LG Split Screen Software Compromises System Security

jones_supa writes: The Korean electronics company LG ships a split screen tool with their ultra wide displays. It allows users to slice the Windows desktop into multiple segments. However, installing the software seriously compromises security of the particular workstation. The developers required administrator access for the software, but apparently they hacked their way out. The installer silently disables User Account Control, and enables a policy to start all applications as Administrator. In the article there is also a video presentation of the setup procedure. It is safe to say that no one should be running this software in its current form.

Re:Chinese or Indian Devs?

[MichaelSmith]

Korean more likely. Software architectures of theirs I have seen are a mess of hacks and patches.

Brian Fox is a Black Man

Brian Fox wrote the GNU Bash shell. If you've ever used Linux or OSX, you've used his software.

Re:Brian Fox is a Black Man

[hcs_$reboot]

What is informative, that he is a Black man, or that he wrote Bash? I'm happy to know that Brian Fox is the author of bash, a nice addition to sh that I'm using every day, but why the need to specify he is a Black man? Is it an American thing?

Re:Brian Fox is a Black Man

Now gangsta-ass niggas come in all shapes and colors
Some got killed in the past
But this gangtsa here is a smart one
Started living for GNU and he'll last

Re:Brian Fox is a Black Man

Yes, it's an American thing. It shows how Black people can do real useful work like writing Bash, instead of just being President.

Re:Brian Fox is a Black Man

[wbr1]

It's in response to the trolling,racist, parent comment. That is why his race is mentioned. It to s not obvious the comment has a parent since the author removed the re and changed the title. Click parent on that post and see for yourself the anus of society.

Re:Brian Fox is a Black Man

Seems niggers also don't click the "Parent" link to see the post being replied to.

Re:Brian Fox is a Black Man

You don't have to be black to be a nigger... A nigger is black (or white or brown) who 1) wears his pants down around his ass, with his tighty-whiteys showing, 2) wears a baseball cap backwards, 3) has that (c)rap noise, they call music, turned up full blast from his 4) car with tiny tires and suspension that drags the ground, and most importantly 5) sucks welfare money from working folks... THIS is a nigger..

Re:Brian Fox is a Black Man

[penguinoid]

I'm happy to know that Brian Fox is the author of bash, a nice addition to sh that I'm using every day, but why the need to specify he is a Black man?

Because someone was bashing black people's programming skills.

Re:Brian Fox is a Black Man

It really does not matter what race Brian Fox is. But it also is not a bad thing to state his race. Stating someone's race in a positive or neutral context like this comment should never be questioned. Take pride in whatever race, gender, disability status, orientation, etc. you are instead of all the people who "bash" others for physical attributes about them. (Sorry about the pun.)

UAC - A Double Edged Sword

[some1001]

I realize that the software probably shouldn't have disabled UAC out of the box without at least informing the user, but having worked on some out-of-process COM applications (yes, legacy) in Windows Vista/7/8/10, UAC can be extremely frustrating. The biggest issue is that having UAC on creates a different user context between user and admin. If I execute a program as myself with admin privileges, it is not exactly the same as executing the program as myself without admin privileges.

For example, if your user with admin priveleges creates a COM component, that component may not be able to be accessed by a non-admin context even though your user may be in the local administrators group, DCOM Users group, etc.

I wouldn't be surprised if LG ran into a COM issue with Windows and decided to make the program for reliable for the user by disabling UAC instead of resolving the problem in a different way.

Re:UAC - A Double Edged Sword

UAC doesn't work like that.

Re:UAC - A Double Edged Sword

[thegarbz]

since most Windows programs are written incorrectly

What a load of garbage. I rarely if ever see UAC prompts other than installing software. This goes for programming tools both well written and poorly hacked together, all manner of internet related things (reads browsers, Acrobat, flash, etc) remote administration tools, games, office productivity applications, even my explorer replacement program doesn't bug me with a UAC prompt.

In fact the only program I've ever used that needed UAC prompts was a custom VPN tool, and it only needed UAC because it had the ability to tie into windows settings and modify the system's own L2TP VPNs on top of providing an OpenVPN client, something that requires elevated privileges to do.

What you're saying I haven't experienced since maybe 2-3 months after Vista was released. So please share some more details on what exactly you are doing that makes a UAC prompt appear every time you move the mouse, and which of the many millions of programs on the PC actually require administrator to run?

Re:UAC - A Double Edged Sword

If I execute a program as myself with admin privileges, it is not exactly the same as executing the program as myself without admin privileges.

No shit, Sherlock. Here's a clue: you're supposed to be writing the program as if the user did not have admin privileges so that sysadmins and home users can properly run a locked down system with your software.

Frankly, I wish M$ had won their anti-trust trial just so they could strong-arm the crapware writers like Adobe, Norton, various extremely shitty HW OEMs that write extremely shitty drivers, and the goddamned parent poster so that Windows can move to a proper root vs. non-root security model.

