It still blows my mind that most people still put up with this kind of behavior. I get that some people can't get away from Windows due to genuinely needing to use software that will only run on it, but that has to be around 0.1% or less of current windows users. There is no justification for the other 99.9% to choose to stay in such a toxic relationship.
But those were different times...
Not sure about other solutions, but one suggested workaround here would be to silently uninstall Windows without consent.
Whether itās router safety or NVIDIA software hammering DNS servers hundreds of thousands of times or this. Across the board they seem below average competent when it comes to software. I get that theyāre specializing on hardware but why so very bad?
Edit. This isnāt even the only thread today. See TPlink fucking up on leaking your GPS coordinates also on front page
1. Your OS installs malware (technically manufacturers software) from a 3rd party vendor in background, zero user interaction
2. Happens as soon as you or anyone with physical access plug in a device into the HDMI port
3. That malware has internet and full system access, no sandboxing
4. It starts with every system boot
5. This software gets installed when you plug in a new LG monitor
6. OR ALREADY HAD AN OLDER LG MONITOR PLUGGED IN, BECAUSE LG APPARENTLY ROLLED THIS OUT FOR MANY OLDER MODELS TOO!!
7. And yes, if you think that's horrendous, as mentioned in the video below, that also applies to 'Professional' LG monitors!
This situation has.. no precedent as far as I can tell..GamersNexus has a video diving deeper into what LG did here - https://www.youtube.com/watch?v=Q9uefFYe6bM
gpedit.msc
Computer Configuration > Administrative Templates > System > Device Installation
Prevent automatic download of applications associated with device metadata
Set to enabled
OK
On home editions sans gpedit.msc: sysdm.cpl
Hardware tab
Click Device Installation Settings
Under 'Do you want to automatically download manufacturers' apps for your devices?', select 'No'
Save ChangesMicrosoft decides what happens here, and presumably today they just take it on trust that hardware makers know what software to install. New driver? Sure. McSpam installer? OK. Maybe they have a guideline saying "Don't ship unrelated garbage" but today it's not enforced because why would you do that?
If the Microsoft customers (particularly larger corporate customers) tell Microsoft they hate this that policy will get tightened or if there isn't a policy one is introduced, and outfits like LG get told if you do this again we're taking away your update privileges, 'cos our customers hated this. Because (as I said assuming MS don't get a taste) this is all downside for Microsoft.
Pushing back on LG will be less likely to work because you already bought their product, so at most you can insist you'll forgo LG next iteration and they know such pledges evaporate in practice usually. Whereas Microsoft has contract negotiations every day, somewhere a $$$ contract is being renegotiated next week and if "Yeah, these LG popups suck" comes up - even if it's not a corporate system but the VP's niece's video editing suite for her vlog that's strictly unrelated - that Microsoft sales droid reports this was an impediment and it's on the list of things that don't benefit Microsoft.
Autorun of malware when you plugged in a USB drive was also a Windows issue, I'd classify this as the same security problem.
My wife CONVINCED me to buy an LG tv instead of my typical dumb monitor.
Now I get constant ads and a constant nagging of updates available, that will install more ads and spying features...
I guess my next machine will have a VGA port ;-)
And no Windows.
My current windows 10 install is cleaner than any other windows machine I've ever owned due to using Claude to deep dive and rip stuff out.
The USB protocol does not have any authentication, just a VendorID/ProductID pair: 2Ć16 bits that Windows uses for looking up the driver package to install. Programming a MCU to use any VendorID/ProductID is straightforward. A USB device could even appear innocuous at first but after a timer or external trigger disconnect and reconnect masquerading as another device.
1. https://arstechnica.com/information-technology/2021/08/need-...
Microsoft has been allowing this sort of ludicrous behavior for decades at this point, it's not a new issue. What's new is how visible LG made their malware, compared to previous auto-installs that happen like this, where they try to make the thing not so in your face, as they know there will be a huge backlash.
I don't know what Microsoft is thinking even allowing and enabling this sort of thing, they've lost all touch when it comes to building things for users.
Printer, mouse, tablet and display tablet makers use this to insert their crapware since at least Windows Vista or Windows 7, I think. The last one I remember is plugging a Razer mouse just to watch it instantly pulling 1.5GB of bloated junk with "telemetry" exfiltrating the data from my gaming PC in realtime. At least it doesn't leave my mouse in a non-working state when I disconnect the internet, like it used to. Thanks, Razer!
Microsoft is to blame here, really. They have a mechanism to block any vendor (supposedly to avoid reputational risks to their brand due to buggy drivers, at least that was their excuse back in the day), but aren't even using it to block these contraptions. Entire businesses are built on this, e.g. Razer is probably more of a marketing/data company now rather than a hardware shop.
As to why people do install such software? It sometimes provides additional features, controls and settings. For example with touchpad you could set the sensitivity, hot corners, set the scroll behaviour the way you like it, etc.
With monitors you might get a better colour profile (P3 instead of just sRGB), I don't know. I don't use monitors like this.
But the point is that companies will probably not complain about this because they'll most likely not see it. Also, they're used to Windows being generally crappy.
So I think that is what we should continue to call it. LG monitors are installing malware, because they install the software silently and it harms the system by making it slower and disrupting the work of the user with advertisements.
I don't understand why we expect some manager somewhere to stop stuff like this.
You can't block a just one driver. E.g. for my touch screen on the Lenovo website there is version X. When I install it the next day Windows installs X-1.
On Lenovo's website the latest version is 7.7.2.66 (https://pcsupport.lenovo.com/us/en/products/laptops-and-netb...).
Windows reverts that to 7.7.2.44.
