35 comments

  • devttyeu 1 hour ago
    This is so much worse that the title makes it out to be:

      1. Your OS installs malware (technically manufacturers software) from a 3rd party vendor in background, zero user interaction
      2. Happens as soon as you or anyone with physical access plug in a device into the HDMI port
      3. That malware has internet and full system access, no sandboxing
      4. It starts with every system boot
      5. This software gets installed when you plug in a new LG monitor
      6. OR ALREADY HAD AN OLDER LG MONITOR PLUGGED IN, BECAUSE LG APPARENTLY ROLLED THIS OUT FOR MANY OLDER MODELS TOO!!
      7. And yes, if you think that's horrendous, as mentioned in the video below, that also applies to 'Professional' LG monitors!
    
    
    This situation has.. no precedent as far as I can tell..

    GamersNexus has a video diving deeper into what LG did here - https://www.youtube.com/watch?v=Q9uefFYe6bM

    • orbital-decay 5 minutes ago
      >This situation has.. no precedent as far as I can tell..

      Printer, mouse, tablet and display tablet makers use this to insert their crapware since at least Windows Vista or Windows 7, I think. The last one I remember is plugging a Razer mouse just to watch it instantly pulling 1.5GB of bloated junk with "telemetry" exfiltrating the data from my gaming PC in realtime.

      Microsoft is to blame here, really. They already have a mechanism to block any driver (supposedly to avoid reputational risks to their brand due to buggy drivers, at least that was their excuse back in the day), but aren't even using it to block these contraptions.

    • embedding-shape 1 hour ago
      > This situation has.. no precedent as far as I can tell..

      Microsoft has been allowing this sort of ludicrous behavior for decades at this point, it's not a new issue. What's new is how visible LG made their malware, compared to previous auto-installs that happen like this, where they try to make the thing not so in your face, as they know there will be a huge backlash.

      I don't know what Microsoft is thinking even allowing and enabling this sort of thing, they've lost all touch when it comes to building things for users.

      • MichaelZuo 1 hour ago
        Maybe some decision makers do indeed have negative aspirations…
      • ihsw 13 minutes ago
        [dead]
      • joe_mamba 46 minutes ago
        [dead]
    • Findecanor 54 minutes ago
      A few years ago, plugging in a Razer USB mouse made Windows download and run a installer from which the current user could start PowerShell with administrator privileges. Razer first tried to downplay the issue, but fixed it later. [1]

      The USB protocol does not have any authentication, just a VendorID/ProductID pair: 2×16 bits that Windows uses for looking up the driver package to install. Programming a MCU to use any VendorID/ProductID is straightforward. A USB device could even appear innocuous at first but after a timer or external trigger disconnect and reconnect masquerading as another device.

      1. https://arstechnica.com/information-technology/2021/08/need-...

    • Sharlin 36 minutes ago
      Perhaps no precedent in hardware, but it's basically the same as the good old Sony CD-ROM autoplay rootkit fiasco. Except this one runs in mere userland AFAICS.
    • sigio 1 hour ago
      I can only conclude that Windows is basically malware now... Thank $deity I haven't used any form of Windows for 10+ years anymore.
      • fooker 1 minute ago
        You're missing out on 37 different unrelated things being named copilot.
      • bcraven 29 minutes ago
        This is one of those typical HN replies that adds absolutely nothing to the discussion.
        • Geezus_42 10 minutes ago
          Much like your own, and this one!
    • Kelteseth 1 hour ago
      It is the same when you plug in a Logitech mouse nowadays, no? At least they don't install McAfee
      • vladvasiliu 52 minutes ago
        I have a logitech mouse and I'm pretty sure I was asked whether to install the logitech app, it didn't do it automatically. Same for the dell mouse I have at work, it asked to install dell somethingorother, which I declined, and it left me alone.
        • d_k_f 23 minutes ago
          Anecdata from two days ago, after installing a fresh Windows 10: after inserting the dongle, a definitely non-native (styled by Logitech) popup asks me whether I want to install their app. I decline. One reboot later, the app is available in the start menu.

          Edit: To be fair, I immediately uninstalled it, so I don't know if this was "just" a link to their installer app or the full app. But something definitely got downloaded and moved to a place I could not have moved it myself without accepting a UAC prompt m

    • silverlimetea 4 minutes ago
      Buddy let me welcome you to the Internet where your phones and emails are literally listening to your microphone like it’s Watergate.

      It’s not unprecedented at all for Microsoft or anyone to download what amounts to spyware.

      The days of antivirus were replaced by advertising a long time ago. There is no privacy.