Re:UAC - A Double Edged Sword

[ATMAvatar]

If you need to use COM components, and you don't want to require admin rights, you register them in HKEY_CURRENT_USER instead of HKEY_CLASSES_ROOT. After that, it just works.

The sad part is, it would have not have taken any more time to Google that than to find how to disable UAC through the installer.

Re: UAC - A Double Edged Sword

[DigitAl56K]

Yes, a component in an admin context may not be accessible to a component used by user in a non-admin context. This is called a "security" model, and prevents the non - admin process manipulating the admin-context process to do things it shouldn't be able to do. You make it sound like a quirk, but the entire design is that "non elevated components can't talk to elevated components". Try starting Notepad as admin and dropping a text file on it from the non - elevated explorer view, it won't work by design.

Re:UAC - A Double Edged Sword

[dwywit]

Unlike linux of course, where you only need to sudo anything worthwhile.

Which is why I immediately su every terminal session.

Re:UAC - A Double Edged Sword

I'd tell you why that's a horrible idea, but I think it'll be more fun if it's a surprise.

Re:UAC - A Double Edged Sword

whoosh

Re:UAC - A Double Edged Sword

[epyT-R]

We found the last lindows user..

Re:UAC - A Double Edged Sword

On my wifes computer I have installed about 600 games that I have bought her over the years.

There is maybe 10 or so of those that need UAC. I even run her in a lower privileged standard user account. Those tend to be win9x games. She rarely runs into it. Her biggest issue tends to be the games that do not work with the nvidia chipset or the intel chipset but it is trivial to fix. I run into it a decent amount on her computer when I am installing things for her to use.

On my personal computer I only run into UAC when doing 'admin' sort of things. I do it quite a bit, and run into it 2-3 times a day. But that is because I am doing ADMIN type things. I expect it to pop up. Because I like tweaking my computer to see what I can break/fix. I do the same thing in linux with sudo.

It really depends on what you are doing.

Re:UAC - A Double Edged Sword

[gstoddart]

The biggest issue is that having UAC on creates a different user context between user and admin.

That's kind of the point. Sudo does the exact same thing.

Running everything as the admin is idiotic, because everything you do is as admin, and the machine is wide open. Back in the bad old days of Windows everybody was always admin ... we keep malware out by not running as admin.

If you need to be logged in as the admin, be logged in as admin to do only do the tasks you need.

Saying "oh noes, teh COM says we have to write teh sux04 security" sounds like someone did a cheap hack to accomplish something they couldn't actually do.

This sounds like crap software which incompetently implements a feature, and achieves it by stupidly disabling any sense of security.

This makes any PC running this crap so outrageously insecure that there's imply no excuse, and sure as hell not "well, they had to use COM, so they had to suck".

That's essentially malware.

If legacy apps on these systems need UAC disabled, stop using them, or stop pretending you still have a viable product.

If you're selling shit which makes everything admin, you're criminally incompetent.

Re:UAC - A Double Edged Sword

[dwywit]

Well, if "sudo make" won't execute, but "su", then "make" does execute, and I'm the only user, member of root and other needed groups, what else do you suggest? I want to compile and execute a program, not re-write the configuration scripts.

Re:UAC - A Double Edged Sword

"If I execute a program as myself with admin privileges, it is not exactly the same as executing the program as myself without admin privileges."-- Why in the of all that's holy would you EXPECT it to be? Does the phrase "Separation of privilege" not mean anything to you?!?

UAC is the result of people who can't be bothered to write code securely, and crapped all over Windows XP and it's complete lack of a security model for years.

It's about the only thing Windows has done even remotely close to right for security since they released a desktop OS.

This is why everyone howled about Vista-- Microsoft dropped the hammer the way they should have in 2001, and required people to actually try to write their code in a secure fashion.

Re:UAC - A Double Edged Sword

Stop running crap people hacked together in visual basic.

Re:UAC - A Double Edged Sword

[dAzED1]

As others have said...the "problem" you're describing is *exactly the farking point of UAC* - it's *intentional*. of course the context is different - that is almost completely the entire design concept of UAC, and as an infosec and 20+ year UNIX guy, I personally appreciate UAC in windows when I'm forced to use that OS (which is all too often). UAC isn't a bad thing, it's a *good* thing. And if you can't get your program to work with UAC, either you're bad at design, or your program shouldn't exist.

Re:UAC - A Double Edged Sword

Why in the world would you categorize Acrobat as an "internet related thing"?

Re:UAC - A Double Edged Sword

What in tarnation is the matter with your configuration (or with your makefile) that you need elevated privileges for "make"?

Re:UAC - A Double Edged Sword

[dAzED1]

/what/? I run make all the time on systems where I don't even have the /option/ of running sudo, much less have to actually do it. What the hell is wrong with your code? How in the world could that be required?

