Slashdot Mirror

← Back to Stories (view on slashdot.org)

Samsung Cripples Windows Update To Prevent Incompatible Drivers

Posted by Soulskill on from the that's-not-how-this-works dept.

jones_supa writes: A file called Disable_Windowsupdate.exe — probably malware, right? It's actually a "helper" utility from Samsung, for which their reasoning is: "When you enable Windows updates, it will install the Default Drivers for all the hardware no laptop which may or may not work. For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates." Too bad that the solution means disabling all critical security updates as well. This isn't the first time an OEM has compromised the security of its users. From earlier this year, we remember the Superfish adware from Lenovo, and system security being compromised by the LG split screen software.

37 of 289 comments (clear)

  1. What? by DanJ_UK · · Score: 5, Insightful

    You've got to be fucking shitting me?

    --
    - Dan
    1. Re:What? by mwvdlee · · Score: 4, Interesting

      Does their warranty cover hacked laptop?

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    2. Re:What? by Anonymous Coward · · Score: 3, Insightful

      I've seen windows updates fuck a LOT of drivers over the years. Like picking up video drivers that either screw the display (video modes all fucked up) or even make the machine BSOD (so much for WHQL). Sometimes a driver rollback (in device manager) was enough, sometimes you had to boot with last known good config or safe mode to even get to the desktop. I could live with that much, but nowadays MS has pushed 12+ updates as "important" that are simply nagware to install that Win 10 abomination so I've finally disabled automatic updates.

    3. Re:What? by DanJ_UK · · Score: 4, Funny

      That'll be one hell of a class action lawsuit, I'm almost tempted to buy a Samsung laptop and just leave it plugged in until it's compromised so I can join the compensation gravy train.

      --
      - Dan
    4. Re:What? by taustin · · Score: 4, Insightful

      Second semester law school: unconscionable contracts are unenforceable.

      Aside from any contractual obligations between Samsung and Microsoft that would affect this, and you can bet there are some.

      The lesson here, boys and girls, don't get legal advice from first semester law students. Consult a real lawyer.

    5. Re:What? by Anonymous Coward · · Score: 3, Informative

      Windows Updates only installs drivers if "Recommended updates" is enabled. It will never try to update drivers if you are only receiving critical/important updates.

      Samsung are a bunch of liars.

    6. Re:What? by Firethorn · · Score: 3, Informative

      and has never been done for EULAs.

      The terms for click through EULAs that you don't see until AFTER you've made your purchase and unpacked the goods are mostly ignored by the courts as well.

      --
      I don't read AC A human right
    7. Re:What? by fuzzyfuzzyfungus · · Score: 4, Insightful

      It's especially insane because, while grabbing drivers from Windows Update is the default behavior, you can turn that off without disabling Windows Update.

      "System Properties" -> "Hardware" -> "Device Installation Settings". There's not even any registry grovelling or other esoteric nonsense involved.

      Things just get worse because, even if enabled, the Windows Update provided drivers will only be applied if no drivers are available locally(if drivers are available; but Windows Update has newer ones, they'll be listed as optional updates; but only installed with manual user intervention). So all Samsung has to do is add their drivers to the OS driver store (pnputil -a, not very hard) and the OS will apply them before even heading out to check for new ones, unless there is something egregiously wrong with them(if memory serves, unsigned drivers are treated as lower ranked than signed drivers when determining 'best driver available', and drivers that don't list the PCI/USB PID/VID, but have been forcibly applied, may also rank lower than drivers that do specify the matching PID/VID).

      So, in summary and conclusion, this whole thing is an unbelievable clusterfuck and it isn't even clear why Samsung would think it necessary in order to ensure the drivers that they want installed get installed; much less how they could possibly think that the security consequences were worth it. Only its finite complexity saves this situation from fractal stupidity.

    8. Re:What? by taustin · · Score: 5, Informative

      I am not, in fact, a lawyer, but I do know how to use Google (unlike so many here). For instance, I can, without any adult help, open up my web browser, and type in http://www.google.com/ and go to a convenient search engine. In the search box for that search engine, I can type in "eula struck down as unconscionable" and click on the button labeled "Search." And get results such as

      this, which talks about Bragg v. Linden Research, Inc., in which Linden's TOS (specifically, the arbitration clause) is struck down as unconscionable not once, not twice, but at least three or four different times and ways ("procedural unconscionability" and "substantive unconscionability" in two different ways, and then again on the latter after Linden amended it).

