481 comments

  • devttyeu 11 hours ago ago

    This is so much worse that the title makes it out to be:

      1. Your OS installs malware (technically manufacturers software) from a 3rd party vendor in background, zero user interaction
      2. Happens as soon as you or anyone with physical access plug in a device into the HDMI port
      3. That malware has internet and full system access, no sandboxing
      4. It starts with every system boot
      5. This software gets installed when you plug in a new LG monitor
      6. OR ALREADY HAD AN OLDER LG MONITOR PLUGGED IN, BECAUSE LG APPARENTLY ROLLED THIS OUT FOR MANY OLDER MODELS TOO!!
      7. And yes, if you think that's horrendous, as mentioned in the video below, that also applies to 'Professional' LG monitors!
    
    
    This situation has.. no precedent as far as I can tell..

    GamersNexus has a video diving deeper into what LG did here - https://www.youtube.com/watch?v=Q9uefFYe6bM

    • orbital-decay 10 hours ago ago

      >This situation has.. no precedent as far as I can tell..

      Printer, mouse, tablet and display tablet makers use this to insert their crapware since at least Windows Vista or Windows 7, I think. The last one I remember is plugging a Razer mouse just to watch it instantly pulling 1.5GB of bloated junk with "telemetry" exfiltrating the data from my gaming PC in realtime. At least it doesn't leave my mouse in a non-working state when I disconnect the internet, like it used to. Thanks, Razer!

      Microsoft is to blame here, really. They have a mechanism to block any vendor (supposedly to avoid reputational risks to their brand due to buggy drivers, at least that was their excuse back in the day), but aren't even using it to block these contraptions. Entire businesses are built on this, e.g. Razer is probably more of a marketing/data company now rather than a hardware shop.

      • yndoendo 8 hours ago ago

        Back in my Window days. I would start the driver installation and let it sit. Open the temp folder and copy content the install extracted to a new directory. Cancel the installation. Open Device Manager and install the drivers from there so non of the excessive bloat was installed.

        This worked greater with being an IT consultant. The client's machine to run smoother and drivers installed fast since they would buy multiples of the same equipment at once.

        Now I only use Linux on personal equipment. You have to pay me to use Microsoft products. Microsoft has become shit-ware.

        • ironmanszombie an hour ago ago

          When .INF was all you needed (and some .cat / sys)! More recently, I found out that approach can sometimes lead to missing features when using the hardware. Even though the driver is installed correctly. I was probably missing something but didn't dig deeper into it.

        • IgorPartola 5 hours ago ago

          To be fair Microsoft was always shitware. I don’t remember a time when using a Windows machine just worked, didn’t take up gigabytes of space, didn’t crash, and didn’t get messed up by simply using it requiring a yearly or semi-yearly reinstall.

          • hx8 32 minutes ago ago

            I remember when Windows didn't take gigabytes of space because there wasn't gigabytes of space, and it was still shitware.

          • inigyou an hour ago ago

            Windows in the 95-XP era wasn't exactly high-quality software, but it was genuine technical innovation, doing what you otherwise couldn't do.

          • akurtzhs 4 hours ago ago

            Windows 3.1? It was only 6 3.5” disks.

            To be fair, I had stretches of 2K, XP, 7 and 10 working acceptably.

            • hx8 28 minutes ago ago

              These eras of Windows had their own dark patterns that were incredibly anti-consumer. No one's lives were improved because they installed the Ask Jeeves toolbar, but people were asked to install it millions and millions of times.

          • LocalH 3 hours ago ago

            Microsoft BASIC was a pretty decent interpreter, I wouldn't call it "shitware", so there you go?

        • RajT88 7 hours ago ago

          7zip will do the trick for a lot of self extractors.

        • clickety_clack 8 hours ago ago

          These days, even a window gets updates.

      • thewebguyd 7 hours ago ago

        > but aren't even using it to block these contraptions

        Even worse, this one is installed via Windows update. I have an LG monitor and noticed the stupid LG app all of the sudden, uninstalled it, and saw it pop up again as an update in Windows update.

        Microsoft is actively enabling this behavior.

        • mcv an hour ago ago

          I don't understand how this is legal. Isn't this malware? Isn't it illegal to install malware on someone's computer without their permission? Or is this very illegal, but nobody cares about that anymore?

          • nemomarx 14 minutes ago ago

            you'd need to legally prove it's malware and they would definitely claim it's useful software tools that come with the hardware or something

      • londons_explore 5 hours ago ago

        Microsoft could easily make a rulebook for drivers, and say any company which violates the rulebook can only send open source drivers, or even ban them from driver distribution entirely which would quickly kill a consumer hardware brand.

      • benoau 8 hours ago ago

        My Logitech mouse does this but it prompts to install their crapware and adds that to the startup programs, it's not automatically installed.

      • kjs3 8 hours ago ago

        The last one I remember is plugging a Razer mouse

        Oh, yeah. Bought this overpriced but heavily hyped Razer mouse and it wouldn't even work right until it had an internet connection. A MOUSE. I'd never encountered something so blatantly customer hostile in my life. Never even looked at another Razer product, never will, and will tell anyone who will listen that Razer is a terrible company full of objectively terrible people.

        • Chaosvex 8 hours ago ago

          Razer was always low quality garbage at premium prices. Gamer marketing for you.

          • dimgl 8 hours ago ago

            What do you recommend instead? In my opinion the Razer mice are always superior for FPS.

            • bayindirh an hour ago ago

              I used to pulverize my friends with a Logitech G700 in Quake3/OpenArena. I'm sure it has a newer version.

              Razer was never "definitively better". It's merely competitive with other top ones, that's all. Before G700, Logitech even had a mouse with two sensors and was the undisputed king for FPS quite some time.

            • skirmish 3 hours ago ago

              Mousereview reddit always recommends looking at Chinese gaming mice, they have reasonable prices, often clone popular mouse shapes from large brands (see [1]) and have the latest sensors.

              [1] EloShapes find similar: https://www.eloshapes.com/mouse/find-similar

            • midnightbobarun 2 hours ago ago

              I'd say any cheap mouse off Amazon that has a pleasing shape is usually good enough, but I've also never ranked above gold in any competitive PvP shooter, so there's that :')

              I'm currently using a wireless ProtoArc mouse. Good shape, can adjust DPI on the fly, hasn't broken even after a year. I think it was like 30 bucks maybe?

            • ak217 7 hours ago ago

              Logitech all the way.

              Logitech is a truly innovative company. They actually care deeply about ergonomics. They also introduced the first mass market application of programmable magnets (in the MX Master mouse scroll wheel) - that's incredibly advanced materials science.

              • eknkc 4 hours ago ago

                They also managed to develop a steaming pile of shit called Logi Options+ which you need to set up your mouse (I only used the mac version to be fair)

                • Tallain 3 hours ago ago

                  You don't need it. The mouse functions perfectly fine without it. And you can even switch DPI when the mouse has a button to do that.

                  The software allows for fine-tuned settings, button remapping, etc. It is awful software, to be sure, but it's not necessary to use the mouse.

              • badpun 2 hours ago ago

                I’m no longer sure about their quality though. Out of four Logitech mice I bought recently (four different models), two died within a year. At least their warranty repair/replace process was decent.

                • bayindirh 42 minutes ago ago

                  I had several Marathon mice which broke their 3-year battery life promises, by lasting way longer. I had to retire them since their plastics degraded in some cases after 6-7 years (I had several at one point due to having multiple PCs being used every day for long stretches).

                  Currently I use their MX Keys Minis, MX Anywhere mice and trackballs. All are rock solid. Bolt receiver works great with Linux via Solaar allowing full suite of features.

                  Oh, Firmware Update Daemon supports Logitech hardware, too. If Logitech sends in new firmware, it pops up instantly to upgrade.

                • mcv an hour ago ago

                  In my family we use the Glorious Model O. My son wanted one ages ago (I got him a mini), and it was so nice, I got one for myself. Now my oldest has a big one, and my youngest uses the mini.

                  We've had them for years. The mini has lost the button that lets you select speed, but other than that they're still great. For better than the various Logitechs I had before.

                  The only real downside is the bright flashing led patterns. I've gotten used to them.

                • carey 2 hours ago ago

                  Their buttons fail way too easily, but can usually be fixed with some WD-40, CRC 5-56, or any similar thin oil.

                • prmoustache 2 hours ago ago

                  What do you do to your mouses to make them fail so quickly? Are you throwing them randomly accross the room?

                  • ssl-3 an hour ago ago

                    Some Logitech mouse switches have been known to fail in normal use.

                    At least one person has put together a good overview of what they think is happening: https://www.youtube.com/watch?v=v5BhECVlKJA (details in video description)

                  • kay_o an hour ago ago

                    They just fail. Particularly the office mice don't last very long for gaming (orders of magnitude more travel and clicks)

            • xboxnolifes 5 hours ago ago

              80% of a mouse decision should be which form fits best for your hand. Unfortunately for me that's razor mice. (Well, the Viper v2, I dont love the v3 I have now.)

            • orbital-decay 7 hours ago ago

              Some Razer mice were somewhat good in the times when the sensor mattered, with the rest of them being absolute garbage (starting with the Copperhead which barely worked). Today there's a ton of niche manufacturers with great internals that will exceed any requirements you might possibly have.

              If you're really interested in FPS performance and not just the brand, choose for the ergonomics first, it's not possible to recommend anything without knowing your play style, hand size etc. The shape and weight you like, and complementary feet and mat with the exact static/dynamic friction you need. Then check if the internals are good enough (they likely are) and whether there are any firmware issues like extra jitter on flicks or unavoidable debounce lag, then look at the required software. There's a ton of mice with excellent performance that are configurable without ANY software.

            • simoncion 5 hours ago ago

              If you can find an original Glorious [0] Model O, that's a nice piece of hardware. The new Model O looks like it only works with their new, totally garbage Glorious CORE v2 software.

              If you never want to change the DPIs, lighting, or button assignments, & etc then you don't need the software... so if what the hardware does out of the box is fine for you, then you don't need to worry about how trash CORE v2 is.

              CORE v1 is okay, but still notably worse than the Model O software. I don't know why they farmed out the development of CORE v2 to "the CEO's middle-school nephew who's 'good with computers'", but they did.

              [0] ...they were originally called "Glorious PC Gaming Race" (in homage to the Reddit meme), but dropped that last bit from their company name a while back...

              • J_Shelby_J 4 hours ago ago

                Model I with four thumb buttons is irreplaceable for me

                • simoncion 4 hours ago ago

                  I also have a Model I and am unhappy with the fact that -when last I checked- you can't configure the three or four extra buttons so they're actually buttons. Your only option is for them to generate keypresses, or do mouse-management functions -such as "cycle DPI"-.

                  This is... frustrating. Multi-button HID devices are -arguably- easier to do than something that pretends to be both a mouse and a keyboard. I get that some games may not understand how to deal with mice that have more than four or five mouse buttons, it'd be quite nice if I had the option to set things up so that I can use them as buttons in games that know how to handle them.

            • aeon_ai 7 hours ago ago

              Logitech have always made great gaming mice in my experience, at a reasonable price

            • LoganDark 7 hours ago ago

              I know hardly anything about FPS but the reason I like Razer mice is the hardware macros. Configuration profiles are saved to the device and macros are performed at the hardware level. Some actions work with the razer software but most of them don't have to.

            • vultour 4 hours ago ago

              You literally need two or three mouse buttons for a FPS game. This argument might have worked if you said MMO because there’s a million abilities you can use but there’s absolutely nothing special about Razer mice when it comes to FPS specifically.

          • kjs3 7 hours ago ago

            Gamer marketing for you.

            Which I fell for. Fool me once and all that...

      • stego-tech 9 hours ago ago

        This. Microsoft has chosen to allow this functionality, despite it being a very clear breach of trust with customers.

        LG/Dell/et al should be shamed and blamed for even trying this shit in the first place, but it’s Microsoft who holds the blame for allowing such malware and spyware trash through their own update service.

        • solarkraft 9 hours ago ago

          You’re acting like Microsoft aren’t pushing malware themselves.

          • tbrake 8 hours ago ago

            That's just a parallel fact, no one's "acting" like anything?

            What were you actually trying to say?

            • solarkraft 5 hours ago ago

              I am saying that people here seem to be appealing to Microsoft as an authority that should be interested in stopping this, perhaps because they are morally superior or concerned about their reputation. They are not.

          • brookst 9 hours ago ago

            How in the world does that absolve Dell/etc, OR reduce Microsoft’s culpability for letting their update service be abused?

      • jayd16 6 hours ago ago

        Microsoft could end up being a higher barrier but how much do we really want that?

        To me, it seems like LG is the one to blame.

        • CodesInChaos 5 hours ago ago

          > Microsoft could end up being a higher barrier but how much do we really want that?

          For drivers installed automatically via Windows Update? Absolutely yes.

          For software the user installs manually? No.

    • embedding-shape 11 hours ago ago

      > This situation has.. no precedent as far as I can tell..

      Microsoft has been allowing this sort of ludicrous behavior for decades at this point, it's not a new issue. What's new is how visible LG made their malware, compared to previous auto-installs that happen like this, where they try to make the thing not so in your face, as they know there will be a huge backlash.

      I don't know what Microsoft is thinking even allowing and enabling this sort of thing, they've lost all touch when it comes to building things for users.

      • MichaelZuo 11 hours ago ago

        Maybe some decision makers do indeed have negative aspirations…

      • ihsw 10 hours ago ago

        If you have been reading the news about Windows 11 then I will enlighten you -- they view the Windows 11 consumer business as a cost center that must be mitigated.

        As such, all manner of monetization has been approved and it will continued to be approved without regard for user experience.

        This article obviates that this is not an LG problem, it is a Microsoft problem.

        Also, don't fool yourself if you think this won't come to the Linux world.

        • Grombobulous 9 hours ago ago

          Just look at Microsoft’s revenue breakdown that they publish. Windows revenue is alarmingly small.

          I don’t think it’s a loss leader but Microsoft gets almost nothing from OEM Windows licenses and basically nobody buys it retail.

          This is not coming to the Linux world. The moment this sort of thing happens, distros get forked.

          • geon 9 hours ago ago

            Aren’t ms completely dependent on consumer windows for mindshare?

            I doubt anyone would bother getting into programming with ms tech unless they just happened to run it on their desktop.

            • ufmace 9 hours ago ago

              I don't think they are anymore. The vast majority of ordinary person computer/internet use has already moved to smartphones, tablets, smart TVs and other such devices. It seems nowadays many people don't even know the basics about how to use a desktop operating system.

              • Aerroon 7 hours ago ago

                I find this hard to believe considering how bad the UIs are on phones and TVs. Even google.com does not offer feature parity between their desktop and mobile websites.

                My phone still didn't come with a functional paint or notepad apps. Google docs is a horrible experience on phones (but at least it works now - a few years ago it was straight up unusable).

                And you're telling me that this is the only computing platform for a lot of people? How is everything still so unusable about it then?

                My experience tells me that everything mobile is basically an afterthought outside of a few dozen websites and I guess phone games.

                • embedding-shape 2 hours ago ago

                  > My phone still didn't come with a functional paint or notepad apps [...] And you're telling me that this is the only computing platform for a lot of people? How is everything still so unusable about it then?

                  Not to sound harsh, but you come at this with an somewhat old perspective, the same one I grew up with too and probably also retain too much of.

                  People don't open their phones looking for something like paint or notepad apps, they want a messenger/social network to connect with their family/friends which is most likely why they got the phone in the first place, and if they're "advanced", they'll even edit their own photos and images but via a whole host of various phone image editors. Sometimes the social network offers those things too, sometimes as separate apps, people use that sort of stuff instead of looking for "paint.exe" or tools to crop/edit images in a more, I guess "crude" way that you and I might be used to and favor still today.

                • ufmace 4 hours ago ago

                  All that stuff actually works decently well on mobile... as long as one is willing to accept certain compromises.