Re: UAC - A Double Edged Sword

[Voyager529]

The problem is that it works both ways. For example, if a non-admin user has smb://foo/bar mapped to z:, but the admin user does not, attempting to make a scheduled task running as admin that involves data in z: will fail, because admin doesn't have it mapped. If you go to %userprofile% in an elevated command prompt, you go to Administrator's profile folder, not the currently logged in user. "non-elevated being unable to talk to elevated" is the 'by design' situation you speak of. 'elevated being unable to talk to non-elevated' is another.

Re:UAC - A Double Edged Sword

[dwywit]

'taint my code. I'm trying to set up a simple, open source digital cinema package generator - http://dcinemaforum.com/forum/...

I want to make it possible for local independent producers to put together a DCP so it can be projected on our community digital cinema system. The server ONLY accepts DCP, so if you've made a short film and want it shown, I have to do a dance with a DVD player and the projector, instead of being able to use all the nice automation provided by the d-cinema server - things like sponsors' slides, "please turn off your mobile phone", automatic aspect ratio selection, and so on.

Anyway, I've tried the open source workflow on 7 linux distros running as virtualbox guests - Elementary OS (recommended), debian, mint, ubuntu studio, Fedora, OpenSUSE, and Mageia. NONE of them has provided a smooth run - some of the open source packages come as binaries, some need compiling - I have no problem with that, but each linux distro has thrown some obstacle in the way, and it's mostly been compile failures because something somewhere expects to write to some directory for which it doesn't have permission - even when using "sudo make". I "su" then "make" and it works.

Re:UAC - A Double Edged Sword

but a "make Windows usable" program, since most Windows programs are written incorrectly, so you get dozens of UAC dialogues every time you move the mouse, and nothing works unless it is run as administrator,

That's not true at all. Even with Vista, which had more aggressive UAC, it was never even nearly that bad. With Windows 7 and newer, for the most time one gets a UAC prompt only when an installer needs elevated privileges.

Re:UAC - A Double Edged Sword

Unlike linux of course, where you only need to sudo anything worthwhile.

What is incredibly dangerous with Linux is that usually the superuser password is the same than the normal user's!

Re: UAC - A Double Edged Sword

You seem to be confusing users with contexts. If you open an admin-context command prompt as a user with admin privileges then %userprofile% takes you to that user's home folder as expected (at least on Win7). A user without admin privileges cannot open a admin-context command prompt. You are describing opening a command prompt as a different (admin) user rather than opening a command prompt in an admin context.

Re: UAC - A Double Edged Sword

[Dog-Cow]

The mapped drive situation is working as designed. You're implying that it should work, and that's just opening up for a hack. It's like having non-locked down paths in root's PATH. What happens when the user remaps Z: to point to another drive with specially-crafted data in it?

Re:UAC - A Double Edged Sword

[jonwil]

The only times I tend to see UAC prompts are for software installs/update, changing system or privileged settings (e.g. anti-virus settings), running certain older software (games mostly) that need admin rights for some reason or running certain pieces of software that legitimately need admin rights to do their job (e.g. Process Explorer or the tool that I use to log GPU calls for a DirectX app)

Re:UAC - A Double Edged Sword

[kilogram]

I wouldn't be surprised if LG ran into a COM issue with Windows and decided to make the program for reliable for the user by disabling UAC instead of resolving the problem in a different way.

There really isn't any reason they needed to do this, besides incompetence or malice. I know, I develop commercial software that does much the same thing as their software.

I commented further down with more details regarding why.

Re:UAC - A Double Edged Sword

UAC does NOT get in the way of correctly written software, if you have to disable UAC to get your software to work it's because you didn't understand what you were doing.

I've come across a fair amount of software where the dev's tell me to disable UAC, add the user as Local Admin, even give the user Domain Admin, because I run secure environments those requests have never been granted and I have had to spend days explaining to the dev's how to properly write their code to work in a secure environment.

The problem is bad developers, I like to bash Microsoft as much as the next person but it's perfectly easy to write proper code that works in secure environments.

Re:UAC - A Double Edged Sword

If they won they would have had a possibility but they would still lack the will.

Re:UAC - A Double Edged Sword

[thegarbz]

Because just about everything in text that is downloaded on the internet these days spits out PDFs. It is now so prolific that each browser vendor actually started to write their own PDF interpretor.

Re:UAC - A Double Edged Sword

Usually the only step that should require elevated permissions when building software is the install step, usually with a separate run of make install. If the source uses autoconf tools that requires the run of a script called configure first then setting the environment variable PREFIX changes where it installs to making it trivial to put the software somewhere else completely such as the users home directory. I've run two completely different versions of apache http server on the same machine this way.

Re:UAC - A Double Edged Sword

> And if you can't get your program to work with UAC, either you're bad at design, or your program shouldn't exist.

If you hold security to a higher priority than designing a user interface that doesn't frustrate and annoy your end users then you're the one who's bad at design.

