Advertisement
Advertisement
⚡ Community Insights
Discussion Sentiment
32% Positive
Analyzed from 6307 words in the discussion.
Trending Topics
#windows#software#microsoft#linux#malware#don#more#driver#monitor#should
Discussion Sentiment
Analyzed from 6307 words in the discussion.
Trending Topics
Discussion (184 Comments)Read Original on HackerNews
GamersNexus has a video diving deeper into what LG did here - https://www.youtube.com/watch?v=Q9uefFYe6bM
Printer, mouse, tablet and display tablet makers use this to insert their crapware since at least Windows Vista or Windows 7, I think. The last one I remember is plugging a Razer mouse just to watch it instantly pulling 1.5GB of bloated junk with "telemetry" exfiltrating the data from my gaming PC in realtime. At least it doesn't leave my mouse in a non-working state when I disconnect the internet, like it used to. Thanks, Razer!
Microsoft is to blame here, really. They have a mechanism to block any vendor (supposedly to avoid reputational risks to their brand due to buggy drivers, at least that was their excuse back in the day), but aren't even using it to block these contraptions. Entire businesses are built on this, e.g. Razer is probably more of a marketing/data broker company now rather than a hardware shop.
LG/Dell/et al should be shamed and blamed for even trying this shit in the first place, but it’s Microsoft who holds the blame for allowing such malware and spyware trash through their own update service.
Microsoft has been allowing this sort of ludicrous behavior for decades at this point, it's not a new issue. What's new is how visible LG made their malware, compared to previous auto-installs that happen like this, where they try to make the thing not so in your face, as they know there will be a huge backlash.
I don't know what Microsoft is thinking even allowing and enabling this sort of thing, they've lost all touch when it comes to building things for users.
As such, all manner of monetization has been approved and it will continued to be approved without regard for user experience.
This article obviates that this is not an LG problem, it is a Microsoft problem.
Also, don't fool yourself if you think this won't come to the Linux world.
I don’t think it’s a loss leader but Microsoft gets almost nothing from OEM Windows licenses and basically nobody buys it retail.
This is not coming to the Linux world. The moment this sort of thing happens, distros get forked.
This has been a feature since Windows 7, and it worked great since it would pull all necessary drivers after installation without you going hunting on the internet like in the Windows XP days.
Just that no HW manufacturer thought to push spyware in their driver repos at that point to improve some team's KPIs.
A driver shouldn't be a front-facing program that shows ads of any kind. It should be sandboxed and follow strict APIs to talk to the OS and that's it - any extra options should be shown inline in the main e.g. printer or mouse dialog.
The USB protocol does not have any authentication, just a VendorID/ProductID pair: 2Ă—16 bits that Windows uses for looking up the driver package to install. Programming a MCU to use any VendorID/ProductID is straightforward. A USB device could even appear innocuous at first but after a timer or external trigger disconnect and reconnect masquerading as another device.
1. https://arstechnica.com/information-technology/2021/08/need-...
This is nothing new. For about 30 years now Microsoft has been constantly repeating various flavors of this “make it so a thing can automatically and silently run programs as soon as it touches your computer” thing. It’s always done in the name of user convenience. It always ends up being a fiasco. I don’t know why they keep doing it, it’s not like the exact same PHB keeps making the same decision over and over for 30 years. It’s probably one or a combination of the many well documented flavors of stupid that are deeply baked into the company’s organizational culture.
(And before the inevitable response, no this is not defending Microsoft. Pointing out that an organization’s culture is too deeply, chronically stupid to avoid opening the exact same obvious and gaping security hole over and over and over and over again is not the same as saying, “it’s fine, actually.”)
Windows has worked like spyware since what, the late Windows 7 days or thereabout?
