Microsoft has revealed that it is discussing reports about the disabling of Windows Update with Samsung, adding that such efforts put customers at risk.
Samsung is accused of stepping in between Windows users and their regular updates, and of offering up a home-grown alternative of its own. Microsoft told V3 that it would not recommend that anyone disable the feature, and that it is "addressing" the issue with Samsung.
"Windows Update remains a critical component of our security commitment to our customers," Microsoft told us.
"We do not recommend disabling or modifying Windows Update in any way as this could expose a customer to increased security risks. We are in contact with Samsung to address this issue."
Samsung has denied reports that it has been disabling the automatic Windows Update system on some of its laptops.
The accusation was made by a Microsoft Most Valued Professional (MVP) called Patrick Barker, who found the issue while looking at an problem with a Samsung laptop.
He said Samsung is "deliberately disabling Windows Update" via a piece of code called Disable_Windowsupdate.exe that was included in a software upgrade. Barker said that he was assisting a user with a Windows Update problem when the discovery was made.
Apparently Samsung's updater disables Windows Update. http://t.co/nu5kwIA0Lf Sucks for Samsung Windows Users!— Forgotten (@ForgottenSec) June 23, 2015
"A user was being assisted with a Windows Update issue, which was going well, aside from the fact that Windows Update kept getting disabled randomly," he wrote in a blog post about the issue.
"It was figured out eventually after using auditpol.exe and registry security auditing that the program that was responsible for disabling Windows Update [is] part of Samsung's SW Update software.
"SW Update is your typical OEM updating software that will update your Samsung drivers, the bloatware that came on your Samsung machine, etc. The only difference between other OEM updating software is that Samsung's disables Windows Update."
Samsung has denied all this, claiming its system is designed to give customers choice over when updates are installed, rather than being forced upon them.
However, its statement does not appear to fully address or understand the issue, as it refers to Windows 8.1 solely, rather than across various Microsoft operating systems.
“It is not true that we are blocking a Windows 8.1 operating system update on our computers," Samsung's statement said.
"As part of our commitment to consumer satisfaction, we are providing our users with the option to choose if and when they want to update the Windows software on their products.
"We take product security very seriously and we encourage any Samsung customer with product questions or concerns to contact us directly at 0330 726 7864.”
Barker too commented on the fact the statement seems to miss the main criticism he has of the system, as it disables all Microsoft Updates, which could include important security fixes, and it cannot be stopped.
"I don't understand what this statement is implying, [...] because I never implied it specifically blocked a 'Windows 8.1 OS system update', just that their SW Update software is preventing Windows Update from automatically installing updates, and forcing the user to have it set to 'let me choose whether to download and install'," Barker said.
"If you attempt to change it, it'll switch right back on a reboot. Microsoft has openly stated that they do not like the fact that it's persistently changing, or even existing in the first place without the user's consent. It's disabling Windows Update from working as the user intends it to."
Security expert Graham Cluley questioned the purpose and the sense behind a decision to disable such a critical feature.
"Quite why Samsung thinks it's a good idea to disable Windows Update is something of a mystery," he wrote.
"Presumably Windows Update can mess up Samsung SW Update, which has important jobs like updating the various bits of OEM bloatware which came pre-installed on your Samsung laptop or cause some Samsung-specific drivers to suffer problems.
"But turning off Windows Update in its entirety, the software with the responsibility for keeping your Microsoft operating system and apps like Internet Explorer updated with the latest security patches, seems like a risky move to me."
The firm has been accused of following Lenovo in putting users at risk for its own gain. Lenovo was caught out over Superfish and publicly exposed over the massive security blunder.
Samsung are 'doing a Lenovo', entirely disabling Windows Update in favor of it's own crap ware http://t.co/ErIitZ5T0o :/— Sean Hammett (@DJGenerator) June 24, 2015
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal