Hacker News new | comments | show | ask | jobs | submit login

This is about as end-user hostile as the Lenovo Superfish thing. By the sounds of things, Samsung has managed to ship some of their laptops with devices that fail with the standard windows devices drivers, but don’t have their own pci-id which would allow Samsung to ship a custom driver. Samsung’s solution to this is not to issue a hardware recall & replace the laptops, but to expose their customers’ private personal information to every future malware author on the planet.

In some ways, this is worse than Superfish. Superfish was at least not deliberate; it seems pretty clear that Lenovo really didn’t understand the full implications of what they were doing by installing it on their laptops. There’s no way that Samsung doesn’t understand that by disabling Windows Update they are trading off their customers’ security against the cost of a hardware recall.

(It wouldn’t surprise me to discover that Microsoft actually has ways of blacklisting driver updates under Windows Update & will liaise with OEMs to help them sort out problems like this - it wouldn’t be that hard to maintain a list of 'if the hardware looks like this then install that driver instead of the standard one'. In which case Samsung is simply trading off a bit of management time against their customers’ security which is even more unacceptable.)

its probably a short term fix while they work through the process of working out how to identify the defective machines and isolate them properly within Windows Updates.

still incredibly dodgy though.

Applications are open for YC Winter 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact