Anyone who’s purchased a new Samsung laptop has probably run into the company’s “software updater” tool, which promises to keep apps and drivers up to date on your computer.
That software does something slightly sinister in the background, however: it disables Windows Update. A post by Microsoft MVP, Patrick Barker, details a small application that’s quietly installed in the background to block updates.
The app, conspicuously named Disable_Windowsupdate.exe, is installed automatically without the owner’s knowledge. According to a support representative, it’s there to stop the computer from automatically downloading drivers from Windows Update that could be incompatible with the system or cause features to break.
Unfortunately for Samsung it also appears to change the user’s update settings and disables Windows Update entirely. Once installed, the app even disables Windows Update after the user re-enables it.
Samsung’s software update service doesn’t actually ship with the application installed, it’s silently downloaded in the background at a later time from a non-HTTP server and installed without asking the user.
Disable_Windowsupdate.exe is signed with Samsung’s security certificate, confirming the company did create it.
Barker found the tool accidentally as he was trying to troubleshoot a user’s problem with Windows Update, where he was unable to get it to stay enabled after a reboot.
It’s unclear which Samsung computers are affected by the app, however questions about the suspicious app have surfaced a number of times online, with the earliest mention dating back to April 2015.
Disabling Windows Update without the user’s knowledge is unacceptable, let alone actually quietly installing an app over the internet in order to do it.
Samsung delivering the app via a non-secure protocol also means that if the server were to be compromised, it could allow an attacker to quietly install apps without you ever knowing about it.
In the meantime, if you’re a Samsung computer owner it’s worth checking for the presence of the tool at the below folder by opening a ‘run’ dialog (hit the Windows key + R) and paste in the below:
%ALLUSERPROFILE%\ProgramData\Samsung
We’ve contacted Samsung for comment about the tool and will update when we hear back.
➤ Samsung deliberately disabling Windows Update [Debugging and Reverse Engineering]
Read Next: Lenovo caught installing adware on new computers
Image credit: Gil C / Shutterstock.com
from The Next Web http://ift.tt/1BA8TX5
via IFTTT
0 Kommentare:
Kommentar veröffentlichen