
Samsung disabling Windows Update? - firloop
http://bsodanalysis.blogspot.com/2015/06/samsung-deliberately-disabling-windows.html
======
pja
This is about as end-user hostile as the Lenovo Superfish thing. By the sounds
of things, Samsung has managed to ship some of their laptops with devices that
fail with the standard windows devices drivers, but don’t have their own pci-
id which would allow Samsung to ship a custom driver. Samsung’s solution to
this is not to issue a hardware recall & replace the laptops, but to expose
their customers’ private personal information to every future malware author
on the planet.

In some ways, this is _worse_ than Superfish. Superfish was at least not
deliberate; it seems pretty clear that Lenovo really didn’t understand the
full implications of what they were doing by installing it on their laptops.
There’s no way that Samsung doesn’t understand that by disabling Windows
Update they are trading off their customers’ security against the cost of a
hardware recall.

(It wouldn’t surprise me to discover that Microsoft actually has ways of
blacklisting driver updates under Windows Update & will liaise with OEMs to
help them sort out problems like this - it wouldn’t be that hard to maintain a
list of 'if the hardware looks like _this_ then install _that_ driver instead
of the standard one'. In which case Samsung is simply trading off a bit of
management time against their customers’ security which is even more
unacceptable.)

~~~
polymatter
its probably a short term fix while they work through the process of working
out how to identify the defective machines and isolate them properly within
Windows Updates.

still incredibly dodgy though.

------
UnoriginalGuy
If this is true (and frankly I know for a fact it is, as I just downloaded the
linked file containing Disable_Windowsupdate.exe, which is signed by Samsung
Electronics CO and downloaded from Samsung's own servers) then Microsoft
should pick up the phone and threaten the heck out of Samsung, Microsoft while
somewhat neutered by anti-trust still has a great deal of power over OEMs and
stuff like this is a perfect time to [ab]use it.

~~~
tantalor
Yet, Microsoft is responsible for allowing such software to run in the
background with no notification or authorization by the user or means to
disable it.

~~~
pilif
It's really hard to find the correct middle-ground. Would you prefer if
Windows worked like iOS where there are serious limitations on what apps can
do in the background and where every application has to go through a central
authority for vetting?

Or do you propose a solution that gives both freedom to the user while also
not allowing something like this to happen?

Yes, there are whitelisting solutions (built into the OS by MS, btw), but they
are a real pain in the ass to use - there's just too much stuff running on
your machine at any given time.

~~~
ninkendo
> Would you prefer if Windows worked like iOS where there are serious
> limitations on what apps can do in the background and where every
> application has to go through a central authority for vetting?

I've thought about this for a while, and honestly, for
desktops/notebooks/tablets? Yes. Maybe not just one App Store like iOS, but at
least sandbox all possible non-os code similarly to ChromeOS, in a way that's
on by default and requires a boot-time flag to disable (and users should be
allowed to do this, but OEMs shouldn't.)

Recently my dad bought a new $300 toshiba laptop because his old machine was
just "slow", as in he had so much spyware on his computer that it was easier
to just buy a new one than going through the hassle of cleaning up his old
one. Even though his old laptop was perfectly good and of a recent hardware
generation.

I'm 100% positive he's going to have the same issues on his new laptop, and
his response was that he uses his iPad so much that it doesn't matter anyway.

The role of the modern day OS has changed immensely over the years. Nowadays
there's simply no reason for legitimate applications to have the level of
access to the underlying system that they used to have. Apps really don't need
arbitrary filesystem access. They don't need to be able to overwrite core
system files. They should be run in a sandbox or a container with as
restricted of a set of permissions as possible.

