LG monitors silently install software through Windows Update without consent (videocardz.com)

905 points by baranul 12 hours ago

devttyeu 11 hours ago

This is so much worse that the title makes it out to be:

  1. Your OS installs malware (technically manufacturers software) from a 3rd party vendor in background, zero user interaction
  2. Happens as soon as you or anyone with physical access plug in a device into the HDMI port
  3. That malware has internet and full system access, no sandboxing
  4. It starts with every system boot
  5. This software gets installed when you plug in a new LG monitor
  6. OR ALREADY HAD AN OLDER LG MONITOR PLUGGED IN, BECAUSE LG APPARENTLY ROLLED THIS OUT FOR MANY OLDER MODELS TOO!!
  7. And yes, if you think that's horrendous, as mentioned in the video below, that also applies to 'Professional' LG monitors!

This situation has.. no precedent as far as I can tell..

GamersNexus has a video diving deeper into what LG did here - https://www.youtube.com/watch?v=Q9uefFYe6bM

orbital-decay 9 hours ago

>This situation has.. no precedent as far as I can tell..

Printer, mouse, tablet and display tablet makers use this to insert their crapware since at least Windows Vista or Windows 7, I think. The last one I remember is plugging a Razer mouse just to watch it instantly pulling 1.5GB of bloated junk with "telemetry" exfiltrating the data from my gaming PC in realtime. At least it doesn't leave my mouse in a non-working state when I disconnect the internet, like it used to. Thanks, Razer!

Microsoft is to blame here, really. They have a mechanism to block any vendor (supposedly to avoid reputational risks to their brand due to buggy drivers, at least that was their excuse back in the day), but aren't even using it to block these contraptions. Entire businesses are built on this, e.g. Razer is probably more of a marketing/data company now rather than a hardware shop.

yndoendo 7 hours ago

Back in my Window days. I would start the driver installation and let it sit. Open the temp folder and copy content the install extracted to a new directory. Cancel the installation. Open Device Manager and install the drivers from there so non of the excessive bloat was installed.

This worked greater with being an IT consultant. The client's machine to run smoother and drivers installed fast since they would buy multiples of the same equipment at once.

Now I only use Linux on personal equipment. You have to pay me to use Microsoft products. Microsoft has become shit-ware.

ironmanszombie 12 minutes ago

IgorPartola 5 hours ago

RajT88 6 hours ago

clickety_clack 7 hours ago

thewebguyd 6 hours ago

> but aren't even using it to block these contraptions

Even worse, this one is installed via Windows update. I have an LG monitor and noticed the stupid LG app all of the sudden, uninstalled it, and saw it pop up again as an update in Windows update.

Microsoft is actively enabling this behavior.

mcv 6 minutes ago

londons_explore 4 hours ago

Microsoft could easily make a rulebook for drivers, and say any company which violates the rulebook can only send open source drivers, or even ban them from driver distribution entirely which would quickly kill a consumer hardware brand.

benoau 7 hours ago

My Logitech mouse does this but it prompts to install their crapware and adds that to the startup programs, it's not automatically installed.

kjs3 7 hours ago

The last one I remember is plugging a Razer mouse

Oh, yeah. Bought this overpriced but heavily hyped Razer mouse and it wouldn't even work right until it had an internet connection. A MOUSE. I'd never encountered something so blatantly customer hostile in my life. Never even looked at another Razer product, never will, and will tell anyone who will listen that Razer is a terrible company full of objectively terrible people.

Chaosvex 7 hours ago

stego-tech 9 hours ago

This. Microsoft has chosen to allow this functionality, despite it being a very clear breach of trust with customers.

LG/Dell/et al should be shamed and blamed for even trying this shit in the first place, but it’s Microsoft who holds the blame for allowing such malware and spyware trash through their own update service.

solarkraft 8 hours ago

jayd16 5 hours ago

Microsoft could end up being a higher barrier but how much do we really want that?

To me, it seems like LG is the one to blame.

CodesInChaos 5 hours ago

embedding-shape 11 hours ago

> This situation has.. no precedent as far as I can tell..

Microsoft has been allowing this sort of ludicrous behavior for decades at this point, it's not a new issue. What's new is how visible LG made their malware, compared to previous auto-installs that happen like this, where they try to make the thing not so in your face, as they know there will be a huge backlash.

I don't know what Microsoft is thinking even allowing and enabling this sort of thing, they've lost all touch when it comes to building things for users.

MichaelZuo 10 hours ago

Maybe some decision makers do indeed have negative aspirations…

ihsw 9 hours ago

If you have been reading the news about Windows 11 then I will enlighten you -- they view the Windows 11 consumer business as a cost center that must be mitigated.

As such, all manner of monetization has been approved and it will continued to be approved without regard for user experience.

This article obviates that this is not an LG problem, it is a Microsoft problem.

Also, don't fool yourself if you think this won't come to the Linux world.

Grombobulous 9 hours ago

necovek 9 hours ago

kstrauser 6 hours ago

treyd 8 hours ago

joe_mamba 10 hours ago

>I don't know what Microsoft is thinking even allowing and enabling this sort of thing

This has been a feature since Windows 7, and it worked great since it would pull all necessary drivers after installation without you going hunting on the internet like in the Windows XP days.

Just that no HW manufacturer thought to push spyware in their driver repos at that point to improve some team's KPIs.

coldtea 9 hours ago

marcosdumay 7 hours ago

wat10000 8 hours ago

Findecanor 10 hours ago

A few years ago, plugging in a Razer USB mouse made Windows download and run a installer from which the current user could start PowerShell with administrator privileges. Razer first tried to downplay the issue, but fixed it later. [1]

The USB protocol does not have any authentication, just a VendorID/ProductID pair: 2×16 bits that Windows uses for looking up the driver package to install. Programming a MCU to use any VendorID/ProductID is straightforward. A USB device could even appear innocuous at first but after a timer or external trigger disconnect and reconnect masquerading as another device.

1. https://arstechnica.com/information-technology/2021/08/need-...

globalnode 8 hours ago

not a usb programmer, but are you saying i can buy any old usb chip and program it with any vendors ID and spoof windows into giving me admin? if so, gj micrcosoft.

Findecanor 7 hours ago

mrob 4 hours ago

nottorp 8 hours ago

MatejKafka 8 hours ago

Someone 7 hours ago

> This situation has.. no precedent as far as I can tell..

- https://support.microsoft.com/en-us/windows/hardware/drivers...: “Windows can automatically download recommended drivers for the hardware and devices connected to a system by using Windows Update“

- eight years ago: https://www.reddit.com/r/Windows10/comments/8tlre3/why_is_it...: “I can't seem to stop it from installing device drivers, even after unchecking the 'Do you want to automatically download manufacturers' apps and custom icons available for your devices?' and saving.

I uncheck it, reboot. Uninstall all drivers except USB (so I can use mouse and keyboard) and reboot. Aproximately two minutes after the reboot, I get notification ballons telling me everything is installed again. Heck, even the super old Nvidia 388.1 driver is installed (the latest now is 393.2).”

sigio 10 hours ago

I can only conclude that Windows is basically malware now... Thank $deity I haven't used any form of Windows for 10+ years anymore.

bunderbunder 9 hours ago

“Now”?

This is nothing new. For about 30 years now Microsoft has been constantly repeating various flavors of this “make it so a thing can automatically and silently run programs as soon as it touches your computer” thing. It’s always done in the name of user convenience. It always ends up being a fiasco. I don’t know why they keep doing it, it’s not like the exact same PHB keeps making the same decision over and over for 30 years. It’s probably one or a combination of the many well documented flavors of stupid that are deeply baked into the company’s organizational culture.

(And before the inevitable response, no this is not defending Microsoft. Pointing out that an organization’s culture is too deeply, chronically stupid to avoid opening the exact same obvious and gaping security hole over and over and over and over again is not the same as saying, “it’s fine, actually.”)

ryandrake 6 hours ago

RetroTechie 9 hours ago

> I can only conclude that Windows is basically malware now...

Windows has worked like spyware since what, the late Windows 7 days or thereabout?