      Most savvy types are hyper aware of every process running on their machine especially those using network lol

      Kill the process or don’t by an LG. Everyone just uses Dell, or you’re rich and you get a Mac one. I don’t make the rules

    • IshKebab 56 minutes ago
      USB devices can also do this now. I have a Razor microphone which is otherwise a great device and requires no software to function. At soon as you plug it in to windows it tries to install some Razor crapware.

      It's not quite as bad because it's not silent and you can say no, but I'm pretty sure that's only because Razor decided not to be completely evil.

  • delta_p_delta_x 1 hour ago
    Workaround:

      gpedit.msc
      Computer Configuration > Administrative Templates > System > Device Installation
      Prevent automatic download of applications associated with device metadata
      Set to enabled
      OK
    
    On home editions sans gpedit.msc:

      sysdm.cpl
      Hardware tab
      Click Device Installation Settings
      Under 'Do you want to automatically download manufacturers' apps for your devices?', select 'No'
      Save Changes
    • mrbluecoat 11 minutes ago
      Very helpful, thank you. But it does remind me of that Yzma quote in The Emperor's New Groove: "Why do we even have that lever?"
    • Someone1234 1 hour ago
      Worth noting that gpedit.msc isn't included in Windows Home editions (although there are unsupported ways of adding it). This is also technically asking a lot for working around issues that shouldn't exist.

      Microsoft needs to intervene here, this cannot be a normal expectation for using their product.

      • AlienRobot 14 minutes ago
        Me on Windows 7: I don't want to use Linux, you have to keep configuring every single thing so it works.

        Me on Linux: I don't want to use Windows, you have to keep configuring every single thing so it doesn't show ads.

      • delta_p_delta_x 52 minutes ago
        Edited with another method.
  • tialaramex 1 hour ago
    Assuming they don't get a revenue cut, pushing back on Microsoft can in principle be effective here.

    Microsoft decides what happens here, and presumably today they just take it on trust that hardware makers know what software to install. New driver? Sure. McSpam installer? OK. Maybe they have a guideline saying "Don't ship unrelated garbage" but today it's not enforced because why would you do that?

    If the Microsoft customers (particularly larger corporate customers) tell Microsoft they hate this that policy will get tightened or if there isn't a policy one is introduced, and outfits like LG get told if you do this again we're taking away your update privileges, 'cos our customers hated this. Because (as I said assuming MS don't get a taste) this is all downside for Microsoft.

    Pushing back on LG will be less likely to work because you already bought their product, so at most you can insist you'll forgo LG next iteration and they know such pledges evaporate in practice usually. Whereas Microsoft has contract negotiations every day, somewhere a $$$ contract is being renegotiated next week and if "Yeah, these LG popups suck" comes up - even if it's not a corporate system but the VP's niece's video editing suite for her vlog that's strictly unrelated - that Microsoft sales droid reports this was an impediment and it's on the list of things that don't benefit Microsoft.

    • vladvasiliu 46 minutes ago
      The issue is that most corps disable Windows Update and only allow whatever goes through the on-prem Windows Update thingy. This can, of course, fire back if they don't think to include all the updates. We had one such issue where they didn't provide an up-to-date Intel driver for the Wi-Fi cards, and the version we had was a bit broken...

      But the point is that companies will probably not complain about this because they'll most likely not see it. Also, they're used to Windows being generally crappy.

    • raverbashing 1 hour ago
      Honestly yeah

      MS should get all the flack (which is mostly deserved) of this

      Manufacturer does whatever crap they want with "it works" and then MS gets the complaints

      A driver should only be that. A driver

      • embedding-shape 59 minutes ago
        > MS should get all the flack (which is mostly deserved) of this

        I don't see why we can't blame both here? And I'm a big LG user, I'm writing this comment via a LG monitor, our main TV is LG, dishwasher and clotheswasher is also LG. But still, that Microsofts enables this behavior should rightly put them at the stake for this, and also LG should get flack too, just because something is possible doesn't mean you have to automatically go that route.

      • rbanffy 1 hour ago
        > A driver should only be that. A driver

        I still remember the massive amounts of crapware installed with video cards, printers (hello, HP), and just about anything where the manufacturer can squeeze some money from.

        • al_borland 20 minutes ago
          This was always one of my biggest pet peeves on Windows. A bunch of junk running in the system tray just for basic hardware functionality.
  • gkbrk 20 minutes ago
    A monitor cannot install software on your computer by the way. It's Windows installing this software automatically (for some reason), so the blame should be on Microsoft.

