Comment by devttyeu
21 hours ago
This is so much worse that the title makes it out to be:
1. Your OS installs malware (technically manufacturers software) from a 3rd party vendor in background, zero user interaction
2. Happens as soon as you or anyone with physical access plug in a device into the HDMI port
3. That malware has internet and full system access, no sandboxing
4. It starts with every system boot
5. This software gets installed when you plug in a new LG monitor
6. OR ALREADY HAD AN OLDER LG MONITOR PLUGGED IN, BECAUSE LG APPARENTLY ROLLED THIS OUT FOR MANY OLDER MODELS TOO!!
7. And yes, if you think that's horrendous, as mentioned in the video below, that also applies to 'Professional' LG monitors!
This situation has.. no precedent as far as I can tell..
GamersNexus has a video diving deeper into what LG did here - https://www.youtube.com/watch?v=Q9uefFYe6bM
>This situation has.. no precedent as far as I can tell..
Printer, mouse, tablet and display tablet makers use this to insert their crapware since at least Windows Vista or Windows 7, I think. The last one I remember is plugging a Razer mouse just to watch it instantly pulling 1.5GB of bloated junk with "telemetry" exfiltrating the data from my gaming PC in realtime. At least it doesn't leave my mouse in a non-working state when I disconnect the internet, like it used to. Thanks, Razer!
Microsoft is to blame here, really. They have a mechanism to block any vendor (supposedly to avoid reputational risks to their brand due to buggy drivers, at least that was their excuse back in the day), but aren't even using it to block these contraptions. Entire businesses are built on this, e.g. Razer is probably more of a marketing/data company now rather than a hardware shop.
Back in my Window days. I would start the driver installation and let it sit. Open the temp folder and copy content the install extracted to a new directory. Cancel the installation. Open Device Manager and install the drivers from there so non of the excessive bloat was installed.
This worked greater with being an IT consultant. The client's machine to run smoother and drivers installed fast since they would buy multiples of the same equipment at once.
Now I only use Linux on personal equipment. You have to pay me to use Microsoft products. Microsoft has become shit-ware.
"The Halloween documents comprise a series of confidential Microsoft memoranda on potential strategies relating to free software, open-source software, and to Linux in particular, and a series of media responses to these memoranda. "
https://en.wikipedia.org/wiki/Halloween_documents
https://www.windowscentral.com/microsoft-accused-being-conne...
To be fair Microsoft was always shitware. I don’t remember a time when using a Windows machine just worked, didn’t take up gigabytes of space, didn’t crash, and didn’t get messed up by simply using it requiring a yearly or semi-yearly reinstall.
15 replies →
7zip will do the trick for a lot of self extractors.
When .INF was all you needed (and some .cat / sys)! More recently, I found out that approach can sometimes lead to missing features when using the hardware. Even though the driver is installed correctly. I was probably missing something but didn't dig deeper into it.
These days, even a window gets updates.
1 reply →
> but aren't even using it to block these contraptions
Even worse, this one is installed via Windows update. I have an LG monitor and noticed the stupid LG app all of the sudden, uninstalled it, and saw it pop up again as an update in Windows update.
Microsoft is actively enabling this behavior.
I don't understand how this is legal. Isn't this malware? Isn't it illegal to install malware on someone's computer without their permission? Or is this very illegal, but nobody cares about that anymore?
5 replies →
Microsoft could easily make a rulebook for drivers, and say any company which violates the rulebook can only send open source drivers, or even ban them from driver distribution entirely which would quickly kill a consumer hardware brand.
Microsoft does not care about the quality of Windows. Half the malware comes from them. Windows is just a platform they can sell online services and AI products through.
The Razer one is spot-on. I had a Razer mouse during the Windows 7 days and it kept running the installation setup despite declining it all the time, and it's so bad at times I recall seeing the setup trigger while on an ongoing Windows update when the screen was already locked up.