End users should not regard this as inevitable. Or get caught up in the how-it-works-how-to-disable swamp. Instead, cut through to the essence. It's about respect:
# Microsoft does not respect Windows users (or users of any of their offerings?).
# LG does not respect people who buy their monitors (and perhaps other products?).
Knowing that, why would you use such a sleazy company's product for daily driving? Or give them your money? Would you buy bread from a baker who pisses on your lawn every time you're not looking?
User rights or consumer protection laws aren't even part of this equation. Although they do help (sometimes a lot!) to keep companies honest.
Because alternatives are much worse or not available for scenarios people need.
There, I've said the obvious.
Edit: To be fair, I immediately uninstalled it, so I don't know if this was "just" a link to their installer app or the full app. But something definitely got downloaded and moved to a place I could not have moved it myself without accepting a UAC prompt m
It's not quite as bad because it's not silent and you can say no, but I'm pretty sure that's only because Razor decided not to be completely evil.
It’s not unprecedented at all for Microsoft or anyone to download what amounts to spyware.
The days of antivirus were replaced by advertising a long time ago. There is no privacy.
Most savvy types are hyper aware of every process running on their machine especially those using network lol
Kill the process or don’t by an LG. Everyone just uses Dell, or you’re rich and you get a Mac one. I don’t make the rules
For plug-and-play devices with multiple configuration knobs. It is nice to be able to click through a printer wizard to configure how one wants to print their documents. Likewise with an audio interface: loopback settings, codec, sampling rate, gain and volume of channels, etc. Or consider a USB CNC mill; configuring things like milling revolution rate, setting which bit is installed, what lubricant is used, etc. Or consider the Nvidia/AMD control panels for their GPUs; things like colour depth and space, resolution, scaling, anti-aliasing, vertical synch, power settings, etc.
Some of these settings are device- and even manufacturer-specific; one might argue these are more than a driver or the platform can or should provide. That LG have exploited this to provide McAfee is on them.
Microsoft needs to intervene here, this cannot be a normal expectation for using their product.
Me on Linux: I don't want to use Windows, you have to keep configuring every single thing so it doesn't show ads.
In other words, we all know that regular consumers will never find this and they’ll never understand that their LG software is spyware in the first place.
I've managed to generally avoid running Windows (at home and at work) for a long time now, but if there was a situation where I needed to get a PC (at home?), is there a recommended least-sucky way of living with?
Are there editions or scripts or a setup workflow that would make it suck less?
Then, to get a better version of Windows, use MAS[2].
[1]: https://schneegans.de/windows/unattend-generator/
[2]: https://massgrave.dev/
Microsoft decides what happens here, and presumably today they just take it on trust that hardware makers know what software to install. New driver? Sure. McSpam installer? OK. Maybe they have a guideline saying "Don't ship unrelated garbage" but today it's not enforced because why would you do that?
If the Microsoft customers (particularly larger corporate customers) tell Microsoft they hate this that policy will get tightened or if there isn't a policy one is introduced, and outfits like LG get told if you do this again we're taking away your update privileges, 'cos our customers hated this. Because (as I said assuming MS don't get a taste) this is all downside for Microsoft.
Pushing back on LG will be less likely to work because you already bought their product, so at most you can insist you'll forgo LG next iteration and they know such pledges evaporate in practice usually. Whereas Microsoft has contract negotiations every day, somewhere a $$$ contract is being renegotiated next week and if "Yeah, these LG popups suck" comes up - even if it's not a corporate system but the VP's niece's video editing suite for her vlog that's strictly unrelated - that Microsoft sales droid reports this was an impediment and it's on the list of things that don't benefit Microsoft.
But the point is that companies will probably not complain about this because they'll most likely not see it. Also, they're used to Windows being generally crappy.
MS should get all the flack (which is mostly deserved) of this
Manufacturer does whatever crap they want with "it works" and then MS gets the complaints
A driver should only be that. A driver
I don't see why we can't blame both here? And I'm a big LG user, I'm writing this comment via a LG monitor, our main TV is LG, dishwasher and clotheswasher is also LG. But still, that Microsofts enables this behavior should rightly put them at the stake for this, and also LG should get flack too, just because something is possible doesn't mean you have to automatically go that route.