    Autorun of malware when you plugged in a USB drive was also a Windows issue, I'd classify this as the same security problem.

    • tantalor 16 minutes ago
      Blame should be on the user for buying Windows
      • mosselman 10 minutes ago
        You are describing 'the blame should be on Windows'.

        The consequence of Windows having the blame is that one should not buy it.

  • adamtaylor_13 30 minutes ago
    This is an excellent use of agentic AI, btw. Fire Claude up and say, "Remove LG malware and mcafee from this computer. Make regex changes so it can't be installed again."

    My current windows 10 install is cleaner than any other windows machine I've ever owned due to using Claude to deep dive and rip stuff out.

    • bcraven 28 minutes ago
      "Prevent this software having unfettered access to your machine by giving some other software unfettered access to your machine"
  • GaProgMan 1 hour ago
    Gamers Nexus have a video about this. Definitely worth a watch.

    https://www.youtube.com/watch?v=Q9uefFYe6bM

    • embedding-shape 1 hour ago
      I'm wondering if we in Europe gets vastly different experience compared to Americans or elsewhere in the world. People complain about LG having ads everywhere in the monitors, displays and what not, but none of our LG products (bought and used in Spain) have any ads anywhere. I'm sitting here with a LG monitor and our main TV is a LG OLED TV, neither of them have ads anywhere, although I haven't booted Windows in a couple of days and I guess I won't, until this malware issue been fixed.

      But still, is it possible Americans are receiving more ads than in other parts of the world? Certainly online sentiment gives me that impression.

      • throwa356262 1 hour ago
        In general, yes.

        But in case of LG TVs, they record your activities in EU too. You can opt out, but the settings has a very non-descriptive name ("live plus") and resets by itself when you are not looking.

        https://www.consumerreports.org/electronics/privacy/how-to-t...

        • embedding-shape 1 hour ago
          Right, I'm wondering about the amount of ads though.
          • throwa356262 1 hour ago
            No, I think the ads are limited to own services and third party apps right now. Same goes for Samsung in EU.
      • bloqs 1 hour ago
        Same here in the UK
      • 15155 1 hour ago
        > Americans are receiving more ads than in other parts of the world

        Ads aren't free, so yes, it would stand to reason that people in the largest consumer market in the world might garner more ad spend.

        • embedding-shape 1 hour ago
          So because the US is the largest consumer market in the world, the TVs LG sell in the US has more ads in the UIs than TVs sold in Europe? Why would it be like that? If that theory is true, does that mean TVs sold in the European Union then have more ads than TVs sold in China, as the EU consumer market is larger than the China one?
          • 15155 1 hour ago
            > Why would it be like that?

            Ads aren't free - this isn't a "theory," it's basic economics. Cost can be political (you cause the entire EU government to outlaw the practice) or monetary.

            > If that theory is true, does that mean TVs sold in the European Union then have more ads than TVs sold in China

            Probably? The markets have little overlap, but again, this is a function of cost. Where people have more money to spend, I have more money to spend on ads, or more money to spend on campaigning to be allowed to show ads.

            • embedding-shape 1 hour ago
              > Probably?

              Spoiler: LG TVs sold in China also seem to have more ads than the LG TV we end up buying in Europe. Seemingly (https://news.ycombinator.com/item?id=48957229) with Samsung it's the same. Even though EU is a larger consumer market than China, so obviously your theory doesn't hold, it's something else than "Bigger consumer markets === more ads in UIs in TVs".

              • 15155 50 minutes ago
                > obviously your theory doesn't hold

                Cost is my "theory." A larger market can sustain larger ad spend, and in some areas it's cheaper to make larger ad buys. Both are true.

                Also, "larger market" obviously implies a category-specific qualifier. People in the United States might have more of an appetite for televisions than people without running water - news at 11.

                > Spoiler: LG TVs sold in China also seem to have more ads than the LG TV we end up buying in Europe.

                "Spoiler:" is an unnecessarily cunty way to lead a declaration of fact with zero objective accompanying evidence. Any citation you care to provide?

                "More ads" is already a pretty subjective, ill-defined thing. More screen time? More individual advertisers? More unique advertisements? Larger screen area?

                • embedding-shape 45 minutes ago
                  > Any citation you care to provide?

                  Not really, the question I posed initially was a casual one, based on reading around basically. I'm guessing you then have a citation handy for the US LG TVs having more ads because the US is a bigger consumer market?

                  > "More ads" is already a pretty subjective, ill-defined thing. More screen time? More individual advertisers? More unique advertisements? Larger screen area?