End users should not regard this as inevitable. Or get caught up in the how-it-works-how-to-disable swamp. Instead, cut through to the essence. It's about respect:

# Microsoft does not respect Windows users (or users of any of their offerings?).

# LG does not respect people who buy their monitors (and perhaps other products?).

Knowing that, why would you use such a sleazy company's product for daily driving? Or give them your money? Would you buy bread from a baker who pisses on your lawn every time you're not looking?

User rights or consumer protection laws aren't even part of this equation. Although they do help (sometimes a lot!) to keep companies honest.

flaunf221 9 hours ago

fooker 9 hours ago

You're missing out on 37 different unrelated things being named copilot.

robin_reala 8 hours ago

dansquizsoft 9 hours ago

MatejKafka 8 hours ago

How it it a Windows issue that driver developers pack garbage with their drivers? If Linux supported loading 3rd party drivers (it mostly doesn't, and if Windows did that, the whole internet would be up in arms about Microsoft locking down their OS), it would have exactly the same issues.

This is basically the same as downloading a program, running it and when it downloads garbage on your computer, complaining that Windows are dumb for allowing a program to download garbage.

toast0 5 hours ago

bcraven 10 hours ago

This is one of those typical HN replies that adds absolutely nothing to the discussion.

Geezus_42 9 hours ago

coldtea 9 hours ago

exe34 9 hours ago

Sharlin 10 hours ago

Perhaps no precedent in hardware, but it's basically the same as the good old Sony CD autoplay rootkit fiasco. Except this one runs in mere userland AFAICS.

sixothree 5 minutes ago

If this were a person doing this, they would be in jail.

internet2000 7 hours ago

> This situation has.. no precedent as far as I can tell..

You got a lot of replies already, but there's so much precedent. Plugging a Logitech mouse installs a network capable, autolaunch capable, pop up app for at least the past 10 years. LG's thing seems grodier, but this has been common Windows-ism for a while.

fuzzfactor 6 hours ago

Plus even when the Logitech mouse has been moved to a different PC, the former PC will continue to get Logitech updates anyway.

Apparently so they will be one step ahead of you in case you decide to plug it in again sometime.

Graphics cards can do this too, you remove the card and go back to the motherboard's built-in HDMI port, then one day here comes a big update for the non-existent graphics adapter.

dathinab 8 hours ago

> This situation has.. no precedent as far as I can tell..

depending on how you look at it it has quite a bit of precedence as this falls under a long list of MS shipping "intended behavior most security researcher would assign a CVE and require it to be fixed as min. requirement for Windows usage in any company"

other wtf. microslop cases include:

- "install arbitrary software w. admin rights hooks" in BIOS which theoretically is there to install BIOS update software but there had been cases of 1. it installing other unwanted software, 2. the updater not fulfilling most minimal security standards (i.e. similar, due to 2. maybe even worse then the monitor case)

- "on boot without password requirement boot arbitrary stuff from a USB stick if correctly named" allowing a trivial bypass of TPM based full disk encryption, yes different thing but another "MS without authentication runs potentially harmful 3rd party software"

- "init scripts on USB devices", I think they stopped doing that

- ...

given that Microsofts security researchers are definitely _not_ incompetent idiots, you can safely assume that all of this features where implemented knowing what user hostile hazards they are and against their own security teams recommendations (or bypassing that team knowing they would say "wtf. no", or similar)

most absurdly MS has in all of this cases enough means to enforce a "just drivers no ad-ware/spy-ware or you get banned" policy, and could do it in a way where they still allow non-allow-listed/ban-listed hooks to be run iff the user consented to it with appropriate warnings and "remember this decision" functionality in case they say no (which besides other aspects might be relevant from a "not steeping onto anti-trust landmines" POV, through mostly older judgements as the US kinda moved from hindering oligopoly to pushing for it).

combine that with the huge f*-up of Azure in the past and their systematic mishandling of it, and no indication they will change this behavior, I really don't understand how any Company/Government agency could trust them

miki123211 6 hours ago

8. ANd this isn't specific to LG. If LG can do it, anyone can, even if they aren't right now.

Buying from companies you trust isn't a solution either. Founders sometimes get into fatal car accidents or lose some of their assets in messy divorces. THe new owners may not care about "brand reputation" and sell the company to the highest bidder.

xahrepap 7 hours ago

I have a windows computer that tries to install HP Printer software automatically because it detects an HP printer on the WiFi. No physical access needed

halJordan 9 hours ago

Unprecedented? Have you installed a Dell/Alienware monitor recently? I hope you enjoy having the unsigned awcc.exe autostarting with no visible ui doing good knows what with no documentation from Dell

jms703 2 hours ago

Yeah, I was looking for this comment. Dell/Alienware have been doing this for YEARS. Part of the many reasons I moved from Window to Linux.

wnevets 4 hours ago

> OR ALREADY HAD AN OLDER LG MONITOR PLUGGED IN, BECAUSE LG APPARENTLY ROLLED THIS OUT FOR MANY OLDER MODELS TOO!!

Just think about how many times hardware manufactures told customers to buy new equipment because they can't be bothered to patch the older models.

Kelteseth 11 hours ago

It is the same when you plug in a Logitech mouse nowadays, no? At least they don't install McAfee

vladvasiliu 10 hours ago

I have a logitech mouse and I'm pretty sure I was asked whether to install the logitech app, it didn't do it automatically. Same for the dell mouse I have at work, it asked to install dell somethingorother, which I declined, and it left me alone.

d_k_f 9 hours ago

theamk 2 hours ago

That's just living in the Windows world.

After start menu ads, I don't understand why people are being surprised anymore.

coldtea 9 hours ago

And people think macOS sandboxing is "hyperbolic"

jakzurr 6 hours ago

Thanks - really got my attention. And, the video makes me sick.

I'm still looking at my 10 year-old LG monitor with suspicion, now, but I'm thinking (hoping) it's just too old...

stockmarketer 6 hours ago

>This situation has.. no precedent as far as I can tell..

I want to believe you, but somehow I can't, I feel like our industry has already mastered the art of installing malware on customers' devices.

herbst 9 hours ago

As if the world needs more reasons to understand that windows is activly making your life worse. Step by step.

tomaskafka 2 hours ago

I understand shitty brands want to do this.

The bit I don’t understand is Microsoft making an infrastructure that allows this, lets shine the shame light here.

theamk 2 hours ago

Have you installed Windows recently? It is full of ads.

If Microsoft can push ads to users, why can't LG?

orblivion 7 hours ago

Thank you for the summary. As a Linux user, am I spared because of relative obscurity, or is it that Microsoft is explicitly allowing this to happen?

preisschild 5 hours ago

Linux only auto-loads the drivers in the kernel tree

greggsy 3 hours ago

Logitech have been doing this for years

formerly_proven 7 hours ago

> This situation has.. no precedent as far as I can tell..

No, this has been going on for years. Vendors have been pushing malicious software through the Windows Update automatic driver installation since forever. MSI and Nahimic/A-Volute (this has watchdog daemon to instantly reinstall it as well as the main app protecting the daemon), the ASUS Armory Crate bullshit, the Lenovo garbage, which initially they only put into their own images, but then started force-installing via Windows Update, Gigabyte, ... the list is really long.

If you have to use Windows, you really absolutely should disable driver installation through Windows Update.

bravo777 7 hours ago

Have you been using Gentoo or FreeBSD for a long time and then suddenly remembered Windows exists on the same day this news dropped?

DrJaws 7 hours ago

this has happened to me with dell monitors since years ago, also with razer peripherals.

phendrenad2 7 hours ago

I'm tired of everything being classified as "malware". The word has no meaning anymore. Malware can mean "zero-day state-sponsored ransomware attack" or it can mean "software was automatically installed by a trusted consumer-beloved company because they forgot to make an opt-out window" (which is what I'm guessing happened here).

IshKebab 10 hours ago

USB devices can also do this now. I have a Razor microphone which is otherwise a great device and requires no software to function. At soon as you plug it in to windows it tries to install some Razor crapware.