I tried blocking that update with the Powershell command-thingy, but even that doesn't work:
Administrator in ~
get-windowsupdate -isHidden | ft Status,KB,Size,Title
Status KB Size Title
------ -- ---- -----
----H-- 92KB Wacom Technology - HIDClass - 7.7.2.44
(this command by the way takes 20+ seconds), and the filtering doesn't work because there is no KB.As such, all manner of monetization has been approved and it will continued to be approved without regard for user experience.
This article obviates that this is not an LG problem, it is a Microsoft problem.
Also, don't fool yourself if you think this won't come to the Linux world.
This has been a feature since Windows 7, and it worked great since it would pull all necessary drivers after installation without you going hunting on the internet like in the Windows XP days.
Just that no HW manufacturer thought to push spyware in their driver repos at that point to improve some team's KPIs.
LG/Dell/et al should be shamed and blamed for even trying this shit in the first place, but itās Microsoft who holds the blame for allowing such malware and spyware trash through their own update service.
This is nothing new. For about 30 years now Microsoft has been constantly repeating various flavors of this āmake it so a thing can automatically and silently run programs as soon as it touches your computerā thing. Itās always done in the name of user convenience. It always ends up being a fiasco. I donāt know why they keep doing it, itās not like the exact same PHB keeps making the same decision over and over for 30 years. Itās probably one or a combination of the many well documented flavors of stupid that are deeply baked into the companyās organizational culture.
(And before the inevitable response, no this is not defending Microsoft. Pointing out that an organizationās culture is too deeply, chronically stupid to avoid opening the exact same obvious and gaping security hole over and over and over and over again is not the same as saying, āitās fine, actually.ā)
Windows has worked like spyware since what, the late Windows 7 days or thereabout?
End users should not regard this as inevitable. Or get caught up in the how-it-works-how-to-disable swamp. Instead, cut through to the essence. It's about respect:
# Microsoft does not respect Windows users (or users of any of their offerings?).
# LG does not respect people who buy their monitors (and perhaps other products?).
Knowing that, why would you use such a sleazy company's product for daily driving? Or give them your money? Would you buy bread from a baker who pisses on your lawn every time you're not looking?
User rights or consumer protection laws aren't even part of this equation. Although they do help (sometimes a lot!) to keep companies honest.
> Connecting some LG monitors to a Windows PC may automatically install software that promotes McAfee subscriptions
I too have a LG monitor, but haven't booted Windows in some days, guess I'll stay put in my Arch environment until they've fixed this shitshow.
I woke up the other day to a notification that my LG monitor driver was installed, with a little window on how to use the on-screen crap.
Absolutely useless, since the buttons for the monitor are right there on the bottom of it, and probably easier to use than the software.
When you uninstall, they give you an opportunity to type a reason. I wonder if anyone actually reads my accusations of them being scammers and bad people. I have uninstalled McAfee from more peopleās computers than I care to remember.
Treat your TV like a computer monitor (ironic here in this context lol)
you run claude code unsanboxed on your machine and give it privileged access?
Microsoft needs to intervene here, this cannot be a normal expectation for using their product.
In other words, we all know that regular consumers will never find this and theyāll never understand that their LG software is spyware in the first place.
I've managed to generally avoid running Windows (at home and at work) for a long time now, but if there was a situation where I needed to get a PC (at home?), is there a recommended least-sucky way of living with?
Are there editions or scripts or a setup workflow that would make it suck less?
MS should get all the flack (which is mostly deserved) of this
Manufacturer does whatever crap they want with "it works" and then MS gets the complaints
A driver should only be that. A driver
But still, is it possible Americans are receiving more ads than in other parts of the world? Certainly online sentiment gives me that impression.
You mean "Microsoft Xbox Activision Blizzard King Bethesda Mojang"? I wish you luck with your boycott.
The GN video focuses a lot on consent, and while maybe this is notionally currently illegal without consent, that just steers towards companies shipping a generic ToS popup, claiming you "read" that 1.8 PiB of ToS, and including the "oh btdubs we can modify these terms at any times and if you want to go to court lol forced arbitration has other ideas about that."
MS & Windows having conditioned users to expect / think they need drivers for peripherals speaking standard protocols is also part of this. A monitor shouldn't need a driver. It takes the pixels, it displays the pixels.
As far as I know, the source of the graphics was not the unifying receiver that I plugged in the USB port, and the notification was not using any OS API meant for hardware to be avle to prompt the user for additional download. It was a Logitech-built DLL shipped and loaded by the operating system as part of some default driver for the Logitech keyboard.
It's hard to say directly from the article if there is any GDPR breach. If everything was part of the installer and it doesn't actually submit anything (including downloading the ad) to LG then it's harder to argue that there is GDPR violation, but knowing the SOP of these kinds of software that is unlikely.
If the software did indeed send personal data to LG then there are at least following question: How was Article 13 notice delivered to user? Article says that this was installed quietly. Did Microsoft deliver Article 13 compliant notice to user at some point? They probably did deliver their own notice (though it's open question if it's compliant), but not LG's. However since Microsoft is the one that installed the software and they exercise control over the standards which must be met, it's possible that they would end up being joint controller at least for some processing.
I should add that Article 13 requires that the notice is given "at the time when personal data are obtained". The only exception is when "data subject already has the information" and possible Article 23 restrictions, but those are unlikely to apply.
If someone wants to make a complaint they should first make Article 15 request to LG. Copy of personal data is useful, but 15(1) information is the primary goal. Additionally ask for information on how and when did LG provide you the Article 13 notice if they did indeed process your personal data.
After that if they cannot show that they provided Article 13 notice when they received your personal data submit a complaint to your local DPA. You can additionally flag other violations as well if they are applicable (e.g. not naming recipients as part of Article 15 response, not giving actual retention time or meaningful information how that is determined, invalid legal basis etc.). You should also flag in the complaint that Microsoft is likely joint controller for some of the processing given that they are the ones who approved the automatic install of the software which violated GDPR.