                  If you open up the TV home dashboard, do you see ads? On my LG TV I don't, looking at screenshots from LG TVs in the US, there seems to be.

                  • 15155 40 minutes ago
                    > the question I posed initially was a casual one, based on reading around basically

                    So your "Spoiler:" was based on something you pulled out of your ass casually?

                    > I'm guessing you then have a citation handy

                    I qualified with "probably" and "might," I didn't lead with "Spoiler, asshole, I'm right:"

                    > If you open up the TV home dashboard, do you see ads?

                    The plural of anecdote isn't data.

                    • embedding-shape 36 minutes ago
                      > The plural of anecdote isn't data.

                      Hey, I learned something new! Thanks :) Hope you enjoy the rest of your Saturday as much I'm enjoying mine, time to hit the beach.

          • jdw64 55 minutes ago
            Europe has strong GDPR regulations. As for China, I've heard that hardware margins are low, so the hardware itself is just bait, and they embed ads in the software inside. But this is just something I heard from another Korean programmer, so it's not really a serious claim
        • reaperducer 15 minutes ago
          You must be getting downvoted by people who have never run an ad-supported web site.

          When I used to do that, North American traffic got ads 100% of the time. European traffic might get ads 5% of the time. Otherwise, there were few advertisers that cared.

          However, this was back before Google AdSense upended the industry, and you could still make a living showing one static ad per page.

  • kingleopold 1 hour ago
    They used to call this spyware/malware. Now it's a regular practice by eng. teams and managers inside these big corp. Well played guys :) Congrats with new type of tricks
    • flowerbreeze 1 hour ago
      From FTC website: Malware is harmful software that’s installed on your device without your knowledge.

      So I think that is what we should continue to call it. LG monitors are installing malware, because they install the software silently and it harms the system by making it slower and disrupting the work of the user with advertisements.

    • sys_64738 51 minutes ago
      If it's not malware then what is it called today?
      • supertrope 6 minutes ago
        "Telemetry." "Personalized experiences."

        Basically doublespeak.

    • delusional 55 minutes ago
      I would be very surprised if some random manager of some low level engineering team made this decision. It seems more likely this was a marketing or partner relations department idea that was presented to high level leadership.

      I don't understand why we expect some manager somewhere to stop stuff like this.

  • lapelusa 18 minutes ago
    LG is not a computer OS developer. Microsoft is. Microsoft has steered from developing software to developing malware for years now. This is simple: LG and McAfee paid MS to DP this, and they did.

    It still blows my mind that most people still put up with this kind of behavior. I get that some people can't get away from Windows due to genuinely needing to use software that will only run on it, but that has to be around 0.1% or less of current windows users. There is no justification for the other 99.9% to choose to stay in such a toxic relationship.

  • motbus3 1 hour ago
    I am tired of this. LG is now on my blacklist alongside EA and Blizzard Entertainment for their anti consumer practices. I can't change them, I can't change policies about it. I can choose to not buy.
    • delusional 53 minutes ago
      > Blizzard Entertainment

      You mean "Microsoft Xbox Activision Blizzard King Bethesda Mojang"? I wish you luck with your boycott.

      • BatteryMountain 40 minutes ago
        I've successfully avoided these companies the last 5 years. Gaming as a whole is dead for me, I just play a couple of old games now & then. The culture is toast too, not just bad games or expensive hardware. So not really losing much sleep over any of this. I have linux on all my machines, so I really only play the one's that perform well on linux. Haven't played online multiplayer games since ~2013. Many of us are like me.

        edit: like if a game doesn't work, I no longer spend hours trying to fix it, I don't go ranting on the internet about it.. I just uninstall and play something else. Really simplifies things if you can detach from gaming as a core identity anchor.

        • lloydatkinson 1 minute ago
          I'm still angry at how they ruined Overwatch
  • discordance 1 hour ago
    McAfee should be classified as a virus
    • supertrope 4 minutes ago
      If a software package can't be uninstalled through the normal process and needs a separate uninstaller program, it is similar to malware. Many anti-virus suites and anti-cheat software require this. Take from that what you will.
    • chrismorgan 32 minutes ago
      When preinstalled (as multiple major OEMs do), or when bundled in unrelated installers in these sorts of ways, it matches the definitions of scam excellently, and protection racket not badly.

      When you uninstall, they give you an opportunity to type a reason. I wonder if anyone actually reads my accusations of them being scammers and bad people. I have uninstalled McAfee from more people’s computers than I care to remember.