For example, I ship stuff through Ebay. When printing a shipping label, I get a Java window that's running some Pitney-Bowes shipping application. A few weeks ago, this stopped working and kept giving me a security error every time I tried to print. Maybe the problem was Pitney-Bowes, but to me the problem was Java, which had recently changed some security feature that you used to be able to disable. Not being able to disable this meant I couldn't ship anything, which was kinda important for my business. It took me hours to find a workaround that involved going into some deep part of the Java configuration and telling it 100 different Pitney Bowes servers... which I had to enter manually... were all exempt from the security checks.

Re:UAC - A Double Edged Sword

Looks nice I did the same with AutoHotkey except mine does a lot more because it's personalized for my needs.

A few examples for each placeholder -
Screenshots with or without effects using the ImageMagick api.
Crosshair with angle settings.
Transparency with hover increase/decrease.
Ghosting options "click through"
Position based macros, gestures, and hotkeys all control or post/send message based and non activating so it can do it's thing even if I decide to hide it.
Program,title,color at coordinates, and class based overlays for custom skinning on non skinnable software. I blame OCD for that one.
Window clipping "cutting out certain areas / remove or add title bar or borders.
Roll up/down/left/right partial or full with timed hover or click unroll.
Custom clipboard, templates, & sticky "thanks ditto I 3 you!"
Clipboard content based operations.
Cursor lock.
Infinite cursor looping.
Cursor speed & precision.
Cursor skin and sound theme.
Cursor drag lock. "for Photoshop"
Magnifying
Process priority.
Volume
Spell checking catch box overlay because dyslexia is fucking evil. :'(
Text expander.
Mouse and keyboard stats like distance total,distance x/y, key press total, individual key press, heat map, and time.

I've basically automated everything I've had to do more than once. Years worth of tweaks! Gotta love ahk with its ability to take care of the little things. ;) I only mentioned this because you might see something you'd like to add to your software.

Re:UAC - A Double Edged Sword

[tompaulco]

What you're saying I haven't experienced since maybe 2-3 months after Vista was released. So please share some more details on what exactly you are doing that makes a UAC prompt appear every time you move the mouse, and which of the many millions of programs on the PC actually require administrator to run?

It doesn't happen to me either because after the first day of dealing with dozens of popups, I turned it off.
I don't think I am going to bother with listing out the millions of programs which require administrator to run. I'm sure there is a site out there somewhere. I know i see far too many programs that SAY they need administrator, but maybe do not. Many programmers run as administrator on their own machines so they put in the documentation that the programs they develop must run as administrator.

Re:UAC - A Double Edged Sword

[geoskd]

There is maybe 10 or so of those that need UAC.

That is because those 10 games are malware games. They are most likely boting her computer, or worse. Just because you paid money for them originally doesn't mean they weren't intended to do bad things to the computer...

Re:UAC - A Double Edged Sword

[geoskd]

Well, if "sudo make" won't execute

Sounds to me like you downloaded something off the internet and now you're giving it free reign to do whatever the hell the author pleases with your computer. You sir have been pwned.

Re:UAC - A Double Edged Sword

[dAzED1]

ok, so a couple things. First, no distros are likely putting "obstacles" in your way - they're behaving appropriately, and whatever package you're installing is the thing to blame. As a senior software architect (I'm the infosec leg of the design board) if "something somewhere expects to write to some directory for which it doesn't have permission" then - that "something somewhere" was written by someone who didn't properly design their software - or at least, the installation thereof. Second, I a suggestion - try changing your base to /usr/local instead of /usr and seeing if that helps :P Hell, you might get me to try installing this myself just to prove it can be...lol

Re:UAC - A Double Edged Sword

On my wifes computer I have installed about 600 games that I have bought her over the years.

How long have you known this woman?
If I guess that you met her in 1995, it means you've bought this woman a new game roughly every two weeks for 20 years.
That's love.

Re:UAC - A Double Edged Sword

UAC doesn't work.

FTFY

Re:UAC - A Double Edged Sword

Ummm... No. Most likely they were coded poorly by people who THOUGHT they knew the correct way of doing things but didn't. I've seen a ton of that crap over the years.

Re:UAC - A Double Edged Sword

[Zaelath]

That just makes you a shitty Administrator; you shouldn't be updating production without testing for exactly that reason.

Re:UAC - A Double Edged Sword

[thegarbz]

You are not going to bother because the list is in fact small and the vast VAST majority of people rarely if ever encounter a UAC prompt. It's very rare that standard productivity / consumption software needs administrator privileges.

If on the other hand you've spent the last few years downloading nothing but malware then more power to you.

Re:UAC - A Double Edged Sword

[tlhIngan]

There really isn't any reason they needed to do this, besides incompetence or malice.

Most likely incompetence.

You have to remember, LG makes money on the monitor, they don't make money on the software. Once you buy the monitor, the software's just a bonus to help you manage the windows more effectively.

The problem is, this makes the software a cost center - so a company like LG would basically say "we need software to do this" and give you $0 to develop it. I.e., get the thing out ASAP and spend no more than a day on it (including any sort of "QA" you want to do). Remember, it costs LG money to make the software which they hope will sell a few extra monitors.