                  Note-taking works fine, in Google Keep, Apple Notes, or some other cloud equivalent. Yup, your data is in the cloud and owned by one of those tech megacorps, but most people just don't care.

                  Basic photo editing works okay too, in Google Photos, Apple Photos, etc. Ditto the cloud stuff.

                  What really makes most desktop users outliers is caring about, or even being aware at all of the concept of, actually owning your own data versus trusting cloud providers for everything.

                • mrob 6 hours ago ago

                  That fact that you're posting on a web forum makes you an outlier. Most people only passively consume, and mobile devices are good enough for that.

                • picofarad 6 hours ago ago

                  My phone still doesn't have a calculator app. The thought of trying to add one that isnt wolfram alpha is anxiety-producing.

              • smelendez 8 hours ago ago

                Right. Laptops are basically work (or school) tools now for a lot of people. They might have one tucked away that they pull out now and then when they need it, similar to a power drill or a sewing machine. It’s not a daily use device.

                I think it helped Microsoft historically that people used their operating systems at home, although even then a lot of people would have learned Windows at work or school first.

            • Grombobulous 4 hours ago ago

              Microsoft will happily sell you someone else’s tech stack on Azure.

              My macOS-using employer gives much more money to Microsoft than Apple.

              Cloud SaaS things they’re using: Entra ID, Power BI, Sharepoint, corporate email (365), OneDrive.

              Microsoft applications installed by my employer on my PC: Teams, Office including Outlook, Defender.

              Our applications are Java running on Linux and we could migrate 100% of our platform to Azure without any issue if we had a reason to do that.

            • eastbound 9 hours ago ago

              MS owns Typescript and NPM and Azure and LinkedIn. I know you meant programming on Windows, but even if Windows disappears, many of us will owe our job to Microsoft.

              • VorpalWay 9 hours ago ago

                Dont forget they own github too. The vast majority of open source software is on there these days.

                Yes there are other options: gitlab.com, some project specific gitlab instances (freedesktop for example), forejo / codeberg, and the Linux kernel is off doing it's own thing with mailing lists instead. I even come across code on SourceForge every now and then still. But all of these are super niche.

              • solarkraft 9 hours ago ago

                They own Typescript? I wasn’t aware that they control the organization, but that ought to be easy enough to fork. NPM is a bigger one, but also not too huge. Azure is only used by people who already have Microsoft/Windows buy-in.

                • embedding-shape 2 hours ago ago

                  > They own Typescript? I wasn’t aware that they control the organization,

                  I genuinely don't know, got curious and went to typescriptlang.org to find some "About" page or "Governance" or something else, but couldn't find anything at all about it. It was exclusively developed by Microsoft for two years, and with no other clear governance/decision structure today as far as I can see, doesn't that exactly mean that Microsoft controls the entire "organization"? It's not clear what "organization" you're referring to either, the GitHub organization? I'd assume that's also 100% Microsoft controlled.

                • chuckadams 7 hours ago ago

                  They created TypeScript, and maintain it now. It's not exactly a business for them, no one is buying "TypeScript Enterprise" subscriptions. It's all under the Apache License 2.0 and certainly big enough that if they started pulling anything untoward, it would see a fork. Sometimes Microsoft produces an unalloyed good, they're not a monolith.

              • SinkingRock 9 hours ago ago

                And VS Code, and Github...

                • tosti 8 hours ago ago

                  Soooo... Not anything we couldn't miss.

          • mrob 6 hours ago ago

            >This is not coming to the Linux world. The moment this sort of thing happens, distros get forked.

            I installed Debian 13 recently. The first time I opened Firefox ESR (installed by default), I got something that looked like adverts on the home page (banner blindness means I have no memory of what they actually were, only of the feeling of disgust). The Home section of the Settings page had options for "Sponsored shortcuts" and "Sponsored stories" enabled by default. Changing a default setting is a lot easier than forking software, yet it was not done.

        • necovek 9 hours ago ago

          As long as you have a computer that can run unsigned software, or software signed by yourself, this won't come to Linux as non-optional features: you can always recompile your kernel removing things you do not want like this.

          • tosti 8 hours ago ago

            And before anyone goes "but I can't patch that!", all it takes is one clever guy to write the patch.

            This is also why the bazaar model of Linux distributions is beneficial. You get more choice.

          • numpad0 8 hours ago ago

            Ubuntu snap

            • drnick1 6 hours ago ago

              Just use Debian. It's just as easy to install and use nowadays, and does not come with bloatware/malware.

        • kstrauser 7 hours ago ago

          It hasn’t come for the much larger Mac world yet.

          I think literally the only driver I’ve installed for any accessory of any kind is the config utility for a Stream Deck. I certainly never install mouse (thank you Steermouse!) or printer drivers, let alone a monitor driver of all things.

        • treyd 9 hours ago ago

          > don't fool yourself if you think this won't come to the Linux world.

          I'm curious what you mean by this. I'm not necessarily rejecting the point, but I also don't see how this could happen without substantial shifts in the industry first.

          • evilduck 7 hours ago ago

            Yeah, curious here too. Torvalds would need to pass first I think, and I just don't see other major players like RedHat, Google, Canonical, or Valve introducing this themselves or agreeing to do it in aggregate. And as end users we could still fork and patch it out. Some shitty company might try but I don't think it would stand.

            • mixmastamyk 5 hours ago ago

              Lots of bad ideas have come to Linux, like non-consensual telemetry, mobile-first interfaces etc. Don’t believe? Run OpenSnitch.

              Traditional CADT means features get lost over time.

              It is not immune from these forces, just not a focus by the powers that be. Fewer developers remember the good old days of Y2Kas as well, meaning they don’t resist these forces instinctively, since they grew up in iOS captivity.

              • hparadiz 3 hours ago ago

                Telemetry is anything including a process list. If you're talking about eBPF it's also used for debugging and server fleets and recently in basic task managers. Any data can be used to take a magnifying glass to the system. The kernel has literally thousands of toggles for this from networking to threading. And yes a program can see what your kernel supports and yes it can refuse to run if you're not running a specific kernel with a specific feature. How do you think programs like open snitch even work?

                https://github.com/evilsocket/opensnitch/wiki/monitor-method...

      • joe_mamba 11 hours ago ago

        >I don't know what Microsoft is thinking even allowing and enabling this sort of thing

        This has been a feature since Windows 7, and it worked great since it would pull all necessary drivers after installation without you going hunting on the internet like in the Windows XP days.

        Just that no HW manufacturer thought to push spyware in their driver repos at that point to improve some team's KPIs.

        • coldtea 10 hours ago ago

          >and it worked great since it would pull all necessary drivers after installation without you going hunting on the internet like in the Windows XP days.

          A driver shouldn't be a front-facing program that shows ads of any kind. It should be sandboxed and follow strict APIs to talk to the OS and that's it - any extra options should be shown inline in the main e.g. printer or mouse dialog.

          • threetonesun 9 hours ago ago

            And then what, ever single gaming mouse/keyboard config is going to appear in the Windows UI dialog? I think extra options in an app is fine, but you should have to download it. At which point who knows what you’ve opened yourself to but at least you chose to do it.

            • VorpalWay 9 hours ago ago

              > And then what, ever single gaming mouse/keyboard config is going to appear in the Windows UI dialog?

              Actually, why not? The driver could declare a list/tree of extra configurable options, and windows could generate a configuration dialog for them. I think this is already is thing in Windows for NICs, I remember seeing TCP offload options when I go into properties for a NIC in the device manager.

              You just need to make it a bit more accessible to non-tech users and with more modern control options such as colour wheels for RGB.

              And the Linux software for these sort of devices (when such software exist) don't tend to be as bloated. Usually the driver just exposes some control files under /sys and someone else builds a GUI or such on top. But there is no reason you couldn't also expose a schema that describes what the options do to make a more generic GUI for those.

              • threetonesun 7 hours ago ago

                As a user I agree, but I think this misunderstands the Windows market. Forget about mice for a second, if you look at GPU drivers between Linux and Windows on Linux they... just work, and you can use some apps to modify exposed features, like you said.

                On Windows out of the box they kind of work, but you really need a manufacturer's software suite to take full advantage of them, and that software suite is, surprise, an advertising and analytics platform, a situation I think both Microsoft and the peripheral manufacturers are very happy with.

                • coldtea 4 hours ago ago

                  >On Windows out of the box they kind of work, but you really need a manufacturer's software suite to take full advantage of them, and that software suite is, surprise, an advertising and analytics platform, a situation I think both Microsoft and the peripheral manufacturers are very happy with.

                  What we're saying is this shouldn't be allowed by the OS to begin with. Not to merely use the peripheral in any case.

                  Whether Microsoft is happy with allowing it, is another matter.

                  Perhaps some law accompanied with hefty fines can make them less happy doing it.

            • isityettime 7 hours ago ago

              Configurable peripherals should store their configurations entirely on-board, and they should be configurable using a well-understood protocol. Users can then use either the vendor's application, a common third-party application, or the configuration interface native to their desktop environment to configure them. When they plug them into a new machine, they should just keep working without having to install any configuration software.

              Many generations of Roccat peripherals were usable this way on Linux, thanks to the work of one generous volunteer who reverse-engineered them.

              Companies like Logitech don't store their devices' configs in firmware in a way that "forces" you to run some additional shit to use all of their features (some features aren't implemented in software). It's a convenient excuse that allows them to push their spyware onto users, but it's totally unnecessary.

              A vendor that was actually "user friendly" in the deep sense (opposite of "user hostile") would do this themselves; configuration would be upstream-first via libratbagd or whatever, and then they'd provide their own configuration interface as a value-add for a uniform cross-platform experience, or in areas where they thought they could provide a better UI than the design principles of KDE and GNOME, or so that they could have a uniform interface to refer to in their documentation.

            • coldtea 4 hours ago ago

              >And then what, ever single gaming mouse/keyboard config is going to appear in the Windows UI dialog?

              Yes. Via some standard protocol to show checkboxes, radio buttons, drop down selections, etc.

            • LucasOe 7 hours ago ago

              Drivers should just make my stuff work. If I want to configure my hardware, I download the app from the manufacturer's website.

            • solarkraft 9 hours ago ago

              Yes! Extra apps suck.

          • michaelmrose 9 hours ago ago

            Linux users think of a driver as the thing that makes my silently hardware do the existing things its supposed to do like every other item in its class.

            Windows users think of the driver as what makes the hardware do what everything in its class does but subtly different and somehow glued to a command center with its own unique and bad GUI auto started, in the tray, with its own update schedule, and ads.

          • MatejKafka 8 hours ago ago

            How exactly do you propose to sandbox drivers running in kernel space? Do you even know how drivers work? (I'm guessing no, based on this comment)

            • masfuerte 8 hours ago ago

              The User-Mode Driver Framework is a thing. Most plug-in devices do not need (or have) a kernel-mode driver.

              • MatejKafka 7 hours ago ago

                Yes, but unless all 3rd party drivers can run in userspace (which is not really feasible), Microsoft needs to give vendors the option to install a kernel driver, at which point a vendor can always decide to ship a kernel driver and bypass any restrictions.

                Imo, the only thing Microsoft can meaningfully do here from their side is threaten LG with pulling all their drivers if they keep doing this.

                • dwattttt 12 minutes ago ago

                  Drivers still need to pass certification & get signed. Microsoft does get to reject them.

                  I can't imagine the group doing this validation is sufficiently manned/funded; it's a cost centre, and the effects of cutting it don't show up for years.

            • milesvp 7 hours ago ago

              There are people working on this problem honestly. The general solution 10 years ago was a micro kernel. Today, I’m not sure. The linux model is starting to look dated, with similar problems elsewhere. Modern hardware design looks less and less like classic textbook design, with all kinds of random chips having direct memory access to memory the cpu uses on some shared bus. Where even things like on board blue tooth chips can become attack vectors on the system.

              There was a good keynote on the topic 5 years ago By Timothy Roscoe

              https://www.usenix.org/conference/osdi21/presentation/fri-ke...

              • MatejKafka 7 hours ago ago

                Agree with all of those points and there are some partial solutions (IOMMU, userspace drivers, virtualization,...), but we're still quite far from being able to safely connect untrusted hardware and load its driver without effectively giving it privileged access.

            • toast0 6 hours ago ago

              Microsoft has a program to do static and dynamic analysis of drivers... not a sandbox, but better than nothing. Of course, wonky drivers plus wonky hardware can still do bad things (io-mmu can help, a bit).

              The problems tend to be in the userspace software that's also installed with the driver. Sometimes there's also some pretty derpy stuff where the driver wants to talk to the userspace software but there's no validation/verification and that opens up a big hole.

            • coldtea 4 hours ago ago

              First of all, drivers don't have to run in kernel space. Do you know that? I'm guessing no, based on your comment.

              Second, we're not talking about the drivers per se, as those aren't what shows you ads, it's the configuration software and accompanying crapware. Did you get that? I'm guessing no, based on your comment.

              Third, there are capability-based kernels, microkernels, drivers that are allowed into as restricted bytecode, IOMMU, and several other layers of security. Do you know that? I'm guessing no, based on your comment.

              • Dylan16807 3 hours ago ago

                You don't have to counterbalance every useful sentence with a toxic message.

                • coldtea 3 hours ago ago

                  You do, when you're responding to "Do you even know how drivers work? (I'm guessing no, based on this comment)". I'm merely giving them back their toxic comment right back.

                  • Dylan16807 2 hours ago ago

                    I'm not sure how I missed they did it first, but doing it more isn't really helping. Oh well, I shouldn't have said anything, it's not great but it's not worth fussing about.

                    Though there is a limit to how much you can effectively sandbox a driver for most devices. They do have a point even if they made it badly. I know you listed some methods but they don't generalize to arbitrary devices very well.

              • MatejKafka 3 hours ago ago

                Read sibling comments to get answers to all your (non)questions.

                • coldtea 3 hours ago ago

                  Strange how you didn't read them then, based on your rude and false response to my comment.

        • marcosdumay 8 hours ago ago

          > Just that no HW manufacturer thought to push spyware in their driver repos at that point to improve some team's KPIs.

          Except for every printer, some popular GPUs, Microsoft's peripherals...

        • wat10000 9 hours ago ago

          Auto-run when inserting a CD worked great, until people realized you could do bad stuff with it. User action must be required to run or install new software.

          • jayd16 6 hours ago ago

            OK so you get a pop-up that says "install driver or it won't work" and so you do and then you're at the same situation.

            • wat10000 an hour ago ago

              Or you don’t and you return this piece of garbage for a refund. I hope you can see how this is much superior to auto-installing malware.

    • Findecanor 11 hours ago ago

      A few years ago, plugging in a Razer USB mouse made Windows download and run a installer from which the current user could start PowerShell with administrator privileges. Razer first tried to downplay the issue, but fixed it later. [1]

      The USB protocol does not have any authentication, just a VendorID/ProductID pair: 2×16 bits that Windows uses for looking up the driver package to install. Programming a MCU to use any VendorID/ProductID is straightforward. A USB device could even appear innocuous at first but after a timer or external trigger disconnect and reconnect masquerading as another device.

      1. https://arstechnica.com/information-technology/2021/08/need-...

      • globalnode 9 hours ago ago

        not a usb programmer, but are you saying i can buy any old usb chip and program it with any vendors ID and spoof windows into giving me admin? if so, gj micrcosoft.

        • Findecanor 8 hours ago ago

          You could use any programmable microcontroller with a USB interface. Consumer products tend to have fuses set to they can't be programmed again.

          The latest driver registered with Microsoft for the product you're going to spoof would need to have a vulnerability to exploit. You can't supply any driver.

          • globalnode 7 hours ago ago

            ok thanks, so its not as bad as i thought.

        • nottorp 9 hours ago ago

          You can pretend to be any vid:pid with usb gadget mode. For example with a raspberry pi zero something.

          But you can't pretend to be any vendors id, only the ones with vulnerabilities. And the drivers or spyware will be downloaded by windows from the vendor's site, not from your peripheral.