      • fragmede 16 minutes ago
        How exactly does it match the definition of a scam? Windows does get viruses, and it does protect against them. It's not something you actually need, like most consumer VPNs, but they have high pressure sales tactics to trick people into buying it, but they do deliver what is promised, which makes it not a scam. They are creating artificial demand with their scare mongering, and I tell everyone I know not to get it, and to enable Windows Defender, but that's still not a scam.
        • supertrope 0 minutes ago
          It depends on your definition of scam. Is McAfee a total fraud, not delivering on its core functionality of anti-virus scanning? No. But it's selling something most people don't need and uses information asymmetry, fear, and dark patterns to make money. To play devil's advocate, without bundled bloatware PCs might cost $10 more.
    • BatteryMountain 44 minutes ago
      10 Years ago. Complete garbage spyware.
  • grayhatter 1 minute ago
    [delayed]
  • thejokeisonme 1 hour ago
    Your OS silently installs malware. Doesn't get much worse than this.
    • inigyou 1 hour ago
      Your OS is malware, if it's Windows.
  • sigio 1 hour ago
    Why do people even install 'drivers' for things like monitors. (Or usb devices running 'standard' protocols). The OS handles these just fine by itself.
    • subscribed 11 minutes ago
      The article is about people NOT installing it but getting it installed anyway :)

      As to why people do install such software? It sometimes provides additional features, controls and settings. For example with touchpad you could set the sensitivity, hot corners, set the scroll behaviour the way you like it, etc.

      With monitors you might get a better colour profile (P3 instead of just sRGB), I don't know. I don't use monitors like this.

    • wccrawford 1 hour ago
      In this case, they aren't.

      I woke up the other day to a notification that my LG monitor driver was installed, with a little window on how to use the on-screen crap.

      Absolutely useless, since the buttons for the monitor are right there on the bottom of it, and probably easier to use than the software.

      • Joel_Mckay 1 hour ago
        Indeed, our Windows 11 offline Steam box also needed to disable LG & Switch App in taskmanager, and set LG apps to manual start in Services.

        Apparently the 3 applications have some sort of screen partitioning/sharing capabilities, but it is still unclear if the LG App was remote access or not.

        So far, LG is earning a lot of justified bad press. Should have returned it when I had to turn off the screens power-save mode to get it to stop fading out randomly. =3

    • embedding-shape 1 hour ago
      Sounds like this malware gets installed even if you don't manually install anything.

      > Connecting some LG monitors to a Windows PC may automatically install software that promotes McAfee subscriptions

      I too have a LG monitor, but haven't booted Windows in some days, guess I'll stay put in my Arch environment until they've fixed this shitshow.

      • onaclov2000 1 hour ago
        But this assumes you plug in USBC .... Right? HDMI and display port can't....install over right?
        • embedding-shape 1 hour ago
          I don't see any details in any of the texts I came across, but in theory the implementation could be that Windows sees the ID of the monitor once connected through any sort of connection, then when matching ID is found it installs the malware. Rather than the installer is sent from the monitor to the computer. Would make updates a lot easier, and if they really want to spread this malware, can activate it for a lot more monitors.
          • onaclov2000 47 minutes ago
            That makes some sense to me, I think for some reason my brain assumed they were like actively controlling the PC to download things other than updates, (and low key assumed part of this update was supposed to be for software on the monitor not the desktop)
          • jdw64 1 hour ago
            Most commercial solutions are Windows-based and use the Windows API. HDMI and DP also have two-way communication channels. This is something you learn when you do hardware coding.(Of course you already know this, but this is for the other people reading this comment.)

            Typically, the Windows update server downloads packages mapped to hardware IDs in the background. Since LG's business in Korea has been failing and their AI efforts are stagnating, they exploited their McAfee partnership marketing as a pipeline. Windows' Plug and Play does make development convenient. The DX experience is good.

            Linux is quite fragmented. That's good from a 'my computer' perspective, but not from a 'product' perspective. And then there's the jitter issue. Windows has stable paid solutions, while Linux has version discrepancies.

            In fact, the reason Linux is considered secure is simply because hardware vendors haven't standardized enough to build automatic deployment pipelines.

            In programming terms, we all know singleton is bad, but for Plug and Play, it's overwhelmingly convenient.

            • zahlman 1 hour ago
              > simply because hardware vendors haven't standardized enough to build automatic deployment pipelines

              Wouldn't it require cooperation from the distros anyway? You say "HDMI and DP also have two-way communication channels", but that doesn't force the OS to communicate over those channels. And it also doesn't force the "mapping of packages to hardware IDs" to be what the hardware manufacturer wants it to be.

