According to an independent engineer and security researcher, Patrick Barker, Samsung was discovered to be switching off the update mechanism in order to prevent some hardware drivers from being changed.
In a blog post, Barker claimed a user was being assisted him with a Windows Update issue where the function was randomly disabled.
"It was figured out eventually after using auditpol.exe and registry security auditing that the program that was responsible for disabling WU was Disable_Windowsupdate.exe, which is part of Samsung's SW Update software," said Barker.
Barker then got in touch with a Samsung customer support rep, to ask why Windows Update was being disabled. In a web chat with the rep, he was told that “When you enable Windows updates, it will install the Default Drivers for all the hardware on the laptop which may or may not work. For example, if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates."
However, in a statement Samsung denied this was the case.
“It is not true that we are blocking a Windows 8.1 operating system update on our computers. As part of our commitment to consumer satisfaction, we are providing our users with the option to choose if and when they want to update the Windows software on their products. We take product security very seriously and we encourage any Samsung customer with product questions or concerns to contact us directly at 0330 726 7864,” a spokesman for the company said.
However, the wording of the statement doesn't address whether this is true for Samsung laptops running Windows 7 or below.
Paul Stone, principal consultant at Context Information Security, told SCMagazineUK.com that Samsung did this to prevent old or incompatible drivers for Samsung hardware being downloaded from Windows Update.
“This still sounds like an odd reason though. In theory, Windows Update shouldn't replace drivers as long as Samsung's newer drivers are marked with the correct date and version number,” he said.
Andrew Conway, research analyst at Cloudmark, told SC that laptops often contain customised hardware components in an attempt to gain an advantage in a highly competitive market.
“Those components require custom software drivers. It appears that the Windows Update process was replacing these with the generic software drivers, thus disabling these components or removing any performance advantages they may have gained from the customisation,” he added.
Conway said that Samsung computers don't ship with Windows Update disabled. The program that turns off Windows Update ships as part of a Samsung update.
“This suggest to me that this was not part of the original plan. My guess is that Samsung discovered that Windows Update was a potential problem after their computer design was finalised (and possibly after a large number of computers had been manufactured), and that disabling it was an emergency measure to try to prevent widespread problems,” Conway said.
He said that he could not imagine that Samsung's engineers would have done this unless they felt there was no practical alternative.
“I'm convinced this was not part of the original design. I suspect it was a response to a crisis. Of course they will have to find a practical solution now. I suspect they will go to Microsoft on bended knee and beg for a way of flagging their custom drivers so that Windows Update will not override them,” said Conway.
Wolfgang Kandek, Qualys CTO, told SC that hackers could use the same trick to disable updates and leave users vulnerable. “This would allow them to keep all machines in an attackable state. In a similar way, it would be interesting to turn off updates from Windows defender as well,” he said.
But Stone said that hackers would not bother with switching off Windows Update. “They'd have to already have administrator level access to your PC. If they have that, then there's a lot worse they could do,” he added.
Mark James, security specialist at ESET, told SC Magazine that once Windows updates have been disabled the chances of vulnerabilities being fixed or patched “could be removed from the equation and therefore the expected life span of malware is extended manifold”.
“Microsoft by default will let you know if updates are switched off but also this is relatively simple to circumnavigate,” he said.
Stone said he wouldn't be surprised if this ended up in a lawsuit. “Lenovo is facing a class action lawsuit over the ‘Superfish' adware that compromised the security of users' SSL connections. As a Microsoft OEM partner, Samsung will have requirements about preloaded software and default Windows settings. Whether that covers Windows Update, I don't know,” he said.