I still remember the massive amounts of crapware installed with video cards, printers (hello, HP), and just about anything where the manufacturer can squeeze some money from.
What does a monitor even need a driver for? I presume if you plug one of these into a Mac or a Linux box it’s still going to function.
Autorun of malware when you plugged in a USB drive was also a Windows issue, I'd classify this as the same security problem.
The consequence of Windows having the blame is that one should not buy it.
https://www.youtube.com/watch?v=Q9uefFYe6bM
But still, is it possible Americans are receiving more ads than in other parts of the world? Certainly online sentiment gives me that impression.
But in case of LG TVs, they record your activities in EU too. You can opt out, but the settings has a very non-descriptive name ("live plus") and resets by itself when you are not looking.
https://www.consumerreports.org/electronics/privacy/how-to-t...
Ads aren't free, so yes, it would stand to reason that people in the largest consumer market in the world might garner more ad spend.
When I used to do that, North American traffic got ads 100% of the time. European traffic might get ads 5% of the time. Otherwise, there were few advertisers that cared.
However, this was back before Google AdSense upended the industry, and you could still make a living showing one static ad per page.
So I think that is what we should continue to call it. LG monitors are installing malware, because they install the software silently and it harms the system by making it slower and disrupting the work of the user with advertisements.
Basically doublespeak.
I don't understand why we expect some manager somewhere to stop stuff like this.
You mean "Microsoft Xbox Activision Blizzard King Bethesda Mojang"? I wish you luck with your boycott.
edit: like if a game doesn't work, I no longer spend hours trying to fix it, I don't go ranting on the internet about it.. I just uninstall and play something else. Really simplifies things if you can detach from gaming as a core identity anchor.
It still blows my mind that most people still put up with this kind of behavior. I get that some people can't get away from Windows due to genuinely needing to use software that will only run on it, but that has to be around 0.1% or less of current windows users. There is no justification for the other 99.9% to choose to stay in such a toxic relationship.
When you uninstall, they give you an opportunity to type a reason. I wonder if anyone actually reads my accusations of them being scammers and bad people. I have uninstalled McAfee from more people’s computers than I care to remember.
The truth is that if you uninstall their software (and hopefully also if you just let the trial lapse, though I don’t actually know whether Defender Antivirus gets enabled automatically in that case) Microsoft will defend you against the lunch-eating bad guys just as well as McAfee, for free.
That easily qualifies it as fraud.
For that reason, I’m willing to call it a scam when preinstalled or otherwise installed without user intent. I wouldn’t call it a scam if people installed it deliberately (though I would still disparage it and its tactics).
Whether it’s router safety or NVIDIA software hammering DNS servers hundreds of thousands of times or this. Across the board they seem below average competent when it comes to software. I get that they’re specializing on hardware but why so very bad?
Edit. This isn’t even the only thread today. See TPlink fucking up on leaking your GPS coordinates also on front page
So you won't have this problem if you're running Linux and other Free Software under your own control. The problem in this case is just another example of why proprietary software can't be trusted.
The understanding should also included that unless LG actually asked Microsoft to implement this autoinstalling malware, it wouldn't have been installed by itself.
I think parent commentator is making the argument that they don't want to financially support companies who engage in these sort of things, regardless if this particular scenario applies to their environment or not.
Arch Linux's AUR was recently hit by an actual malware supply-chain attack[1], which I would claim is arguably worse than adware. NPM is regularly in the news for supply-chain attacks. And then there was the XZ utils debacle in 2024. I concede that Microsoft is in part responsible for facilitating something like this, but just because something is free and open-source or based on Linux doesn't make it a universal panacea for malware or supply-chain pwnage.
[1]: https://lists.archlinux.org/archives/list/aur-general@lists....