      Wired also covers Gatton v. T-Mobile, again on an arbitration clause, and ruled unconscionable both procedurally and substantively. Also unconscionable for prohibiting class action lawsuits, because "that form of litigation is often the only means of stopping and punishing corporate wrongdoing." It also discusses Douglas v. U.S. District Court, which is about changing the terms of a contact after it has been signed, and which was ruled unconscionable. Gatton is often cited as recognizing that all click-wrap license have an element of unconscionability that must be considered by the court.

      This has a link to this", which is a ruling on McKee v. AT&T, ruing their arbitration clause unconscionable.

      Note that these are the first three results on the search, and the fourth is on McKee v. AT&T again.

      Also note that these are all different courts, state and federal, all over the country.

      Unconscionability is an affirmative defense - the defendant has to demonstrate why the contract is unconscionable, but it does, in fact, happen, and more importantly, it took me, literally, less than ten seconds to find example (and five of that was waiting for the browser to open.)

      To quote the third link, you may now feed my cats for a week.

    9. Re:What? by taustin · · Score: 3

      I use Internet Explorer, primarily so that I can say so on Slashdot and piss off the outrage monkeys.

  2. Terrible twos by Impy+the+Impiuos+Imp · · Score: 5, Insightful

    Samsung: You're terrible programmers!

    Microsoft: No, you are terrible programmers!

    Kids, kids, you'really both terrible.

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    1. Re:Terrible twos by jellomizer · · Score: 3, Insightful

      The problem:
      Drivers to accommodate lack of open standards.
      Back in the good old day,
      CGA/EGA/VGA they followed their specs.
      Serial and Parallel they followed a common spec.

      Then Windows came popular with the support of drivers. This allowed hardware makers to stop playing by the rules thus creating a huge sets of incompatible SVGA (Visa more or less won) Then we went to 3D and all was lost. USB, different Wireless drivers.... Network cards...
      For some reasons allowing this is good, because it allowed them to innovate and create new features. But on the other side, it threw out the idea of Open Hardware standards out the window.

      Because the lack of such good standards, It creates systems that have driver issues.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  3. Wow ... by gstoddart · · Score: 5, Insightful

    So, basically they have shit hardware or shit drivers, and the only way they can think of to fix this is to prevent your operating system from trying to apply updates?

    This sounds like incompetence all the way around, and is on-going proof of why I hate OEM laptops. Because they fill them with so much garbage.

    It seems like every time I hear anything about Samsung, I find myself thinking "nope, I would never buy their crap".

    And, once again, corporations put their own crappy "innovation" ahead of the needs of their customers.

    Pathetic.

    --
    Lost at C:>. Found at C.
    1. Re:Wow ... by gstoddart · · Score: 4, Insightful

      If the hardware doesn't work with default Windows or Linux distribution, it's shit. (think clean install).

      Years ago at work, we got some new desktops.

      The desktops had 4GB of RAM, but the Windows XP Pro on them could only see 3GB. One of the guys decided to put Windows 2003 on the machines to get access to all the RAM.

      It turns out there were NO drivers for that hardware which existed for Windows 2003, and even getting back to XP Pro proved exceedingly difficult because ... it was almost impossible to find the drivers again as they basically weren't published anywhere. Essentially this machine could only work with the OEM image made up of drivers and other custom crap which were almost impossible to find.

      To add insult to injury, whatever idiot had ordered them got us some new-fangled wide screen monitors. The problem was that while the actual resolution of the monitor was a 4:3 aspect ratio ... the actual pixels were flattened so that in its native resolution the screen drew circles as flattened ovals.

      I 100% agree with you. Because non-standard crap from vendors makes for utter garbage machines.

      --
      Lost at C:>. Found at C.
    2. Re:Wow ... by rjmx · · Score: 4, Funny

      > They still get the fewest complaints on NewEgg for much of their stuff for a reason

      The reason being that nobody can keep one of them running long enough to file a complaint?

    3. Re:Wow ... by mlts · · Score: 4, Interesting

      Windows 2003 had a 64 bit version, but Windows 2003 mainly was 32 bit. If you used the /PAE option on the 32 bit edition, you could get past the 4GB barrier on that OS... but the caceat was only if you had the enterprise or data center editions (which got you to 32 GB or 64 GB respectively.)

      So, I do agree with the parent... the ability to get past 4GB did exist, but required a bunch of flaming hoops to go through.

      As for monitors, I've seen lots of screwy, nonsensical stuff, stuff (such as a glitch on a SCSI card causing the monitor to tint green), so I wouldn't be surprised if this was the case.

    4. Re:Wow ... by MachineShedFred · · Score: 4, Insightful

      This one is completely on Samsung.