Disabling UAC is supposed to be "hard" in nature - Microsoft provides no API for it, so you have to actually go in and twiddle with the controls itself (trivial to do - just hook it to Spy++)...

Re:For when you're too cheap to buy two monitors!

[tompaulco]

But you still want to look like an asshole. Only egotistical narcissistic assholes use dual monitors.

I used to use a single monitor back when programs were written such that they didn't hog all available screen real estate while still somehow making it necessary for you to do 5 mouseclicks to get to any of the functions of the program. Back when 17" monitors were relatively new, I had a 17" monitor and I could have 3 or 4 terminal sessions going along with several Windows program and could work seemlessly. Now you are constantly paging because every single Windows program is unusable unless it is in full screen even though the number of white pixels is approximately 98%.

Reminds me of Sony's rootkit

The installer silently disables User Account Control, and enables a policy to start all applications as Administrator.

Holy fucking incompetence, Batman. This reminds me of Sony's rootkit, the one that tried to hide itself from AV software, but in doing so, opened up a huge hole that any malicious program could exploit. How does shit like this make it past any kind of review? What CIO/CTO says "hmm OK, gutting security on every customer's PC sounds like a great idea!" This approaches criminal levels of negligence.

Re: Reminds me of Sony's rootkit

The same CxO that says "hmmmm... I'm gonna leave this company in a vulnerable position, but I will make my bonus!"

Re:Reminds me of Sony's rootkit

[holostarr]

Most CIO aren't worth shit, trust me at the company I work for our CIO is a total fucking moron and god knows how he landed his job, I doubt its any different at LG.

Re:Reminds me of Sony's rootkit

Perhaps Microsoft could give the right to disable UAC only to the selected tools usually adjusting the setting. It could be like a certificate or a token of some kind..

Re:Reminds me of Sony's rootkit

I believe all they have to do is to simply run the necessary services as Administrator. No need to disable UAC for that.

Although, as someone else pointed out, there might be some COM flibbery-flabbery or some other stuff like that to take care of, which makes the implementation more tricky.

Re:Reminds me of Sony's rootkit

maybe they designed it this way so it would have passed review even if there were ever one.

Re:Reminds me of Sony's rootkit

[mpe]

How does shit like this make it past any kind of review? What CIO/CTO says "hmm OK, gutting security on every customer's PC sounds like a great idea!"

Maybe they simply don't care. Only that their program "works", regardless of the consequences.

Re:Reminds me of Sony's rootkit

[Agripa]

How does shit like this make it past any kind of review?

There is little or no criminal and civil liability for the company.

Re:For when you're too cheap to buy two monitors!

[ArcadeMan]

Now you are constantly paging because every single Windows program is unusable unless it is in full screen even though the number of white pixels is approximately 98%.

Have you tried inverting the colours?

Re:For when you're too cheap to buy two monitors!

[AchilleTalon]

Want a chocolate medal for the single monitor performance back in the good old days? Ever used punch cards as well? Or paper typewriter as a terminal?

I knew!

[Kickasso]

It is a well-known fact that all Samsung software is utter crap. I have long suspected that this statement should admit a nice elegant generalization, and here it is.

Jokes aside, why third party software should ever be allowed to change UAC settings?

Re:I knew!

[dwywit]

And why is third-party software allowed to install and run in the SYSTEM context? Even Administrator isn't allowed to terminate them.

If McAfee et al were nearly as good as they like to claim, I wouldn't have to uninstall them to run a decent malware scanner (after they've let ukash in), instead of just stopping them.

Yes, I know they usually have a "suspend protection" option, but I need it out of memory completely, and some of them still start in safe mode.

Re:I knew!

[arglebargle_xiv]

It is a well-known fact that all Samsung software is utter crap.

We're bashing LG here, not Samsung. It's their turn next week, after we do Microsoft on Monday.

Re:I knew!

Does it matter? They are both Chinese!

Re:I knew!

Does it matter? They are both Chinese!

Only if you consider Koreans to be Chinese.

Re:I knew!

[cbhacking]

What do you mean, Admin isn't "allowed" to terminate SYSTEM processes? Administrator (the user), or members of the Administrators group (after UAC) have exactly the same level of access as SYSTEM; SYSTEM is just a machine/service account, rather than a user account.

There are certain processes on Windows that the OS will prevent you from trying to terminate, but that's because they're critical OS processes, not because they run under SYSTEM. You can run Calc.exe under SYSTEM with a little effort, but killing it through (elevated) Task Manager is trivial.

Re:I knew!

Really? I thought Samsung is Romanian...

Re:I knew!

[dwywit]

Well, I must be doing something wrong, then. Start, run, taskmgr, right-click, run as administrator, right-click {AVG/Trend Micro/McAfee/Symantec} whatever their core process is called, "end process". "access denied". Check again, the account for said process is SYSTEM. Click start, run, services.msc, right-click, run as administrator, locate service/s, right-click. properties, can't stop 'cause greyed out, select "logon" tab, service uses SYSTEM account.