              • jdw64 1 hour ago
                Your point is idealistically correct, but realistically it's not. Because when people install Windows, they don't want to go through the process of installing drivers for other hardware devices. And usually the driver versions depend on the OS version too.

                Right away, with numerous distributions like Ubuntu and Arch, it's hard to account for all the possible cases from a production standpoint. But Windows has very few versions. As long as you pass Microsoft's standard specification, it just runs on Windows. That difference is huge. What you're saying is ideal, but when selling a product, time is money.

                In other words, to summarize our conversation:

                'As you said, separating them is the right thing to do. But UX Uesrs basically wanted that kind of deployment authority, and in the process, the problem of abusing it arose.'

                It's a beginner level problem, but at the same time, it's also a difficult one.

        • chmod775 1 hour ago
          Windows automatically tries to download and install drivers for some hardware you plug in, including monitors. That's what is happening here.
        • Someone1234 1 hour ago
          The monitor itself isn't installing anything, Windows detects the device by unique ID, and uses Windows Update to get the driver which itself triggers a Windows Store application (malware) to install.

          The monitor only sends a unique device ID, everything else is handled by Windows.

        • Joel_Mckay 1 hour ago
          We have an offline account Windows 11 Steam box, and the stupid popup still hit our machine a few days back. It did ask for screen access (said no), but there is no obvious button to opt out of the adware popups (select don't show, and click X to close).

          Disabled LG & Switch App in taskmanager auto start, and set to Manual for all 3 LG process names in Services.

          A lot of bad karma, for such an buggy monitor that doesn't even work properly till you turn off the silly power-saver auto-dim mode. =3

    • functionmouse 56 minutes ago
      the OS handles these now by installing the malware. Zero click.
  • dhash 1 hour ago
    it's worth noting that the price of these monitors got cut in half due to this news -- great for the linux users out there
    • sigio 1 hour ago
      Still seeing them for ~600 everywhere, which is completely in line with historic pricing: https://tweakers.net/pricewatch/2246090/lg-ultragear-oled-34...
    • Gualdrapo 1 hour ago
      I don't feel like spending my money on some horrible corpo pulling out stuff like this, even if I've been using linux since 2006. Who can tell if they will do this to other OS in the future?
      • ptx 1 hour ago
        My understanding is that the monitor doesn't do anything by itself - it's just Windows detecting the device and automatically downloading and installing LG:s proprietary add-on software. The monitor itself isn't attacking the machine by exploiting vulnerabilities or spoofing user input or anything like that.

        So you won't have this problem if you're running Linux and other Free Software under your own control. The problem in this case is just another example of why proprietary software can't be trusted.

        • embedding-shape 57 minutes ago
          > My understanding is that the monitor doesn't do anything by itself

          The understanding should also included that unless LG actually asked Microsoft to implement this autoinstalling malware, it wouldn't have been installed by itself.

          I think parent commentator is making the argument that they don't want to financially support companies who engage in these sort of things, regardless if this particular scenario applies to their environment or not.

      • leni536 1 hour ago
        This is probably Windows pulling LG software through Windows Update bases in EDID. Linux won't ever do this BS.
        • delta_p_delta_x 29 minutes ago
          > Linux won't ever do this BS.

          Arch Linux's AUR was recently hit by an actual malware supply-chain attack[1], which I would claim is arguably worse than adware. NPM is regularly in the news for supply-chain attacks. And then there was the XZ utils debacle in 2024. I concede that Microsoft is in part responsible for facilitating (and not even explicitly allowing...) something like this, but just because something is free and open-source or based on Linux doesn't make it a universal panacea for malware or supply-chain pwnage.

          [1]: https://lists.archlinux.org/archives/list/aur-general@lists....

        • delusional 46 minutes ago
          I wouldn't be so categorical. This isn't really a kernel concern, and I could completely believe that there are some distros out there that pull in random packages based on hardware detection.

          The saving grace of linux currently is that volunteers package most of the software, and they don't generally package malware. There is no structural guarantee there, and if we invite corporate interests to package at some point (like flatpack and snap wants to) this is 100% going to happen eventually.

  • throwa356262 1 hour ago
    Last time a company abused platform driver delivery to install adware, Microsoft threatened to pull their drivers altogether.

    But those were different times...