The saving grace of linux currently is that volunteers package most of the software, and they don't generally package malware. There is no structural guarantee there, and if we invite corporate interests to package at some point (like flatpack and snap wants to) this is 100% going to happen eventually.
I definitely wouldn’t predict that Linux is taking over the world or anything but it wasn’t that long ago that playing AAA games on Linux on day one of release was ludicrous. Now the most popular PC handheld runs Linux, a PC console launched that runs Linux.
Now we have hardware like the MacBook Neo that threatens Windows even more. Sure, the XPS 13 came out and is arguably a compelling alternative. But I think the mindshare damage has been done on that one.
The idea that Windows might disappear entirely is not that far-fetched, especially when you look at Microsoft’s financial results.
If I was a PC OEM like Dell I would probably band together with other OEMs like Lenovo to make my own Linux distribution and support Windows offboarding even further as a hedge to my business.
I woke up the other day to a notification that my LG monitor driver was installed, with a little window on how to use the on-screen crap.
Absolutely useless, since the buttons for the monitor are right there on the bottom of it, and probably easier to use than the software.
Apparently the 3 applications have some sort of screen partitioning/sharing capabilities, but it is still unclear if the LG App was remote access or not.
So far, LG is earning a lot of justified bad press. Should have returned it when I had to turn off the screens power-save mode to get it to stop fading out randomly. =3
As to why people do install such software? It sometimes provides additional features, controls and settings. For example with touchpad you could set the sensitivity, hot corners, set the scroll behaviour the way you like it, etc.
With monitors you might get a better colour profile (P3 instead of just sRGB), I don't know. I don't use monitors like this.
> Connecting some LG monitors to a Windows PC may automatically install software that promotes McAfee subscriptions
I too have a LG monitor, but haven't booted Windows in some days, guess I'll stay put in my Arch environment until they've fixed this shitshow.
The monitor only sends a unique device ID, everything else is handled by Windows.
Disabled LG & Switch App in taskmanager auto start, and set to Manual for all 3 LG process names in Services.
A lot of bad karma, for such an buggy monitor that doesn't even work properly till you turn off the silly power-saver auto-dim mode. =3
But those were different times...
My wife CONVINCED me to buy an LG tv instead of my typical dumb monitor.
Now I get constant ads and a constant nagging of updates available, that will install more ads and spying features...
Treat your TV like a computer monitor (ironic here in this context lol)
My current windows 10 install is cleaner than any other windows machine I've ever owned due to using Claude to deep dive and rip stuff out.
you run claude code unsanboxed on your machine and give it privileged access?
Probably more like, "Prevent adversarially installed software from having unfettered access to your machine by giving software you specifically requested unfettered access to your machine."
If it makes you feel safer, you can just tell it to give you the commands run them yourself. The point is, I'm not a Windows sysadmin so idk how to do stuff like this--claude does.
I guess my next machine will have a VGA port ;-)
And no Windows.
Close but still not there. And Plasma has its own problems (I have it on my work laptop with Fedora).
Not sure about other solutions, but one suggested workaround here would be to silently uninstall Windows without consent.
Do. Not. Buy. LG.
There are a lot of decent alternatives. Stop buying from the sick heads.
> There are a lot of decent alternatives.
Can you name them? Dell and Samsung are the main competitors for displays as far as I'm aware, Dell tends to be hit-or-miss when it comes to monitor features and quality, Samsung's high end displays come preloaded with a whole OS. The monitor market is really in the toilet.
Are there any high quality panel manufacturers left that aren't run huge pieces of shit? Or at least try to respect the people buying their hardware?
Honestly, if we don't push it back hard, it will only get worse and worse. Why we were cancelling people if they used wrong pronouns and suddenly we got tired of doing the same with stuff that we all should agree on that is terrible.
No, you can't have a "(o) just the driver" checkbox because... honestly there are a lot of reasons and the device manufacturers are the guys who demand that in the first place.