Start, run, regedit, right-click, run as administrator, HKLM\System\CurrentControlSet\Services\{whatever}, lo and behold, the only permissions are for CREATOR OWNER and SYSTEM.

The software installs so that Administrator does not have permission to terminate the service (without tickling permissions in the registry beforehand). AVG, McAfee, Trend Micro and Symantec DO NOT inform the user that they or Administrator will not be able to start and stop the services.

Re:I knew!

[BUL2294]

We can't bash Microsoft on Monday--patch Tuesday is this week...

Re: I knew!

[Kickasso]

Just fetching adependency package, if you catch my drift.

Re:I knew!

[geoskd]

We're bashing LG here, not Samsung. It's their turn next week, after we do Microsoft on Monday.

Microsoft is Tuesday, its patch week. Apple is Monday...

Re:I knew!

[dAzED1]

and who is the "creator/owner" there? Probably administrators :) You're right though, AV software sortof has to work a bit umm...outside the proper flow, because Windows is poorly designed.

Re:I knew!

You have to get out more often - Both LG and Samsung are Korean not Chinese.

Re:I knew!

[Neil+Boekend]

Since /. delay is about a month this doesn't really matter.

Re:For when you're too cheap to buy two monitors!

Yeah I used to have that problem with some Windows software, then I hacked the source code to run it headless and log important stuff to a terminal, so I didn't have to look at its silly graphical window. Oh right, you're using closed-source software, aren't you, asshole.

I'll run it if I want, thanks

[wonkey_monkey]

It is safe to say that no one should be running this software in its current form.

I'd say it's safe to say that the software shouldn't have done this without informing the user, but if someone wants to run it while knowing it is less secure than might otherwise reasonably be expected, who are you to tell them they shouldn't?

I disable selinux and in some cases I always log in as root, because I've decided that's the way I want to do things - I'd rather have the extra convenience than the extra security.

Re:I'll run it if I want, thanks

[holostarr]

You must be thick in the head, that statement isn't ordering you to comply, it is simply advising users against running it. So by all means go ahead and run it and stop looking for reasons to complain!

Re:I'll run it if I want, thanks

who are you to tell them they shouldn't?

For their own protection.

A similar advice would be "It is safe to say that everyone should be using a condom with one night stands."

No one is forcing anything, but it is a pretty good advice.

Not again

[AndyKron]

I'm getting so fucking sick of this shit.

UAC is for idiots

[duke_cheetah2003]

As what I'd consider a 'power user', one of the first things I do is turn that obnoxious thing off. I understand it's purpose for being there, it's to protect idiots. Though if you've been reading the studies related to 'security popups', they're pretty ineffective anyway.

A program that magically turns it off for you is definitely a bad thing. However, from a power user perspective, its like.. 'um i don't care, it was already off.'

Windows simply wasn't built from the ground up to insulate the user space from the root space, and frankly I don't know if it ever can properly do that. The fact some program that can change the UAC settings is pretty huge example of why Windows has issues separating userspace from root space. It just simply can't do it right. Who's brilliant idea at Microsoft was it to provide any sort of API that can let any program (besides the control panel widget that lets you adjust UAC settings) adjust UAC settings? Some majorly FUD there. I think this is more Windows' fault than this stupid dual monitor program. No program should be permitted, regardless of it's permissions, to touch things like UAC settings.

Re: UAC is for idiots

Right on! I agree FUD = Fsked Up Design

Re:UAC is for idiots

[whoever57]

As what I'd consider a 'power user', one of the first things I do is turn that obnoxious thing off. I understand it's purpose for being there, it's to protect idiots.

You never heard of "drive-by installs"? And don't reply with "but I don't go to that type of website", because we have often seen that both ordinary websites and ad networks can be compromised to install malware.

Re:UAC is for idiots

[sinij]

I keep mine on. While it could be annoying, if you don't expect it to show up and it does, it is huge red flag for you to start paying attention.

Re:UAC is for idiots

[arglebargle_xiv]

As what I'd consider a 'power user', one of the first things I do is turn that obnoxious thing off.

And I appreciate that, I really do, although I wish you had less crap on your machine, it's slowing down the warez site I'm running on it. Some of the other guys have been complaining as well.

Oh, and could you at least write or call your mother once a week or so, I'm getting sick of seeing her nagging in your inbox.

Re:UAC is for idiots

[spire3661]

I dont mind UAC. Its just like sudo warning you 'think before you type'. Its a clear sign you are initiating a system level action.

Re:UAC is for idiots

[complete+loony]

So you don't like UAC, but you want there to be some things that a user can't change? But that's exactly what UAC is *for*. Preventing users from changing system settings. What, you want more than one kind of admin user?

Re:UAC is for idiots

[duke_cheetah2003]

So you don't like UAC, but you want there to be some things that a user can't change? But that's exactly what UAC is *for*. Preventing users from changing system settings. What, you want more than one kind of admin user?