Logitech did something similar if I recall right.
My Logitech mouse does this but it prompts to install their crapware and adds that to the startup programs, it's not automatically installed.
The last one I remember is plugging a Razer mouse
Oh, yeah. Bought this overpriced but heavily hyped Razer mouse and it wouldn't even work right until it had an internet connection. A MOUSE. I'd never encountered something so blatantly customer hostile in my life. Never even looked at another Razer product, never will, and will tell anyone who will listen that Razer is a terrible company full of objectively terrible people.
I had a razer mouse and headphones, which from time to time crashed their driver server or whatever and nothing could help until the cold restart of the PC and a laptop. Razer. Never again.
Razer was always low quality garbage at premium prices. Gamer marketing for you.
32 replies →
This. Microsoft has chosen to allow this functionality, despite it being a very clear breach of trust with customers.
LG/Dell/et al should be shamed and blamed for even trying this shit in the first place, but it’s Microsoft who holds the blame for allowing such malware and spyware trash through their own update service.
You’re acting like Microsoft aren’t pushing malware themselves.
4 replies →
Microsoft could end up being a higher barrier but how much do we really want that?
To me, it seems like LG is the one to blame.
> Microsoft could end up being a higher barrier but how much do we really want that?
For drivers installed automatically via Windows Update? Absolutely yes.
For software the user installs manually? No.
Microsoft has been coddling big devs (read: the devs that code this absolute garbage) for decades. They have this mentality "if we change anything, and anything breaks for current users, they're going to blame us instead of the vendor" and that might have been useful in the 95 days, but it's outmoded. They need to have the balls to break every vendor in 2026 if they're doing things they shouldn't.
I don't trust Microsoft not to be a modern capitalist, but I trust the companies they enable even less.
> This situation has.. no precedent as far as I can tell..
Microsoft has been allowing this sort of ludicrous behavior for decades at this point, it's not a new issue. What's new is how visible LG made their malware, compared to previous auto-installs that happen like this, where they try to make the thing not so in your face, as they know there will be a huge backlash.
I don't know what Microsoft is thinking even allowing and enabling this sort of thing, they've lost all touch when it comes to building things for users.
Maybe some decision makers do indeed have negative aspirations…
If you have been reading the news about Windows 11 then I will enlighten you -- they view the Windows 11 consumer business as a cost center that must be mitigated.
As such, all manner of monetization has been approved and it will continued to be approved without regard for user experience.
This article obviates that this is not an LG problem, it is a Microsoft problem.
Also, don't fool yourself if you think this won't come to the Linux world.
Just look at Microsoft’s revenue breakdown that they publish. Windows revenue is alarmingly small.
I don’t think it’s a loss leader but Microsoft gets almost nothing from OEM Windows licenses and basically nobody buys it retail.
This is not coming to the Linux world. The moment this sort of thing happens, distros get forked.
21 replies →
As long as you have a computer that can run unsigned software, or software signed by yourself, this won't come to Linux as non-optional features: you can always recompile your kernel removing things you do not want like this.
7 replies →
> don't fool yourself if you think this won't come to the Linux world.
I'm curious what you mean by this. I'm not necessarily rejecting the point, but I also don't see how this could happen without substantial shifts in the industry first.
4 replies →
It hasn’t come for the much larger Mac world yet.
I think literally the only driver I’ve installed for any accessory of any kind is the config utility for a Stream Deck. I certainly never install mouse (thank you Steermouse!) or printer drivers, let alone a monitor driver of all things.
>I don't know what Microsoft is thinking even allowing and enabling this sort of thing
This has been a feature since Windows 7, and it worked great since it would pull all necessary drivers after installation without you going hunting on the internet like in the Windows XP days.
Just that no HW manufacturer thought to push spyware in their driver repos at that point to improve some team's KPIs.
>and it worked great since it would pull all necessary drivers after installation without you going hunting on the internet like in the Windows XP days.