          But yes, usb device identifier is done through software/firmware.

          • ssl-3 an hour ago ago

            Oh, it's worse than that.

            A USB attack-widget isn't limited to just one VID:PID pair. It can present itself as as hub with as many VID:PIDs behind it as is useful. (This isn't new or exotic functionality; the very first USB thumb drive I ever owned did this as a built-in, maybe 20 years ago.)

            So, for instance: A single physical widget can present as a thing that makes Windows install vulnerable software, and as a keyboard that issues commands hook that vulnerability, and as a storage device that provides a payload, while also [or ultimately] appearing as the fully-functional device that the user actually intended to use.

            Game over.

            The end-user might see a brief flurry of stuff happening while this goes on, but that's no big deal: End-users are already accustomed to seeing that kind of thing when new hardware is introduced, and clicking whatever button it is that they're required to click in order to proceed.

        • mrob 5 hours ago ago

          You can also spoof a keyboard and simulate keystrokes to open terminals and run arbitrary commands. I don't know about Windows, but on Linux it's possible to block USB connections by default and filter them in userspace:

          https://usbguard.github.io/

          This allows enforcing rules like "never add an additional keyboard". But the USB protocol has no support for strong device authentication, so there's no way to prevent a device from acting like a malicious version of something in the device class you expected it to be without abandoning "plug and play" altogether (a reasonable solution in secure environments where unused ports are often physically blocked).

        • mcv 44 minutes ago ago

          I've heard so before: that USB is a massive security hole. At least in Windows; I don't know if other OSs are also vulnerable.

          Better to just never stick strange USB sticks in your computer.

        • MatejKafka 8 hours ago ago

          You can "spoof" any system where you can load older drivers into giving you admin/root, you just need to find a vulnerable driver. Nothing Windows-specific in that.

          • tosti 8 hours ago ago

            Also, disabling drivers from windows update is enforceable with group policy (iirc).

            The BSDs have config, Linux can run without module support.

    • Someone 8 hours ago ago

      > This situation has.. no precedent as far as I can tell..

      - https://support.microsoft.com/en-us/windows/hardware/drivers...: “Windows can automatically download recommended drivers for the hardware and devices connected to a system by using Windows Update“

      - eight years ago: https://www.reddit.com/r/Windows10/comments/8tlre3/why_is_it...: “I can't seem to stop it from installing device drivers, even after unchecking the 'Do you want to automatically download manufacturers' apps and custom icons available for your devices?' and saving.

      I uncheck it, reboot. Uninstall all drivers except USB (so I can use mouse and keyboard) and reboot. Aproximately two minutes after the reboot, I get notification ballons telling me everything is installed again. Heck, even the super old Nvidia 388.1 driver is installed (the latest now is 393.2).”

    • sigio 11 hours ago ago

      I can only conclude that Windows is basically malware now... Thank $deity I haven't used any form of Windows for 10+ years anymore.

      • bunderbunder 10 hours ago ago

        “Now”?

        This is nothing new. For about 30 years now Microsoft has been constantly repeating various flavors of this “make it so a thing can automatically and silently run programs as soon as it touches your computer” thing. It’s always done in the name of user convenience. It always ends up being a fiasco. I don’t know why they keep doing it, it’s not like the exact same PHB keeps making the same decision over and over for 30 years. It’s probably one or a combination of the many well documented flavors of stupid that are deeply baked into the company’s organizational culture.

        (And before the inevitable response, no this is not defending Microsoft. Pointing out that an organization’s culture is too deeply, chronically stupid to avoid opening the exact same obvious and gaping security hole over and over and over and over again is not the same as saying, “it’s fine, actually.”)

        • ryandrake 7 hours ago ago

          > It’s probably one or a combination of the many well documented flavors of stupid that are deeply baked into the company’s organizational culture.

          It all comes from the increasingly widely held idea that the user should not be the ultimate authority over what should run on his computer. The OS vendor should have a say. Third party developers should have a say. Device manufacturers should have a say. Anyone except the user, who is just a passenger on his own system. And this mentality is not limited to Microsoft.

      • RetroTechie 10 hours ago ago

        > I can only conclude that Windows is basically malware now...

        Windows has worked like spyware since what, the late Windows 7 days or thereabout?

        End users should not regard this as inevitable. Or get caught up in the how-it-works-how-to-disable swamp. Instead, cut through to the essence. It's about respect:

        # Microsoft does not respect Windows users (or users of any of their offerings?).

        # LG does not respect people who buy their monitors (and perhaps other products?).

        Knowing that, why would you use such a sleazy company's product for daily driving? Or give them your money? Would you buy bread from a baker who pisses on your lawn every time you're not looking?

        User rights or consumer protection laws aren't even part of this equation. Although they do help (sometimes a lot!) to keep companies honest.

        • flaunf221 10 hours ago ago

          > why would you use such a sleazy company's product for daily driving

          Because alternatives are much worse or not available for scenarios people need.

          There, I've said the obvious.

          • ezst 8 hours ago ago

            That may sound obvious to you, but it's not for many, and this opinion of yours is shared by fewer and fewer people.

            • flaunf221 7 hours ago ago

              Some things not having viable alternatives on MacOS/Linux/BSD/whatever-else is not an opinion of mine. It's just life.

              • ezst 4 hours ago ago

                I didn't mean that you were nonfactual, only that you overgeneralise.

            • tosti 8 hours ago ago

              It should be a choice. They were or nearly were convicted for being a monopoly. For most users, they're not even aware there's a hardware/software distiction.

              MS-Windows GUI has cashed on this unawareness since 95. "My Computer", "The computer needs to restart"... Being deliberately incorrect to add to the existing confusion.

      • fooker 10 hours ago ago

        You're missing out on 37 different unrelated things being named copilot.

      • MatejKafka 8 hours ago ago

        How it it a Windows issue that driver developers pack garbage with their drivers? If Linux supported loading 3rd party drivers (it mostly doesn't, and if Windows did that, the whole internet would be up in arms about Microsoft locking down their OS), it would have exactly the same issues.

        This is basically the same as downloading a program, running it and when it downloads garbage on your computer, complaining that Windows are dumb for allowing a program to download garbage.

        • toast0 6 hours ago ago

          > How it it a Windows issue that driver developers pack garbage with their drivers?

          Because windows update automatically installs the garbage when the device is connected.

          Microsoft could control the content of the software it automatically installs, but they don't. That's the issue.

      • bcraven 10 hours ago ago

        This is one of those typical HN replies that adds absolutely nothing to the discussion.

        • Geezus_42 10 hours ago ago

          Much like your own, and this one!

          • phikappa 9 hours ago ago

            I wonder if this ritual of meta-self-policing serves some particular purpose or if it's just a case of the brain drawing comfort from going through a familiar ritual. "This comment adds nothing" is like the reverse amen in church of our days.

            • warshinder 8 hours ago ago

              Another example of context collapse. Meta-meta commenting always adds something if only unironically.

            • pseudalopex 8 hours ago ago

              The purpose was to discourage comments which added nothing I thought.

          • stavros 5 hours ago ago

            The GP comment adds social pressure so useless comments are less likely to be made.

        • coldtea 10 hours ago ago

          It's a discussion, it's not a panel to further scientific inquiry. Sentiments and opinions also further a discussion.

        • exe34 10 hours ago ago

          It confirms for me that I too made the right choice and it reminds people that haven't made the jump yet that they have a choice in how their operating system treats them. I'd say it added a lot more than your comment.

    • TacticalCoder 4 minutes ago ago

      > 1. Your OS installs malware ...

      Your OS is malware.

      We're talking about Windows here.

    • internet2000 8 hours ago ago

      > This situation has.. no precedent as far as I can tell..

      You got a lot of replies already, but there's so much precedent. Plugging a Logitech mouse installs a network capable, autolaunch capable, pop up app for at least the past 10 years. LG's thing seems grodier, but this has been common Windows-ism for a while.

      • fuzzfactor 7 hours ago ago

        Plus even when the Logitech mouse has been moved to a different PC, the former PC will continue to get Logitech updates anyway.

        Apparently so they will be one step ahead of you in case you decide to plug it in again sometime.

        Graphics cards can do this too, you remove the card and go back to the motherboard's built-in HDMI port, then one day here comes a big update for the non-existent graphics adapter.

    • Sharlin 10 hours ago ago

      Perhaps no precedent in hardware, but it's basically the same as the good old Sony CD autoplay rootkit fiasco. Except this one runs in mere userland AFAICS.

    • chrisjj 7 minutes ago ago

      [delayed]

    • halJordan 9 hours ago ago

      Unprecedented? Have you installed a Dell/Alienware monitor recently? I hope you enjoy having the unsigned awcc.exe autostarting with no visible ui doing good knows what with no documentation from Dell

      • jms703 3 hours ago ago

        Yeah, I was looking for this comment. Dell/Alienware have been doing this for YEARS. Part of the many reasons I moved from Window to Linux.

        • mcv 39 minutes ago ago

          Is Linux certain to be safe from this sort of thing? I used to use lots of Dell monitors.

          Are there any brands that are known not to do anything like this? I'd like to reward them with my patronage.

          • vanc_cefepime 9 minutes ago ago

            I would like to know too. I purchased a OLED Alienware monitor back in 2022 when they first came out. Ive had a Linux/Windows dual-boot system but around 2023-24 I erased my Windows partition.

            My uneducated guess is that it would be pretty difficult for something like this to autoinstall on linux without your permission. They can "recommend" you to install their app, but just plugging it and getting adware/malware, I hope it would be difficult.

            Unlikely for any brand out there not to do this. Samsung will do it eventually if backlash isn't bad with this one with Alienware/Dell/LG. Maybe Benq, viewsonic, monoprice? I dont trust Asus not to do it either.

            I have a LG TV and never connect it to Wifi. Never did I think just plugging in a HDMI cable would do this.

    • dathinab 9 hours ago ago

      > This situation has.. no precedent as far as I can tell..

      depending on how you look at it it has quite a bit of precedence as this falls under a long list of MS shipping "intended behavior most security researcher would assign a CVE and require it to be fixed as min. requirement for Windows usage in any company"

      other wtf. microslop cases include:

      - "install arbitrary software w. admin rights hooks" in BIOS which theoretically is there to install BIOS update software but there had been cases of 1. it installing other unwanted software, 2. the updater not fulfilling most minimal security standards (i.e. similar, due to 2. maybe even worse then the monitor case)

      - "on boot without password requirement boot arbitrary stuff from a USB stick if correctly named" allowing a trivial bypass of TPM based full disk encryption, yes different thing but another "MS without authentication runs potentially harmful 3rd party software"

      - "init scripts on USB devices", I think they stopped doing that

      - ...

      given that Microsofts security researchers are definitely _not_ incompetent idiots, you can safely assume that all of this features where implemented knowing what user hostile hazards they are and against their own security teams recommendations (or bypassing that team knowing they would say "wtf. no", or similar)

      most absurdly MS has in all of this cases enough means to enforce a "just drivers no ad-ware/spy-ware or you get banned" policy, and could do it in a way where they still allow non-allow-listed/ban-listed hooks to be run iff the user consented to it with appropriate warnings and "remember this decision" functionality in case they say no (which besides other aspects might be relevant from a "not steeping onto anti-trust landmines" POV, through mostly older judgements as the US kinda moved from hindering oligopoly to pushing for it).

      combine that with the huge f*-up of Azure in the past and their systematic mishandling of it, and no indication they will change this behavior, I really don't understand how any Company/Government agency could trust them

    • miki123211 7 hours ago ago

      8. ANd this isn't specific to LG. If LG can do it, anyone can, even if they aren't right now.

      Buying from companies you trust isn't a solution either. Founders sometimes get into fatal car accidents or lose some of their assets in messy divorces. THe new owners may not care about "brand reputation" and sell the company to the highest bidder.

    • xahrepap 8 hours ago ago

      I have a windows computer that tries to install HP Printer software automatically because it detects an HP printer on the WiFi. No physical access needed

    • wnevets 5 hours ago ago

      > OR ALREADY HAD AN OLDER LG MONITOR PLUGGED IN, BECAUSE LG APPARENTLY ROLLED THIS OUT FOR MANY OLDER MODELS TOO!!

      Just think about how many times hardware manufactures told customers to buy new equipment because they can't be bothered to patch the older models.

    • Kelteseth 11 hours ago ago

      It is the same when you plug in a Logitech mouse nowadays, no? At least they don't install McAfee

      • vladvasiliu 11 hours ago ago

        I have a logitech mouse and I'm pretty sure I was asked whether to install the logitech app, it didn't do it automatically. Same for the dell mouse I have at work, it asked to install dell somethingorother, which I declined, and it left me alone.

        • d_k_f 10 hours ago ago

          Anecdata from two days ago, after installing a fresh Windows 10: after inserting the dongle, a definitely non-native (styled by Logitech) popup asks me whether I want to install their app. I decline. One reboot later, the app is available in the start menu.

          Edit: To be fair, I immediately uninstalled it, so I don't know if this was "just" a link to their installer app or the full app. But something definitely got downloaded and moved to a place I could not have moved it myself without accepting a UAC prompt m

          • vladvasiliu 7 hours ago ago

            Yeah, the questions showed up in non-native dialogues in both cases. I installed the Logitech one, but not the Dell. But then again, even freaking Office looks non-native on Windows, so I don't really pay attention to this aspect.

    • coldtea 10 hours ago ago

      And people think macOS sandboxing is "hyperbolic"

    • theamk 3 hours ago ago

      That's just living in the Windows world.

      After start menu ads, I don't understand why people are being surprised anymore.

    • jakzurr 6 hours ago ago

      Thanks - really got my attention. And, the video makes me sick.

      I'm still looking at my 10 year-old LG monitor with suspicion, now, but I'm thinking (hoping) it's just too old...

    • stockmarketer 7 hours ago ago

      >This situation has.. no precedent as far as I can tell..

      I want to believe you, but somehow I can't, I feel like our industry has already mastered the art of installing malware on customers' devices.

    • sixothree an hour ago ago

      If this were a person doing this, they would be in jail.

      • mcv 38 minutes ago ago

        Companies consist of people.

    • herbst 10 hours ago ago

      As if the world needs more reasons to understand that windows is activly making your life worse. Step by step.

    • orblivion 8 hours ago ago

      Thank you for the summary. As a Linux user, am I spared because of relative obscurity, or is it that Microsoft is explicitly allowing this to happen?

      • preisschild 5 hours ago ago

        Linux only auto-loads the drivers in the kernel tree

    • tomaskafka 3 hours ago ago

      I understand shitty brands want to do this.

      The bit I don’t understand is Microsoft making an infrastructure that allows this, lets shine the shame light here.

      • theamk 3 hours ago ago

        Have you installed Windows recently? It is full of ads.

        If Microsoft can push ads to users, why can't LG?

    • greggsy 4 hours ago ago

      Logitech have been doing this for years

    • formerly_proven 8 hours ago ago

      > This situation has.. no precedent as far as I can tell..

      No, this has been going on for years. Vendors have been pushing malicious software through the Windows Update automatic driver installation since forever. MSI and Nahimic/A-Volute (this has watchdog daemon to instantly reinstall it as well as the main app protecting the daemon), the ASUS Armory Crate bullshit, the Lenovo garbage, which initially they only put into their own images, but then started force-installing via Windows Update, Gigabyte, ... the list is really long.

      If you have to use Windows, you really absolutely should disable driver installation through Windows Update.

    • bravo777 7 hours ago ago

      Have you been using Gentoo or FreeBSD for a long time and then suddenly remembered Windows exists on the same day this news dropped?

    • DrJaws 8 hours ago ago

      this has happened to me with dell monitors since years ago, also with razer peripherals.

    • phendrenad2 8 hours ago ago

      I'm tired of everything being classified as "malware". The word has no meaning anymore. Malware can mean "zero-day state-sponsored ransomware attack" or it can mean "software was automatically installed by a trusted consumer-beloved company because they forgot to make an opt-out window" (which is what I'm guessing happened here).