No what I'm saying it the entire foundation of user/root separation in Windows is completely broken, has always been broken and I frankly don't ever see it ever being fixed to a level that linux has enjoyed since it's inception.

M$ and everyone using Windows has been trying to transform what started as a single user operating system into a multiuser operating system for how many years now? And I feel they still don't have it right and I doubt it will ever be right from the perspective of anyone who thinks *NIX has always had it right.

In a nutshell, I suppose I am trying to say, I am still using Windows as what it was originally designed to be: A SINGLE USER operating system.

And it kinda irritates me everytime Windows pretends to be something it's not. It's not a very good multi-user operating system. It's a FANTASTIC single user operating system.

Besides, why the heck do I want a multi-user operating system on a computer only I use? We've lost sight of making the right tool for the right job when it comes to Operating Systems, IMHO.

Re:UAC is for idiots

[duke_cheetah2003]

I dont mind UAC. Its just like sudo warning you 'think before you type'. Its a clear sign you are initiating a system level action.

I turn that warning off too. Annoying thing. I don't need to be warned, I do believe I know what I'm doing.

Re:UAC is for idiots

[dwywit]

"And it kinda irritates me everytime Windows pretends to be something it's not. It's not a very good multi-user operating system. It's a FANTASTIC single user operating system."

In a nutshell, you have it.

Re:UAC is for idiots

[duke_cheetah2003]

You never heard of "drive-by installs"? And don't reply with "but I don't go to that type of website", because we have often seen that both ordinary websites and ad networks can be compromised to install malware.

I'd love it if you showed me one of these. I've never seen one. I have yet to see any webpage that installed a malicious program onto my PC with me noticing or doing something to initiate the install. Please, show me, I'd very much like to see that because I never have. I use Chrome, so feel free to point me to whatever. I am really interested to see how this process works.

Re:UAC is for idiots

[DigitAl56K]

The fact some program that can change the UAC settings is pretty huge example of why Windows has issues separating userspace from root space. It just simply can't do it right. Who's brilliant idea at Microsoft was it to provide any sort of API that can let any program (besides the control panel widget that lets you adjust UAC settings) adjust UAC settings?

I hope you realize what you are saying here is the equivalent of a Linux user saying "The fact that some program can change permissions after I launched it as root is an example of a huge security hole. Whose brilliant idea was it to provide any sort of mechanism that can let any program I run as root do things a user who is root can do?".

This is an example of why UAC exists, in fact: A program that is not UAC elevated could not change your UAC settings (if you hadn't turned them off already).

Re:UAC is for idiots

[duke_cheetah2003]

erm correction needed, really need to proof my posts better: WITHOUT me noticing or doing something

Re:UAC is for idiots

[fisted]

So you have never noticed malware being installed without you noticing, uh-huh. That's the kind of circular reasoning I'd expect self-proclaimed "power users", running Windows no less, to engage in, indeed.
Also, you don't understand seem to understand the pertinent attack vectors for shit.

Re:UAC is for idiots

yet you're running Windows, which actively prevents you from finding out what you're doing. /facepalm

Re:UAC is for idiots

http://www.zdnet.com/article/google-chrome-hacked-with-sophisticated-exploit/

Their drive-by Chrome exploit launches the calculator. Since you have UAE disabled, the exploit could do anything on your system. For someone with UAE enabled, they'd get a prompt and a power user would know that they were doing nothing that should have triggered a UAE prompt. And it doesn't matter if an exploit exists right now or not. There's always the possibility of one existing in the future. Do you trust every Google developer? Do you trust every Microsoft developer? Did you know many developers have worked at both places? I've known near 20 people who've switched between the two. Do you trust Google writes exploit proof code or that the OS API calls it makes are prefect? Microsoft used to have a critical bug in how they handled mouse pointer icons. Websites used to be able to automatically change your cursor. It didn't matter what browser you were using, they all used the same OS API. Even software approved for life critical systems has bugs and that's ignoring if the requirements are correct or not.

You're not a power user, you're an idiot. One of the "it'll never happen to me" people who end compromising everything around them.

Re:UAC is for idiots

[jones_supa]

Well, I have UAC turned on, and never have seen it trap anything suspicious. If you are a geek and have common sense security practices (do not run spurious installers, do not have Flash plugin enabled by default, etc.), this stuff does not come to bite you in the ass.

Re:UAC is for idiots

[reikae]

A dialog that pretty much only appears when (un)installing software is hardly obnoxious in my opinion. Security popups may well be ineffective for most people, but as a power user I know when UAC prompts should and shouldn't appear; getting a prompt when one shouldn't pop up is a useful warning sign.

Re:UAC is for idiots

[DigiShaman]

Cryptowall 3.0 will hit your box via drive-by download if UAC is turn off. Unless you value your data (and that of the network drive you're mapped too), you really should leave UAC enabled!