A driver shouldn't be a front-facing program that shows ads of any kind. It should be sandboxed and follow strict APIs to talk to the OS and that's it - any extra options should be shown inline in the main e.g. printer or mouse dialog.
25 replies →
> Just that no HW manufacturer thought to push spyware in their driver repos at that point to improve some team's KPIs.
Except for every printer, some popular GPUs, Microsoft's peripherals...
Auto-run when inserting a CD worked great, until people realized you could do bad stuff with it. User action must be required to run or install new software.
2 replies →
A few years ago, plugging in a Razer USB mouse made Windows download and run a installer from which the current user could start PowerShell with administrator privileges. Razer first tried to downplay the issue, but fixed it later. [1]
The USB protocol does not have any authentication, just a VendorID/ProductID pair: 2×16 bits that Windows uses for looking up the driver package to install. Programming a MCU to use any VendorID/ProductID is straightforward. A USB device could even appear innocuous at first but after a timer or external trigger disconnect and reconnect masquerading as another device.
1. https://arstechnica.com/information-technology/2021/08/need-...
not a usb programmer, but are you saying i can buy any old usb chip and program it with any vendors ID and spoof windows into giving me admin? if so, gj micrcosoft.
You could use any programmable microcontroller with a USB interface. Consumer products tend to have fuses set to they can't be programmed again.
The latest driver registered with Microsoft for the product you're going to spoof would need to have a vulnerability to exploit. You can't supply any driver.
1 reply →
You can pretend to be any vid:pid with usb gadget mode. For example with a raspberry pi zero something.
But you can't pretend to be any vendors id, only the ones with vulnerabilities. And the drivers or spyware will be downloaded by windows from the vendor's site, not from your peripheral.
But yes, usb device identifier is done through software/firmware.
1 reply →
You can also spoof a keyboard and simulate keystrokes to open terminals and run arbitrary commands. I don't know about Windows, but on Linux it's possible to block USB connections by default and filter them in userspace:
https://usbguard.github.io/
This allows enforcing rules like "never add an additional keyboard". But the USB protocol has no support for strong device authentication, so there's no way to prevent a device from acting like a malicious version of something in the device class you expected it to be without abandoning "plug and play" altogether (a reasonable solution in secure environments where unused ports are often physically blocked).
1 reply →
I've heard so before: that USB is a massive security hole. At least in Windows; I don't know if other OSs are also vulnerable.
Better to just never stick strange USB sticks in your computer.
You can "spoof" any system where you can load older drivers into giving you admin/root, you just need to find a vulnerable driver. Nothing Windows-specific in that.
1 reply →
> This situation has.. no precedent as far as I can tell..
- https://support.microsoft.com/en-us/windows/hardware/drivers...: “Windows can automatically download recommended drivers for the hardware and devices connected to a system by using Windows Update“
- eight years ago: https://www.reddit.com/r/Windows10/comments/8tlre3/why_is_it...: “I can't seem to stop it from installing device drivers, even after unchecking the 'Do you want to automatically download manufacturers' apps and custom icons available for your devices?' and saving.
I uncheck it, reboot. Uninstall all drivers except USB (so I can use mouse and keyboard) and reboot. Aproximately two minutes after the reboot, I get notification ballons telling me everything is installed again. Heck, even the super old Nvidia 388.1 driver is installed (the latest now is 393.2).”
> This situation has.. no precedent as far as I can tell..
You got a lot of replies already, but there's so much precedent. Plugging a Logitech mouse installs a network capable, autolaunch capable, pop up app for at least the past 10 years. LG's thing seems grodier, but this has been common Windows-ism for a while.
Plus even when the Logitech mouse has been moved to a different PC, the former PC will continue to get Logitech updates anyway.
Apparently so they will be one step ahead of you in case you decide to plug it in again sometime.