It's basically how a virus would infect your computer through a USB Key.
Forcing itself to be installed, hiding what it does, sustaining itself across reboots, bypassing all security restrictions... because a monitor might need something new after all these decades?
You get what you pay for.
If you're the customer, you're the product.
"You get what you pay for" means if you buy proprietary software, you get software from proprietary vendors who act like modern proprietary vendors act these days, which is using every avenue to maximize profits. There's no recourse, because it is proprietary and, therefore, belongs to the software maker, and not you. It is not your property, it is theirs.
Which leads into...
"If you're the customer, you're the product" because customers are valuable products. You willingly bought the service, so your data is data from someone who is interested in the company and probably willing to buy more from it and its partners if the company can target you. Your data, therefore, has resale value, making you a product to be sold.
Apparently the 3 applications have some sort of screen partitioning/sharing capabilities, but it is still unclear if the LG App was remote access or not.
So far, LG is earning a lot of justified bad press. Should have returned it when I had to turn off the screens power-save mode to get it to stop fading out randomly. =3
Close but still not there. And Plasma has its own problems (I have it on my work laptop with Fedora).
Probably more like, "Prevent adversarially installed software from having unfettered access to your machine by giving software you specifically requested unfettered access to your machine."
If it makes you feel safer, you can just tell it to give you the commands run them yourself. The point is, I'm not a Windows sysadmin so idk how to do stuff like this--claude does.
Me on Linux: I don't want to use Windows, you have to keep configuring every single thing so it doesn't show ads.
For plug-and-play devices with multiple configuration knobs. It is nice to be able to click through a printer wizard to configure how one wants to print their documents. Likewise with an audio interface: loopback settings, codec, sampling rate, gain and volume of channels, etc. Or consider a USB CNC mill; configuring things like milling revolution rate, setting which bit is installed, what lubricant is used, etc. Or consider the Nvidia/AMD control panels for their GPUs; things like colour depth and space, resolution, scaling, anti-aliasing, vertical synch, power settings, etc.
Some of these settings are device- and even manufacturer-specific; one might argue these are more than a driver or the platform can or should provide. That being said, this stuff should go into a user-mode driver...
That LG have exploited this functionality to install adware is on them.
Then, to get a better version of Windows, use MAS[2].
I don't see why we can't blame both here? And I'm a big LG user, I'm writing this comment via a LG monitor, our main TV is LG, dishwasher and clotheswasher is also LG. But still, that Microsofts enables this behavior should rightly put them at the stake for this, and also LG should get flack too, just because something is possible doesn't mean you have to automatically go that route.
I have been using it for both personal use and other work use-cases, here is a demo: https://www.youtube.com/watch?v=jObZzI2_pv0
Just like youtube, I can log in to my netflix, amazon prime and then use the touch screen to choose the movie to watch and it gets played on the external screen. I am building it how I would use it as a power user.
I definitely wouldnāt predict that Linux is taking over the world or anything but it wasnāt that long ago that playing AAA games on Linux on day one of release was ludicrous. Now the most popular PC handheld runs Linux, a PC console launched that runs Linux.
Now we have hardware like the MacBook Neo that threatens Windows even more. Sure, the XPS 13 came out and is arguably a compelling alternative. But I think the mindshare damage has been done on that one.
The idea that Windows might disappear entirely is not that far-fetched, especially when you look at Microsoftās financial results.
If I was a PC OEM like Dell I would probably band together with other OEMs like Lenovo to make my own Linux distribution and support Windows offboarding even further as a hedge to my business.
[1] https://www.linkedin.com/posts/callam-d-b38b05105_windows-is...
This is one of those things where if I found the person responsible I would likely spit in their face; if not worse. It's quite literally spyware installed as you plug it in much like those old DVD DRMs from sony that would install spyware.
It's garbage.
Is this a good practice? I donāt really know. We used to get drivers on CDs, but barely anyone has a drive on their computer anymore. You could download them from the vendor website but these are usually a mess and very difficult to navigate to find the right thing ā impossible for your grandma.
Could do like Linux and just build trusted software right into the kernel - but then people will complain about bloat.
So we are where we are. I guess.
So you won't have this problem if you're running Linux and other Free Software under your own control. The problem in this case is just another example of why proprietary software can't be trusted.
Buying from companies you trust isn't a solution either. Founders sometimes get into fatal car accidents or lose some of their assets in messy divorces. THe new owners may not care about "brand reputation" and sell the company to the highest bidder.
depending on how you look at it it has quite a bit of precedence as this falls under a long list of MS shipping "intended behavior most security researcher would assign a CVE and require it to be fixed as min. requirement for Windows usage in any company"
other wtf. microslop cases include:
- "install arbitrary software w. admin rights hooks" in BIOS which theoretically is there to install BIOS update software but there had been cases of 1. it installing other unwanted software, 2. the updater not fulfilling most minimal security standards (i.e. similar, due to 2. maybe even worse then the monitor case)
- "on boot without password requirement boot arbitrary stuff from a USB stick if correctly named" allowing a trivial bypass of TPM based full disk encryption, yes different thing but another "MS without authentication runs potentially harmful 3rd party software"
- "init scripts on USB devices", I think they stopped doing that
- ...
given that Microsofts security researchers are definitely _not_ incompetent idiots, you can safely assume that all of this features where implemented knowing what user hostile hazards they are and against their own security teams recommendations (or bypassing that team knowing they would say "wtf. no", or similar)
most absurdly MS has in all of this cases enough means to enforce a "just drivers no ad-ware/spy-ware or you get banned" policy, and could do it in a way where they still allow non-allow-listed/ban-listed hooks to be run iff the user consented to it with appropriate warnings and "remember this decision" functionality in case they say no (which besides other aspects might be relevant from a "not steeping onto anti-trust landmines" POV, through mostly older judgements as the US kinda moved from hindering oligopoly to pushing for it).
combine that with the huge f*-up of Azure in the past and their systematic mishandling of it, and no indication they will change this behavior, I really don't understand how any Company/Government agency could trust them
- https://support.microsoft.com/en-us/windows/hardware/drivers...: āWindows can automatically download recommended drivers for the hardware and devices connected to a system by using Windows Updateā
- eight years ago: https://www.reddit.com/r/Windows10/comments/8tlre3/why_is_it...: āI can't seem to stop it from installing device drivers, even after unchecking the 'Do you want to automatically download manufacturers' apps and custom icons available for your devices?' and saving.