It's not quite as bad because it's not silent and you can say no, but I'm pretty sure that's only because Razor decided not to be completely evil.

beAbU 8 hours ago

Logitech pulls (pulled?) the same shit when you connect one of their pheriferals to your PC.

hulitu 2 hours ago

But thanks to Secure Boot, your computer is secure. /s

When will people understand that malware is signed by the vendor ?

silverlimetea 9 hours ago

Buddy let me welcome you to the Internet where your phones and emails are literally listening to your microphone like it’s Watergate.

It’s not unprecedented at all for Microsoft or anyone to download what amounts to spyware.

The days of antivirus were replaced by advertising a long time ago. There is no privacy.

Most savvy types are hyper aware of every process running on their machine especially those using network lol

Kill the process or don’t by an LG. Everyone just uses Dell, or you’re rich and you get a Mac one. I don’t make the rules

brynnbee 8 hours ago

Savvy types use Linux

ikidd 8 hours ago

delta_p_delta_x 11 hours ago

Workaround:

  gpedit.msc
  Computer Configuration > Administrative Templates > System > Device Installation
  Prevent automatic download of applications associated with device metadata
  Set to enabled
  OK
On home editions sans gpedit.msc:

  sysdm.cpl
  Hardware tab
  Click Device Installation Settings
  Under 'Do you want to automatically download manufacturers' apps for your devices?', select 'No'
  Save Changes

Someone1234 10 hours ago

Worth noting that gpedit.msc isn't included in Windows Home editions (although there are unsupported ways of adding it). This is also technically asking a lot for working around issues that shouldn't exist.

Microsoft needs to intervene here, this cannot be a normal expectation for using their product.

yonatan8070 8 hours ago

> Microsoft needs to intervene here

Yeah, they've never pushed ads or installed software without the user's consent.

AlienRobot 9 hours ago

Me on Windows 7: I don't want to use Linux, you have to keep configuring every single thing so it works.

Me on Linux: I don't want to use Windows, you have to keep configuring every single thing so it doesn't show ads.

VorpalWay 8 hours ago

driverdan 9 hours ago

delta_p_delta_x 10 hours ago

Edited with another method.

Someone1234 8 hours ago

fuzzfactor 8 hours ago

mrbluecoat 9 hours ago

Very helpful, thank you. But it does remind me of that Yzma quote in The Emperor's New Groove: "Why do we even have that lever?"

delta_p_delta_x 9 hours ago

> Why do we even have that lever

For plug-and-play devices with multiple configuration knobs. It is nice to be able to click through a printer wizard to configure how one wants to print their documents. Likewise with an audio interface: loopback settings, codec, sampling rate, gain and volume of channels, etc. Or consider a USB CNC mill; configuring things like milling revolution rate, setting which bit is installed, what lubricant is used, etc. Or consider the Nvidia/AMD control panels for their GPUs; things like colour depth and space, resolution, scaling, anti-aliasing, vertical synch, power settings, etc.

Some of these settings are device- and even manufacturer-specific; one might argue these are more than a driver or the platform can or should provide. That being said, this stuff should go into a user-mode driver...

That LG have exploited this functionality to install adware is on them.

nottorp 8 hours ago

miki123211 6 hours ago

Saris 9 hours ago

Brian_K_White 5 hours ago

Grombobulous 9 hours ago

This is getting technical enough that you might as well install Linux if you figure out how to do this.

In other words, we all know that regular consumers will never find this and they’ll never understand that their LG software is spyware in the first place.

fuzzfactor 8 hours ago

>regular consumers will never find this and they’ll never understand that their LG software is spyware in the first place.

Keep in mind the well-known quote from so many pages of Microsoft documentation over the decades, where the main useful function of a feature is the only one completely crippled in what's obviously got to be a complete engineering snafu:

"This is by design."

denkmoon 4 minutes ago

[delayed]

rkourdis 8 hours ago

I had a mouse that would keep on installing its driver when plugged in, even with this setting off.

I remember Windows keeping a cache of autodownloaded drivers ("Driver Store") and reinstalling them when the device is plugged in, so the mouse bloatware kept on coming back.

Is this still the case?

MaxL93 7 hours ago

You have to add keys under:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions

The keys I have right now are all REG_SZ (strings), and in order of "1" through "5", are:

---

1. SWC\VEN_DELL&DEV_AWCC

2. SWC\VID_DELL&PID_AWCC

3. SWC\Alienware_Command_Center

4. SWC\AWCC

5. SWC\VID001&PID0001&AWCCWINUI3APP

---

Nothing short of this prevented "Alienware Command Center" (AWCC.exe) from pushing itself onto my machine because of my Alienware OLED monitor.

I should note it's possible to shoot yourself in the foot there; I had entries 6, 7, and 8 blocking SWC\Generic, SWD\GenericRaw, and SWD\Generic — and that prevented Audio Endpoints from being mounted...

delta_p_delta_x 7 hours ago

r1ch 7 hours ago

throw0101a 9 hours ago

> On home editions sans gpedit.msc:

I've managed to generally avoid running Windows (at home and at work) for a long time now, but if there was a situation where I needed to get a PC (at home?), is there a recommended least-sucky way of living with?

Are there editions or scripts or a setup workflow that would make it suck less?

delta_p_delta_x 9 hours ago

Use autounattend.xml[1] to pre-configure an image before installation. This is what corporate sysadmins have done in the past three decades to administer Windows NT fleets. Use PowerShell and various admin modules to configure an online installation.

Then, to get a better version of Windows, use MAS[2].

[1]: https://schneegans.de/windows/unattend-generator/

[2]: https://massgrave.dev/

MatejKafka 2 hours ago

Use Pro, Home is needlessly limiting for a power user.

hamburglar 9 hours ago

To be frank, no. In order to make windows not suck, you must invest a lot of time into knowing what to disable on the various SKUs, and in my opinion, it stopped being worth it around the time of windows vista (2006-7ish). I worked for Microsoft back then and ever since I left in 2007 i have thankfully been able to have a no-windows policy. I did briefly try going back last year for Unity dev but it was a mistake that made me want to quit computers entirely.

warshinder 7 hours ago

Don’t turn it on unless you need to print something.

ImPostingOnHN 8 hours ago

Yes, Windows LTSC is an edition without as much crap.

Haven't used it lately (over 2 decades with linux as daily driver), so can't personally vouch for it.

Hizonner 8 hours ago

Superior workaround:

1. Reset machine 2. Tap the BIOS setup key (often DEL) during the time before it boots. 3. Insert intallation media for a decent OS 4. ...

tialaramex 11 hours ago

Assuming they don't get a revenue cut, pushing back on Microsoft can in principle be effective here.

Microsoft decides what happens here, and presumably today they just take it on trust that hardware makers know what software to install. New driver? Sure. McSpam installer? OK. Maybe they have a guideline saying "Don't ship unrelated garbage" but today it's not enforced because why would you do that?

If the Microsoft customers (particularly larger corporate customers) tell Microsoft they hate this that policy will get tightened or if there isn't a policy one is introduced, and outfits like LG get told if you do this again we're taking away your update privileges, 'cos our customers hated this. Because (as I said assuming MS don't get a taste) this is all downside for Microsoft.

Pushing back on LG will be less likely to work because you already bought their product, so at most you can insist you'll forgo LG next iteration and they know such pledges evaporate in practice usually. Whereas Microsoft has contract negotiations every day, somewhere a $$$ contract is being renegotiated next week and if "Yeah, these LG popups suck" comes up - even if it's not a corporate system but the VP's niece's video editing suite for her vlog that's strictly unrelated - that Microsoft sales droid reports this was an impediment and it's on the list of things that don't benefit Microsoft.

vladvasiliu 10 hours ago

The issue is that most corps disable Windows Update and only allow whatever goes through the on-prem Windows Update thingy. This can, of course, fire back if they don't think to include all the updates. We had one such issue where they didn't provide an up-to-date Intel driver for the Wi-Fi cards, and the version we had was a bit broken...

But the point is that companies will probably not complain about this because they'll most likely not see it. Also, they're used to Windows being generally crappy.

stefan_ 8 hours ago

Ah, the usual take. Want to sign everything before it can run, but take responsibility for nothing. And when in doubt, well, the computer did it.

When do we start calling out this crap?