Graphics cards can do this too, you remove the card and go back to the motherboard's built-in HDMI port, then one day here comes a big update for the non-existent graphics adapter.
Unprecedented? Have you installed a Dell/Alienware monitor recently? I hope you enjoy having the unsigned awcc.exe autostarting with no visible ui doing good knows what with no documentation from Dell
Yeah, I was looking for this comment. Dell/Alienware have been doing this for YEARS. Part of the many reasons I moved from Window to Linux.
Is Linux certain to be safe from this sort of thing? I used to use lots of Dell monitors.
Are there any brands that are known not to do anything like this? I'd like to reward them with my patronage.
2 replies →
> This situation has.. no precedent as far as I can tell..
depending on how you look at it it has quite a bit of precedence as this falls under a long list of MS shipping "intended behavior most security researcher would assign a CVE and require it to be fixed as min. requirement for Windows usage in any company"
other wtf. microslop cases include:
- "install arbitrary software w. admin rights hooks" in BIOS which theoretically is there to install BIOS update software but there had been cases of 1. it installing other unwanted software, 2. the updater not fulfilling most minimal security standards (i.e. similar, due to 2. maybe even worse then the monitor case)
- "on boot without password requirement boot arbitrary stuff from a USB stick if correctly named" allowing a trivial bypass of TPM based full disk encryption, yes different thing but another "MS without authentication runs potentially harmful 3rd party software"
- "init scripts on USB devices", I think they stopped doing that
- ...
given that Microsofts security researchers are definitely _not_ incompetent idiots, you can safely assume that all of this features where implemented knowing what user hostile hazards they are and against their own security teams recommendations (or bypassing that team knowing they would say "wtf. no", or similar)
most absurdly MS has in all of this cases enough means to enforce a "just drivers no ad-ware/spy-ware or you get banned" policy, and could do it in a way where they still allow non-allow-listed/ban-listed hooks to be run iff the user consented to it with appropriate warnings and "remember this decision" functionality in case they say no (which besides other aspects might be relevant from a "not steeping onto anti-trust landmines" POV, through mostly older judgements as the US kinda moved from hindering oligopoly to pushing for it).
combine that with the huge f*-up of Azure in the past and their systematic mishandling of it, and no indication they will change this behavior, I really don't understand how any Company/Government agency could trust them
Perhaps no precedent in hardware, but it's basically the same as the good old Sony CD autoplay rootkit fiasco. Except this one runs in mere userland AFAICS.
I can only conclude that Windows is basically malware now... Thank $deity I haven't used any form of Windows for 10+ years anymore.
“Now”?
This is nothing new. For about 30 years now Microsoft has been constantly repeating various flavors of this “make it so a thing can automatically and silently run programs as soon as it touches your computer” thing. It’s always done in the name of user convenience. It always ends up being a fiasco. I don’t know why they keep doing it, it’s not like the exact same PHB keeps making the same decision over and over for 30 years. It’s probably one or a combination of the many well documented flavors of stupid that are deeply baked into the company’s organizational culture.
(And before the inevitable response, no this is not defending Microsoft. Pointing out that an organization’s culture is too deeply, chronically stupid to avoid opening the exact same obvious and gaping security hole over and over and over and over again is not the same as saying, “it’s fine, actually.”)
> It’s probably one or a combination of the many well documented flavors of stupid that are deeply baked into the company’s organizational culture.
It all comes from the increasingly widely held idea that the user should not be the ultimate authority over what should run on his computer. The OS vendor should have a say. Third party developers should have a say. Device manufacturers should have a say. Anyone except the user, who is just a passenger on his own system. And this mentality is not limited to Microsoft.
> I can only conclude that Windows is basically malware now...
Windows has worked like spyware since what, the late Windows 7 days or thereabout?
