You would think after all the commotion around Lenovo's Superfish back in February that any OEM that was paying attention would not even venture in that direction and make changes to a users system that disabled Windows functionality.
Well it seems at least one OEM had their blinders on when Lenovo went through all the negative publicity and have decided it would be OK to blatantly disable Windows Update in favor of its own software for updating Windows.
Microsoft MVP Patrick Barker has a very detailed post at his website that provides all the intricacies of how this occurs on some Samsung devices.
What happens according to Barker is that when a user installs Samsung's SW Update software Samsung then quietly downloads an executable file in the background called Disable_Windowsupdate.exe. This download is performed over an unsecure http connection to a users system and the executable itself is signed with a valid certificate from Samsung.
That file disables Windows Update so that, according to a Samsung chat support rep, there are no driver related conflicts between Windows Update and what Samsung provides as hardware drivers for that system.
If a user notices that Windows Update is disabled they can re-enable it but on subsequent reboots of the system Windows Update is once again disabled by Samsung.
Of course, with Windows Update shut down not only is the system not getting driver updates but it is also not getting security related updates for their system. All of this without the users knowledge or permission.
When will OEMs ever learn about doing these type of things on a users systems?
No matter how hard you try to justify it downloading files over unsecure connections, placing them on a users systems to be executed and purposely disabling a key feature of Windows is so far beyond unsatisfactory that it is almost criminal.
Anyone out there on a Samsung system see this on their system?