ImPostingOnHN 7 hours ago

You'd get better results starting a conspiracy theory about it which took hold within right-wing circles, but it's less work to just not use it.

raverbashing 10 hours ago

Honestly yeah

MS should get all the flack (which is mostly deserved) of this

Manufacturer does whatever crap they want with "it works" and then MS gets the complaints

A driver should only be that. A driver

embedding-shape 10 hours ago

> MS should get all the flack (which is mostly deserved) of this

I don't see why we can't blame both here? And I'm a big LG user, I'm writing this comment via a LG monitor, our main TV is LG, dishwasher and clotheswasher is also LG. But still, that Microsofts enables this behavior should rightly put them at the stake for this, and also LG should get flack too, just because something is possible doesn't mean you have to automatically go that route.

mcfedr 3 hours ago

raverbashing 3 hours ago

rbanffy 10 hours ago

> A driver should only be that. A driver

I still remember the massive amounts of crapware installed with video cards, printers (hello, HP), and just about anything where the manufacturer can squeeze some money from.

al_borland 9 hours ago

mr_toad 9 hours ago

> A driver should only be that. A driver

What does a monitor even need a driver for? I presume if you plug one of these into a Mac or a Linux box it’s still going to function.

gkbrk 9 hours ago

A monitor cannot install software on your computer by the way. It's Windows installing this software automatically (for some reason), so the blame should be on Microsoft.

Autorun of malware when you plugged in a USB drive was also a Windows issue, I'd classify this as the same security problem.

felooboolooomba 8 hours ago

> A monitor cannot install software on your computer by the way.

I think everyone in the HN crowd knows that.

> the blame should be on Microsoft

No, they blame should ALSO be on Microsoft, they are the enablers.

rsync 4 hours ago

“I think everyone in the HN crowd knows that.”

I would think everyone in the HN crowd would be aware of HEAC, the hdmi Ethernet channel, etc.

With full access to the hosts tcp/ip stack, we’d do well not to overlook the potential vectors for a monitor to install software on your computer… especially when the operating system is complicit.

frollogaston 4 hours ago

Ok, I don't use Windows and never will, so wasn't aware of this feature, and it would've been nice to have that context. Thought maaybe LG is exploiting a vuln in Windows via USB-C or over one of the niche HDMI features, but gathered it's not that.

MatejKafka 7 hours ago

> Autorun of malware when you plugged in a USB drive was also a Windows issue, I'd classify this as the same security problem.

Not really. AutoRun ran whatever was on the USB drive, with no oversight. This installs a driver from a company that's supposed to be reputable enough to get their driver signed by MS and pass validation. LG breached that trust here.

daveidol 8 hours ago

The blame should be on Microsoft and LG, both.

Hizonner 8 hours ago

Actually it frequently can, since a modern monitor is often on USB and in a position to impersonate a keyboard and/or mouse.

I wouldn't put it past most of these companies.

tantalor 9 hours ago

Blame should be on the user for buying Windows

mystifyingpoi 9 hours ago

Please do not blame the user.

mosselman 9 hours ago

You are describing 'the blame should be on Windows'.

The consequence of Windows having the blame is that one should not buy it.

grayhatter 9 hours ago

that's funny; because my root cause analysis didn't show the user as the person making the decision to show themselves ads? did yours, or was the victim blaming intentional?

zajio1am 8 hours ago

k33n 8 hours ago

krige 8 hours ago

The monitor should absolutely take the major part of the blame by being the source of the malware and poisoning the system for everyone else.

mcfedr 3 hours ago

its not the source though is it? its not like it's downloaded via the hdmi cable, it comes from Microsoft that offer the service of installing crap

frollogaston 3 hours ago

Ironically if Microsoft responded by just never signing LG software again, but kept this auto-install thing in, LG monitors would become the best to use with Windows.

OptionOfT 5 hours ago

Windows urgently needs to revamp their driver consent model.

You can't block a just one driver. E.g. for my touch screen on the Lenovo website there is version X. When I install it the next day Windows installs X-1.

On Lenovo's website the latest version is 7.7.2.66 (https://pcsupport.lenovo.com/us/en/products/laptops-and-netb...).

Windows reverts that to 7.7.2.44.

I tried blocking that update with the Powershell command-thingy, but even that doesn't work:

    Administrator in ~
    get-windowsupdate -isHidden | ft Status,KB,Size,Title

    Status  KB Size Title
    ------  -- ---- -----
    ----H--    92KB Wacom Technology - HIDClass - 7.7.2.44
(this command by the way takes 20+ seconds), and the filtering doesn't work because there is no KB.

deathanatos 4 hours ago

Malware like this will continue until there is privacy laws that make it illegal.

The GN video focuses a lot on consent, and while maybe this is notionally currently illegal without consent, that just steers towards companies shipping a generic ToS popup, claiming you "read" that 1.8 PiB of ToS, and including the "oh btdubs we can modify these terms at any times and if you want to go to court lol forced arbitration has other ideas about that."

MS & Windows having conditioned users to expect / think they need drivers for peripherals speaking standard protocols is also part of this. A monitor shouldn't need a driver. It takes the pixels, it displays the pixels.

sixothree 3 minutes ago

I'm 100% certain if an individual did this, they would be in jail.

GaProgMan 11 hours ago

Gamers Nexus have a video about this. Definitely worth a watch.

https://www.youtube.com/watch?v=Q9uefFYe6bM

embedding-shape 11 hours ago

I'm wondering if we in Europe gets vastly different experience compared to Americans or elsewhere in the world. People complain about LG having ads everywhere in the monitors, displays and what not, but none of our LG products (bought and used in Spain) have any ads anywhere. I'm sitting here with a LG monitor and our main TV is a LG OLED TV, neither of them have ads anywhere, although I haven't booted Windows in a couple of days and I guess I won't, until this malware issue been fixed.

But still, is it possible Americans are receiving more ads than in other parts of the world? Certainly online sentiment gives me that impression.

throwa356262 10 hours ago

In general, yes.

But in case of LG TVs, they record your activities in EU too. You can opt out, but the settings has a very non-descriptive name ("live plus") and resets by itself when you are not looking.

https://www.consumerreports.org/electronics/privacy/how-to-t...

embedding-shape 10 hours ago

bloqs 10 hours ago

Same here in the UK

15155 10 hours ago

> Americans are receiving more ads than in other parts of the world

Ads aren't free, so yes, it would stand to reason that people in the largest consumer market in the world might garner more ad spend.

embedding-shape 10 hours ago

dvdkon 9 hours ago

InsideOutSanta 8 hours ago

reaperducer 9 hours ago

kingleopold 11 hours ago

They used to call this spyware/malware. Now it's a regular practice by eng. teams and managers inside these big corp. Well played guys :) Congrats with new type of tricks

flowerbreeze 11 hours ago

From FTC website: Malware is harmful software that’s installed on your device without your knowledge.

So I think that is what we should continue to call it. LG monitors are installing malware, because they install the software silently and it harms the system by making it slower and disrupting the work of the user with advertisements.

sys_64738 10 hours ago

If it's not malware then what is it called today?

supertrope 9 hours ago

"Telemetry." "Personalized experiences."

Basically doublespeak.

someothherguyy 9 hours ago

I mean, nothing new there. (Mal/Ad/Spy)ware just has been more prevalent in the browser and on mobile apps the last ~15yrs instead of being installed via modified windows installers.

delusional 10 hours ago

I would be very surprised if some random manager of some low level engineering team made this decision. It seems more likely this was a marketing or partner relations department idea that was presented to high level leadership.

I don't understand why we expect some manager somewhere to stop stuff like this.

motbus3 10 hours ago

I am tired of this. LG is now on my blacklist alongside EA and Blizzard Entertainment for their anti consumer practices. I can't change them, I can't change policies about it. I can choose to not buy.

delusional 10 hours ago

> Blizzard Entertainment

You mean "Microsoft Xbox Activision Blizzard King Bethesda Mojang"? I wish you luck with your boycott.

motbus3 7 hours ago

People do whatever they want with their money. I think their products little matter when they are not good people. (And they are not even good products, with some exceptions)

I can't control the world. But I can share my opinion on the matter . I think as long as we accept this poor behaviour companies will have more and more incentives to do it. And worse than that, they will also keep attacking the good folks

BatteryMountain 10 hours ago

I've successfully avoided these companies the last 5 years. Gaming as a whole is dead for me, I just play a couple of old games now & then. The culture is toast too, not just bad games or expensive hardware. So not really losing much sleep over any of this. I have linux on all my machines, so I really only play the one's that perform well on linux. Haven't played online multiplayer games since ~2013. Many of us are like me.

edit: like if a game doesn't work, I no longer spend hours trying to fix it, I don't go ranting on the internet about it.. I just uninstall and play something else. Really simplifies things if you can detach from gaming as a core identity anchor.

nottorp 8 hours ago

lloydatkinson 9 hours ago

zargon 7 hours ago

There's not much worth playing coming from this group anyway.

Hikikomori 9 hours ago

Not that hard, last game I played was WoW Classic, last I bought was diablo 3, only game that is remotely interesting is diablo 2 resurrected. Microsoft deleted my mojang account as well. Seems like new xbox mgmt will accelerate their slow enshittification.

lardosaurusrex 6 hours ago

I dunno why so many people across different platforms insist that anyone concerned about this is overdramatic.

This is one of those things where if I found the person responsible I would likely spit in their face; if not worse. It's quite literally spyware installed as you plug it in much like those old DVD DRMs from sony that would install spyware.

It's garbage.

ninalanyon 24 minutes ago

Why does a monitor install anything at all? Why does it even have a mechanism to do so?

regexorcist 9 hours ago

Seriously, why use Windows in 2026? Such a hideous OS and ecosystem with endless malware, backdoors, and dark patterns.

MatejKafka 7 hours ago

You know why desktop Linux doesn't have much malware? Because ~no one uses it. That's it. Once you get users, you get malware.

The rest of your comment is just as ignorant.

guax 2 minutes ago

No one uses it? There are dozens of us!

regexorcist 7 hours ago

There is plenty of malware for Linux. The difference is that the OS won't install it for you.

frollogaston 3 hours ago

coldtea 3 hours ago

There was malware for systems with 1/1000 the userbase of Linux. Even Amiga and Atari had plenty of it, macOS when it had 2% share, and others.

fsflover 3 hours ago

Linux doesn't install malware, because it is free software, which guarantees the four user freedoms. Whenever someone adds malware, anybody else can remove it for everyone or create an equally useful fork without it. Try this with Windows.

In other words, Stallman was right, and proprietary software developers have too much power over users. And they inevitably, sooner or later, leverage this power for (more) profit, even if you paid for the product.

MatejKafka 2 hours ago

whobre 9 hours ago

The worst OS except for all the others.

timpera 6 hours ago

Excellent hardware and software support (especially for Snapdragon/ARM64 CPUs and Microsoft Office) and best in class multitasking/window management are the top 2 reasons for me. Like someone else said, it's the worst OS, except for all the others :)

pier25 6 hours ago

Gaming

gambiting 9 hours ago

IMHO it's the best OS as a games developer, Visual Studio just doesn't have anything remotely close. And all console toolchains are windows only. But genuinely as a C++ dev I much much much prefer it over MacOS or even Linux for work.

Grombobulous 8 hours ago

Of course this is a “I need the OS for work” situation. It reminds me a lot of 20 years ago when we’d say things like “I’d love a Mac but it’s not compatible with anything I do for work,” and that sentiment didn’t last.

I definitely wouldn’t predict that Linux is taking over the world or anything but it wasn’t that long ago that playing AAA games on Linux on day one of release was ludicrous. Now the most popular PC handheld runs Linux, a PC console launched that runs Linux.

Now we have hardware like the MacBook Neo that threatens Windows even more. Sure, the XPS 13 came out and is arguably a compelling alternative. But I think the mindshare damage has been done on that one.

The idea that Windows might disappear entirely is not that far-fetched, especially when you look at Microsoft’s financial results.

If I was a PC OEM like Dell I would probably band together with other OEMs like Lenovo to make my own Linux distribution and support Windows offboarding even further as a hedge to my business.

gambiting 7 hours ago

StumpChunkman 5 hours ago

Have you tried Rider? I've been using that for C++ Unreal development and absolutely love it. It does help that IntelliJ was my daily driver for Java dev for a while.

gambiting 2 hours ago

999900000999 8 hours ago

Linux is great if you win the hardware support lottery.

I've had several laptops where audio just doesn't work even on rolling releases. Or the screen freezing up constantly.

This was all with relatively new hardware within the last year or so.

My issue with the Linux community is if you bring this up it's all of a sudden the fault of everyone but Linux.

The end user should of picked better hardware.

The hardware OEMs should of shipped Linux support.

The end user is lazy for not installing an RC kernel.

Macs are great, but my current workhorse computer has a 2TB SSD, and only cost 550$ with the SSD upgrade.

Vs 2000$ for the cheapest MacBook with a 2TB SSD

drnick1 4 hours ago

You don't have to win the hardware support lottery if you do a bit of research or buy a laptop made for it.

999900000999 4 hours ago

regexorcist 7 hours ago

> Linux is great if you win the hardware support lottery.

This is fairly easy to do by just not buying the absolute latest hardware. Installing something like Fedora in a 8-12 month old laptop I just can't recall last time I had issues.

frollogaston 4 hours ago

999900000999 7 hours ago

thejokeisonme 11 hours ago

Your OS silently installs malware. Doesn't get much worse than this.

inigyou 11 hours ago

Your OS is malware, if it's Windows.

timpera 6 hours ago

Windows may not be the best OS for you but it definitely isn't malware.

garciansmith 4 hours ago

inigyou 2 hours ago

discordance 11 hours ago

McAfee should be classified as a virus

chrismorgan 10 hours ago

When preinstalled (as multiple major OEMs do), or when bundled in unrelated installers in these sorts of ways, it matches the definitions of scam excellently, and protection racket not badly.

When you uninstall, they give you an opportunity to type a reason. I wonder if anyone actually reads my accusations of them being scammers and bad people. I have uninstalled McAfee from more people’s computers than I care to remember.

fragmede 9 hours ago

How exactly does it match the definition of a scam? Windows does get viruses, and it does protect against them. It's not something you actually need, like most consumer VPNs, but they have high pressure sales tactics to trick people into buying it, but they do deliver what is promised, which makes it not a scam. They are creating artificial demand with their scare mongering, and I tell everyone I know not to get it, and to enable Windows Defender, but that's still not a scam.

supertrope 9 hours ago

chrismorgan 8 hours ago

supertrope 9 hours ago

If a software package can't be uninstalled through the normal process and needs a separate uninstaller program, it is similar to malware. Many anti-virus suites and anti-cheat software require this. Take from that what you will.

BatteryMountain 10 hours ago

10 Years ago. Complete garbage spyware.

paweladamczuk 3 hours ago

I once plugged in a Logitech keyboard on a fresh system and got a colorful branded popup covering several inches of screen real estate in the bottom right corner. It was urging me to download some Logitech software.

As far as I know, the source of the graphics was not the unifying receiver that I plugged in the USB port, and the notification was not using any OS API meant for hardware to be avle to prompt the user for additional download. It was a Logitech-built DLL shipped and loaded by the operating system as part of some default driver for the Logitech keyboard.

dhash 11 hours ago

it's worth noting that the price of these monitors got cut in half due to this news -- great for the linux users out there

sigio 11 hours ago

Still seeing them for ~600 everywhere, which is completely in line with historic pricing: https://tweakers.net/pricewatch/2246090/lg-ultragear-oled-34...

Gualdrapo 10 hours ago

I don't feel like spending my money on some horrible corpo pulling out stuff like this, even if I've been using linux since 2006. Who can tell if they will do this to other OS in the future?

ptx 10 hours ago

My understanding is that the monitor doesn't do anything by itself - it's just Windows detecting the device and automatically downloading and installing LG:s proprietary add-on software. The monitor itself isn't attacking the machine by exploiting vulnerabilities or spoofing user input or anything like that.