The "programmable buttons" on it works through the user space app which is needs to be running in order to intercept and replace the button actions.
No app running? No replace.
App is stalling because the CPU was busy? No replace. (EDIT: or no action at all, lol)
Is €65 mouse could store the less than a 1 kilobyte of the settings on itself? Of course not.
On a third day I just turned it off and went for the other vendor altogether.
To add an insult to an injury I knew the software would be mess so I installed it on a notebook relegated for the 2nd line duties. Less than a year later the notebook started to cry what there is no space left on the disk - which was quite strange because there was nothing what would fill up quite a plenty of a free space.
Well, every month or two the Logi software (which I no longer even used because I didn't use the mouse) downloaded ~1GB update, stored the update, installed the update. Never cleaning up nor the updates nor the previous versions. Tens of GBs of a useless software just for the sake of the process.
It's just crazy to me that a lot of keyboard manufacturers have basically standardized on VIA as their firmware which can be configured via WebUSB without installing any additional driver. But my mouse somehow needs a gigantic driver suite just to configure and save some settings? It's just madness.
I like Razer mice and their headsets, but I will never install any of their drivers. Ironically I feel more comfortable using Razer hardware on non-Windows devices than on Windows precisely because they don't support other operating systems.
As there is no consequence for them, again there is no reason that it changes or that it doesn't get worse in the future.
[1] https://en.wikipedia.org/wiki/Autorun.inf
https://en.wikipedia.org/wiki/U3_(software)
That's not your computer, that's Microsoft's computer. You're the threat model they lock it down against, you're the schmuck that keeps them fed, and you're the possible terrorist/hacker to be surveilled, tagged, tracked, and monitored.
If you care about consent as it relates to your use of technology, you shouldn't be using Windows in the first place, and this has been obvious for well over a decade now.
Short personal story:
I had a win10 machine were HP kept installing some "analytics" service. This happened even on a clean windows install so I guess they used the same delivery mechanism LG is using here. After having read the HP ToS (where they basically gave themselves unlimited rights to monitor anything I did on that machine), I decided to wipe the disk and install Linux.
But I guess it is just a matter of time before EU or US make spywares mandatory on Linux too. Chat control and age verification seems to be the first step towards that.
Mac users too (at least for now).
It is absolutely possible that when you plug in an LG display it installs and runs software on your Linux system†, just that rather than "Somebody at LG who earned a bonus" the decision maker was Sara in Portugal who fat fingered a change when trying to make a Python script for a PCI digital TV receiver work properly on 32-bit.
It does feel more like an amusing mistake in that case whereas even if LG tells us it's a mistake we know it was to earn $$$.
†Obviously YMMV but such "plug and play" features are commonplace because they're useful
So perhaps you could elaborate?
Now, when I first ran Linux in the mid-1990s, this was true. "Plug-and-play" is just peaking over the horizon. Other systems have had it for years (the Amigans for example) but for the PC it's pretty new.
But today a whole lot of mechanism is spun up when the kernel realises something new was added. A netlink socket talks to a udev daemon, in userspace and that daemon, being ordinary userspace software can do whatever it wants including of course run a bunch of arbitrary shell scripts, which can in turn do whatever they want. So yes of course they could download arbitrary software, or delete all your files with a Z in their name.
> from a vendor
Where the Adware comes from is of no consequence to the end user. "Um actually, the file came from Microsoft's servers" is irrelevant.
[Speaking more specifically of fwupd, which is ultimately fed by hardware vendors directly]
> but those are curated
I'm sure Microsoft considers that they are curating their system too. We both just think (I assume you're not here to defend Microsoft) their curation sucks.
I want to be sure we're pointing at the right thing here. The problem isn't that your Windows PC can end up running software because a device was plugged in, that's actually convenient and a benefit to many people and that works in Linux. The problem is what was delivered.
Remember when you used to own your "personal" computer?