End users should not regard this as inevitable. Or get caught up in the how-it-works-how-to-disable swamp. Instead, cut through to the essence. It's about respect:
# Microsoft does not respect Windows users (or users of any of their offerings?).
# LG does not respect people who buy their monitors (and perhaps other products?).
Knowing that, why would you use such a sleazy company's product for daily driving? Or give them your money? Would you buy bread from a baker who pisses on your lawn every time you're not looking?
User rights or consumer protection laws aren't even part of this equation. Although they do help (sometimes a lot!) to keep companies honest.
> why would you use such a sleazy company's product for daily driving
Because alternatives are much worse or not available for scenarios people need.
There, I've said the obvious.
4 replies →
You're missing out on 37 different unrelated things being named copilot.
81, not 37: https://teybannerman.com/strategy/2026/03/31/how-many-micros...
1 reply →
Copilot’s T&Cs clearly explain that it is for entertainment purposes only though.
2 replies →
How it it a Windows issue that driver developers pack garbage with their drivers? If Linux supported loading 3rd party drivers (it mostly doesn't, and if Windows did that, the whole internet would be up in arms about Microsoft locking down their OS), it would have exactly the same issues.
This is basically the same as downloading a program, running it and when it downloads garbage on your computer, complaining that Windows are dumb for allowing a program to download garbage.
> How it it a Windows issue that driver developers pack garbage with their drivers?
Because windows update automatically installs the garbage when the device is connected.
Microsoft could control the content of the software it automatically installs, but they don't. That's the issue.
This is one of those typical HN replies that adds absolutely nothing to the discussion.
Much like your own, and this one!
5 replies →
It's a discussion, it's not a panel to further scientific inquiry. Sentiments and opinions also further a discussion.
It confirms for me that I too made the right choice and it reminds people that haven't made the jump yet that they have a choice in how their operating system treats them. I'd say it added a lot more than your comment.
I have a windows computer that tries to install HP Printer software automatically because it detects an HP printer on the WiFi. No physical access needed
8. ANd this isn't specific to LG. If LG can do it, anyone can, even if they aren't right now.
Buying from companies you trust isn't a solution either. Founders sometimes get into fatal car accidents or lose some of their assets in messy divorces. THe new owners may not care about "brand reputation" and sell the company to the highest bidder.
It is the same when you plug in a Logitech mouse nowadays, no? At least they don't install McAfee
I have a logitech mouse and I'm pretty sure I was asked whether to install the logitech app, it didn't do it automatically. Same for the dell mouse I have at work, it asked to install dell somethingorother, which I declined, and it left me alone.
Anecdata from two days ago, after installing a fresh Windows 10: after inserting the dongle, a definitely non-native (styled by Logitech) popup asks me whether I want to install their app. I decline. One reboot later, the app is available in the start menu.
Edit: To be fair, I immediately uninstalled it, so I don't know if this was "just" a link to their installer app or the full app. But something definitely got downloaded and moved to a place I could not have moved it myself without accepting a UAC prompt m
1 reply →
there's tons of frustratingly equally bad precedent.
for some reason it also seems like a lot of this companion software from oems is often written by part time contract / interns.
years ago there was a classic example of iirc a logitech mouse driver that was writing the coordinate position of the mouse at ~100hz to the registry.
microsoft should be applying _at least_ app store level / whql level rigor to these, but it seems if the oem is large enough they'll just gladly yolo a 2gb package of crap onto your machine because the oem said "this our driver package"
> OR ALREADY HAD AN OLDER LG MONITOR PLUGGED IN, BECAUSE LG APPARENTLY ROLLED THIS OUT FOR MANY OLDER MODELS TOO!!
Just think about how many times hardware manufactures told customers to buy new equipment because they can't be bothered to patch the older models.
LG Electronics display monitor as Trojan Horse
Except this Trojan Horse isn't offered for free
And people think macOS sandboxing is "hyperbolic"
As if the world needs more reasons to understand that windows is activly making your life worse. Step by step.
>This situation has.. no precedent as far as I can tell..