I uncheck it, reboot. Uninstall all drivers except USB (so I can use mouse and keyboard) and reboot. Aproximately two minutes after the reboot, I get notification ballons telling me everything is installed again. Heck, even the super old Nvidia 388.1 driver is installed (the latest now is 393.2).ā
Yeah, they've never pushed ads or installed software without the user's consent.
Keep in mind the well-known quote from so many pages of Microsoft documentation over the decades, where the main useful function of a feature is the only one completely crippled in what's obviously got to be a complete engineering snafu:
"This is by design."
Haven't used it lately (over 2 decades with linux as daily driver), so can't personally vouch for it.
Turn off LIVE PLUS
block internet for the tv from router
Enjoy.
That's what I have been doing for years.
You got a lot of replies already, but there's so much precedent. Plugging a Logitech mouse installs a network capable, autolaunch capable, pop up app for at least the past 10 years. LG's thing seems grodier, but this has been common Windows-ism for a while.
I've had several laptops where audio just doesn't work even on rolling releases. Or the screen freezing up constantly.
This was all with relatively new hardware within the last year or so.
My issue with the Linux community is if you bring this up it's all of a sudden the fault of everyone but Linux.
The end user should of picked better hardware.
The hardware OEMs should of shipped Linux support.
The end user is lazy for not installing an RC kernel.
Macs are great, but my current workhorse computer has a 2TB SSD, and only cost 550$ with the SSD upgrade.
Vs 2000$ for the cheapest MacBook with a 2TB SSD
The rest of your comment is just as ignorant.
This is basically the same as downloading a program, running it and when it downloads garbage on your computer, complaining that Windows are dumb for allowing a program to download garbage.
What does a monitor even need a driver for? I presume if you plug one of these into a Mac or a Linux box itās still going to function.
The consequence of Windows having the blame is that one should not buy it.
Basically doublespeak.
1. Reset machine 2. Tap the BIOS setup key (often DEL) during the time before it boots. 3. Insert intallation media for a decent OS 4. ...
The saving grace of linux currently is that volunteers package most of the software, and they don't generally package malware. There is no structural guarantee there, and if we invite corporate interests to package at some point (like flatpack and snap wants to) this is 100% going to happen eventually.
The truth is that if you uninstall their software (and hopefully also if you just let the trial lapse, though I donāt actually know whether Defender Antivirus gets enabled automatically in that case) Microsoft will defend you against the lunch-eating bad guys just as well as McAfee, for free.
That easily qualifies it as fraud.
For that reason, Iām willing to call it a scam when preinstalled or otherwise installed without user intent. I wouldnāt call it a scam if people installed it deliberately (though I would still disparage it and its tactics).
The monitor only sends a unique device ID, everything else is handled by Windows.
Disabled LG & Switch App in taskmanager auto start, and set to Manual for all 3 LG process names in Services.
A lot of bad karma, for such an buggy monitor that doesn't even work properly till you turn off the silly power-saver auto-dim mode. =3
System > About > Advanced System Settings link > Hardware tab > Device installation settings
Do you want to automatically download manufacturers' apps for your devices?
set to No
The default setting has been "Yes" for a very long time but most monitors over the years have simply used the default plug-and-play Windows monitor driver instead of installing their own. Triggering no additional downloads for the life of most computers. It just so happens that monitor manufacturers better adhered to the Microsoft guidelines for hardware compatibility earlier and more adequately than most devices. This might very well have been a reliability tactic since graphics drivers were still quite a moving-target shitshow, which in some ways is still ongoing.So people have mostly never gotten accustomed to monitor drivers having any consideration at all, while drivers for graphics themselves and other new hardware has often had some associated downloads that people have become familiar dealing with.
Looks like LG finally took this long-standing opportunity to do some deeper enshittification than previously imagined. Simply taking advantage of a domino effect that has been lurking for decades.
A couple other related gpedit options if you don't even want the drivers themselves to change after you have gotten them correctly installed:
gpedit.msc
Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication settings
Turn off Windows Update device driver searching
Set to enabled
OK
gpedit.msc
Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage updates offered from Windows Update >
Do not include drivers with Windows Update
Set to enabled
OKArch Linux's AUR was recently hit by an actual malware supply-chain attack[1], which I would claim is arguably worse than adware. NPM is regularly in the news for supply-chain attacks. And then there was the XZ utils debacle in 2024. I concede that Microsoft is in part responsible for facilitating something like this, but just because something is free and open-source or based on Linux doesn't make it a universal panacea for malware or supply-chain pwnage.
[1]: https://lists.archlinux.org/archives/list/aur-general@lists....
I still remember the massive amounts of crapware installed with video cards, printers (hello, HP), and just about anything where the manufacturer can squeeze some money from.
But in case of LG TVs, they record your activities in EU too. You can opt out, but the settings has a very non-descriptive name ("live plus") and resets by itself when you are not looking.
https://www.consumerreports.org/electronics/privacy/how-to-t...