For servers and development workstations the story is a little bit different,
but those are exceptions to the rule, and with the proper release hatches like
boot-time enabling of un-sandboxed code it's a good tradeoff IMO.

~~~
bad_user
Right, so because Windows has been historically shitty creating this problem
in the first place, we now willingly want Trusted Computing and thus losing
control and ownership of our own devices, with the grandma reason given as
rationale. Well, when this relationship with the likes of Apple and Microsoft
goes toxic, and it's only a matter of time, I'll be one of those that will
enjoy it, as I'll consider it a sort of social justice, as a lot of people
told you so and you wouldn't listen.

~~~
matthewmacleod
Instead of this sanctimonious sermon, we would be better served attempting to
solve the problem that locked-down platforms do, but in a more open way.

Because the fact remains - computers have been a difficult thing for many
people to use and maintain reliably. The "Windows has been historically
shitty" point might be a reason this problem has been worse than it needed to,
but it's hardly a compelling excuse.

When people—and not just Grandma—point out that their iPads don't have the
same problem, then we should take that on board, rather than telling them that
they're stupid for not listening.

~~~
bad_user
So I'm all for solving current problems, however if I'm sure of anything, I'm
sure that companies like Microsoft or Apple won't deliver a solution that
solves these problems without locking-in users into a trap which is worse than
the problem that it's solving.

And on Windows, this is the oldest trick in the book - in order to sell
something people don't want, you first need to create the demand for it.

------
vcarl
> When you enable Windows updates, it will install the Default Drivers for all
> the hardware no laptop which may or may not work. For example if there is
> USB 3.0 on laptop, the ports may not work with the installation of updates.
> So to prevent this, SW Update tool will prevent the Windows updates.

So they "fixed" the problem of their driver getting overwritten by disabling
all OS level updates? Oof. Screams shoddy development if this is true.

~~~
CountSessine
Sounds to me like they put defective rev of a USB3 host controller on the
board, and they need their own driver to work around it, but the host
controller is going to identify itself generically enough that Samsung can't
rely on PNP ID matching to pick their work-around driver. Hence they disable
windows update to avoid getting a driver update that would stomp their
workaround driver.

Whatever it is, it sounds really sketchy.

~~~
busterarm
It's because we don't do recalls on computers...and we should.

Faulty hardware like this goes out _all the time_. Eons ago when I sold
computers, HP had a line of high end laptops (~$3500) with 2 slots for RAM
(back when that was a big deal in a laptop...) and we found out that the
second RAM slot's pins were not connected to anything on the motherboard. On
every single laptop we opened (30+). Literally they had just pins on a board
with no traces and advertised it as a 2-slot laptop.

HP stonewalled us (Circuit City flagship store, so we had corporate involved)
and kept trying to get us to sign an NDA before they would confirm the problem
or offer a solution. We said fuck that and shipped several thousand of the
things (the chain's entire order) back to them as defective.

They caved, like they should have, but complained about it the entire time.

------
nivla
I don't understand, why is Samsung pulling stunts like this all the time? It
would make sense if they were trying to get up the ladder but they are already
there, they hold an unquestionably large market share of Android. Things like
these won't do any good in the long run but only prompt consumers to actively
avoid the brand.

Some of the things that really surprises me:

[1] [http://gizmodo.com/samsung-rigged-the-s4-to-unnaturally-
perf...](http://gizmodo.com/samsung-rigged-the-s4-to-unnaturally-perform-
better-in-971577921)

[2] [http://www.neowin.net/news/samsungs-gamepad-is-a-
microsoft-l...](http://www.neowin.net/news/samsungs-gamepad-is-a-microsoft-
lawsuit-waiting-to-happen)

[3]
[http://money.cnn.com/2015/02/09/technology/security/samsung-...](http://money.cnn.com/2015/02/09/technology/security/samsung-
smart-tv-privacy/)

~~~
rtpg
The simplest explanation is that Samsung has mostly shoddy engineers and
designers.

The voice recognition thing is that they outsourced the voice recognition, so
are just piping all conversation to them.

The gamepad thing is "oh we need a gamepad, the 360 is popular right"?

the benchmark thing is "our manager wants us to beat these specific
benchmarks, let's just overclock for the benchmarks the manager mentioned"

I mean, it doesn't excuse them of course, but I imagine this is mainly a
consequence of a lot of people whose job it is to meet their manager's
checklist of features, and not caring about the products themselves.

~~~
MichaelCrawford
amazons alexa is an always on internet connected "speaker" that answers your
questions.

i expect amazon intends to obtain acceptance by not copping to the fact that
it also has to be a microphone.

~~~
MBCook
The Alexa listens for a keyword (Alexa, or it can be changed to Amazon)
locally, and then once triggered sends your query to Amazon for processing.
That's the same way that "Hey Siri" and "OK Google" work.

Samsung seems to have skipped the 'trigger phrase' part and just sent
EVERYTHING and tried to see if it needed to be listened to.

Big difference.

------
userbinator
Samsung provides their own updating software? I'm not surprised... consumer
hardware and the drivers associated with them is in general a horrible mess of
workarounds and I feel it's only going to get worse.

 _For example if there is USB 3.0 on laptop, the ports may not work with the
installation of updates._

That's a pretty minor problem compared to what I've heard: _automatic BIOS_
updates, which happen silently and brick the machine without any prior
warning.

Ironically it is the "update culture" that brought us this whole mess in the
first place; pushing out software (and hardware) that barely works "because we
can always update it later", patching around bugs, and then realising that
your patches break if someone else changes a piece you depend on, and so
forth, thus leading to ultimatum situations like this.

------
bentcorner
Isn't there a method by which Samsung can deliver to Microsoft the set of
drivers required for their hardware, to solve this exact problem?

Is this a matter of Samsung not wanting to go through the WHQL process?

~~~
crdoconnor
It's possible that Microsoft have been covertly throttling the WHQL process to
punish Samsung somehow. They _are_ competing head on with Microsoft in a
number of other markets (tablets, etc.), and WHQL is not really subject to
much, if any, legal scrutiny.

~~~
SmellyGeekBoy
Yes, I hear 9/11 was an inside job as well...

~~~
crdoconnor
Somebody clearly wasn't around in the 90s.

~~~
SmellyGeekBoy
I was born in 1984, I remember the 90s well... If Apple have completely
reinvented themselves, why not Microsoft?

------
vxNsr
Well this is a truly terrifying turn of events, though the most amazing part
is that chat agent was any help at all, I was expecting a recommendation that
he call the support line or an outright denial. so samsung can at least be
commended for giving their staff at least a little training.

------
ademarre
I'm fed up with these hardware vendors incessantly messing with software. Why
doesn't Microsoft tighten up its OEM licensing terms to put an end to this
kind of thing?

~~~
bskap
Because the US and EU have repeatedly told Microsoft that they're not allowed
to force OEMs to use their software.

~~~
viraptor
I'm not sure this applies. "You're not allowed to disable updates" is not even
close to "You cannot install any browser other than IE".

~~~
bskap
I'm not sure Microsoft wants to gamble $1 billion that "You have to use
Microsoft's updater" is different than "you have to include Windows Media
Player".

------
lucb1e
TL;DR: Samsung's software is meant to install device drivers for your laptop.
Because there are also drivers in Windows Update that Samsung considers
conflicting, they disabled all of Windows Update to prevent those drivers from
being installed.

------
Animats
Normally, you'd expect a major hardware vendor and a major software vendor to
be talking enough to avoid such problems. Does this indicate that Microsoft
and Samsung are not getting along? That's quite possible, since they compete
in tablets now.

~~~
MichaelGG
Eh normally you just expect hardware vendors to be so incompetent at writing
software that this isn't too surprising.

------
smaili
Fantastic discovery! Kind of makes me wonder if there are other OEMs doing the
same kind of thing and we just never noticed it.

~~~
userbinator
_we just never noticed it._

Quite likely if those who would have the knowledge to look into such things
are also those who would just reformat the drive and install a fresh copy of
the OS.