      There is nothing stopping them from getting WHQL certification of their OEM drivers and submitting them to Microsoft. If their drivers are written properly (with proper hardware identification strings for PCI / USB / ACPI devices) then they will apply before generic drivers, and this isn't even a problem.

      Funny how we don't hear about this from Acer / Dell / HP / Lenovo / etc...

      --
      Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
  4. If true then Samsung is dead to me by sjbe · · Score: 5, Insightful

    If true then I guess I won't be buying any Samsung computers anytime soon. A company that stupid simply isn't worth doing business with. Add this to the Samsung TVs that listen to your living room and the bloatware on their Android devices and I pretty much can't see any reason to buy from Samsung these days.

    1. Re:If true then Samsung is dead to me by DontBlameCanada · · Score: 4, Insightful

      Its an issue because Samsung's voice recognition wasn't done on the TV. They shipped the captured audio to servers in their back office, unencrypted iirc. So your intimate small-talk with your partner is recorded live and sent out to some nameless destination free for all to listen to. I don't know about you, but I consider that an incredible invasion of privacy.

    2. Re:If true then Samsung is dead to me by NatasRevol · · Score: 4, Informative

      Ya, it did, at least the unencrypted part.

      http://www.theguardian.com/tec...

      Ya, it did, at least the recording private conversations part.

      http://www.cnet.com/news/samsu...

      --
      There are two types of people in the world: Those who crave closure
  5. Uhhhh by The+MAZZTer · · Score: 3, Informative

    *cough*

    1. Re:Uhhhh by H0p313ss · · Score: 5, Informative

      "Sign in to the dashboard with your Microsoft account,"

      No, go fuck yourself. Give me control over my updates/drivers inside the OS and don't make me sign up for your fucking spam in order to have a WORKING operating system.

      The linked page was for hardware developers to submit their drivers to Microsoft so that they can be included in updates.

      But I'm sure you realized that...

      --
      XML is a known as a key material required to create SMD: Software of Mass Destruction
  6. I've lost track of how many times I've been burned by msobkow · · Score: 5, Informative

    I've lost track of how many times I've been burned by a driver update from Microsoft that turned out to be incompatible with my hardware, likely because Windows Update misidentified my hardware as compatible with the driver. I no longer install any drivers through Windows Update, but instead go to the vendors sites and get them straight from the source.

    Fortunately, the drivers are always optional updates, so you can just flag them as hidden and ignore them.

    --
    I do not fail; I succeed at finding out what does not work.
  7. Re:Hardware or driver's issues? by jones_supa · · Score: 4, Interesting

    I can think of two solutions on how to solve this problem.

    1) Pin the installed OEM drivers, so that Windows understands that no other drivers should be installed for these device IDs.

    or

    2) In the PCI device ID, add extra information that this device is a special Samsung variant, and then Windows knows that the generic driver for that device is not compatible.

    I'm not sure if these solutions are possible, if someone knows more then please let me know.

  8. Re:well done. by NoNonAlphaCharsHere · · Score: 4, Insightful

    I'm trying to calculate just how much Kool-Aid you have to drink until "the OS decided to reboot all on its own" becomes acceptable behavior.

  9. Fine, as long as they assume the risk by davidwr · · Score: 3, Interesting

    It would've been far simpler and less controversial for Samsung to just turn off the Windows 8/10 equivalent of Windows 7's "[right click on your computer's icon]->Device Installation settings->Do you want Windows to download driver software and realistic icons for your devices" option in the "Devices and Drivers" control panel and provide their own "driver update" program. I don't have a Samsung, for all I know, they may already have a "driver update" program. I know at least 2 major Windows-PC vendors do have their own "update" programs that include alerting users when their drivers are out of date, and it wouldn't surprise me if Samsung was doing the same.

    Given what Samsung is doing, if Samsung provides its own "Samsung Update" that (by default) automatically takes all critical Microsoft Updates and which at least gives the user the option of taking vetted non-critical updates (or even better all Windows updates EXCEPT conflicting driver updates) AND keeps this running as long as Microsoft continues to allow access to its "Windows Update" functionality (which is presumably longer than the "10 years" it promises to keep fixing security holes) then I can see this being "not all that dangerous." However, if they do this they need to make it VERY clear to the buyer that Samsung, not Microsoft, is taking responsibility for keeping the operating system up to date.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  10. Re:I've lost track of how many times I've been bur by asimons04 · · Score: 3, Interesting

    Unfortunately, not all driver updates fall under the optional updates. I agree that most are, but I had a client come to me saying his wireless driver was "missing". It was installed, but non-functional. Oddly, it didn't show a "failed to start" yellow triangle or any other anomalies in the device manager. I rolled back the driver and checked Windows Update to find an "Intel Centrino Wireless-N" critical update. It kept installing automatically until I hid the update. It is rare that this happens, but does from time-to-time.

