Windows updates are simultaneously very boring and incredibly important: they have a habit of shutting down your computer at the wrong moment, but also patch critical security flaws with alarming regularity. So if a manufacturer decided to disable Windows Update to favor its own crappy bloatware, that would be incredibly fucked. Oh hey there, Samsung!
Every Samsung laptop ships with a little utility called ‘SW Updater’, which is there to update drivers, firmware, and the bloatware that every laptop (unfortunately) ships with. It’s pretty standard fare for a Windows laptop. This is how Samsung describes the program:
Find easy ways to install and maintain the latest software, protect your computer, and back up your music, movies, photos, and files. Plus, learn how to share music, videos, and pictures between your computer and other devices, such as your mobile phone and TV. The best way to keep up-to-date with product releases, software updates, and other information about Samsung Notebook Computer.
But as a researcher noted in a teardown on his blog, SW Update features one decidedly non-standard thing: a lovely program called ‘Disable_Windowsupdate.exe’, which — surprise surprise! — disables Windows Update, preventing it from finding or installing new updates. And even if you notice this, and re-enable Windows Update, SW Update will disable it whenever you reboot your computer.
It’s unclear exactly why SW Update chooses to do this; most likely, Windows Update and SW Update didn’t play nice with each other, as an untimely Windows update could break some proprietary piece of Samsung software. So, the best (and worst) half-assed fix is simply to disable Windows Update altogether — no updates, no problem! (This is basically pure speculation, but it’s also exactly the kind of corner-cutting I would resort to if I wrote bloatware updaters for a living.)
Whatever the reasoning, disabling Windows Update creates all kinds of security problems, because it fixes major security flaws almost every Tuesday. Just two weeks ago, a patch was deployed to fix 20 (!!!) ‘critical’ problems with Internet Explorer that would allow hackers to remotely execute code. February and April saw similarly gaping holes fixed. Of course, in an ideal world, Windows would be vulnerability-free when it ships; but because we don’t live in a coding utopia, updating your computer is about the most effective thing you could do for security.
Coming just a few months after Lenovo’s infamous Superfish malware, this is really just another example of why bloatware needs to die, yesterday. Sure, SW Update itself isn’t bloatware — in theory, it exists to download potentially useful updates to things like trackpads. But messing up your laptop’s security by denying it updates? That’s mostly just a byproduct of manufacturers wanting to cram more and more resource-and-soul-sucking crap onto everything they sell you.