Ads aren't free, so yes, it would stand to reason that people in the largest consumer market in the world might garner more ad spend.
edit: like if a game doesn't work, I no longer spend hours trying to fix it, I don't go ranting on the internet about it.. I just uninstall and play something else. Really simplifies things if you can detach from gaming as a core identity anchor.
I donāt think itās a loss leader but Microsoft gets almost nothing from OEM Windows licenses and basically nobody buys it retail.
This is not coming to the Linux world. The moment this sort of thing happens, distros get forked.
A driver shouldn't be a front-facing program that shows ads of any kind. It should be sandboxed and follow strict APIs to talk to the OS and that's it - any extra options should be shown inline in the main e.g. printer or mouse dialog.
Because alternatives are much worse or not available for scenarios people need.
There, I've said the obvious.
I think everyone in the HN crowd knows that.
> the blame should be on Microsoft
No, they blame should ALSO be on Microsoft, they are the enablers.
When do we start calling out this crap?
I remember Windows keeping a cache of autodownloaded drivers ("Driver Store") and reinstalling them when the device is plugged in, so the mouse bloatware kept on coming back.
Is this still the case?
Not really. AutoRun ran whatever was on the USB drive, with no oversight. This installs a driver from a company that's supposed to be reputable enough to get their driver signed by MS and pass validation. LG breached that trust here.
The understanding should also included that unless LG actually asked Microsoft to implement this autoinstalling malware, it wouldn't have been installed by itself.
I think parent commentator is making the argument that they don't want to financially support companies who engage in these sort of things, regardless if this particular scenario applies to their environment or not.
What's frustrating about that is that Microsoft has also gone out of their way to make it difficult to access the [legacy] System Properties (sysdm.cpl), while not fully reimplementing all the features into the Settings app. Including this one.
They've only been working on this 10+ years...
You could choose to buy from another vendor, but other vendors have the same incentives to abuse your trust in the same way once they manage to persuade you into running their proprietary software on your machine.
I doubt anyone would bother getting into programming with ms tech unless they just happened to run it on their desktop.
When I used to do that, North American traffic got ads 100% of the time. European traffic might get ads 5% of the time. Otherwise, there were few advertisers that cared.
However, this was back before Google AdSense upended the industry, and you could still make a living showing one static ad per page.
Typically, the Windows update server downloads packages mapped to hardware IDs in the background. Since LG's business in Korea has been failing and their AI efforts are stagnating, they exploited their McAfee partnership marketing as a pipeline. Windows' Plug and Play does make development convenient. The DX experience is good.
Linux is quite fragmented. That's good from a 'my computer' perspective, but not from a 'product' perspective. And then there's the jitter issue. Windows has stable paid solutions, while Linux has version discrepancies.
In fact, the reason Linux is considered secure is simply because hardware vendors haven't standardized enough to build automatic deployment pipelines.
In programming terms, we all know singleton is bad, but for Plug and Play, it's overwhelmingly convenient.
Firmware updates for devices are not a thing in your world?
In this case, ads are even a product people actively want to avoid, but it's still unsettling to be undesirable. Imagine banning smoking and then getting upset that Philip Morris doesn't want to sell to you anymore.
Ads aren't free - this isn't a "theory," it's basic economics. Cost can be political (you cause the entire EU government to outlaw the practice) or monetary.
> If that theory is true, does that mean TVs sold in the European Union then have more ads than TVs sold in China
Probably? The markets have little overlap, but again, this is a function of cost. Where people have more money to spend, I have more money to spend on ads, or more money to spend on campaigning to be allowed to show ads.
Wouldn't it require cooperation from the distros anyway? You say "HDMI and DP also have two-way communication channels", but that doesn't force the OS to communicate over those channels. And it also doesn't force the "mapping of packages to hardware IDs" to be what the hardware manufacturer wants it to be.
Right away, with numerous distributions like Ubuntu and Arch, it's hard to account for all the possible cases from a production standpoint. But Windows has very few versions. As long as you pass Microsoft's standard specification, it just runs on Windows. That difference is huge. What you're saying is ideal, but when selling a product, time is money.
In other words, to summarize our conversation:
'As you said, separating them is the right thing to do. But UX Uesrs basically wanted that kind of deployment authority, and in the process, the problem of abusing it arose.'
It's a beginner level problem, but at the same time, it's also a difficult one.
Spoiler: LG TVs sold in China also seem to have more ads than the LG TV we end up buying in Europe. Seemingly (https://news.ycombinator.com/item?id=48957229) with Samsung it's the same. Even though EU is a larger consumer market than China, so obviously your theory doesn't hold, it's something else than "Bigger consumer markets === more ads in UIs in TVs".
Cost is my "theory." A larger market can sustain larger ad spend, and in some areas it's cheaper to make larger ad buys. Both are true.
Also, "larger market" obviously implies a category-specific qualifier. People in the United States might have more of an appetite for televisions than people without running water - news at 11.
> Spoiler: LG TVs sold in China also seem to have more ads than the LG TV we end up buying in Europe.
"Spoiler:" is an unnecessarily cunty way to lead a declaration of fact with zero objective accompanying evidence. Any citation you care to provide?
"More ads" is already a pretty subjective, ill-defined thing. More screen time? More individual advertisers? More unique advertisements? Larger screen area?
Not really, the question I posed initially was a casual one, based on reading around basically. I'm guessing you then have a citation handy for the US LG TVs having more ads because the US is a bigger consumer market?
> "More ads" is already a pretty subjective, ill-defined thing. More screen time? More individual advertisers? More unique advertisements? Larger screen area?
If you open up the TV home dashboard, do you see ads? On my LG TV I don't, looking at screenshots from LG TVs in the US, there seems to be.
I wouldn't put it past most of these companies.