    • IshKebab 11 hours ago ago

      USB devices can also do this now. I have a Razor microphone which is otherwise a great device and requires no software to function. At soon as you plug it in to windows it tries to install some Razor crapware.

      It's not quite as bad because it's not silent and you can say no, but I'm pretty sure that's only because Razor decided not to be completely evil.

    • beAbU 9 hours ago ago

      Logitech pulls (pulled?) the same shit when you connect one of their pheriferals to your PC.

    • hulitu 3 hours ago ago

      But thanks to Secure Boot, your computer is secure. /s

      When will people understand that malware is signed by the vendor ?

    • silverlimetea 10 hours ago ago

      Buddy let me welcome you to the Internet where your phones and emails are literally listening to your microphone like it’s Watergate.

      It’s not unprecedented at all for Microsoft or anyone to download what amounts to spyware.

      The days of antivirus were replaced by advertising a long time ago. There is no privacy.

      Most savvy types are hyper aware of every process running on their machine especially those using network lol

      Kill the process or don’t by an LG. Everyone just uses Dell, or you’re rich and you get a Mac one. I don’t make the rules

      • brynnbee 9 hours ago ago

        Savvy types use Linux

        • ikidd 9 hours ago ago

          I've gotten to the point that if you're trying to show me something and I see you're using Windows, I just assume you're an unserious person and it's worthless.

          All the major tools for advanced work are Linux-based, and there's maybe a Windows version, but it's probably a kludge like Docker Desktop.

          • delta_p_delta_x 8 hours ago ago

            > All the major tools for advanced work are Linux-based

            No, they aren't. Linux hasn't yet got anything remotely close to PDB symbol servers and WinDbg's record-replay debugging. perf is... an attempt.

            Source: worked on Windows and Linux drivers and user-mode applications. Windows tooling blows the competition out of the water in actually advanced developer experience. Vim is cool to the ricing hackerman types but not people who actually earn salaries. Windows doesn't need Docker because it has a stable user-mode ABI.

            • warshinder 8 hours ago ago

              I know you’re joking, but there is a very small sliver of truth in there somewhere. There are some tools on windows that stand shoulder to shoulder with better os’s.

            • silverlimetea 8 hours ago ago

              > people who actually earn salaries

              Maybe a hot take but the world's "most advanced software engineering" is not happening in W-2 employment scenarios.

            • theamk 3 hours ago ago

              advanced work != advanced tools

              You can have basic and not very user friendly tool, and work on very advanced topics, such as new forms of networking, innovative database, cool filesystem or storage devices, etc...

              Or you can be an advanced windows developer with very nice tools, and yet work on something utterly mundane, like an internal app which tracks time off in your company, schedules delivery of parts, or provides a (granted, very nice and polished) UI to the backend database server which runs Linux.

              In my experience, most of the advanced work is done on Linux nowadays. Just look at HN front page - how many posts are Windows-only and are not "new UI over existing library/service"?

              • delta_p_delta_x 2 hours ago ago

                Windows does plenty of 'advanced work'. Almost all video games are written primarily on and for Windows.

                > In my experience, most of the advanced work is done on Linux nowadays

                That's because your experience probably hasn't ever included work on Windows internals. Take it from someone who has—the complexity and 'advancedness' of the stuff running on Windows is at least equal to that of Linux or any other OS. The fact that Windows can so thoroughly abstract the computer away from the user is in itself a massive feat that few other OSs have really managed.

                > Just look at HN front page - how many posts are Windows-only

                The overwhelming majority of posts on the HN front page are now LLM slop or web development. I seriously dislike this insinuation that work done on Windows is, as the grandparent claims, 'unserious' or less advanced.

  • delta_p_delta_x 12 hours ago ago

    Workaround:

      gpedit.msc
      Computer Configuration > Administrative Templates > System > Device Installation
      Prevent automatic download of applications associated with device metadata
      Set to enabled
      OK
    
    On home editions sans gpedit.msc:

      sysdm.cpl
      Hardware tab
      Click Device Installation Settings
      Under 'Do you want to automatically download manufacturers' apps for your devices?', select 'No'
      Save Changes
    • Someone1234 11 hours ago ago

      Worth noting that gpedit.msc isn't included in Windows Home editions (although there are unsupported ways of adding it). This is also technically asking a lot for working around issues that shouldn't exist.

      Microsoft needs to intervene here, this cannot be a normal expectation for using their product.

      • yonatan8070 9 hours ago ago

        > Microsoft needs to intervene here

        Yeah, they've never pushed ads or installed software without the user's consent.

      • AlienRobot 10 hours ago ago

        Me on Windows 7: I don't want to use Linux, you have to keep configuring every single thing so it works.

        Me on Linux: I don't want to use Windows, you have to keep configuring every single thing so it doesn't show ads.

        • VorpalWay 8 hours ago ago

          Linux usability has come a long way in recent years. I switched full time to Linux in 2006, but I can absolutely understand those who wouldn't back then.

          These days? Unless there is a specific piece of software that can't run on Linux (or under Wine), and there is no suitable replacement for it? Yeah I don't know why you would voluntarily stay on Windows (note voluntarily, if IT policy says you must that doesn't count).

          • miki123211 6 hours ago ago

            Accessibility.

            All accessibility stacks sucks in some respect, but Linux's sucks most of all, and Wayland people in particular don't seem to be willing to compromise on security (which is required for accessibility to work).

          • drnick1 5 hours ago ago

            QEMU is also a good option for Windows software that won't run on Wine. Unless you explicitly pass through a peripheral, Windows won't see it and start downloading malware in the backgroud.

          • antisthenes 3 hours ago ago

            Not to mention AI assistants are really good at helping you solve problems on Linux.

            Yeah, I know, it's not the same as "knowing" a system when you just copy paste terminal output, but if it solves a problem and converts 1 more person to Linux from W - that's a win.

            • MatejKafka 3 hours ago ago

              Agents work well on Windows for sysadmin stuff - PowerShell gives them an easy way to interact with Registry, event log, WMI and other facilities in a structured way.

        • driverdan 9 hours ago ago

          Can you even disable all the ads on Windows 11?

          • MatejKafka 3 hours ago ago

            Yes, and it's still fairly easy.

      • delta_p_delta_x 11 hours ago ago

        Edited with another method.

        • Someone1234 9 hours ago ago

          That's great, thank you.

          What's frustrating about that is that Microsoft has also gone out of their way to make it difficult to access the [legacy] System Properties (sysdm.cpl), while not fully reimplementing all the features into the Settings app. Including this one.

          They've only been working on this 10+ years...

          • efreak 2 hours ago ago

            What's more frustrating than that is the inability to have more than one control panel open at a time. Have your post of issues software open and want to change display resolution real quick? Sorry, you've lost your place in the list. Security settings are a separate app, but it's even worse because it requires elevation _every time_ before it can reload the list of issues. You thought this executable was already bypassing whatever protection, so you elevate to open the list of exceptions...then lose your place in the log and have to elevate yet again to find out the details...and open each list item in turn because the main list doesn't provide enough details to know know which item you were looking at and there's no detailed view. But you still can't cross-reference against your list of exceptions and forgot to take a screenshot, so you have to start over.

          • delta_p_delta_x 9 hours ago ago

            *.cpl, *.msc, etc are Windows sysadmins' (and developers') bread and butter; Microsoft will never get rid of them. I am betting (maybe hoping...?) that Windows 12 will undo the changes in Windows 8, 10, and 11 as bad experiments and return to what Windows has done best, which is discoverable GUI configuration. Let's see.

            • Someone1234 9 hours ago ago

              You're much more "glass half full" than me, but one can dream.

        • fuzzfactor 9 hours ago ago

          Also found in the GUI:

            System > About > Advanced System Settings link > Hardware tab > Device installation settings
            Do you want to automatically download manufacturers' apps for your devices?
            set to No
          
          The default setting has been "Yes" for a very long time but most monitors over the years have simply used the default plug-and-play Windows monitor driver instead of installing their own. Triggering no additional downloads for the life of most computers. It just so happens that monitor manufacturers better adhered to the Microsoft guidelines for hardware compatibility earlier and more adequately than most devices. This might very well have been a reliability tactic since graphics drivers were still quite a moving-target shitshow, which in some ways is still ongoing.

          So people have mostly never gotten accustomed to monitor drivers having any consideration at all, while drivers for graphics themselves and other new hardware has often had some associated downloads that people have become familiar dealing with.

          Looks like LG finally took this long-standing opportunity to do some deeper enshittification than previously imagined. Simply taking advantage of a domino effect that has been lurking for decades.

          A couple other related gpedit options if you don't even want the drivers themselves to change after you have gotten them correctly installed:

            gpedit.msc
            Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication settings
            Turn off Windows Update device driver searching
            Set to enabled
            OK
            
            gpedit.msc
            Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage updates offered from Windows Update > 
            Do not include drivers with Windows Update
            Set to enabled
            OK
    • mrbluecoat 10 hours ago ago

      Very helpful, thank you. But it does remind me of that Yzma quote in The Emperor's New Groove: "Why do we even have that lever?"

      • delta_p_delta_x 10 hours ago ago

        > Why do we even have that lever

        For plug-and-play devices with multiple configuration knobs. It is nice to be able to click through a printer wizard to configure how one wants to print their documents. Likewise with an audio interface: loopback settings, codec, sampling rate, gain and volume of channels, etc. Or consider a USB CNC mill; configuring things like milling revolution rate, setting which bit is installed, what lubricant is used, etc. Or consider the Nvidia/AMD control panels for their GPUs; things like colour depth and space, resolution, scaling, anti-aliasing, vertical synch, power settings, etc.

        Some of these settings are device- and even manufacturer-specific; one might argue these are more than a driver or the platform can or should provide. That being said, this stuff should go into a user-mode driver...

        That LG have exploited this functionality to install adware is on them.

        • nottorp 9 hours ago ago

          > It is nice to be able to click

          You said click. This happens without clicking anything.

        • miki123211 7 hours ago ago

          For audio interfaces, HDAudio lets you do most of this. What the extra software gives you instead is often some crappy DSP that increases latency and messes with sound quality.

          For years, Dell's / Realtek's software had an unpaged memory leak somewhere. If you were using a screen reader (I guess they must interact with audio devices in some very specific way that Realtek hasn't accounted for), your system would eventually run out of RAM and BSOD. They didn't fix this until Microsoft and a few screen reader vendors intervened. "Don't buy Dell" was a standard recommendation in the blind community for years, which didn't help if you had a work PC with no local admin.

        • Saris 10 hours ago ago

          Oh definitely, it's more a question of why Microsoft allows any 'driver utility' to have internet access or do anything outside of just configuring the hardware.

          • tremon 9 hours ago ago

            > why Microsoft allows any 'driver utility' to have internet access

            Firmware updates for devices are not a thing in your world?

            • Saris 9 hours ago ago

              It seems like windows update should handle distributing the verified new firmware file if it is also distributing the driver utility to avoid any issues like this post talks about.

              • tremon 9 hours ago ago

                That would be a good idea actually, but I'm not sure how viable that is within the current Windows Update instrumentation. Allowing local binaries to fetch random URLs through the Windows Update API is no different from them using the HTTP Service unless there's some kind of whitelisting/validation happening there. The alternative would be that Microsoft uses their own Windows Update cdn to host random firmware files that they're not able to verify themselves. Both cases sound like maintenance overhead for Microsoft without benefit to them.

            • VorpalWay 8 hours ago ago

              There is no reason we need a badly coded vendor control panel to install firmware upgrades though. On Linux https://fwupd.org/ is a database for vendor firmware, and you use one shared open source took to install upgrades for all devices attached to your system.

        • Brian_K_White 6 hours ago ago

          If there is a system where someone smashes through your wall to deliver you some food, and we ask "why do we even have this guy-smashes-through-wall system?", "So we can have dinner" does not answer that question.

    • Grombobulous 9 hours ago ago

      This is getting technical enough that you might as well install Linux if you figure out how to do this.

      In other words, we all know that regular consumers will never find this and they’ll never understand that their LG software is spyware in the first place.

      • fuzzfactor 9 hours ago ago

        >regular consumers will never find this and they’ll never understand that their LG software is spyware in the first place.

        Keep in mind the well-known quote from so many pages of Microsoft documentation over the decades, where the main useful function of a feature is the only one completely crippled in what's obviously got to be a complete engineering snafu:

        "This is by design."

    • rkourdis 9 hours ago ago

      I had a mouse that would keep on installing its driver when plugged in, even with this setting off.

      I remember Windows keeping a cache of autodownloaded drivers ("Driver Store") and reinstalling them when the device is plugged in, so the mouse bloatware kept on coming back.

      Is this still the case?

      • MaxL93 8 hours ago ago

        You have to add keys under:

        Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions

        The keys I have right now are all REG_SZ (strings), and in order of "1" through "5", are:

        ---

        1. SWC\VEN_DELL&DEV_AWCC

        2. SWC\VID_DELL&PID_AWCC

        3. SWC\Alienware_Command_Center

        4. SWC\AWCC

        5. SWC\VID001&PID0001&AWCCWINUI3APP

        ---

        Nothing short of this prevented "Alienware Command Center" (AWCC.exe) from pushing itself onto my machine because of my Alienware OLED monitor.

        I should note it's possible to shoot yourself in the foot there; I had entries 6, 7, and 8 blocking SWC\Generic, SWD\GenericRaw, and SWD\Generic — and that prevented Audio Endpoints from being mounted...

        • delta_p_delta_x 8 hours ago ago

          You only need (5) (see the AWCCWINUI3APP thing there?). There is also a group policy equivalent to this:

            Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions
            Prevent installation of devices that match any of these device IDs
            Set to Enabled
            Enable Also apply to matching devices that are already installed
            
          Add the following two IDs:

            MONITOR\DELA246
            SWC\VID001&PID0001&AWCCWINUI3APP
          
          IMO this is especially heinous as Dell have registered the AWCC.exe software component as a hardware 'device' within the device tree that needs its own 'driver'. Methinks Microsoft need to tighten the noose on these annoying OEMs.
          • prmoustache 6 minutes ago ago

            Yuck.

            And people say linux is too complicated for normal people because of terminal commands*

            *which in reality no user is really forced to use, it just happens to be easier to share and copy/paste a set of commands than hundreds of clicks on a screen.

        • r1ch 8 hours ago ago

          Even that isn't sufficient - I've been using this for years and every so often AWCC still manages to get through. The only 100% protection from it is to use Image File Execution Options to match on the installer name to prevent it from ever running.

    • denkmoon an hour ago ago

      The real workaround is to delete system32.

      I had this shit with my alienware monitor. Doesn’t happen on Linux.

    • throw0101a 10 hours ago ago

      > On home editions sans gpedit.msc:

      I've managed to generally avoid running Windows (at home and at work) for a long time now, but if there was a situation where I needed to get a PC (at home?), is there a recommended least-sucky way of living with?

      Are there editions or scripts or a setup workflow that would make it suck less?

      • delta_p_delta_x 10 hours ago ago

        Use autounattend.xml[1] to pre-configure an image before installation. This is what corporate sysadmins have done in the past three decades to administer Windows NT fleets. Use PowerShell and various admin modules to configure an online installation.

        Then, to get a better version of Windows, use MAS[2].

        [1]: https://schneegans.de/windows/unattend-generator/

        [2]: https://massgrave.dev/

      • MatejKafka 3 hours ago ago

        Use Pro, Home is needlessly limiting for a power user.

      • hamburglar 10 hours ago ago

        To be frank, no. In order to make windows not suck, you must invest a lot of time into knowing what to disable on the various SKUs, and in my opinion, it stopped being worth it around the time of windows vista (2006-7ish). I worked for Microsoft back then and ever since I left in 2007 i have thankfully been able to have a no-windows policy. I did briefly try going back last year for Unity dev but it was a mistake that made me want to quit computers entirely.

