• floofloof@lemmy.ca
    link
    fedilink
    English
    arrow-up
    39
    arrow-down
    1
    ·
    edit-2
    4 hours ago

    I’ve used an LG monitor for about 5 years, and never install the manufacturer’s software unless it looks genuinely useful. When I saw the Gamers Nexus video I went to check my installed apps, and sure enough there was LG’s monitor app, installed silently without my knowledge. I used Bulk Crap Uninstaller to get rid of it.

    To prevent this kind of thing in future, run gpedit.msc and enable “Prevent automatic download of applications associated with device metadata” under Computer Configuration → Administrative Templates → System → Device Installation.

    • brucethemoose@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      50 minutes ago

      Same. I noticed earlier this month when I got a popup to install Mcafee, out of nowhere. I was mortified.

    • 0x0@infosec.pub
      link
      fedilink
      English
      arrow-up
      46
      arrow-down
      1
      ·
      5 hours ago

      Or you could just change to an os that doesnt piss on its users constantly

      • floofloof@lemmy.ca
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        35 minutes ago

        Indeed. I use Linux most of the time, and MacOS a bit of the time, but the old Windows desktop is still there for the infrequent times when I need it to work on old music projects. I have it too dual-booting into Linux, so even it spends most of its time in a more sane OS.

    • NewNewAugustEast@lemmy.zip
      link
      fedilink
      English
      arrow-up
      9
      ·
      edit-2
      5 hours ago

      I didn’t watch the video, but maybe they said how this done.

      If it installed silently, it must be getting pulled in via Windows update right? Where Microsoft just sees this a regular old driver for a device I would imagine?

      I have an LG monitor, maybe about 5 years or older. But I don’t have windows so I assume it knows nothing.

      EDIT: Nevermind. I went and watched the section at the beginning, and yep that is exactly how it is done. Does windows not even vet what a vendor hands them as a driver? Perhaps they don’t care, but this seems like an easily exploitable route.

      • floofloof@lemmy.ca
        link
        fedilink
        English
        arrow-up
        1
        ·
        37 minutes ago

        I suspect the thoroughness of the vetting is inversely proportional to the size of the kickback to Microsoft.

        • NewNewAugustEast@lemmy.zip
          link
          fedilink
          English
          arrow-up
          3
          ·
          19 minutes ago

          Got me curious. Quick search and I found three windows drivers that had keyloggers hidden in them. Go figure it was HP!

          • HP Notebook Keyboard Drivers: Keylogging code was discovered in the SynTP.sys file, which was part of the Synaptics Touchpad driver shipped with certain HP notebook models.

          • HP Audio Drivers: Researchers found keylogging features within the Conexant HD Audio Driver (specifically version 1.0.0.46 and earlier) used in various HP laptops and other Windows systems.

    • thejml@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      6
      ·
      5 hours ago

      That’s what I thought was happening here. The headline is a bit incorrect… the monitor didn’t install the bloatware, Windows did.

      Now the drivers/software that Windows installed is likely from the MS store/update path and was made and signed by LG, but still. Plug this monitor into linux and it’s not going to do it because linux doesn’t have that mechanism.