I can't control the world. But I can share my opinion on the matter . I think as long as we accept this poor behaviour companies will have more and more incentives to do it. And worse than that, they will also keep attacking the good folks
I think literally the only driver Iāve installed for any accessory of any kind is the config utility for a Stream Deck. I certainly never install mouse (thank you Steermouse!) or printer drivers, let alone a monitor driver of all things.
Except for every printer, some popular GPUs, Microsoft's peripherals...
It all comes from the increasingly widely held idea that the user should not be the ultimate authority over what should run on his computer. The OS vendor should have a say. Third party developers should have a say. Device manufacturers should have a say. Anyone except the user, who is just a passenger on his own system. And this mentality is not limited to Microsoft.
For years, Dell's / Realtek's software had an unpaged memory leak somewhere. If you were using a screen reader (I guess they must interact with audio devices in some very specific way that Realtek hasn't accounted for), your system would eventually run out of RAM and BSOD. They didn't fix this until Microsoft and a few screen reader vendors intervened. "Don't buy Dell" was a standard recommendation in the blind community for years, which didn't help if you had a work PC with no local admin.
You said click. This happens without clicking anything.
Oh, yeah. Bought this overpriced but heavily hyped Razer mouse and it wouldn't even work right until it had an internet connection. A MOUSE. I'd never encountered something so blatantly customer hostile in my life. Never even looked at another Razer product, never will, and will tell anyone who will listen that Razer is a terrible company full of objectively terrible people.
This worked greater with being an IT consultant. The client's machine to run smoother and drivers installed fast since they would buy multiples of the same equipment at once.
Now I only use Linux on personal equipment. You have to pay me to use Microsoft products. Microsoft has become shit-ware.
To me, it seems like LG is the one to blame.
Even worse, this one is installed via Windows update. I have an LG monitor and noticed the stupid LG app all of the sudden, uninstalled it, and saw it pop up again as an update in Windows update.
Microsoft is actively enabling this behavior.
The latest driver registered with Microsoft for the product you're going to spoof would need to have a vulnerability to exploit. You can't supply any driver.
But you can't pretend to be any vendors id, only the ones with vulnerabilities. And the drivers or spyware will be downloaded by windows from the vendor's site, not from your peripheral.
But yes, usb device identifier is done through software/firmware.
I'm curious what you mean by this. I'm not necessarily rejecting the point, but I also don't see how this could happen without substantial shifts in the industry first.
These days? Unless there is a specific piece of software that can't run on Linux (or under Wine), and there is no suitable replacement for it? Yeah I don't know why you would voluntarily stay on Windows (note voluntarily, if IT policy says you must that doesn't count).
IMHO the big difference is in enterprise Vs personal Windows, enterprise Windows can genuinely be a very lean, fast experience that is great for work. But my personal PC running windows is very firmly in the "I wonder what the latest update will break" teritorry.
I installed Debian 13 recently. The first time I opened Firefox ESR (installed by default), I got something that looked like adverts on the home page (banner blindness means I have no memory of what they actually were, only of the feeling of disgust). The Home section of the Settings page had options for "Sponsored shortcuts" and "Sponsored stories" enabled by default. Changing a default setting is a lot easier than forking software, yet it was not done.
There are millions of indies out there. Some are worth the time. It's a bit of a problem to figure out which though.
> Haven't played online multiplayer games since ~2013
I don't think there are any non predatory online multiplayer games since 2013 :)
And there are many online multiplayer games that would have been really good as single player.
This is also why the bazaar model of Linux distributions is beneficial. You get more choice.
Windows users think of the driver as what makes the hardware do what everything in its class does but subtly different and somehow glued to a command center with its own unique and bad GUI auto started, in the tray, with its own update schedule, and ads.
Because windows update automatically installs the garbage when the device is connected.
Microsoft could control the content of the software it automatically installs, but they don't. That's the issue.
Apparently so they will be one step ahead of you in case you decide to plug it in again sometime.
Graphics cards can do this too, you remove the card and go back to the motherboard's built-in HDMI port, then one day here comes a big update for the non-existent graphics adapter.
I would think everyone in the HN crowd would be aware of HEAC, the hdmi Ethernet channel, etc.
With full access to the hosts tcp/ip stack, weād do well not to overlook the potential vectors for a monitor to install software on your computer⦠especially when the operating system is complicit.
I actually did not. I know there is some degree of two-way communication over HDMI/DP, and was curious if this was how the software was installed. I think discussing the technical details is a great use of the HN comment section.
(Wifi enabled display device -> HDMI -> Device) would be an incredibly interesting attack vector.
Many generations of Roccat peripherals were usable this way on Linux, thanks to the work of one generous volunteer who reverse-engineered them.
Companies like Logitech don't store their devices' configs in firmware in a way that "forces" you to run some additional shit to use all of their features (some features aren't implemented in software). It's a convenient excuse that allows them to push their spyware onto users, but it's totally unnecessary.
A vendor that was actually "user friendly" in the deep sense (opposite of "user hostile") would do this themselves; configuration would be upstream-first via libratbagd or whatever, and then they'd provide their own configuration interface as a value-add for a uniform cross-platform experience, or in areas where they thought they could provide a better UI than the design principles of KDE and GNOME, or so that they could have a uniform interface to refer to in their documentation.
I think you overestimated how reputable is enough.
Yes there are other options: gitlab.com, some project specific gitlab instances (freedesktop for example), forejo / codeberg, and the Linux kernel is off doing it's own thing with mailing lists instead. I even come across code on SourceForge every now and then still. But all of these are super niche.
What were you actually trying to say?
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions
The keys I have right now are all REG_SZ (strings), and in order of "1" through "5", are:
---
1. SWC\VEN_DELL&DEV_AWCC
2. SWC\VID_DELL&PID_AWCC
3. SWC\Alienware_Command_Center
4. SWC\AWCC
5. SWC\VID001&PID0001&AWCCWINUI3APP
---
Nothing short of this prevented "Alienware Command Center" (AWCC.exe) from pushing itself onto my machine because of my Alienware OLED monitor.