      • warshinder 8 hours ago ago

        Don’t turn it on unless you need to print something.

      • ImPostingOnHN 8 hours ago ago

        Yes, Windows LTSC is an edition without as much crap.

        Haven't used it lately (over 2 decades with linux as daily driver), so can't personally vouch for it.

    • Hizonner 8 hours ago ago

      Superior workaround:

      1. Reset machine 2. Tap the BIOS setup key (often DEL) during the time before it boots. 3. Insert intallation media for a decent OS 4. ...

  • tialaramex 11 hours ago ago

    Assuming they don't get a revenue cut, pushing back on Microsoft can in principle be effective here.

    Microsoft decides what happens here, and presumably today they just take it on trust that hardware makers know what software to install. New driver? Sure. McSpam installer? OK. Maybe they have a guideline saying "Don't ship unrelated garbage" but today it's not enforced because why would you do that?

    If the Microsoft customers (particularly larger corporate customers) tell Microsoft they hate this that policy will get tightened or if there isn't a policy one is introduced, and outfits like LG get told if you do this again we're taking away your update privileges, 'cos our customers hated this. Because (as I said assuming MS don't get a taste) this is all downside for Microsoft.

    Pushing back on LG will be less likely to work because you already bought their product, so at most you can insist you'll forgo LG next iteration and they know such pledges evaporate in practice usually. Whereas Microsoft has contract negotiations every day, somewhere a $$$ contract is being renegotiated next week and if "Yeah, these LG popups suck" comes up - even if it's not a corporate system but the VP's niece's video editing suite for her vlog that's strictly unrelated - that Microsoft sales droid reports this was an impediment and it's on the list of things that don't benefit Microsoft.

    • vladvasiliu 11 hours ago ago

      The issue is that most corps disable Windows Update and only allow whatever goes through the on-prem Windows Update thingy. This can, of course, fire back if they don't think to include all the updates. We had one such issue where they didn't provide an up-to-date Intel driver for the Wi-Fi cards, and the version we had was a bit broken...

      But the point is that companies will probably not complain about this because they'll most likely not see it. Also, they're used to Windows being generally crappy.

    • stefan_ 9 hours ago ago

      Ah, the usual take. Want to sign everything before it can run, but take responsibility for nothing. And when in doubt, well, the computer did it.

      When do we start calling out this crap?

      • ImPostingOnHN 8 hours ago ago

        You'd get better results starting a conspiracy theory about it which took hold within right-wing circles, but it's less work to just not use it.

    • raverbashing 11 hours ago ago

      Honestly yeah

      MS should get all the flack (which is mostly deserved) of this

      Manufacturer does whatever crap they want with "it works" and then MS gets the complaints

      A driver should only be that. A driver

      • embedding-shape 11 hours ago ago

        > MS should get all the flack (which is mostly deserved) of this

        I don't see why we can't blame both here? And I'm a big LG user, I'm writing this comment via a LG monitor, our main TV is LG, dishwasher and clotheswasher is also LG. But still, that Microsofts enables this behavior should rightly put them at the stake for this, and also LG should get flack too, just because something is possible doesn't mean you have to automatically go that route.

        • mcfedr 4 hours ago ago

          well you can plug the same monitor into a mac and not have this issue.

          • embedding-shape 2 hours ago ago

            I don't use it with a Mac, and I already don't have that issue :) Kind of besides the point, LG should still get flack for it, even if it doesn't happen for me on the platform I use.

        • raverbashing 4 hours ago ago

          We can

          I don't think "should" is the best word here, I mean it more like "They will (eventually)"

          But what they should/are aware of (and work against) is shenanigans by the HW vendors

      • rbanffy 11 hours ago ago

        > A driver should only be that. A driver

        I still remember the massive amounts of crapware installed with video cards, printers (hello, HP), and just about anything where the manufacturer can squeeze some money from.

        • al_borland 10 hours ago ago

          This was always one of my biggest pet peeves on Windows. A bunch of junk running in the system tray just for basic hardware functionality.

      • mr_toad 10 hours ago ago

        > A driver should only be that. A driver

        What does a monitor even need a driver for? I presume if you plug one of these into a Mac or a Linux box it’s still going to function.

  • gkbrk 10 hours ago ago

    A monitor cannot install software on your computer by the way. It's Windows installing this software automatically (for some reason), so the blame should be on Microsoft.

    Autorun of malware when you plugged in a USB drive was also a Windows issue, I'd classify this as the same security problem.

    • chrisjj 3 minutes ago ago

      [delayed]

    • felooboolooomba 9 hours ago ago

      > A monitor cannot install software on your computer by the way.

      I think everyone in the HN crowd knows that.

      > the blame should be on Microsoft

      No, they blame should ALSO be on Microsoft, they are the enablers.

      • hx8 20 minutes ago ago

        > I think everyone in the HN crowd knows that.

        I actually did not. I know there is some degree of two-way communication over HDMI/DP, and was curious if this was how the software was installed. I think discussing the technical details is a great use of the HN comment section.

        (Wifi enabled display device -> HDMI -> Device) would be an incredibly interesting attack vector.

      • rsync 5 hours ago ago

        “I think everyone in the HN crowd knows that.”

        I would think everyone in the HN crowd would be aware of HEAC, the hdmi Ethernet channel, etc.

        With full access to the hosts tcp/ip stack, we’d do well not to overlook the potential vectors for a monitor to install software on your computer… especially when the operating system is complicit.

      • frollogaston 5 hours ago ago

        Ok, I don't use Windows and never will, so wasn't aware of this feature, and it would've been nice to have that context. Thought maaybe LG is exploiting a vuln in Windows via USB-C or over one of the niche HDMI features, but gathered it's not that.

    • MatejKafka 8 hours ago ago

      > Autorun of malware when you plugged in a USB drive was also a Windows issue, I'd classify this as the same security problem.

      Not really. AutoRun ran whatever was on the USB drive, with no oversight. This installs a driver from a company that's supposed to be reputable enough to get their driver signed by MS and pass validation. LG breached that trust here.

      • chrisjj 2 minutes ago ago

        [delayed]

    • daveidol 9 hours ago ago

      The blame should be on Microsoft and LG, both.

    • Hizonner 8 hours ago ago

      Actually it frequently can, since a modern monitor is often on USB and in a position to impersonate a keyboard and/or mouse.

      I wouldn't put it past most of these companies.

    • krige 9 hours ago ago

      The monitor should absolutely take the major part of the blame by being the source of the malware and poisoning the system for everyone else.

      • mcfedr 4 hours ago ago

        its not the source though is it? its not like it's downloaded via the hdmi cable, it comes from Microsoft that offer the service of installing crap

      • frollogaston 4 hours ago ago

        Ironically if Microsoft responded by just never signing LG software again, but kept this auto-install thing in, LG monitors would become the best to use with Windows.

    • tantalor 10 hours ago ago

      Blame should be on the user for buying Windows

      • mystifyingpoi 9 hours ago ago

        Please do not blame the user.

      • mosselman 10 hours ago ago

        You are describing 'the blame should be on Windows'.

        The consequence of Windows having the blame is that one should not buy it.

      • grayhatter 10 hours ago ago

        that's funny; because my root cause analysis didn't show the user as the person making the decision to show themselves ads? did yours, or was the victim blaming intentional?

        • zajio1am 9 hours ago ago

          Not making the specific decision (showing ads) but making the general decision (giving power to Microsoft). Blaming customers for buying MS products is not really much different than blaming Trump voters for voting for him. In both cases risks were obvious beforehand.

        • k33n 9 hours ago ago

          The word “victim” is honestly pretty funny in this context. Nothing really happened to anyone.

          • gkbrk 9 hours ago ago

            I wouldn't classify getting random malware as "nothing happening".

            • frollogaston 5 hours ago ago

              Because it spies on them and nags. But Windows itself already does that. LG could've done the same thing sans the mcafee popups and nobody would care, in fact Dell is probably doing that.

              • ssl-3 8 minutes ago ago

                > But Windows itself already does that.

                So once an person is victimized in this way, it becomes a free-for-all where future transgressions cease to matter?

  • OptionOfT 6 hours ago ago

    Windows urgently needs to revamp their driver consent model.

    You can't block a just one driver. E.g. for my touch screen on the Lenovo website there is version X. When I install it the next day Windows installs X-1.

    On Lenovo's website the latest version is 7.7.2.66 (https://pcsupport.lenovo.com/us/en/products/laptops-and-netb...).

    Windows reverts that to 7.7.2.44.

    I tried blocking that update with the Powershell command-thingy, but even that doesn't work:

        Administrator in ~
        get-windowsupdate -isHidden | ft Status,KB,Size,Title
    
        Status  KB Size Title
        ------  -- ---- -----
        ----H--    92KB Wacom Technology - HIDClass - 7.7.2.44
    
    (this command by the way takes 20+ seconds), and the filtering doesn't work because there is no KB.
  • deathanatos 5 hours ago ago

    Malware like this will continue until there is privacy laws that make it illegal.

    The GN video focuses a lot on consent, and while maybe this is notionally currently illegal without consent, that just steers towards companies shipping a generic ToS popup, claiming you "read" that 1.8 PiB of ToS, and including the "oh btdubs we can modify these terms at any times and if you want to go to court lol forced arbitration has other ideas about that."

    MS & Windows having conditioned users to expect / think they need drivers for peripherals speaking standard protocols is also part of this. A monitor shouldn't need a driver. It takes the pixels, it displays the pixels.

    • sixothree an hour ago ago

      I'm 100% certain if an individual did this, they would be in jail.

  • GaProgMan 11 hours ago ago

    Gamers Nexus have a video about this. Definitely worth a watch.

    https://www.youtube.com/watch?v=Q9uefFYe6bM

    • embedding-shape 11 hours ago ago

      I'm wondering if we in Europe gets vastly different experience compared to Americans or elsewhere in the world. People complain about LG having ads everywhere in the monitors, displays and what not, but none of our LG products (bought and used in Spain) have any ads anywhere. I'm sitting here with a LG monitor and our main TV is a LG OLED TV, neither of them have ads anywhere, although I haven't booted Windows in a couple of days and I guess I won't, until this malware issue been fixed.

      But still, is it possible Americans are receiving more ads than in other parts of the world? Certainly online sentiment gives me that impression.

      • throwa356262 11 hours ago ago

        In general, yes.

        But in case of LG TVs, they record your activities in EU too. You can opt out, but the settings has a very non-descriptive name ("live plus") and resets by itself when you are not looking.

        https://www.consumerreports.org/electronics/privacy/how-to-t...

        • embedding-shape 11 hours ago ago

          Right, I'm wondering about the amount of ads though.

          • throwa356262 11 hours ago ago

            No, I think the ads are limited to own services and third party apps right now. Same goes for Samsung in EU.

      • bloqs 11 hours ago ago

        Same here in the UK

      • 15155 11 hours ago ago

        > Americans are receiving more ads than in other parts of the world

        Ads aren't free, so yes, it would stand to reason that people in the largest consumer market in the world might garner more ad spend.

        • embedding-shape 11 hours ago ago

          So because the US is the largest consumer market in the world, the TVs LG sell in the US has more ads in the UIs than TVs sold in Europe? Why would it be like that? If that theory is true, does that mean TVs sold in the European Union then have more ads than TVs sold in China, as the EU consumer market is larger than the China one?

          • 15155 11 hours ago ago

            > Why would it be like that?

            Ads aren't free - this isn't a "theory," it's basic economics. Cost can be political (you cause the entire EU government to outlaw the practice) or monetary.

            > If that theory is true, does that mean TVs sold in the European Union then have more ads than TVs sold in China

            Probably? The markets have little overlap, but again, this is a function of cost. Where people have more money to spend, I have more money to spend on ads, or more money to spend on campaigning to be allowed to show ads.

            • embedding-shape 11 hours ago ago

              > Probably?

              Spoiler: LG TVs sold in China also seem to have more ads than the LG TV we end up buying in Europe. Seemingly (https://news.ycombinator.com/item?id=48957229) with Samsung it's the same. Even though EU is a larger consumer market than China, so obviously your theory doesn't hold, it's something else than "Bigger consumer markets === more ads in UIs in TVs".

              • 15155 11 hours ago ago

                > obviously your theory doesn't hold

                Cost is my "theory." A larger market can sustain larger ad spend, and in some areas it's cheaper to make larger ad buys. Both are true.

                Also, "larger market" obviously implies a category-specific qualifier. People in the United States might have more of an appetite for televisions than people without running water - news at 11.

                > Spoiler: LG TVs sold in China also seem to have more ads than the LG TV we end up buying in Europe.

                "Spoiler:" is an unnecessarily cunty way to lead a declaration of fact with zero objective accompanying evidence. Any citation you care to provide?

                "More ads" is already a pretty subjective, ill-defined thing. More screen time? More individual advertisers? More unique advertisements? Larger screen area?

                • embedding-shape 11 hours ago ago

                  > Any citation you care to provide?

                  Not really, the question I posed initially was a casual one, based on reading around basically. I'm guessing you then have a citation handy for the US LG TVs having more ads because the US is a bigger consumer market?

                  > "More ads" is already a pretty subjective, ill-defined thing. More screen time? More individual advertisers? More unique advertisements? Larger screen area?

                  If you open up the TV home dashboard, do you see ads? On my LG TV I don't, looking at screenshots from LG TVs in the US, there seems to be.

            • thenthenthen 8 hours ago ago

              Living in China, in my experience there are more ads than anywhere else I have been. My TV’s homescreen is just ads, every app has constant ads after each action there is basically a popup. There are even more ‘grey area’ ads, my whole scooter and door is plastered with the same ad for borrowing money, just different color and number, but literally 40 around my front door. On the rolling shutters of stores there are hundreds of stickers offering shutter maintenance services (lol). Its fairly insane, but the overload also makes it interesting

          • jdw64 11 hours ago ago

            Europe has strong GDPR regulations. As for China, I've heard that hardware margins are low, so the hardware itself is just bait, and they embed ads in the software inside. But this is just something I heard from another Korean programmer, so it's not really a serious claim

        • dvdkon 10 hours ago ago

          More spend doesn't equal more ads. Given a fixed number of ad spots, demand dictates the price advertisers would pay for ad placement. But ad platforms have no incentive to reduce the number of ads they show just because placement price is low; keeping ad spots around costs them nothing.

        • InsideOutSanta 9 hours ago ago

          The cost of ads already accounts for the audience. Ads in the US are more expensive, so the number of ads people see should be roughly the same despite higher ad spend.

        • reaperducer 10 hours ago ago

          You must be getting downvoted by people who have never run an ad-supported web site.

          When I used to do that, North American traffic got ads 100% of the time. European traffic might get ads 5% of the time. Otherwise, there were few advertisers that cared.

          However, this was back before Google AdSense upended the industry, and you could still make a living showing one static ad per page.

          • 15155 10 hours ago ago

            It's afternoon in Europe, and folks generally don't like to be reminded of the fact that their market is decreasing in global relevance.

            In this case, ads are even a product people actively want to avoid, but it's still unsettling to be undesirable. Imagine banning smoking and then getting upset that Philip Morris doesn't want to sell to you anymore.

            • Jtarii 5 hours ago ago

              I don't think many Europeans are lamenting that companies are advertising to Americans more than them.

  • motbus3 11 hours ago ago

    I am tired of this. LG is now on my blacklist alongside EA and Blizzard Entertainment for their anti consumer practices. I can't change them, I can't change policies about it. I can choose to not buy.

    • delusional 11 hours ago ago

      > Blizzard Entertainment

      You mean "Microsoft Xbox Activision Blizzard King Bethesda Mojang"? I wish you luck with your boycott.