  • Kelteseth 1 hour ago
    Can confirm. This happened to me yesterday on my Windows 11 machine. Uninstallation was only listed in the Microsoft Store -> Library.
  • inigyou 1 hour ago
    They also come with terms of service which assert that you will inform everyone in the vicinity of your TV that their voices are being recorded by your TV.
  • tantalor 17 minutes ago
    Windows is malware
  • rbanffy 1 hour ago
    At this point, such shenanigans are to be expected when using Windows.

    I guess my next machine will have a VGA port ;-)

    And no Windows.

    • classified 36 minutes ago
      As long as you don't need some Windows-only software, Linux is a viable alternative now. KDE Plasma is a great desktop environment and even most games run flawlessly on Steam. And if you do need Windows occasionally, you can put it into a VM.
      • subscribed 3 minutes ago
        Eh, kinda. I have new-ish MSI laptop with nvidia and it's still not good enough. I tried on the spare nvme and it just doesn't work well enough with these few games I want.

        Close but still not there. And Plasma has its own problems (I have it on my work laptop with Fedora).

  • boomskats 1 hour ago
    Not great, but also not at all surprising.

    Not sure about other solutions, but one suggested workaround here would be to silently uninstall Windows without consent.

  • AlienRobot 16 minutes ago
    I have an LG monitor and I think I managed to avoid this by using Linux.
  • atoav 26 minutes ago
    Good to know. LG is now on my blacklist.
  • throawayonthe 1 hour ago
    ? isn't this normal windows behaviour?
  • astonex 1 hour ago
    Shame on Microsoft for allowing this
  • motbus3 1 hour ago
    I think this is how they are going to make us pay rent for what we bought. They will make everything unusable unless you pay more and make some cuckoo TOS saying that you agree to be held in contempt if you circumvent their measurements.

    Honestly, if we don't push it back hard, it will only get worse and worse. Why we were cancelling people if they used wrong pronouns and suddenly we got tired of doing the same with stuff that we all should agree on that is terrible.

  • greatgib 41 minutes ago
    If you had time to spend, I'm wondering if you couldn't sue LG or Microsoft in some countries for something equivalent of "hacking". Like intrusion in a computer network. As it is unsolicited installation of something that is unexpected.

    As there is no consequence for them, again there is no reason that it changes or that it doesn't get worse in the future.

  • Hikikomori 1 hour ago
    Last 2 were LG, been looking at a new one but I guess I'll go with another brand that has their panels.
  • justsomehnguy 1 hour ago
    And Razer, Logitech, nvidia and everyone else who has it's driver package accepted into WU.

    No, you can't have a "(o) just the driver" checkbox because... honestly there are a lot of reasons and the device manufacturers are the guys who demand that in the first place.

    • sys_64738 46 minutes ago
      I avoid installing Logitech spyware on my Mac but there are FLOSS apps to do the equivalent. There's even a pairing FLOSS app for Linux to avoid installing Logitech spyware. FLOSS is amazing. LinearMouse is the Mac app.
    • maccard 1 hour ago
      With the quality of that software, it wouldn’t surprise me if the driver didn’t work without the userspace app at all. The GeForce experience at least you can disable, but if you have any branded components getting all of their management software off your PC is incredibly difficult
      • justsomehnguy 1 hour ago
        Logitech M720 Triathlon is currently listed €64,99 at their site.

        The "programmable buttons" on it works through the user space app which is needs to be running in order to intercept and replace the button actions.

        No app running? No replace.

        App is stalling because the CPU was busy? No replace. (EDIT: or no action at all, lol)

        Is €65 mouse could store the less than a 1 kilobyte of the settings on itself? Of course not.

        On a third day I just turned it off and went for the other vendor altogether.

        To add an insult to an injury I knew the software would be mess so I installed it on a notebook relegated for the 2nd line duties. Less than a year later the notebook started to cry what there is no space left on the disk - which was quite strange because there was nothing what would fill up quite a plenty of a free space.

        Well, every month or two the Logi software (which I no longer even used because I didn't use the mouse) downloaded ~1GB update, stored the update, installed the update. Never cleaning up nor the updates nor the previous versions. Tens of GBs of a useless software just for the sake of the process.

    • mbrndtgn 1 hour ago
      Razer mice are the worst because they are just HIDs and could work without any special driver at all! Also I don't need their whole suite on every Windows computer I plug my mouse in. I think most people would just configure their Razer mouse on one PC, save the settings in the firmware of the mouse itself (I guess, I've actually never used their driver suite) and then never touch their software again.

      It's just crazy to me that a lot of keyboard manufacturers have basically standardized on VIA as their firmware which can be configured via WebUSB without installing any additional driver. But my mouse somehow needs a gigantic driver suite just to configure and save some settings? It's just madness.