I should note it's possible to shoot yourself in the foot there; I had entries 6, 7, and 8 blocking SWC\Generic, SWD\GenericRaw, and SWD\Generic ā and that prevented Audio Endpoints from being mounted...
This is fairly easy to do by just not buying the absolute latest hardware. Installing something like Fedora in a 8-12 month old laptop I just can't recall last time I had issues.
In other words, Stallman was right, and proprietary software developers have too much power over users. And they inevitably, sooner or later, leverage this power for (more) profit, even if you paid for the product.
No third-party installs, ads and spywares!
Actually, why not? The driver could declare a list/tree of extra configurable options, and windows could generate a configuration dialog for them. I think this is already is thing in Windows for NICs, I remember seeing TCP offload options when I go into properties for a NIC in the device manager.
You just need to make it a bit more accessible to non-tech users and with more modern control options such as colour wheels for RGB.
And the Linux software for these sort of devices (when such software exist) don't tend to be as bloated. Usually the driver just exposes some control files under /sys and someone else builds a GUI or such on top. But there is no reason you couldn't also expose a schema that describes what the options do to make a more generic GUI for those.
For drivers installed automatically via Windows Update? Absolutely yes.
For software the user installs manually? No.
A USB attack-widget isn't limited to just one VID:PID pair. It can present itself as as hub with as many VID:PIDs behind it as is useful. (This isn't new or exotic functionality; the very first USB thumb drive I ever owned did this as a built-in, maybe 20 years ago.)
So, for instance: A single physical widget can present as a thing that makes Windows install vulnerable software, and as a keyboard that issues commands hook that vulnerability, and as a storage device that provides a payload, while also [or ultimately] appearing as the fully-functional device that the user actually intended to use.
Game over.
The end-user might see a brief flurry of stuff happening while this goes on, but that's no big deal: End-users are already accustomed to seeing that kind of thing when new hardware is introduced, and clicking whatever button it is that they're required to click in order to proceed.
The BSDs have config, Linux can run without module support.
All accessibility stacks sucks in some respect, but Linux's sucks most of all, and Wayland people in particular don't seem to be willing to compromise on security (which is required for accessibility to work).
Yeah, I know, it's not the same as "knowing" a system when you just copy paste terminal output, but if it solves a problem and converts 1 more person to Linux from W - that's a win.
The problems tend to be in the userspace software that's also installed with the driver. Sometimes there's also some pretty derpy stuff where the driver wants to talk to the userspace software but there's no validation/verification and that opens up a big hole.
So nobody is installing "monitor drivers" for Linux, but they're probably frantically installing packages trying to fix some random issue.
Which is usually at least 2x as much if we're talking about buying a System 76 laptop.
Windows laptops go on sale very often.
Although I will admit I have an HP laptop I brought last December that worked out of the box with Ubuntu. Nvidia drivers and all.
MS-Windows GUI has cashed on this unawareness since 95. "My Computer", "The computer needs to restart"... Being deliberately incorrect to add to the existing confusion.
I genuinely don't know, got curious and went to typescriptlang.org to find some "About" page or "Governance" or something else, but couldn't find anything at all about it. It was exclusively developed by Microsoft for two years, and with no other clear governance/decision structure today as far as I can see, doesn't that exactly mean that Microsoft controls the entire "organization"? It's not clear what "organization" you're referring to either, the GitHub organization? I'd assume that's also 100% Microsoft controlled.
I think it helped Microsoft historically that people used their operating systems at home, although even then a lot of people would have learned Windows at work or school first.
Which I fell for. Fool me once and all that...
There was a good keynote on the topic 5 years ago By Timothy Roscoe
https://www.usenix.org/conference/osdi21/presentation/fri-ke...
Second, we're not talking about the drivers per se, as those aren't what shows you ads, it's the configuration software and accompanying crapware. Did you get that? I'm guessing no, based on your comment.
Third, there are capability-based kernels, microkernels, drivers that are allowed into as restricted bytecode, IOMMU, and several other layers of security. Do you know that? I'm guessing no, based on your comment.
My phone still didn't come with a functional paint or notepad apps. Google docs is a horrible experience on phones (but at least it works now - a few years ago it was straight up unusable).
And you're telling me that this is the only computing platform for a lot of people? How is everything still so unusable about it then?
My experience tells me that everything mobile is basically an afterthought outside of a few dozen websites and I guess phone games.
Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions
Prevent installation of devices that match any of these device IDs
Set to Enabled
Enable Also apply to matching devices that are already installed
Add the following two IDs: MONITOR\DELA246
SWC\VID001&PID0001&AWCCWINUI3APP
IMO this is especially heinous as Dell have registered the AWCC.exe software component as a hardware 'device' within the device tree that needs its own 'driver'. Methinks Microsoft need to tighten the noose on these annoying OEMs.What happens when they install Ubuntu and the Wifi doesn't even work ? An experienced Linux user might figure it out.
A new user would, very reasonably, assume Linux doesn't work and reinstall Windows.
To be fair, I had stretches of 2K, XP, 7 and 10 working acceptably.
On Windows out of the box they kind of work, but you really need a manufacturer's software suite to take full advantage of them, and that software suite is, surprise, an advertising and analytics platform, a situation I think both Microsoft and the peripheral manufacturers are very happy with.
Traditional CADT means features get lost over time.
It is not immune from these forces, just not a focus by the powers that be. Fewer developers remember the good old days of Y2Kas as well, meaning they donāt resist these forces instinctively, since they grew up in iOS captivity.