      • motbus3 8 hours ago ago

        People do whatever they want with their money. I think their products little matter when they are not good people. (And they are not even good products, with some exceptions)

        I can't control the world. But I can share my opinion on the matter . I think as long as we accept this poor behaviour companies will have more and more incentives to do it. And worse than that, they will also keep attacking the good folks

      • BatteryMountain 11 hours ago ago

        I've successfully avoided these companies the last 5 years. Gaming as a whole is dead for me, I just play a couple of old games now & then. The culture is toast too, not just bad games or expensive hardware. So not really losing much sleep over any of this. I have linux on all my machines, so I really only play the one's that perform well on linux. Haven't played online multiplayer games since ~2013. Many of us are like me.

        edit: like if a game doesn't work, I no longer spend hours trying to fix it, I don't go ranting on the internet about it.. I just uninstall and play something else. Really simplifies things if you can detach from gaming as a core identity anchor.

        • nottorp 9 hours ago ago

          > Gaming as a whole is dead for me

          There are millions of indies out there. Some are worth the time. It's a bit of a problem to figure out which though.

          > Haven't played online multiplayer games since ~2013

          I don't think there are any non predatory online multiplayer games since 2013 :)

          And there are many online multiplayer games that would have been really good as single player.

        • lloydatkinson 10 hours ago ago

          I'm still angry at how they ruined Overwatch

          • motbus3 8 hours ago ago

            You mean how the stole the product you bought?

      • zargon 8 hours ago ago

        There's not much worth playing coming from this group anyway.

      • Hikikomori 9 hours ago ago

        Not that hard, last game I played was WoW Classic, last I bought was diablo 3, only game that is remotely interesting is diablo 2 resurrected. Microsoft deleted my mojang account as well. Seems like new xbox mgmt will accelerate their slow enshittification.

  • kingleopold 12 hours ago ago

    They used to call this spyware/malware. Now it's a regular practice by eng. teams and managers inside these big corp. Well played guys :) Congrats with new type of tricks

    • flowerbreeze 11 hours ago ago

      From FTC website: Malware is harmful software that’s installed on your device without your knowledge.

      So I think that is what we should continue to call it. LG monitors are installing malware, because they install the software silently and it harms the system by making it slower and disrupting the work of the user with advertisements.

    • sys_64738 11 hours ago ago

      If it's not malware then what is it called today?

      • supertrope 10 hours ago ago

        "Telemetry." "Personalized experiences."

        Basically doublespeak.

    • someothherguyy 10 hours ago ago

      I mean, nothing new there. (Mal/Ad/Spy)ware just has been more prevalent in the browser and on mobile apps the last ~15yrs instead of being installed via modified windows installers.

    • delusional 11 hours ago ago

      I would be very surprised if some random manager of some low level engineering team made this decision. It seems more likely this was a marketing or partner relations department idea that was presented to high level leadership.

      I don't understand why we expect some manager somewhere to stop stuff like this.

  • lardosaurusrex 7 hours ago ago

    I dunno why so many people across different platforms insist that anyone concerned about this is overdramatic.

    This is one of those things where if I found the person responsible I would likely spit in their face; if not worse. It's quite literally spyware installed as you plug it in much like those old DVD DRMs from sony that would install spyware.

    It's garbage.

    • sixothree an hour ago ago

      Imagine a coworker doing this.

  • regexorcist 10 hours ago ago

    Seriously, why use Windows in 2026? Such a hideous OS and ecosystem with endless malware, backdoors, and dark patterns.

    • MatejKafka 8 hours ago ago

      You know why desktop Linux doesn't have much malware? Because ~no one uses it. That's it. Once you get users, you get malware.

      The rest of your comment is just as ignorant.

      • regexorcist 8 hours ago ago

        There is plenty of malware for Linux. The difference is that the OS won't install it for you.

        • frollogaston 4 hours ago ago

          I don't like the standard practices for installing software in Linux though. Most Mac or Windows users will go to the publisher's website and download. In Linux, it's often recommended to install via a package manager, possibly not even from an official repo, and especially not in Arch. More ways for the supply chain to get compromised, and it has.

          So nobody is installing "monitor drivers" for Linux, but they're probably frantically installing packages trying to fix some random issue.

      • coldtea 4 hours ago ago

        There was malware for systems with 1/1000 the userbase of Linux. Even Amiga and Atari had plenty of it, macOS when it had 2% share, and others.

      • guax an hour ago ago

        No one uses it? There are dozens of us!

      • fsflover 4 hours ago ago

        Linux doesn't install malware, because it is free software, which guarantees the four user freedoms. Whenever someone adds malware, anybody else can remove it for everyone or create an equally useful fork without it. Try this with Windows.

        In other words, Stallman was right, and proprietary software developers have too much power over users. And they inevitably, sooner or later, leverage this power for (more) profit, even if you paid for the product.

        • MatejKafka 3 hours ago ago

          Except there's plenty of proprietary software for linux, you just won't find it in default repos and have to install it manually.

          • fsflover 3 hours ago ago

            Did I say otherwise? Any proprietary software for Linux suffers or will suffer from the same problem. But not Linux itself or any free software running on it.

    • whobre 9 hours ago ago

      The worst OS except for all the others.

    • timpera 7 hours ago ago

      Excellent hardware and software support (especially for Snapdragon/ARM64 CPUs and Microsoft Office) and best in class multitasking/window management are the top 2 reasons for me. Like someone else said, it's the worst OS, except for all the others :)

    • pier25 6 hours ago ago

      Gaming

    • gambiting 9 hours ago ago

      IMHO it's the best OS as a games developer, Visual Studio just doesn't have anything remotely close. And all console toolchains are windows only. But genuinely as a C++ dev I much much much prefer it over MacOS or even Linux for work.

      • Grombobulous 9 hours ago ago

        Of course this is a “I need the OS for work” situation. It reminds me a lot of 20 years ago when we’d say things like “I’d love a Mac but it’s not compatible with anything I do for work,” and that sentiment didn’t last.

        I definitely wouldn’t predict that Linux is taking over the world or anything but it wasn’t that long ago that playing AAA games on Linux on day one of release was ludicrous. Now the most popular PC handheld runs Linux, a PC console launched that runs Linux.

        Now we have hardware like the MacBook Neo that threatens Windows even more. Sure, the XPS 13 came out and is arguably a compelling alternative. But I think the mindshare damage has been done on that one.

        The idea that Windows might disappear entirely is not that far-fetched, especially when you look at Microsoft’s financial results.

        If I was a PC OEM like Dell I would probably band together with other OEMs like Lenovo to make my own Linux distribution and support Windows offboarding even further as a hedge to my business.

        • gambiting 8 hours ago ago

          Yeah for sure. And I wouldn't be surprised if at least Sony and Nintendo released their toolchains for Linux for the next generation.

          IMHO the big difference is in enterprise Vs personal Windows, enterprise Windows can genuinely be a very lean, fast experience that is great for work. But my personal PC running windows is very firmly in the "I wonder what the latest update will break" teritorry.

      • StumpChunkman 5 hours ago ago

        Have you tried Rider? I've been using that for C++ Unreal development and absolutely love it. It does help that IntelliJ was my daily driver for Java dev for a while.

        • gambiting 3 hours ago ago

          Yes, for general writing/reading/navigating code it's fine. But (imho) when you really need to get down into debugging some engine level crash, I'll take VS over Rider every time. Might be personal preference.

    • 999900000999 9 hours ago ago

      Linux is great if you win the hardware support lottery.

      I've had several laptops where audio just doesn't work even on rolling releases. Or the screen freezing up constantly.

      This was all with relatively new hardware within the last year or so.

      My issue with the Linux community is if you bring this up it's all of a sudden the fault of everyone but Linux.

      The end user should of picked better hardware.

      The hardware OEMs should of shipped Linux support.

      The end user is lazy for not installing an RC kernel.

      Macs are great, but my current workhorse computer has a 2TB SSD, and only cost 550$ with the SSD upgrade.

      Vs 2000$ for the cheapest MacBook with a 2TB SSD

      • drnick1 5 hours ago ago

        You don't have to win the hardware support lottery if you do a bit of research or buy a laptop made for it.

        • 999900000999 5 hours ago ago

          >or buy a laptop made for it.

          Which is usually at least 2x as much if we're talking about buying a System 76 laptop.

          Windows laptops go on sale very often.

          Although I will admit I have an HP laptop I brought last December that worked out of the box with Ubuntu. Nvidia drivers and all.

      • regexorcist 8 hours ago ago

        > Linux is great if you win the hardware support lottery.

        This is fairly easy to do by just not buying the absolute latest hardware. Installing something like Fedora in a 8-12 month old laptop I just can't recall last time I had issues.

        • frollogaston 4 hours ago ago

          I've had plenty of issues on ~2y old hardware too. Does your laptop sleep properly, do the fans scale properly, do wireless chips like Bluetooth and wifi work right, does audio (incl over BT) work, and does it switch between graphics cards if applicable?

        • 999900000999 8 hours ago ago

          How exactly would a new Linux user know this ?

          What happens when they install Ubuntu and the Wifi doesn't even work ? An experienced Linux user might figure it out.

          A new user would, very reasonably, assume Linux doesn't work and reinstall Windows.

          • fsflover 3 hours ago ago

            > How exactly would a new Linux user know this ?

            It's easy: whatever is preinstalled will be guaranteed to work reliably. Worked for me.

            • 999900000999 2 hours ago ago

              So sticking with Windows because that's what the computer probably shipped with ?

              • fsflover 20 minutes ago ago

                No, buying preinstalled Linux.

  • thejokeisonme 12 hours ago ago

    Your OS silently installs malware. Doesn't get much worse than this.

    • inigyou 11 hours ago ago

      Your OS is malware, if it's Windows.

      • timpera 7 hours ago ago

        Windows may not be the best OS for you but it definitely isn't malware.

        • garciansmith 5 hours ago ago

          If Windows continually supports third parties installing malware (without your consent and through Windows update, not some third party updater), at what point can the OS itself be considered malware?

          • frollogaston 5 hours ago ago

            The OS itself already does way worse things than what this LG adware does.

        • inigyou 3 hours ago ago

          What is the evidence that Windows isn't malware?

  • discordance 12 hours ago ago

    McAfee should be classified as a virus

    • chrismorgan 10 hours ago ago

      When preinstalled (as multiple major OEMs do), or when bundled in unrelated installers in these sorts of ways, it matches the definitions of scam excellently, and protection racket not badly.

      When you uninstall, they give you an opportunity to type a reason. I wonder if anyone actually reads my accusations of them being scammers and bad people. I have uninstalled McAfee from more people’s computers than I care to remember.

      • fragmede 10 hours ago ago

        How exactly does it match the definition of a scam? Windows does get viruses, and it does protect against them. It's not something you actually need, like most consumer VPNs, but they have high pressure sales tactics to trick people into buying it, but they do deliver what is promised, which makes it not a scam. They are creating artificial demand with their scare mongering, and I tell everyone I know not to get it, and to enable Windows Defender, but that's still not a scam.

        • supertrope 10 hours ago ago

          It depends on your definition of scam. Is McAfee a total fraud, not delivering on its core functionality of anti-virus scanning? No. But it's selling something most people don't need and uses information asymmetry, fear, and dark patterns to make money. Microsoft Defender has solved the anti-virus problem. (It doesn't solve the computer security problem but that's out of scope of AV). To play devil's advocate, without bundled bloatware PCs might cost $10 more.

        • chrismorgan 9 hours ago ago

          They push this message hard: unless you pay us, the bad guys will eat your lunch.

          The truth is that if you uninstall their software (and hopefully also if you just let the trial lapse, though I don’t actually know whether Defender Antivirus gets enabled automatically in that case) Microsoft will defend you against the lunch-eating bad guys just as well as McAfee, for free.

          That easily qualifies it as fraud.

          For that reason, I’m willing to call it a scam when preinstalled or otherwise installed without user intent. I wouldn’t call it a scam if people installed it deliberately (though I would still disparage it and its tactics).

    • supertrope 10 hours ago ago

      If a software package can't be uninstalled through the normal process and needs a separate uninstaller program, it is similar to malware. Many anti-virus suites and anti-cheat software require this. Take from that what you will.

    • BatteryMountain 11 hours ago ago

      10 Years ago. Complete garbage spyware.

  • dhash 11 hours ago ago

    it's worth noting that the price of these monitors got cut in half due to this news -- great for the linux users out there

    • sigio 11 hours ago ago

      Still seeing them for ~600 everywhere, which is completely in line with historic pricing: https://tweakers.net/pricewatch/2246090/lg-ultragear-oled-34...

    • Gualdrapo 11 hours ago ago

      I don't feel like spending my money on some horrible corpo pulling out stuff like this, even if I've been using linux since 2006. Who can tell if they will do this to other OS in the future?

      • ptx 11 hours ago ago

        My understanding is that the monitor doesn't do anything by itself - it's just Windows detecting the device and automatically downloading and installing LG:s proprietary add-on software. The monitor itself isn't attacking the machine by exploiting vulnerabilities or spoofing user input or anything like that.

        So you won't have this problem if you're running Linux and other Free Software under your own control. The problem in this case is just another example of why proprietary software can't be trusted.

        • embedding-shape 11 hours ago ago

          > My understanding is that the monitor doesn't do anything by itself

          The understanding should also included that unless LG actually asked Microsoft to implement this autoinstalling malware, it wouldn't have been installed by itself.

          I think parent commentator is making the argument that they don't want to financially support companies who engage in these sort of things, regardless if this particular scenario applies to their environment or not.

          • ptx 9 hours ago ago

            Sure, but I was addressing the question that was asked (although perhaps it was asked rhetorically): LG cannot do this to you if you don't install their proprietary software, so Linux users are safe (assuming they use a trustworthy distro).

            You could choose to buy from another vendor, but other vendors have the same incentives to abuse your trust in the same way once they manage to persuade you into running their proprietary software on your machine.

      • leni536 11 hours ago ago

        This is probably Windows pulling LG software through Windows Update bases in EDID. Linux won't ever do this BS.

        • iamnothere 5 hours ago ago

          Linux won’t, but wait until LG ships a low bitrate 4G IoT card in future monitors for ACR!

        • delta_p_delta_x 10 hours ago ago

          > Linux won't ever do this BS.

          Arch Linux's AUR was recently hit by an actual malware supply-chain attack[1], which I would claim is arguably worse than adware. NPM is regularly in the news for supply-chain attacks. And then there was the XZ utils debacle in 2024. I concede that Microsoft is in part responsible for facilitating something like this, but just because something is free and open-source or based on Linux doesn't make it a universal panacea for malware or supply-chain pwnage.

          [1]: https://lists.archlinux.org/archives/list/aur-general@lists....

        • delusional 11 hours ago ago

          I wouldn't be so categorical. This isn't really a kernel concern, and I could completely believe that there are some distros out there that pull in random packages based on hardware detection.

          The saving grace of linux currently is that volunteers package most of the software, and they don't generally package malware. There is no structural guarantee there, and if we invite corporate interests to package at some point (like flatpack and snap wants to) this is 100% going to happen eventually.

  • sigio 11 hours ago ago

    Why do people even install 'drivers' for things like monitors. (Or usb devices running 'standard' protocols). The OS handles these just fine by itself.

    • wccrawford 11 hours ago ago

      In this case, they aren't.

      I woke up the other day to a notification that my LG monitor driver was installed, with a little window on how to use the on-screen crap.

      Absolutely useless, since the buttons for the monitor are right there on the bottom of it, and probably easier to use than the software.

      • Joel_Mckay 11 hours ago ago

        Indeed, our Windows 11 offline Steam box also needed to disable LG & Switch App in taskmanager, and set LG apps to manual start in Services.

        Apparently the 3 applications have some sort of screen partitioning/sharing capabilities, but it is still unclear if the LG App was remote access or not.

        So far, LG is earning a lot of justified bad press. Should have returned it when I had to turn off the screens power-save mode to get it to stop fading out randomly. =3

    • subscribed 10 hours ago ago

      The article is about people NOT installing it but getting it installed anyway :)

      As to why people do install such software? It sometimes provides additional features, controls and settings. For example with touchpad you could set the sensitivity, hot corners, set the scroll behaviour the way you like it, etc.

