Security Short Take: Samsung bows to pressure on Windows Update tweaks

It will stop changing the service on its PCs and tablets

security risk thinkstock keyboard
Credit: Thinkstock
list making rounded

Samsung has agreed to stop changing the settings for Windows Update on its hardware after getting pressure from users -- and even Microsoft -- to end the practice "within a few days."

"We will be issuing a patch through the Samsung Software Update notification process to revert back to the recommended automatic Windows Update settings ...," Samsung said in a statement Friday.

The move came in response to complaints that the practice could undermine security for Samsung's Windows devices because it interfered with the patch service. Samsung's SW Update, used to offer up its own updates for its PCs and tablets, changed Windows Update's settings to prevent it from automatically downloading and installing fixes from Microsoft. Specifically, SW Update changed the setting to "Check for updates but let me choose whether to download and install them."

Here's how the brouhaha unfolded last week:

  1. Patrick Barker, a crash-debugging and reverse-engineering expert, early last week charged the Korean firm with silently changing how Windows Update delivers bug fixes and security patches. Following the revelation, Microsoft said: "We are in contact with Samsung to address this issue."
  2. Samsung at mid-week said it would look into the matter, but denied that it had blocked a Windows 8.1 update -- a charge Barker never made. It did acknowledge, however, that its software had tweaked Windows Update.
  3. By Friday, Microsoft had successfully persuaded Samsung to stop changning Windows Update, which Microsoft sees as a core feature of Windows and the only sanctioned channel for distributing code changes. "Samsung has a commitment to security and we continue to value our partnership with Microsoft," Samsung said in its statement.

Windows Update will play an even more prominent role in Windows 10, which is slated to arrive July 29. The new OS will be delivered to Windows 7 and Windows 8.1 users via Windows Update -- the first time the company has used the service for a major refresh. And, once installed, the new OS will automatically download and install updates on Windows 10 Home machines. Windows 10 Home is the main consumer-grade version of Windows. After they upgrade, users will no longer be able to pick which updates to apply, as they can now.

With reports by Gregg Keizer at Computerworld.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.