  11. My Samsung Laptop by MPAB · · Score: 4, Interesting

    I bought a Samsung laptop. i5, 6gb ram, Hybrid NVIDIA and Intel graphics, 750gb HDD, DVD burner. It is light, well powered and cost efficient back in 2011. Windows 7-64 bit. Problem is: Even the keyboard hotkeys such as screen brightness, WiFi, etc. work only through a "Control panel" that takes ages to load. Volume keys don't work within a game and sometimes the trackpad stops working after sleeping. And also I don't dare installing Linux on it because I read about severe cases of linux bricking the UEFI and rendering the laptop completerly useless.

    Alas, after you start it up (either from off or sleeping) and wait the 10-15 minutes for the HDD to calm down (after stripping down the startup, defragmenting, ccleaner and the such) it runs really well.

  12. Re:Not exactly like Superfish by idontgno · · Score: 4, Insightful

    This is not malicious. It is stupid and ignorant, but not malicious.

    Any sufficiently advanced incompetence is indistinguishable from malice.

    --Clark's corollary to Hanlon's Razor after Clarke's 3rd Law

    --
    Welcome to the Panopticon. Used to be a prison, now it's your home.
  13. Re:Unfortunately, they're right by neilo_1701D · · Score: 4, Insightful

    If I allow Windows Update to "update" the driver for my Bluetooth stick, it doesn't work any longer.

    I've seen that problem before on a Bluetooth stick. The real issue was that I had purchased some Chinese ripoff clone of another product (I didn't know at the time that's what I was doing. We learn.); and the original company had released updated drivers to Microsoft. These new drivers worked just fine with the oem product, but something in the ripoff product didn't work with the new drivers, and the stick stopped working. I had to back the drivers out, re-install the original drivers and mark that particular update as "do not install".

    I've no idea if the original company (who had their gear ripped off) spiked the driver deliberately or simple broke it by accident.

  14. and I thought Linux had driver issues by davydagger · · Score: 5, Informative

    Linux might have some slight incompatiblity with an ever shrinking list of now obscure hardware. But when it works, it works. There is nothing this fucked up about linux drives. At worst, a few of them simply don't have the features we'd like, but nothing catastrophic.

    1. Re:and I thought Linux had driver issues by nvm_my_comment · · Score: 3, Insightful

      Linux driver have come a long way. 15 years ago it was a nightmarish hell 10 years ago hell. 5 years ago, mostly with wifi not working out of the box and often sound. nowadays it usually just works. The next battle is better video driver, firmware blob included in some device, and anything ARM.

  15. If only... by chrish · · Score: 3, Insightful

    I could have sworn MS had some way for OEMs to get drivers certified, and provided by Windows Update directly...

    --
    - chrish
  16. Tha's a tough one there... by Minwee · · Score: 5, Insightful

    Surely there must be a way to have avoided this.

    Maybe Microsoft should set up some kind of... Lab. To certify the Quality of Hardware for Windows. And maybe they could make it really simple for vendors like Samsung to send them copies of drivers for certification so that Windows Update would be aware that they existed.

    And maybe, instead of demanding millions of dollars in fees for this service, they could charge something simple up front like just $250 and then not cause any more problems. Then Samsung would have been able to run through a quick certification process and avoided all of this trouble.

    Man, why does Microsoft make it so hard for vendors to get their devices supported?

  17. For large values of stupidity by sjbe · · Score: 3, Insightful

    This is not malicious. It is stupid and ignorant, but not malicious.

    Sufficiently large values of stupidity asymptotically approach maliciousness. In other words if the action is dumb enough there is no effective difference.

  18. Re:This is why Microsoft by mlts · · Score: 4, Informative

    Look at the Vista fiasco. OEMs had to be dragged, kicking and screaming, to the privilege model (which has been in the UNIX world for decades, and was in the Mac world for at least five years) where they don't have all their stuff run with admin rights. Then, when MS added some fundamental security features like ASLR, forcing drivers to be rewritten, OEMs shipped alpha-quality code, then blamed the crashes on MS.

  19. Re:well done. by myowntrueself · · Score: 4, Informative

    I'm trying to calculate just how much cheap moonshine you have to drink until a prompt where the computer asks if you want to reboot now, or not counts as "the OS decided to reboot all on its own".

    Microsoft update WILL reboot on its own. It'll pester you for a few days then it literally reboots your computer without giving you a choice.

    --
    In the free world the media isn't government run; the government is media run.