      With monitors you might get a better colour profile (P3 instead of just sRGB), I don't know. I don't use monitors like this.

    • functionmouse 11 hours ago ago

      the OS handles these now by installing the malware. Zero click.

    • embedding-shape 11 hours ago ago

      Sounds like this malware gets installed even if you don't manually install anything.

      > Connecting some LG monitors to a Windows PC may automatically install software that promotes McAfee subscriptions

      I too have a LG monitor, but haven't booted Windows in some days, guess I'll stay put in my Arch environment until they've fixed this shitshow.

      • onaclov2000 11 hours ago ago

        But this assumes you plug in USBC .... Right? HDMI and display port can't....install over right?

        • embedding-shape 11 hours ago ago

          I don't see any details in any of the texts I came across, but in theory the implementation could be that Windows sees the ID of the monitor once connected through any sort of connection, then when matching ID is found it installs the malware. Rather than the installer is sent from the monitor to the computer. Would make updates a lot easier, and if they really want to spread this malware, can activate it for a lot more monitors.

          • onaclov2000 11 hours ago ago

            That makes some sense to me, I think for some reason my brain assumed they were like actively controlling the PC to download things other than updates, (and low key assumed part of this update was supposed to be for software on the monitor not the desktop)

          • jdw64 11 hours ago ago

            Most commercial solutions are Windows-based and use the Windows API. HDMI and DP also have two-way communication channels. This is something you learn when you do hardware coding.(Of course you already know this, but this is for the other people reading this comment.)

            Typically, the Windows update server downloads packages mapped to hardware IDs in the background. Since LG's business in Korea has been failing and their AI efforts are stagnating, they exploited their McAfee partnership marketing as a pipeline. Windows' Plug and Play does make development convenient. The DX experience is good.

            Linux is quite fragmented. That's good from a 'my computer' perspective, but not from a 'product' perspective. And then there's the jitter issue. Windows has stable paid solutions, while Linux has version discrepancies.

            In fact, the reason Linux is considered secure is simply because hardware vendors haven't standardized enough to build automatic deployment pipelines.

            In programming terms, we all know singleton is bad, but for Plug and Play, it's overwhelmingly convenient.

            • drnick1 5 hours ago ago

              > In fact, the reason Linux is considered secure is simply because hardware vendors haven't standardized enough to build automatic deployment pipelines.

              The Linux security model (sudo to install or update software) doesn't allow this. No reputable distribution would include a program that scans hardware identifiers and prompts the user for permission to install proprietary software from a third-party source. This is possible on Windows because of the "universal backdoor," aka Windows Update, with Microsoft's consent.

            • zahlman 11 hours ago ago

              > simply because hardware vendors haven't standardized enough to build automatic deployment pipelines

              Wouldn't it require cooperation from the distros anyway? You say "HDMI and DP also have two-way communication channels", but that doesn't force the OS to communicate over those channels. And it also doesn't force the "mapping of packages to hardware IDs" to be what the hardware manufacturer wants it to be.

              • jdw64 11 hours ago ago

                Your point is idealistically correct, but realistically it's not. Because when people install Windows, they don't want to go through the process of installing drivers for other hardware devices. And usually the driver versions depend on the OS version too.

                Right away, with numerous distributions like Ubuntu and Arch, it's hard to account for all the possible cases from a production standpoint. But Windows has very few versions. As long as you pass Microsoft's standard specification, it just runs on Windows. That difference is huge. What you're saying is ideal, but when selling a product, time is money.

                In other words, to summarize our conversation:

                'As you said, separating them is the right thing to do. But UX Uesrs basically wanted that kind of deployment authority, and in the process, the problem of abusing it arose.'

                It's a beginner level problem, but at the same time, it's also a difficult one.

        • chmod775 11 hours ago ago

          Windows automatically tries to download and install drivers for some hardware you plug in, including monitors. That's what is happening here.

        • Someone1234 11 hours ago ago

          The monitor itself isn't installing anything, Windows detects the device by unique ID, and uses Windows Update to get the driver which itself triggers a Windows Store application (malware) to install.

          The monitor only sends a unique device ID, everything else is handled by Windows.

        • Joel_Mckay 11 hours ago ago

          We have an offline account Windows 11 Steam box, and the stupid popup still hit our machine a few days back. It did ask for screen access (said no), but there is no obvious button to opt out of the adware popups (select don't show, and click X to close).

          Disabled LG & Switch App in taskmanager auto start, and set to Manual for all 3 LG process names in Services.

          A lot of bad karma, for such an buggy monitor that doesn't even work properly till you turn off the silly power-saver auto-dim mode. =3

  • lapelusa 10 hours ago ago

    LG is not a computer OS developer. Microsoft is. Microsoft has steered from developing software to developing malware for years now. This is simple: LG and McAfee paid MS to DP this, and they did.

    It still blows my mind that most people still put up with this kind of behavior. I get that some people can't get away from Windows due to genuinely needing to use software that will only run on it, but that has to be around 0.1% or less of current windows users. There is no justification for the other 99.9% to choose to stay in such a toxic relationship.

  • paweladamczuk 4 hours ago ago

    I once plugged in a Logitech keyboard on a fresh system and got a colorful branded popup covering several inches of screen real estate in the bottom right corner. It was urging me to download some Logitech software.

    As far as I know, the source of the graphics was not the unifying receiver that I plugged in the USB port, and the notification was not using any OS API meant for hardware to be avle to prompt the user for additional download. It was a Logitech-built DLL shipped and loaded by the operating system as part of some default driver for the Logitech keyboard.

  • Kelteseth 12 hours ago ago

    Can confirm. This happened to me yesterday on my Windows 11 machine. Uninstallation was only listed in the Microsoft Store -> Library.

  • scottydelta 8 hours ago ago

    Similarly after getting annoyed at my TV for showing ads and other privacy issues, I have started working on a smart TV version of the casting device my startup makes.

    I have been using it for both personal use and other work use-cases, here is a demo: https://www.youtube.com/watch?v=jObZzI2_pv0

    Just like youtube, I can log in to my netflix, amazon prime and then use the touch screen to choose the movie to watch and it gets played on the external screen. I am building it how I would use it as a power user.

    • newsoftheday 8 hours ago ago

      We have a smart TV on the way. We do not plan to run the setup, it won't have Internet access. We plan to do what we've done for over a decade now, connect our Kubuntu laptop in the entertainment center to it and select it as the default input device. And occasionally watch OTA TV shows. So we will use it as ... a monitor and plain TV, that happens to have far better video and sound quality than our old TV.

      • scottydelta 7 hours ago ago

        that's the same conclusion I came to and the device I am developing is basically a Raspberry Pi with my own modified OS that has a casting canvas and it can show all kinds of content.

        No third-party installs, ads and spywares!

        • drnick1 5 hours ago ago

          Not sure what your homegrown solution is, but check out Plasma Bigscreen too.

          • scottydelta 4 hours ago ago

            it looks very interesting, thanks for pointing me to it.

            My solution is a casting device like chromecast or apple tv which works without apps and cables. Now I am extending the device's canvas for personal use case without the concept of app stores. AI can control the canvas, show multimedia content, open any website/app, and show you options to log in by extracting context, then control it.

            So I can tell it to open netflix, it shows login options on screen and once logged in, you can ask it to show catalog or play something by just talking to it.

            It can connect and cast content to TWO external screens simultaneously, that I think is the most powerful feature.

  • ninalanyon an hour ago ago

    Why does a monitor install anything at all? Why does it even have a mechanism to do so?

  • throwa356262 11 hours ago ago

    Last time a company abused platform driver delivery to install adware, Microsoft threatened to pull their drivers altogether.

    But those were different times...

  • Ciantic 9 hours ago ago

    I also discovered that these days motherboards come with a payload in their chipset, which gets installed automatically in background unless you figure out to turn it off from BIOS before installing Windows. In my case it was bunch of ASUS useless stuff, not just drivers, some "Armoury Crate" etc. Which just keeps running in background. I've switched to KDE, that kind of solved itself.

  • callamdelaney 9 hours ago ago

    They were doing this over a year ago [1]

    [1] https://www.linkedin.com/posts/callam-d-b38b05105_windows-is...

  • jzer0cool 3 hours ago ago

    How to ensure physical devices like keyboard, monitor, mouse are safe? Essentially all recording devices.

  • throwatdem12311 9 hours ago ago

    Installing drivers and software for connected hardware is just something Windows has done through Windows update for a long time.

    Is this a good practice? I don’t really know. We used to get drivers on CDs, but barely anyone has a drive on their computer anymore. You could download them from the vendor website but these are usually a mess and very difficult to navigate to find the right thing — impossible for your grandma.

    Could do like Linux and just build trusted software right into the kernel - but then people will complain about bloat.

    So we are where we are. I guess.

    • frollogaston 4 hours ago ago

      It's pretty rare nowadays to need drivers for specific hardware that ordinary people are going to plug in. Maybe printers are the unfortunate exception.

    • dist-epoch 7 hours ago ago

      Windows already ships with gigabytes of drivers. This is why you can plug most popular hardware on an offline Windows and it will work.

  • nipperkinfeet 5 hours ago ago

    Over time, major tech companies have learned from malware writers and now incorporate these tactics into their own products. This is a matter of great concern.

  • ta988 4 hours ago ago

    Windows is malware that pulls other malware.

  • pluralmonad 10 hours ago ago

    A malware OS installing other malware seems fitting.

  • dcj4 10 hours ago ago

    windows update is a well known malware vector, how does this warrant any news? if you absolutely have to use windows, you either go through the effort of stripping the particular version you chose from all the spyware and malware it comes packaged with and gut the malware loader paths out of it, or you accept that you're running a botnet node you have little to no control over.

    • bravo777 8 hours ago ago

      this is the only valid, reasonably sound and grounded comment in this entire discussion, bravo.

    • bravo777 7 hours ago ago

      p.s. not being sarcastic

  • inigyou 11 hours ago ago

    They also come with terms of service which assert that you will inform everyone in the vicinity of your TV that their voices are being recorded by your TV.

  • cosmotic 2 hours ago ago

    If you're going to blame someone here, it should probably be Microsoft. They are the ones that built the system LG is utilizing.

    • duxup 2 hours ago ago

      I’m on team blame both.

  • Telaneo 4 hours ago ago

    My heart aches for those who can't opt out of using Windows.

  • mfro 6 hours ago ago

    Fun fact, Gigabyte motherboards do the same thing. Thankfully they give you an option to disable it in BIOS.

  • sinoue 9 hours ago ago

    Trust is a valuable commodity that once lost is very hard to regain. LG's big brother installs has me questions buying anything LG to bring in my home.

  • Gud 10 hours ago ago

    Not surprised.

    My wife CONVINCED me to buy an LG tv instead of my typical dumb monitor.

    Now I get constant ads and a constant nagging of updates available, that will install more ads and spying features...

    • CrimsonRain 8 hours ago ago

      Update firmware.

      Turn off LIVE PLUS

      block internet for the tv from router

      Enjoy.

      That's what I have been doing for years.

      • regexorcist 8 hours ago ago

        Also don't agree with the optional policies, they can be unchecked if you already did. That disables a bunch of crap too.

    • regexorcist 9 hours ago ago

      I have a pihole in front of my LG TV blocking nearly every DNS query it tries. I only allow a couple streaming apps I do use and see zero ads.

    • whalesalad 10 hours ago ago

      LG TV’s are really really good. If you never connect them to the internet. And that rule should be applied to all TV’s. Use an external device like an Apple TV or a self-crafted solution (Roku, Amzn stick, etc all garbage phoning home and listening with Alexa crap)

      Treat your TV like a computer monitor (ironic here in this context lol)

      • BoingBoomTschak 9 hours ago ago

        Image quality may be good (minus the horrible banding and ABL) but I'd put LG and Samsung in the same bag concerning hardware reliability: don't expect it to last much more than the warranty period and if it does, give some offerings to your lucky star.

        • whalesalad 5 hours ago ago

          In my experience they are both good. I have a 15 year old 1080p Samsung 55” panel that has moved across the country 3 times. It’s in my garage and still works great. My C2 OLED is 5 years old, knock on wood still working great. B5 OLED latest in my fleet it’s only a year old.

  • winstonwinston 8 hours ago ago

    Microsoft can remove device driver crapware from being distributed via windows update if you can get their attention on this.

  • buzer 9 hours ago ago

    If someone is in EU and is affected by this they could potentially utilize GDPR to make both Microsoft and LG take responsibility for this.

    It's hard to say directly from the article if there is any GDPR breach. If everything was part of the installer and it doesn't actually submit anything (including downloading the ad) to LG then it's harder to argue that there is GDPR violation, but knowing the SOP of these kinds of software that is unlikely.

    If the software did indeed send personal data to LG then there are at least following question: How was Article 13 notice delivered to user? Article says that this was installed quietly. Did Microsoft deliver Article 13 compliant notice to user at some point? They probably did deliver their own notice (though it's open question if it's compliant), but not LG's. However since Microsoft is the one that installed the software and they exercise control over the standards which must be met, it's possible that they would end up being joint controller at least for some processing.

    I should add that Article 13 requires that the notice is given "at the time when personal data are obtained". The only exception is when "data subject already has the information" and possible Article 23 restrictions, but those are unlikely to apply.

    If someone wants to make a complaint they should first make Article 15 request to LG. Copy of personal data is useful, but 15(1) information is the primary goal. Additionally ask for information on how and when did LG provide you the Article 13 notice if they did indeed process your personal data.

    After that if they cannot show that they provided Article 13 notice when they received your personal data submit a complaint to your local DPA. You can additionally flag other violations as well if they are applicable (e.g. not naming recipients as part of Article 15 response, not giving actual retention time or meaningful information how that is determined, invalid legal basis etc.). You should also flag in the complaint that Microsoft is likely joint controller for some of the processing given that they are the ones who approved the automatic install of the software which violated GDPR.

  • infinite_spin 10 hours ago ago

    the paranoid part of me thinks this is a war of attrition, where if every company imaginable has to be taken to task for intrusive behavior that we'll eventually grow numb to it, or that with a large enough onslaught we'll never be able to outpace it. It's not like there is profit to be made from preventing this behavior, and incredible incentives to, at minimum, turn a blind eye.

  • dev1ycan 2 hours ago ago

    The quick state in which we're devolving into a dystopia will eventually be studied a hundred years from now...

  • was8309 6 hours ago ago

    the instructions to enable "Prevent automatic download of applications associated with device metadata" don't work for me w/ W11, any ideas? thanks

  • boomskats 12 hours ago ago

    Not great, but also not at all surprising.

    Not sure about other solutions, but one suggested workaround here would be to silently uninstall Windows without consent.

  • hangrybear666 39 minutes ago ago

    This should not only be illegal in the EU but for the entire world. Malware level shit

  • rbanffy 11 hours ago ago

    At this point, such shenanigans are to be expected when using Windows.

    I guess my next machine will have a VGA port ;-)

    And no Windows.

    • classified 10 hours ago ago

      As long as you don't need some Windows-only software, Linux is a viable alternative now. KDE Plasma is a great desktop environment and even most games run flawlessly on Steam. And if you do need Windows occasionally, you can put it into a VM.

      • subscribed 10 hours ago ago

        Eh, kinda. I have new-ish MSI laptop with nvidia and it's still not good enough. I tried on the spare nvme and it just doesn't work well enough with these few games I want.

        Close but still not there. And Plasma has its own problems (I have it on my work laptop with Fedora).

  • astonex 11 hours ago ago

    Shame on Microsoft for allowing this

  • Havoc 9 hours ago ago

    Why are hardware manufacturers so shit at software?

    Whether it’s router safety or NVIDIA software hammering DNS servers hundreds of thousands of times or this. Across the board they seem below average competent when it comes to software. I get that they’re specializing on hardware but why so very bad?

    Edit. This isn’t even the only thread today. See TPlink fucking up on leaking your GPS coordinates also on front page

  • tantalor 10 hours ago ago

    Windows is malware

    • lloydatkinson 10 hours ago ago

      That's the second time, probably more, you've been saying this in the thread. Blaming users for "buying" Windows is ridiculous too.