      I like Razer mice and their headsets, but I will never install any of their drivers. Ironically I feel more comfortable using Razer hardware on non-Windows devices than on Windows precisely because they don't support other operating systems.

    • zahlman 1 hour ago
      …Do these devices just not work on Linux or something?
  • luciana1u 1 hour ago
    we finally cracked self-installing software, it just turns out the payload is McAfee and the installer is an HDMI cable
  • jdw64 1 hour ago
    In Korea, pretty much all devices come with Windows. It's hard to live outside of Windows. Most programming is done in CPP,C#, and even when people use C, the majority are working on top of an IDE. The OS kernel layer only really appears in things like Samsung phones—the vast majority of work is on the application layer, and most consumers are on Windows on their desktops. It seems unavoidable
    • inigyou 1 hour ago
      This is also true outside of Korea.
  • anonym29 1 hour ago
    If you're using Windows on a personal device in the first place, you're pretty loudly declaring that your consent doesn't matter anyway.

    That's not your computer, that's Microsoft's computer. You're the threat model they lock it down against, you're the schmuck that keeps them fed, and you're the possible terrorist/hacker to be surveilled, tagged, tracked, and monitored.

    If you care about consent as it relates to your use of technology, you shouldn't be using Windows in the first place, and this has been obvious for well over a decade now.

  • BoingBoomTschak 1 hour ago
    [Laughs in Linux/BSD]
    • throwa356262 1 hour ago
      HN doesn't like your tone and you are being down voted. But in general you are correct, Linux and bsd users are less affected by such shenanigans.

      Short personal story:

      I had a win10 machine were HP kept installing some "analytics" service. This happened even on a clean windows install so I guess they used the same delivery mechanism LG is using here. After having read the HP ToS (where they basically gave themselves unlimited rights to monitor anything I did on that machine), I decided to wipe the disk and install Linux.

      But I guess it is just a matter of time before EU or US make spywares mandatory on Linux too. Chat control and age verification seems to be the first step towards that.

      • microtonal 1 hour ago
        But in general you are correct, Linux and bsd users are less affected by such shenanigans.

        Mac users too (at least for now).

    • tialaramex 1 hour ago
      I don't know about the BSDs but in Linux the reason is that a volunteer (in principle it could be a paid employee, I guess maybe it is for RHEL etc?) decides what gets installed

      It is absolutely possible that when you plug in an LG display it installs and runs software on your Linux system†, just that rather than "Somebody at LG who earned a bonus" the decision maker was Sara in Portugal who fat fingered a change when trying to make a Python script for a PCI digital TV receiver work properly on 32-bit.

      It does feel more like an amusing mistake in that case whereas even if LG tells us it's a mistake we know it was to earn $$$.

      † Obviously YMMV but such "plug and play" features are commonplace because they're useful

      • microtonal 1 hour ago
        I have absolutely no clue what you are talking about. There is no mechanism in standard Linux distributions to automatically download software from a vendor when you plug a device (apart from firmware updates through fwupd, but those are curated).

        So perhaps you could elaborate?

        • tialaramex 31 minutes ago
          > no mechanism in standard Linux distributions

          Now, when I first ran Linux in the mid-1990s, this was true. "Plug-and-play" is just peaking over the horizon. Other systems have had it for years (the Amigans for example) but for the PC it's pretty new.

          But today a whole lot of mechanism is spun up when the kernel realises something new was added. A netlink socket talks to a udev daemon, in userspace and that daemon, being ordinary userspace software can do whatever it wants including of course run a bunch of arbitrary shell scripts, which can in turn do whatever they want. So yes of course they could download arbitrary software, or delete all your files with a Z in their name.

          > from a vendor

          Where the Adware comes from is of no consequence to the end user. "Um actually, the file came from Microsoft's servers" is irrelevant.

          [Speaking more specifically of fwupd, which is ultimately fed by hardware vendors directly]

          > but those are curated

          I'm sure Microsoft considers that they are curating their system too. We both just think (I assume you're not here to defend Microsoft) their curation sucks.

          I want to be sure we're pointing at the right thing here. The problem isn't that your Windows PC can end up running software because a device was plugged in, that's actually convenient and a benefit to many people and that works in Linux. The problem is what was delivered.

    • potato-peeler 1 hour ago
  • guesswho_ 17 minutes ago
    [dead]
  • qmr 1 hour ago
    Beyond tired of the rape mentality from Microsoft and other evil mega corp's.

    Remember when you used to own your "personal" computer?