So you won't have this problem if you're running Linux and other Free Software under your own control. The problem in this case is just another example of why proprietary software can't be trusted.

embedding-shape 10 hours ago

leni536 10 hours ago

This is probably Windows pulling LG software through Windows Update bases in EDID. Linux won't ever do this BS.

iamnothere 4 hours ago

delta_p_delta_x 9 hours ago

delusional 10 hours ago

sigio 11 hours ago

Why do people even install 'drivers' for things like monitors. (Or usb devices running 'standard' protocols). The OS handles these just fine by itself.

wccrawford 11 hours ago

In this case, they aren't.

I woke up the other day to a notification that my LG monitor driver was installed, with a little window on how to use the on-screen crap.

Absolutely useless, since the buttons for the monitor are right there on the bottom of it, and probably easier to use than the software.

Joel_Mckay 10 hours ago

Indeed, our Windows 11 offline Steam box also needed to disable LG & Switch App in taskmanager, and set LG apps to manual start in Services.

Apparently the 3 applications have some sort of screen partitioning/sharing capabilities, but it is still unclear if the LG App was remote access or not.

So far, LG is earning a lot of justified bad press. Should have returned it when I had to turn off the screens power-save mode to get it to stop fading out randomly. =3

subscribed 9 hours ago

The article is about people NOT installing it but getting it installed anyway :)

As to why people do install such software? It sometimes provides additional features, controls and settings. For example with touchpad you could set the sensitivity, hot corners, set the scroll behaviour the way you like it, etc.

With monitors you might get a better colour profile (P3 instead of just sRGB), I don't know. I don't use monitors like this.

functionmouse 10 hours ago

the OS handles these now by installing the malware. Zero click.

embedding-shape 11 hours ago

Sounds like this malware gets installed even if you don't manually install anything.

> Connecting some LG monitors to a Windows PC may automatically install software that promotes McAfee subscriptions

I too have a LG monitor, but haven't booted Windows in some days, guess I'll stay put in my Arch environment until they've fixed this shitshow.

onaclov2000 10 hours ago

But this assumes you plug in USBC .... Right? HDMI and display port can't....install over right?

embedding-shape 10 hours ago

chmod775 10 hours ago

Someone1234 10 hours ago

Joel_Mckay 10 hours ago

lapelusa 9 hours ago

LG is not a computer OS developer. Microsoft is. Microsoft has steered from developing software to developing malware for years now. This is simple: LG and McAfee paid MS to DP this, and they did.

It still blows my mind that most people still put up with this kind of behavior. I get that some people can't get away from Windows due to genuinely needing to use software that will only run on it, but that has to be around 0.1% or less of current windows users. There is no justification for the other 99.9% to choose to stay in such a toxic relationship.

scottydelta 7 hours ago

Similarly after getting annoyed at my TV for showing ads and other privacy issues, I have started working on a smart TV version of the casting device my startup makes.

I have been using it for both personal use and other work use-cases, here is a demo: https://www.youtube.com/watch?v=jObZzI2_pv0

Just like youtube, I can log in to my netflix, amazon prime and then use the touch screen to choose the movie to watch and it gets played on the external screen. I am building it how I would use it as a power user.

newsoftheday 7 hours ago

We have a smart TV on the way. We do not plan to run the setup, it won't have Internet access. We plan to do what we've done for over a decade now, connect our Kubuntu laptop in the entertainment center to it and select it as the default input device. And occasionally watch OTA TV shows. So we will use it as ... a monitor and plain TV, that happens to have far better video and sound quality than our old TV.

scottydelta 6 hours ago

that's the same conclusion I came to and the device I am developing is basically a Raspberry Pi with my own modified OS that has a casting canvas and it can show all kinds of content.

No third-party installs, ads and spywares!

drnick1 4 hours ago

Kelteseth 11 hours ago

Can confirm. This happened to me yesterday on my Windows 11 machine. Uninstallation was only listed in the Microsoft Store -> Library.

Ciantic 8 hours ago

I also discovered that these days motherboards come with a payload in their chipset, which gets installed automatically in background unless you figure out to turn it off from BIOS before installing Windows. In my case it was bunch of ASUS useless stuff, not just drivers, some "Armoury Crate" etc. Which just keeps running in background. I've switched to KDE, that kind of solved itself.

jzer0cool 2 hours ago

How to ensure physical devices like keyboard, monitor, mouse are safe? Essentially all recording devices.

callamdelaney 8 hours ago

They were doing this over a year ago [1]

[1] https://www.linkedin.com/posts/callam-d-b38b05105_windows-is...

downrightmike an hour ago

linkedin EW

throwa356262 11 hours ago

Last time a company abused platform driver delivery to install adware, Microsoft threatened to pull their drivers altogether.

But those were different times...

throwatdem12311 8 hours ago

Installing drivers and software for connected hardware is just something Windows has done through Windows update for a long time.

Is this a good practice? I don’t really know. We used to get drivers on CDs, but barely anyone has a drive on their computer anymore. You could download them from the vendor website but these are usually a mess and very difficult to navigate to find the right thing — impossible for your grandma.

Could do like Linux and just build trusted software right into the kernel - but then people will complain about bloat.

So we are where we are. I guess.

frollogaston 4 hours ago

It's pretty rare nowadays to need drivers for specific hardware that ordinary people are going to plug in. Maybe printers are the unfortunate exception.

dist-epoch 6 hours ago

Windows already ships with gigabytes of drivers. This is why you can plug most popular hardware on an offline Windows and it will work.

ta988 3 hours ago

Windows is malware that pulls other malware.

nipperkinfeet 4 hours ago

Over time, major tech companies have learned from malware writers and now incorporate these tactics into their own products. This is a matter of great concern.

cosmotic 2 hours ago

If you're going to blame someone here, it should probably be Microsoft. They are the ones that built the system LG is utilizing.

duxup 2 hours ago

I’m on team blame both.

pluralmonad 9 hours ago

A malware OS installing other malware seems fitting.

inigyou 11 hours ago

They also come with terms of service which assert that you will inform everyone in the vicinity of your TV that their voices are being recorded by your TV.

Telaneo 3 hours ago

My heart aches for those who can't opt out of using Windows.

dev1ycan an hour ago

The quick state in which we're devolving into a dystopia will eventually be studied a hundred years from now...

mfro 5 hours ago

Fun fact, Gigabyte motherboards do the same thing. Thankfully they give you an option to disable it in BIOS.

sinoue 8 hours ago

Trust is a valuable commodity that once lost is very hard to regain. LG's big brother installs has me questions buying anything LG to bring in my home.

winstonwinston 7 hours ago

Microsoft can remove device driver crapware from being distributed via windows update if you can get their attention on this.

Gud 9 hours ago

Not surprised.

My wife CONVINCED me to buy an LG tv instead of my typical dumb monitor.

Now I get constant ads and a constant nagging of updates available, that will install more ads and spying features...

CrimsonRain 7 hours ago

Update firmware.

Turn off LIVE PLUS

block internet for the tv from router

Enjoy.

That's what I have been doing for years.

regexorcist 7 hours ago

Also don't agree with the optional policies, they can be unchecked if you already did. That disables a bunch of crap too.

regexorcist 9 hours ago

I have a pihole in front of my LG TV blocking nearly every DNS query it tries. I only allow a couple streaming apps I do use and see zero ads.

whalesalad 9 hours ago

LG TV’s are really really good. If you never connect them to the internet. And that rule should be applied to all TV’s. Use an external device like an Apple TV or a self-crafted solution (Roku, Amzn stick, etc all garbage phoning home and listening with Alexa crap)

Treat your TV like a computer monitor (ironic here in this context lol)

BoingBoomTschak 8 hours ago

Image quality may be good (minus the horrible banding and ABL) but I'd put LG and Samsung in the same bag concerning hardware reliability: don't expect it to last much more than the warranty period and if it does, give some offerings to your lucky star.

whalesalad 5 hours ago

buzer 8 hours ago

If someone is in EU and is affected by this they could potentially utilize GDPR to make both Microsoft and LG take responsibility for this.

It's hard to say directly from the article if there is any GDPR breach. If everything was part of the installer and it doesn't actually submit anything (including downloading the ad) to LG then it's harder to argue that there is GDPR violation, but knowing the SOP of these kinds of software that is unlikely.