  • variadix 7 hours ago ago

    Alienware does the same thing, and as far as I could figure out, there is no way to stop it. The enshitification of Windows at this point is incredible.

  • DevPulse 7 hours ago ago

    I am using an LG ultra wide monitor and have not had any popups or ads.

  • j45 4 hours ago ago

    This appears to be much worse on so many more fronts than this article says.

    It's basically how a virus would infect your computer through a USB Key.

    Forcing itself to be installed, hiding what it does, sustaining itself across reboots, bypassing all security restrictions... because a monitor might need something new after all these decades?

  • throawayonthe 11 hours ago ago

    ? isn't this normal windows behaviour?

    • bravo777 7 hours ago ago

      I agree, this isn't news, just flame bait to smoke out the lurking FOSS enthusiasts on a Saturday morning.

  • ChrisArchitect 5 hours ago ago
  • AlienRobot 10 hours ago ago

    I have an LG monitor and I think I managed to avoid this by using Linux.

    • newsoftheday 7 hours ago ago

      Same, also bought an LG TV to replace our aging 2 decade old TV. Nothing says you have to run the TV's setup. Use an external device for streaming, preferably running Linux and you have full control and no Ads or telemetry.

  • atoav 10 hours ago ago

    Good to know. LG is now on my blacklist.

  • msla 5 hours ago ago

    There's two maxims:

    You get what you pay for.

    If you're the customer, you're the product.

    "You get what you pay for" means if you buy proprietary software, you get software from proprietary vendors who act like modern proprietary vendors act these days, which is using every avenue to maximize profits. There's no recourse, because it is proprietary and, therefore, belongs to the software maker, and not you. It is not your property, it is theirs.

    Which leads into...

    "If you're the customer, you're the product" because customers are valuable products. You willingly bought the service, so your data is data from someone who is interested in the company and probably willing to buy more from it and its partners if the company can target you. Your data, therefore, has resale value, making you a product to be sold.

  • motbus3 11 hours ago ago

    I think this is how they are going to make us pay rent for what we bought. They will make everything unusable unless you pay more and make some cuckoo TOS saying that you agree to be held in contempt if you circumvent their measurements.

    Honestly, if we don't push it back hard, it will only get worse and worse. Why we were cancelling people if they used wrong pronouns and suddenly we got tired of doing the same with stuff that we all should agree on that is terrible.

  • __MatrixMan__ 8 hours ago ago

    It's shit like this that caused me to start refusing to help my mom and her friends with their windows computers. I'm not going to support their shady activities anymore. If you want my help the first thing we're doing is installing Linux.

  • Hikikomori 11 hours ago ago

    Last 2 were LG, been looking at a new one but I guess I'll go with another brand that has their panels.

  • justsomehnguy 12 hours ago ago

    And Razer, Logitech, nvidia and everyone else who has it's driver package accepted into WU.

    No, you can't have a "(o) just the driver" checkbox because... honestly there are a lot of reasons and the device manufacturers are the guys who demand that in the first place.

    • maccard 11 hours ago ago

      With the quality of that software, it wouldn’t surprise me if the driver didn’t work without the userspace app at all. The GeForce experience at least you can disable, but if you have any branded components getting all of their management software off your PC is incredibly difficult

      • justsomehnguy 11 hours ago ago

        Logitech M720 Triathlon is currently listed €64,99 at their site.

        The "programmable buttons" on it works through the user space app which is needs to be running in order to intercept and replace the button actions.

        No app running? No replace.

        App is stalling because the CPU was busy? No replace. (EDIT: or no action at all, lol)

        Is €65 mouse could store the less than a 1 kilobyte of the settings on itself? Of course not.

        On a third day I just turned it off and went for the other vendor altogether.

        To add an insult to an injury I knew the software would be mess so I installed it on a notebook relegated for the 2nd line duties. Less than a year later the notebook started to cry what there is no space left on the disk - which was quite strange because there was nothing what would fill up quite a plenty of a free space.

        Well, every month or two the Logi software (which I no longer even used because I didn't use the mouse) downloaded ~1GB update, stored the update, installed the update. Never cleaning up nor the updates nor the previous versions. Tens of GBs of a useless software just for the sake of the process.

        • maccard 11 hours ago ago

          The logitech software is absolutely awful. All of the functionality is on device, but you can manage it with https://logiwebconnect.com/ instead. I’ve used Logitech mice as my daily driver for years with this.

        • Georgelemental 11 hours ago ago

          I am very happy with my Triathlon, but I use the 3rd-party Linux software Solaar https://github.com/pwr-Solaar/Solaar

          • sys_64738 11 hours ago ago

            This is a wonderful app for pairing. No Logitech spyware needed!

    • sys_64738 11 hours ago ago

      I avoid installing Logitech spyware on my Mac but there are FLOSS apps to do the equivalent. There's even a pairing FLOSS app for Linux to avoid installing Logitech spyware. FLOSS is amazing. LinearMouse is the Mac app.

    • mbrndtgn 11 hours ago ago

      Razer mice are the worst because they are just HIDs and could work without any special driver at all! Also I don't need their whole suite on every Windows computer I plug my mouse in. I think most people would just configure their Razer mouse on one PC, save the settings in the firmware of the mouse itself (I guess, I've actually never used their driver suite) and then never touch their software again.

      It's just crazy to me that a lot of keyboard manufacturers have basically standardized on VIA as their firmware which can be configured via WebUSB without installing any additional driver. But my mouse somehow needs a gigantic driver suite just to configure and save some settings? It's just madness.

      I like Razer mice and their headsets, but I will never install any of their drivers. Ironically I feel more comfortable using Razer hardware on non-Windows devices than on Windows precisely because they don't support other operating systems.

    • zahlman 11 hours ago ago

      …Do these devices just not work on Linux or something?

      • justsomehnguy 6 hours ago ago

        Depends on what you are calling 'working'.

        Basic drivers prove a basic functionality.

  • phendrenad2 8 hours ago ago

    All gaming brands try to install software with every driver update. AMD, Nvidia, Razer, Corsair, etc. The difference is LG made it silent, which is a big no-no. Pushback should be on LG, a respected consumer brand that should know better.

  • grayhatter 10 hours ago ago

    So I own 5 LG monitors. But now I can't buy LG. I also refuse to support Samsung.

    Are there any high quality panel manufacturers left that aren't run huge pieces of shit? Or at least try to respect the people buying their hardware?

    • BoingBoomTschak 9 hours ago ago

      Panel? Not really since Panasonic exited the market.

      For complete monitors, the sole make I trust is Eizo but they only make professional (business or photography) products these days, and I'm _not_ going back to 60 Hz. Dell doesn't deserve trust but their UltraSharp line usually is "okay" even if my U2724D has uniformity issues near the bottom. Iiyama also remains a good one in my books.

      But if you want OLED, abandon all hope. The technology is so compromised and the market so monopolized by the collective Market for Lemons style race to the bottom targeting gaymers that I intentionally went for IPS black (yes, LG.display, I know...) instead.

      • grayhatter 9 hours ago ago

        I think Eizo is what I'm looking for, I've never heard of the brand before, so I appreciate the recommendation! Hopefully I can convince myself to buy something slower than 120...

        I don't mind paying for a bit more for professional gear. In part, because quality is important, but much more important to me is respect.

        • BoingBoomTschak 7 hours ago ago

          Their ColorEdges are definitely very good (I had a CG2730 just before that Dell) but now that my eyes tasted 120 Hz - even if only for page scrolling or the mouse pointer - I simply can't go back.

  • luciana1u 11 hours ago ago

    we finally cracked self-installing software, it just turns out the payload is McAfee and the installer is an HDMI cable

  • greatgib 11 hours ago ago

    If you had time to spend, I'm wondering if you couldn't sue LG or Microsoft in some countries for something equivalent of "hacking". Like intrusion in a computer network. As it is unsolicited installation of something that is unexpected.

    As there is no consequence for them, again there is no reason that it changes or that it doesn't get worse in the future.

  • GuestFAUniverse 9 hours ago ago

    Oh, come on! LG force fed people with ads on TVs. And now everybody acts surprised?

    Do. Not. Buy. LG.

    There are a lot of decent alternatives. Stop buying from the sick heads.

    • HighGoldstein 9 hours ago ago

      > Do. Not. Buy. LG.

      > There are a lot of decent alternatives.

      Can you name them? Dell and Samsung are the main competitors for displays as far as I'm aware, Dell tends to be hit-or-miss when it comes to monitor features and quality, Samsung's high end displays come preloaded with a whole OS. The monitor market is really in the toilet.

      • petepete 6 hours ago ago

        Samsung are as bad as LG for advertising in their TVs.

        I'd happily buy and use a Dell monitor in my front room next time around. I don't use the speakers or tuner in my current TV so I'm not sure what I'd be missing out on.

  • jdw64 11 hours ago ago

    In Korea, pretty much all devices come with Windows. It's hard to live outside of Windows. Most programming is done in CPP,C#, and even when people use C, the majority are working on top of an IDE. The OS kernel layer only really appears in things like Samsung phones—the vast majority of work is on the application layer, and most consumers are on Windows on their desktops. It seems unavoidable

    • inigyou 11 hours ago ago

      This is also true outside of Korea.

  • anonym29 12 hours ago ago

    If you're using Windows on a personal device in the first place, you're pretty loudly declaring that your consent doesn't matter anyway.

    That's not your computer, that's Microsoft's computer. You're the threat model they lock it down against, you're the schmuck that keeps them fed, and you're the possible terrorist/hacker to be surveilled, tagged, tracked, and monitored.

    If you care about consent as it relates to your use of technology, you shouldn't be using Windows in the first place, and this has been obvious for well over a decade now.

  • inventor7777 8 hours ago ago

    Seems like every day I don't use Windows, the less I miss it lol

  • BoingBoomTschak 12 hours ago ago

    [Laughs in Linux/BSD]

    • throwa356262 11 hours ago ago

      HN doesn't like your tone and you are being down voted. But in general you are correct, Linux and bsd users are less affected by such shenanigans.

      Short personal story:

      I had a win10 machine were HP kept installing some "analytics" service. This happened even on a clean windows install so I guess they used the same delivery mechanism LG is using here. After having read the HP ToS (where they basically gave themselves unlimited rights to monitor anything I did on that machine), I decided to wipe the disk and install Linux.

      But I guess it is just a matter of time before EU or US make spywares mandatory on Linux too. Chat control and age verification seems to be the first step towards that.

      • microtonal 11 hours ago ago

        But in general you are correct, Linux and bsd users are less affected by such shenanigans.

        Mac users too (at least for now).

    • tialaramex 11 hours ago ago

      I don't know about the BSDs but in Linux the reason is that a volunteer (in principle it could be a paid employee, I guess maybe it is for RHEL etc?) decides what gets installed

      It is absolutely possible that when you plug in an LG display it installs and runs software on your Linux system†, just that rather than "Somebody at LG who earned a bonus" the decision maker was Sara in Portugal who fat fingered a change when trying to make a Python script for a PCI digital TV receiver work properly on 32-bit.

      It does feel more like an amusing mistake in that case whereas even if LG tells us it's a mistake we know it was to earn $$$.

      † Obviously YMMV but such "plug and play" features are commonplace because they're useful

      • microtonal 11 hours ago ago

        I have absolutely no clue what you are talking about. There is no mechanism in standard Linux distributions to automatically download software from a vendor when you plug a device (apart from firmware updates through fwupd, but those are curated).

        So perhaps you could elaborate?

        • tialaramex 10 hours ago ago

          > no mechanism in standard Linux distributions

          Now, when I first ran Linux in the mid-1990s, this was true. "Plug-and-play" is just peaking over the horizon. Other systems have had it for years (the Amigans for example) but for the PC it's pretty new.

          But today a whole lot of mechanism is spun up when the kernel realises something new was added. A netlink socket talks to a udev daemon, in userspace and that daemon, being ordinary userspace software can do whatever it wants including of course run a bunch of arbitrary shell scripts, which can in turn do whatever they want. So yes of course they could download arbitrary software, or delete all your files with a Z in their name.

          > from a vendor

          Where the Adware comes from is of no consequence to the end user. "Um actually, the file came from Microsoft's servers" is irrelevant.

          [Speaking more specifically of fwupd, which is ultimately fed by hardware vendors directly]

          > but those are curated

          I'm sure Microsoft considers that they are curating their system too. We both just think (I assume you're not here to defend Microsoft) their curation sucks.

          I want to be sure we're pointing at the right thing here. The problem isn't that your Windows PC can end up running software because a device was plugged in, that's actually convenient and a benefit to many people and that works in Linux. The problem is what was delivered.

          • pessimizer 6 hours ago ago

            > Where the Adware comes from is of no consequence to the end user. "Um actually, the file came from Microsoft's servers" is irrelevant.

            Wrong. If I have a business relationship with MS where I've agreed to accept adware, this is meaningful. If I've bought a monitor that never informs me that it is installing adware, especially adware on their servers that could change at any time, this is a problem. It is different when the mailman opens my mailbox than when the person who cuts my grass opens my mailbox.

            > The problem isn't that your Windows PC can end up running software because a device was plugged in, that's actually convenient and a benefit to many people and that works in Linux.

            It's also a problem that Linux has allowed itself to be invaded by a creepy octopus of a user-hating system with tons of mutual dependencies, trying to gradually replace everything on your OS.

            The problem is that Windows is running things without your explicit approval. The problem with Windows and new Linux is that it even has the ability to do so. Security became protecting the system from the user, rather than protecting the user from the network and devices.

            The idea that userspace can do anything in userspace is a bit of a red herring, though. The question is how the malware gets into userspace in the first place. In the case of Windows and systemd, the malware is integral to the OS itself.

            > that's actually convenient and a benefit to many people

            To reiterate, it is not in any way convenient or a benefit to anyone that software is installed silently and secretly by their monitor. The idea that having to approve arbitrary software installation is some great inconvenience doesn't pass the laugh test.

    • lordleft 7 hours ago ago

      Not only Linux/BSD, but MacOS. Not that Apple isn't annoying either, but it tends to avoid the windows bloatware stuff.

    • potato-peeler 11 hours ago ago
  • qmr 11 hours ago ago

    Beyond tired of the rape mentality from Microsoft and other evil mega corp's.

    Remember when you used to own your "personal" computer?

  • bravo777 7 hours ago ago

    Windows works well most of the time for most people. I have a couple of Windows PC's, both exotic and standard, and I get what I paid for out of them. Humans love to hyper fixate on the failure cases when they're bored, and this is just one of them for Windows.

    Mostly anyone who has a need to work for privacy and making their own lives difficult by removing automations deserve working through the barrier of entry to do so.

  • adamtaylor_13 10 hours ago ago

    This is an excellent use of agentic AI, btw. Fire Claude up and say, "Remove LG malware and mcafee from this computer. Make regex changes so it can't be installed again."

    My current windows 10 install is cleaner than any other windows machine I've ever owned due to using Claude to deep dive and rip stuff out.

    • someothherguyy 10 hours ago ago

      > excellent use of agentic AI

      you run claude code unsanboxed on your machine and give it privileged access?

      • adamtaylor_13 10 hours ago ago

        On my windows machine I do. Not on my important machines.

    • orbital-decay 7 hours ago ago

      Giving the data to Anthropic instead of giving it to LG and McAffee, fascinating

    • bcraven 10 hours ago ago

      "Prevent this software having unfettered access to your machine by giving some other software unfettered access to your machine"

      • adamtaylor_13 10 hours ago ago

        That's a hot-take, but yeah. Something like that.

        Probably more like, "Prevent adversarially installed software from having unfettered access to your machine by giving software you specifically requested unfettered access to your machine."

        If it makes you feel safer, you can just tell it to give you the commands run them yourself. The point is, I'm not a Windows sysadmin so idk how to do stuff like this--claude does.