~~~
tracker1
It's funny, but that's usually the first thing I do with new hardware...
though it's also because in general I put in more RAM, and an SSD. Discovering
my new rMBP (from August) can't have the memory upgraded and wasn't using the
same msata interface as everyone else was disappointing. I typically DIY my
own desktop builds, but laptops are getting way too locked down for my
taste... I would expect memory, storage and battery to be user servicable on a
> $1k laptop.

Between Sony, Lenovo and now Samsung... I'm getting really sick of this kind
of crap.

------
rossng
I'm not that surprised. SW Update and Easy Settings are among the two worst
pieces of software I've ever used.

If I press the volume keys on my (i7, Ivy Bridge) Samsung laptop, I often have
to wait several minutes before anything happens.

Better yet, a clean Windows install on that machine will always fail because
for some reason the laptop lets Windows install the bootloader to the mini
cache SSD - which the BIOS doesn't recognise.

I'm not going to be buying another Samsung PC.

------
jug
Wow...

> For example if there is USB 3.0 on laptop, the ports may not work with the
> installation of updates. So to prevent this, SW Update tool will prevent the
> Windows updates.

Pretty sure this sentence causes brain damage just by reading it. I hope this
receives Microsoft's attention. They take Windows Update very seriously these
days and will probably flip over this.

------
Zekio
Well at least nobody was surprised by this, so that is good right?

Jokes aside, this is ridiculously fucked up.

------
darkhorn
If you install Turkcell's 3G connection app (which comes with the dongle) you
will see that it disables internet sharing forever.

------
saturdaysaint
Microsoft should start some kind of initiative to make building your own
laptop more like Google's Project ARA. No manufacturer is doing a thing to
advance the Windows platform but there's actually a competitive, vibrant
market in a lot of aftermarket part categories (on desktop) - look at the
shootouts for CPU fans, keyboards, cases, monitors. I'd gladly pay a little
bit more and sacrifice some mobility to be able select a high quality frame,
top-notch keyboard, silent/high quality PSU and lack of crapware.

I built a fast but near-silent Windows PC for music a few years back and I'm
still impressed by what a great system it is.

------
yrro
I'm amazed that you're allowed to do this and still ship with the Windows
logo!

------
jriordan
Microsoft owns Windows. Licenses it to OEMs. If Microsoft didn't have a
problem with OEM's disabling Windows Update, then then would have prohibited
it in their license agreement.

~~~
Aloha
I'd be very surprised if the OEM license doesn't include such language - just
because its there doesn't mean Microsoft is aware of what the OEM's are doing.

------
scrapcode
Of course this is ridiculous in the lens of a privacy aware techie. In the
lens of a consumer-first corporation such as Samsung, is this possibly the
result of "convention over configuration" from the eyes of management
demanding this kind of (de)functionality from their devs?

I think we should start focusing on a fundamental shift on what management
means and how accountable that position is.

------
galfarragem
Is it safe/efficient to uninstall all bloatware from a laptop? I own a Samsung
and over the years I've unninstalled the obvious bloatware without any
problem. I wonder if I can delete all of them.

~~~
SmellyGeekBoy
I've taken this approach on others' PCs before with great effect (msconfig is
your friend) but sometimes it's just quicker to do a clean install. I tend to
triple boot Linux / Windows / Current-tinkering-OS-of-choice on my own machine
so I'll usually dedicate at least a day to getting everything set up when I
have a new one.

------
gruez
Why couldn't samsung's service just programmatically uninstall the default
windows drivers and install their own? Was that too hard compared to just
disabling windows update?

~~~
rubbingalcohol
Most vendors I've dealt with have their drivers certified with Microsoft's
WHQL program and pushed out automatically _through_ Windows update. I'm not
sure why Samsung couldn't have done it this way.

~~~
daemin
Maybe the stuffed up the hardware so the ID's they use actually map to other
devices by other vendors.