If the software did indeed send personal data to LG then there are at least following question: How was Article 13 notice delivered to user? Article says that this was installed quietly. Did Microsoft deliver Article 13 compliant notice to user at some point? They probably did deliver their own notice (though it's open question if it's compliant), but not LG's. However since Microsoft is the one that installed the software and they exercise control over the standards which must be met, it's possible that they would end up being joint controller at least for some processing.

I should add that Article 13 requires that the notice is given "at the time when personal data are obtained". The only exception is when "data subject already has the information" and possible Article 23 restrictions, but those are unlikely to apply.

If someone wants to make a complaint they should first make Article 15 request to LG. Copy of personal data is useful, but 15(1) information is the primary goal. Additionally ask for information on how and when did LG provide you the Article 13 notice if they did indeed process your personal data.

After that if they cannot show that they provided Article 13 notice when they received your personal data submit a complaint to your local DPA. You can additionally flag other violations as well if they are applicable (e.g. not naming recipients as part of Article 15 response, not giving actual retention time or meaningful information how that is determined, invalid legal basis etc.). You should also flag in the complaint that Microsoft is likely joint controller for some of the processing given that they are the ones who approved the automatic install of the software which violated GDPR.

infinite_spin 9 hours ago

the paranoid part of me thinks this is a war of attrition, where if every company imaginable has to be taken to task for intrusive behavior that we'll eventually grow numb to it, or that with a large enough onslaught we'll never be able to outpace it. It's not like there is profit to be made from preventing this behavior, and incredible incentives to, at minimum, turn a blind eye.

dcj4 9 hours ago

windows update is a well known malware vector, how does this warrant any news? if you absolutely have to use windows, you either go through the effort of stripping the particular version you chose from all the spyware and malware it comes packaged with and gut the malware loader paths out of it, or you accept that you're running a botnet node you have little to no control over.

bravo777 7 hours ago

this is the only valid, reasonably sound and grounded comment in this entire discussion, bravo.

bravo777 7 hours ago

p.s. not being sarcastic

was8309 5 hours ago

the instructions to enable "Prevent automatic download of applications associated with device metadata" don't work for me w/ W11, any ideas? thanks

boomskats 11 hours ago

Not great, but also not at all surprising.

Not sure about other solutions, but one suggested workaround here would be to silently uninstall Windows without consent.

rbanffy 10 hours ago

At this point, such shenanigans are to be expected when using Windows.

I guess my next machine will have a VGA port ;-)

And no Windows.

classified 10 hours ago

As long as you don't need some Windows-only software, Linux is a viable alternative now. KDE Plasma is a great desktop environment and even most games run flawlessly on Steam. And if you do need Windows occasionally, you can put it into a VM.

subscribed 9 hours ago

Eh, kinda. I have new-ish MSI laptop with nvidia and it's still not good enough. I tried on the spare nvme and it just doesn't work well enough with these few games I want.

Close but still not there. And Plasma has its own problems (I have it on my work laptop with Fedora).

astonex 11 hours ago

Shame on Microsoft for allowing this

Havoc 9 hours ago

Why are hardware manufacturers so shit at software?

Whether it’s router safety or NVIDIA software hammering DNS servers hundreds of thousands of times or this. Across the board they seem below average competent when it comes to software. I get that they’re specializing on hardware but why so very bad?

Edit. This isn’t even the only thread today. See TPlink fucking up on leaking your GPS coordinates also on front page

tantalor 9 hours ago

Windows is malware

lloydatkinson 9 hours ago

That's the second time, probably more, you've been saying this in the thread. Blaming users for "buying" Windows is ridiculous too.

j45 3 hours ago

This appears to be much worse on so many more fronts than this article says.

It's basically how a virus would infect your computer through a USB Key.

Forcing itself to be installed, hiding what it does, sustaining itself across reboots, bypassing all security restrictions... because a monitor might need something new after all these decades?

variadix 6 hours ago

Alienware does the same thing, and as far as I could figure out, there is no way to stop it. The enshitification of Windows at this point is incredible.

DevPulse 7 hours ago

I am using an LG ultra wide monitor and have not had any popups or ads.

throawayonthe 10 hours ago

? isn't this normal windows behaviour?

bravo777 7 hours ago

I agree, this isn't news, just flame bait to smoke out the lurking FOSS enthusiasts on a Saturday morning.

ChrisArchitect 4 hours ago

msla 4 hours ago

There's two maxims:

You get what you pay for.

If you're the customer, you're the product.

"You get what you pay for" means if you buy proprietary software, you get software from proprietary vendors who act like modern proprietary vendors act these days, which is using every avenue to maximize profits. There's no recourse, because it is proprietary and, therefore, belongs to the software maker, and not you. It is not your property, it is theirs.

Which leads into...

"If you're the customer, you're the product" because customers are valuable products. You willingly bought the service, so your data is data from someone who is interested in the company and probably willing to buy more from it and its partners if the company can target you. Your data, therefore, has resale value, making you a product to be sold.

AlienRobot 9 hours ago

I have an LG monitor and I think I managed to avoid this by using Linux.

newsoftheday 6 hours ago

Same, also bought an LG TV to replace our aging 2 decade old TV. Nothing says you have to run the TV's setup. Use an external device for streaming, preferably running Linux and you have full control and no Ads or telemetry.

atoav 9 hours ago

Good to know. LG is now on my blacklist.

__MatrixMan__ 7 hours ago

It's shit like this that caused me to start refusing to help my mom and her friends with their windows computers. I'm not going to support their shady activities anymore. If you want my help the first thing we're doing is installing Linux.

motbus3 10 hours ago

I think this is how they are going to make us pay rent for what we bought. They will make everything unusable unless you pay more and make some cuckoo TOS saying that you agree to be held in contempt if you circumvent their measurements.

Honestly, if we don't push it back hard, it will only get worse and worse. Why we were cancelling people if they used wrong pronouns and suddenly we got tired of doing the same with stuff that we all should agree on that is terrible.

Hikikomori 11 hours ago

Last 2 were LG, been looking at a new one but I guess I'll go with another brand that has their panels.

justsomehnguy 11 hours ago

And Razer, Logitech, nvidia and everyone else who has it's driver package accepted into WU.

No, you can't have a "(o) just the driver" checkbox because... honestly there are a lot of reasons and the device manufacturers are the guys who demand that in the first place.

maccard 11 hours ago

With the quality of that software, it wouldn’t surprise me if the driver didn’t work without the userspace app at all. The GeForce experience at least you can disable, but if you have any branded components getting all of their management software off your PC is incredibly difficult

justsomehnguy 10 hours ago

Logitech M720 Triathlon is currently listed €64,99 at their site.

The "programmable buttons" on it works through the user space app which is needs to be running in order to intercept and replace the button actions.

No app running? No replace.

App is stalling because the CPU was busy? No replace. (EDIT: or no action at all, lol)

Is €65 mouse could store the less than a 1 kilobyte of the settings on itself? Of course not.

On a third day I just turned it off and went for the other vendor altogether.

To add an insult to an injury I knew the software would be mess so I installed it on a notebook relegated for the 2nd line duties. Less than a year later the notebook started to cry what there is no space left on the disk - which was quite strange because there was nothing what would fill up quite a plenty of a free space.

Well, every month or two the Logi software (which I no longer even used because I didn't use the mouse) downloaded ~1GB update, stored the update, installed the update. Never cleaning up nor the updates nor the previous versions. Tens of GBs of a useless software just for the sake of the process.

maccard 10 hours ago

Georgelemental 10 hours ago

sys_64738 10 hours ago

I avoid installing Logitech spyware on my Mac but there are FLOSS apps to do the equivalent. There's even a pairing FLOSS app for Linux to avoid installing Logitech spyware. FLOSS is amazing. LinearMouse is the Mac app.

mbrndtgn 10 hours ago

Razer mice are the worst because they are just HIDs and could work without any special driver at all! Also I don't need their whole suite on every Windows computer I plug my mouse in. I think most people would just configure their Razer mouse on one PC, save the settings in the firmware of the mouse itself (I guess, I've actually never used their driver suite) and then never touch their software again.