I want to believe you, but somehow I can't, I feel like our industry has already mastered the art of installing malware on customers' devices.
Thanks - really got my attention. And, the video makes me sick.
I'm still looking at my 10 year-old LG monitor with suspicion, now, but I'm thinking (hoping) it's just too old...
That's just living in the Windows world.
After start menu ads, I don't understand why people are being surprised anymore.
Thank you for the summary. As a Linux user, am I spared because of relative obscurity, or is it that Microsoft is explicitly allowing this to happen?
Linux only auto-loads the drivers in the kernel tree
How can HDMI affect the host computer?
Because Windows is cooperating and installing the malware on behalf of the OEM.
This kind of exploit could not be done on MacOS or Linux.
> This situation has.. no precedent as far as I can tell..
No, this has been going on for years. Vendors have been pushing malicious software through the Windows Update automatic driver installation since forever. MSI and Nahimic/A-Volute (this has watchdog daemon to instantly reinstall it as well as the main app protecting the daemon), the ASUS Armory Crate bullshit, the Lenovo garbage, which initially they only put into their own images, but then started force-installing via Windows Update, Gigabyte, ... the list is really long.
If you have to use Windows, you really absolutely should disable driver installation through Windows Update.
I understand shitty brands want to do this.
The bit I don’t understand is Microsoft making an infrastructure that allows this, lets shine the shame light here.
Have you installed Windows recently? It is full of ads.
If Microsoft can push ads to users, why can't LG?
Logitech have been doing this for years
Have you been using Gentoo or FreeBSD for a long time and then suddenly remembered Windows exists on the same day this news dropped?
this has happened to me with dell monitors since years ago, also with razer peripherals.
In your mind. Average joes do not even know there is a firewall in windows, which is off by default. Actually none of the games, not even chrome respects the built in Windows firewall. If you have configured a firewall, it will make your life much harder, since almost nobody designs software based on the assumption that a firewall will exist. So almost everyone flies without one.
I'm tired of everything being classified as "malware". The word has no meaning anymore. Malware can mean "zero-day state-sponsored ransomware attack" or it can mean "software was automatically installed by a trusted consumer-beloved company because they forgot to make an opt-out window" (which is what I'm guessing happened here).
LG hardware laying dormant for sometimes 3 years, then installing software through backchannels silently to record your voice continuously (if the monitor has a microphone, which some models do) and taking screenshots of your monitor content every 500ms, uploaded to their servers and likely shared with data brokers and the government qualifies as malware in my book.
> 1. Your OS installs malware ...
Your OS is malware.
We're talking about Windows here.
> Your OS installs malware
Malware??
USB devices can also do this now. I have a Razor microphone which is otherwise a great device and requires no software to function. At soon as you plug it in to windows it tries to install some Razor crapware.
It's not quite as bad because it's not silent and you can say no, but I'm pretty sure that's only because Razor decided not to be completely evil.
If this were a person doing this, they would be in jail.
Companies consist of people.
Logitech pulls (pulled?) the same shit when you connect one of their pheriferals to your PC.
[dead]
But thanks to Secure Boot, your computer is secure. /s
When will people understand that malware is signed by the vendor ?
Buddy let me welcome you to the Internet where your phones and emails are literally listening to your microphone like it’s Watergate.
It’s not unprecedented at all for Microsoft or anyone to download what amounts to spyware.
The days of antivirus were replaced by advertising a long time ago. There is no privacy.
Most savvy types are hyper aware of every process running on their machine especially those using network lol
Kill the process or don’t by an LG. Everyone just uses Dell, or you’re rich and you get a Mac one. I don’t make the rules
Savvy types use Linux
I've gotten to the point that if you're trying to show me something and I see you're using Windows, I just assume you're an unserious person and it's worthless.
All the major tools for advanced work are Linux-based, and there's maybe a Windows version, but it's probably a kludge like Docker Desktop.
8 replies →