------
firloop
Meta: I submitted this post with the article's title but it seems the mods
have changed the title to something less loaded.

~~~
imrehg
That's weird. I don't think I like that the mods can tone down an article
title, when submitters are expected to use the original.

If the article title makes a wrong claim, the comments and the voting
mechanism will take care of that, does not seem to be the call mods should be
making....

~~~
taspeotis
> when submitters are expected to use the original

Except for all the cases that they are not expected to use the original [1].

[1]
[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

------
k2point0
That's weird thing that I have heard about Samsung Windows Updates.

------
curiousnoob
I don't quite understand why this is fucked up. Could someone elaborate? (I'm
not doubting that it is fucked up at all. I would just like to understand it)

Is it that the developer of the OS is offering users a free better version and
the OEM is preventing its users from benefiting? Why would Samsung do this?
What could their incentive be?

~~~
tacticus
The OEM is disabling all updates. Security patches and better drivers (that
are published through windows updates from the ODM). not just new features.

Would you like winodws xp blaster boxes to return.

------
Mikeb85
To be fair, Windows generally updates itself at the worst times, rendering
your computer inoperable for an absurdly long time (a typical Windows update
often takes longer than updating to a completely new version of a typical
Linux distro).

OEMs should just throw their weight behind one of the commercial Linuxes and
be done with the madness. They want to compete with Apple and OSX, that's
their chance.

~~~
nitramnitram
Wait a sec.. Apple has like 8% market share for desktops while Windows has
~80%. And Linux has just a few percents.

~~~
Mikeb85
If you look at market share for consumers, Apple is doing much better.

HP, Lenovo and Dell still rule the enterprise, but Apple does very well with
consumers. And more and more enterprises are moving to cloud based solutions,
buying tablets and negating the 'need' for PCs, even if for the time being
they're still buying cheap PCs.

~~~
nitramnitram
If we limit the scoop to consumer computers, including Linux seems odd. At
least in Sweden extremely few people are using Linux on their computers. Even
with Macs it's less than 30%.

Can you clarify why big brands should switch to Linux for their consumer PCs
considering that few consumers wants it?

~~~
digi_owl
Thats one of those chicken and egg things, in particular when MS software has
been the big dog of the market for so long.

------
frik
If Samsung blocks the Windows 10 "important" nagware patch KB 3035583 that
installs autimatically on Windows 7-8.1 (except on PC with Domain/AD) than
it's a service to the user.

It replaces the Windows Update dialog with an Windows 10 advertisement and it
adds a second start button to the startmenu that lauches an advertisement app.
If you click the wrong button it will automatically download Windows 10 in the
background - Microsoft's way to not repeat the Vista, Win8 and Win8.1 launch
fiascos. To each their own, some also like the Ask toolbar that comes with
Flash installer.

[http://www.infoworld.com/article/2907472/operating-
systems/w...](http://www.infoworld.com/article/2907472/operating-
systems/windows-10-upgrade-nagware-patch-kb-3035583-now-marked-important-on-
some-win7-pcs.html)

~~~
interurban
Windows 10 isn't released yet, so there's no way that I'm aware of for it to
download Windows 10 in the background.

~~~
JadeNB
Although the language is a bit cagey, it seems like at least _parts_ of
Windows 10 will be downloaded before the official availability date:

> Between reservation and when your upgrade is ready, the files you need for
> the upgrade will be downloaded to your PC to make the final installation go
> more quickly.

(from [http://www.microsoft.com/en-
us/windows/windows-10-faq](http://www.microsoft.com/en-
us/windows/windows-10-faq) > What happens when I reserve?).

~~~
interurban
I stand at least partially corrected, that certainly is some vague phrasing.
It could be anything from installer files to the whole OS.

~~~
ygra
Likely to avoid overloading their servers on launch date by spreading out the
downloads over the preceding two weeks or so.