It's just crazy to me that a lot of keyboard manufacturers have basically standardized on VIA as their firmware which can be configured via WebUSB without installing any additional driver. But my mouse somehow needs a gigantic driver suite just to configure and save some settings? It's just madness.

I like Razer mice and their headsets, but I will never install any of their drivers. Ironically I feel more comfortable using Razer hardware on non-Windows devices than on Windows precisely because they don't support other operating systems.

zahlman 10 hours ago

…Do these devices just not work on Linux or something?

justsomehnguy 5 hours ago

Depends on what you are calling 'working'.

Basic drivers prove a basic functionality.

phendrenad2 7 hours ago

All gaming brands try to install software with every driver update. AMD, Nvidia, Razer, Corsair, etc. The difference is LG made it silent, which is a big no-no. Pushback should be on LG, a respected consumer brand that should know better.

grayhatter 9 hours ago

So I own 5 LG monitors. But now I can't buy LG. I also refuse to support Samsung.

Are there any high quality panel manufacturers left that aren't run huge pieces of shit? Or at least try to respect the people buying their hardware?

BoingBoomTschak 8 hours ago

Panel? Not really since Panasonic exited the market.

For complete monitors, the sole make I trust is Eizo but they only make professional (business or photography) products these days, and I'm _not_ going back to 60 Hz. Dell doesn't deserve trust but their UltraSharp line usually is "okay" even if my U2724D has uniformity issues near the bottom. Iiyama also remains a good one in my books.

But if you want OLED, abandon all hope. The technology is so compromised and the market so monopolized by the collective Market for Lemons style race to the bottom targeting gaymers that I intentionally went for IPS black (yes, LG.display, I know...) instead.

grayhatter 8 hours ago

I think Eizo is what I'm looking for, I've never heard of the brand before, so I appreciate the recommendation! Hopefully I can convince myself to buy something slower than 120...

I don't mind paying for a bit more for professional gear. In part, because quality is important, but much more important to me is respect.

BoingBoomTschak 6 hours ago

luciana1u 11 hours ago

we finally cracked self-installing software, it just turns out the payload is McAfee and the installer is an HDMI cable

supriyo-biswas 10 hours ago

We had autorun.inf in the past installing automatically from any random USB drive[1]. The fun days where you always feared contracting malware if you so happened to plug a random USB drive in :)

[1] https://en.wikipedia.org/wiki/Autorun.inf

Grom_PE 9 hours ago

And some USB drives pretended to also be a CD-ROM to circumvent the limitation of autorun.inf not executing on removable media.

https://en.wikipedia.org/wiki/U3_(software)

GuestFAUniverse 9 hours ago

Oh, come on! LG force fed people with ads on TVs. And now everybody acts surprised?

Do. Not. Buy. LG.

There are a lot of decent alternatives. Stop buying from the sick heads.

HighGoldstein 9 hours ago

> Do. Not. Buy. LG.

> There are a lot of decent alternatives.

Can you name them? Dell and Samsung are the main competitors for displays as far as I'm aware, Dell tends to be hit-or-miss when it comes to monitor features and quality, Samsung's high end displays come preloaded with a whole OS. The monitor market is really in the toilet.

petepete 5 hours ago

Samsung are as bad as LG for advertising in their TVs.

I'd happily buy and use a Dell monitor in my front room next time around. I don't use the speakers or tuner in my current TV so I'm not sure what I'd be missing out on.

greatgib 10 hours ago

If you had time to spend, I'm wondering if you couldn't sue LG or Microsoft in some countries for something equivalent of "hacking". Like intrusion in a computer network. As it is unsolicited installation of something that is unexpected.

As there is no consequence for them, again there is no reason that it changes or that it doesn't get worse in the future.

jdw64 11 hours ago

In Korea, pretty much all devices come with Windows. It's hard to live outside of Windows. Most programming is done in CPP,C#, and even when people use C, the majority are working on top of an IDE. The OS kernel layer only really appears in things like Samsung phones—the vast majority of work is on the application layer, and most consumers are on Windows on their desktops. It seems unavoidable

inigyou 11 hours ago

This is also true outside of Korea.

anonym29 11 hours ago

If you're using Windows on a personal device in the first place, you're pretty loudly declaring that your consent doesn't matter anyway.

That's not your computer, that's Microsoft's computer. You're the threat model they lock it down against, you're the schmuck that keeps them fed, and you're the possible terrorist/hacker to be surveilled, tagged, tracked, and monitored.

If you care about consent as it relates to your use of technology, you shouldn't be using Windows in the first place, and this has been obvious for well over a decade now.

inventor7777 7 hours ago

Seems like every day I don't use Windows, the less I miss it lol

BoingBoomTschak 11 hours ago

[Laughs in Linux/BSD]

throwa356262 10 hours ago

HN doesn't like your tone and you are being down voted. But in general you are correct, Linux and bsd users are less affected by such shenanigans.

Short personal story:

I had a win10 machine were HP kept installing some "analytics" service. This happened even on a clean windows install so I guess they used the same delivery mechanism LG is using here. After having read the HP ToS (where they basically gave themselves unlimited rights to monitor anything I did on that machine), I decided to wipe the disk and install Linux.

But I guess it is just a matter of time before EU or US make spywares mandatory on Linux too. Chat control and age verification seems to be the first step towards that.

microtonal 10 hours ago

But in general you are correct, Linux and bsd users are less affected by such shenanigans.

Mac users too (at least for now).

tialaramex 10 hours ago

I don't know about the BSDs but in Linux the reason is that a volunteer (in principle it could be a paid employee, I guess maybe it is for RHEL etc?) decides what gets installed

It is absolutely possible that when you plug in an LG display it installs and runs software on your Linux system†, just that rather than "Somebody at LG who earned a bonus" the decision maker was Sara in Portugal who fat fingered a change when trying to make a Python script for a PCI digital TV receiver work properly on 32-bit.

It does feel more like an amusing mistake in that case whereas even if LG tells us it's a mistake we know it was to earn $$$.

† Obviously YMMV but such "plug and play" features are commonplace because they're useful

microtonal 10 hours ago

I have absolutely no clue what you are talking about. There is no mechanism in standard Linux distributions to automatically download software from a vendor when you plug a device (apart from firmware updates through fwupd, but those are curated).

So perhaps you could elaborate?

tialaramex 10 hours ago

lordleft 7 hours ago

Not only Linux/BSD, but MacOS. Not that Apple isn't annoying either, but it tends to avoid the windows bloatware stuff.

potato-peeler 11 hours ago

qmr 10 hours ago

Beyond tired of the rape mentality from Microsoft and other evil mega corp's.

Remember when you used to own your "personal" computer?

bravo777 7 hours ago

Windows works well most of the time for most people. I have a couple of Windows PC's, both exotic and standard, and I get what I paid for out of them. Humans love to hyper fixate on the failure cases when they're bored, and this is just one of them for Windows.

Mostly anyone who has a need to work for privacy and making their own lives difficult by removing automations deserve working through the barrier of entry to do so.

adamtaylor_13 10 hours ago

This is an excellent use of agentic AI, btw. Fire Claude up and say, "Remove LG malware and mcafee from this computer. Make regex changes so it can't be installed again."

My current windows 10 install is cleaner than any other windows machine I've ever owned due to using Claude to deep dive and rip stuff out.

someothherguyy 9 hours ago

> excellent use of agentic AI

you run claude code unsanboxed on your machine and give it privileged access?

adamtaylor_13 9 hours ago

On my windows machine I do. Not on my important machines.

orbital-decay 6 hours ago

Giving the data to Anthropic instead of giving it to LG and McAffee, fascinating

bcraven 9 hours ago

"Prevent this software having unfettered access to your machine by giving some other software unfettered access to your machine"

adamtaylor_13 9 hours ago

That's a hot-take, but yeah. Something like that.

Probably more like, "Prevent adversarially installed software from having unfettered access to your machine by giving software you specifically requested unfettered access to your machine."

If it makes you feel safer, you can just tell it to give you the commands run them yourself. The point is, I'm not a Windows sysadmin so idk how to do stuff like this--claude does.