Note-taking works fine, in Google Keep, Apple Notes, or some other cloud equivalent. Yup, your data is in the cloud and owned by one of those tech megacorps, but most people just don't care.
Basic photo editing works okay too, in Google Photos, Apple Photos, etc. Ditto the cloud stuff.
What really makes most desktop users outliers is caring about, or even being aware at all of the concept of, actually owning your own data versus trusting cloud providers for everything.
Not to sound harsh, but you come at this with an somewhat old perspective, the same one I grew up with too and probably also retain too much of.
People don't open their phones looking for something like paint or notepad apps, they want a messenger/social network to connect with their family/friends which is most likely why they got the phone in the first place, and if they're "advanced", they'll even edit their own photos and images but via a whole host of various phone image editors. Sometimes the social network offers those things too, sometimes as separate apps, people use that sort of stuff instead of looking for "paint.exe" or tools to crop/edit images in a more, I guess "crude" way that you and I might be used to and favor still today.
And people say linux is too complicated for normal people because of terminal commands*
*which in reality no user is really forced to use, it just happens to be easier to share and copy/paste a set of commands than hundreds of clicks on a screen.
My solution is a casting device like chromecast or apple tv which works without apps and cables. Now I am extending the device's canvas for personal use case without the concept of app stores. AI can control the canvas, show multimedia content, open any website/app, and show you options to log in by extracting context, then control it.
So I can tell it to open netflix, it shows login options on screen and once logged in, you can ask it to show catalog or play something by just talking to it.
It can connect and cast content to TWO external screens simultaneously, that I think is the most powerful feature.
https://github.com/evilsocket/opensnitch/wiki/monitor-method...
What we're saying is this shouldn't be allowed by the OS to begin with. Not to merely use the peripheral in any case.
Whether Microsoft is happy with allowing it, is another matter.
Perhaps some law accompanied with hefty fines can make them less happy doing it.
Razer was never "definitively better". It's merely competitive with other top ones, that's all. Before G700, Logitech even had a mouse with two sensors and was the undisputed king for FPS quite some time.
[1] EloShapes find similar: https://www.eloshapes.com/mouse/find-similar
I'm currently using a wireless ProtoArc mouse. Good shape, can adjust DPI on the fly, hasn't broken even after a year. I think it was like 30 bucks maybe?
Imo, the only thing Microsoft can meaningfully do here from their side is threaten LG with pulling all their drivers if they keep doing this.
It's easy: whatever is preinstalled will be guaranteed to work reliably. Worked for me.
If you're really interested in FPS performance and not just the brand, choose for the ergonomics first, it's not possible to recommend anything without knowing your play style, hand size etc. The shape and weight you like, and complementary feet and mat with the exact static/dynamic friction you need. Then check if the internals are good enough (they likely are) and whether there are any firmware issues like extra jitter on flicks or unavoidable debounce lag, then look at the required software. There's a ton of mice with excellent performance that are configurable without ANY software.
If you never want to change the DPIs, lighting, or button assignments, & etc then you don't need the software... so if what the hardware does out of the box is fine for you, then you don't need to worry about how trash CORE v2 is.
CORE v1 is okay, but still notably worse than the Model O software. I don't know why they farmed out the development of CORE v2 to "the CEO's middle-school nephew who's 'good with computers'", but they did.
[0] ...they were originally called "Glorious PC Gaming Race" (in homage to the Reddit meme), but dropped that last bit from their company name a while back...
Logitech is a truly innovative company. They actually care deeply about ergonomics. They also introduced the first mass market application of programmable magnets (in the MX Master mouse scroll wheel) - that's incredibly advanced materials science.
I can't imagine the group doing this validation is sufficiently manned/funded; it's a cost centre, and the effects of cutting it don't show up for years.
This is unfortunately why I keep buying the Razer Deathadder Pro. It fits my hand perfectly and is super accurate. I hate their software, and the company, but the performance and ergonomics of the mouse are worth it to me.
https://www.eloshapes.com/mouse/compare?p=razer-deathadder-v...
https://www.rtings.com/mouse/tools/3d-model-shape-compare/3d...
Though there is a limit to how much you can effectively sandbox a driver for most devices. They do have a point even if they made it badly. I know you listed some methods but they don't generalize to arbitrary devices very well.
Currently I use their MX Keys Minis, MX Anywhere mice and trackballs. All are rock solid. Bolt receiver works great with Linux via Solaar allowing full suite of features.
Oh, Firmware Update Daemon supports Logitech hardware, too. If Logitech sends in new firmware, it pops up instantly to upgrade.
The software allows for fine-tuned settings, button remapping, etc. It is awful software, to be sure, but it's not necessary to use the mouse.
This is... frustrating. Multi-button HID devices are -arguably- easier to do than something that pretends to be both a mouse and a keyboard. I get that some games may not understand how to deal with mice that have more than four or five mouse buttons, it'd be quite nice if I had the option to set things up so that I can use them as buttons in games that know how to handle them.
We've had them for years. The mini has lost the button that lets you select speed, but other than that they're still great. For better than the various Logitechs I had before.
The only real downside is the bright flashing led patterns. I've gotten used to them.
>Though there is a limit to how much you can effectively sandbox a driver for most devices. They do have a point even if they made it badly. I know you listed some methods but they don't generalize to arbitrary devices very well.
Likely not, but the rarer cases could always be exceptions.
Most devices, screens, printers, mice, audiocards, etc should not have to go through this, at least not for basic functioning.
Which is why I like e.g. "class compliant" devices for example, whereas the configurations can be managed directly from the OS with no third party driver loaded. Some of those do come with the custom proprietary driver, but for most I don't even bother installing it.
At least one person has put together a good overview of what they think is happening: https://www.youtube.com/watch?v=v5BhECVlKJA (details in video description)