode of Windows Update. Legal fur could fly, but right now the two companies are “discussing the issue” behind the scenes.
Samsung must have been pretty exasperated with Microsoft, too, or it would not have committed such a serious breach of its OEM agreement to force the issue of incompatible Windows Update drivers. I expect the two tech giants will work out a deal whereby Samsung’s latest proprietary drivers get into the Windows Update database faster. Then Samsung won’t have to disable automatic Windows Updates.
If Samsung’s excuse for disabling automatic Windows Updates is true, then drivers and other software may be “corrupted” – overridden, actually - by less effective generic software installed by Windows Update, at least in some cases.
Blame on Both Sides
It’s probably unrealistic to expect Windows Update to deliver the latest version of every proprietary driver that might be needed; there are legions of such drivers. But instead of blindly installing GENERIC drivers that OVERRIDE proprietary drivers, Windows Update should defer to an OEM and tell you, “There may be a better driver available from the maker of your device.” I don’t think that’s too much to ask.
Samsung and other OEMs could do a better job of uploading their latest proprietary software updates to Windows Update, too. But then you’d have little reason to visit their sites where they can sell you something more.
For now, Samsung is bowing to pressure from Microsoft and tech news outlets. Last Friday, Samsung promised to issue a patch through the Samsung Software Update notification process "to revert back to the recommended automatic Windows Update settings within a few days." As of this writing, that patch has yet to appear.
I know some people advise turning off Windows Update, or picking and choosing which updates to install. I feel this is dangerous, and ill-advised. The chances of being negatively affected by a Windows Update patch are vanishingly small, while the chances of missing something important by not using it are high.
My advice is to you, regardless of who made your PC, is to check and make sure that your Windows Update settings are set to "Install updates automatically." Click Start, then Windows Update, then "Change settings" to verify. Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 29 Jun 2015
|For Fun: Buy Bob a Snickers.|
Who Has Your Back?
The Top Twenty
Best AntiVirus Software for 2015
There's more reader feedback... See all 47 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Who Got Caught Disabling Windows Update? (Posted: 29 Jun 2015)
Copyright © 2005 - Bob Rankin - All Rights Reserved