Re:UAC is for idiots

[Mr+Z]

UAC pops up very infrequently for me. The few places it does, I expect it to. I would actually be a little squicked if it didn't.

Given the amount of piggy-back and drive-by malware out there for Windows, I actually kinda like it. Sure, I think I've hit 'Cancel' exactly once on a UAC prompt, but I've never had my Windows box infected with a trojan.

And yes, I consider myself a power-user. Hell, I've been running Linux on my personal machine since '93, and have at least two Solaris patches that I can point to for root exploits I've helped uncover. I architected the security system on an entire family of processors.

Re:UAC is for idiots

[Mr+Z]

Yep. I've disabled both Flash and PDF plugins, both of which are common attack vectors. I also run AdBlock, as compromised ad servers are a very common attack vector. Net result is that I've hit 'cancel' once on a UAC prompt that I didn't think was justified.

The thing is, even after a stint as a UNIX admin at a university—a hostile environment if there ever was one—and even finding a couple Solaris security holes that lead to root escalation, I still managed to eventually, one day, get a UAC prompt that didn't make sense to me, and so I mashed 'cancel'. I don't even remember what it was, but it points to the fact that you always, always need to be on your guard.

I really dislike the lack of control I feel when using a Windows box. All my personal machines at home are Linux boxes, except one WinXP system I use for specific tasks that require Windows. And on those Linux boxes, I do damn near everything as an unprivileged user. I only sudo to install packages that come from a verified source, such as the latest GCC.

Re:UAC is for idiots

[jones_supa]

I really dislike the lack of control I feel when using a Windows box. All my personal machines at home are Linux boxes, except one WinXP system I use for specific tasks that require Windows. And on those Linux boxes, I do damn near everything as an unprivileged user. I only sudo to install packages that come from a verified source, such as the latest GCC.

That's not any different to Windows box. You generally don't need Administrator privileges to do things.

Re:UAC is for idiots

I am a real power user and I never have to turn UAC off.

You are just another sad example of someone with a low skill set who does not understand how security works in practice and rather than learning just turns all the security off and then uses the excuse of being a power user as justification. I generally suss people like you out in about a day and boot you out the door.

I have educated many IT guys in how to properly work with UAC and least privilege environments, once I show them the why and the how they never ever turn UAC off again because it really works quite well.

Your average joe user in a least privilege environment does NOT have the permissions to respond to UAC prompts, if they are getting UAC prompts in their daily work then it's a software issue not a UAC issue. Fix the software issue and the UAC prompts go away.

Re:UAC is for idiots

There is this paradigm 'optimize too early' but nobody talks about 'optimize too late' paradigm because this usually means you have to rewrite the piece from the scratch and there is no development paradigm in restarting the project from tabula rasa.

Re:UAC is for idiots

[duke_cheetah2003]

So you have never noticed malware being installed without you noticing, uh-huh. That's the kind of circular reasoning I'd expect self-proclaimed "power users", running Windows no less, to engage in, indeed.
Also, you don't understand seem to understand the pertinent attack vectors for shit.

Give me a site that does this, I want to see it. Nothing but hot air over there?

Re:UAC is for idiots

[Rhywden]

Anyone who still insists in writing Microsoft as "M$" just shows that you can't take him seriously.

Re:UAC is for idiots

[duke_cheetah2003]

Since you have UAE disabled,

UAE? The United Arab Emirates? What does that have to do with anything?

I have no malware running here, you think just because I have UAC turned off that my machine is full of malware? Sorry bub, I'm not the idiot here. You are if you think a person cannot operate a computer with UAC turned off and avoid malware. I never said anything about it being impossible to happen to me, I just said it hasn't happen to me. Hell, the ONE TIME I got an ACTUAL virus, it was a file a friend sent to me over ICQ years upon years ago. You have to be a moron to get a virus or malware, or click stuff that is obviously stupid to click. Or open obviously viral emails or download something suspect. Or visit questionable websites. Sorry you seem to have trouble with that sort of thing, I haven't. Maybe I'm just lucky, or you're just an idiot. UAC is for idiots, just like my original topic said.

Most idiots just click OK when they come across UAC popping up anyway. So while it was a nice attempt by Microsoft to help users avoid being idiots, they're still idiots. I stopped using UAC because got tired of older stuff I have laying around malfunctioning because it was designed for Windows when it was a single user operating system (which if you asked me, it should still be.)

I'm not saying security exploits don't exist, I just don't seem to be very good at stumbling upon them and having them infect my computer. Maybe I'm not browsing the right websites? Good thing I guess. I think the fact my computer is squeaky clean with UAC off is about the best proof anyone can offer that I'm certainly not an idiot.

If I wanna browse anything even slightly questionable, I use a VM to do that. You really think I'm stupid enough to browse anything I'm not sure about like my usual fare of news sites, including /. with my normal desktop? Yes, it's true, there's is a CHANCE something nasty could sneak in through an ad network, but how often does that happen? And I have AdBlock Plus anyway, most of those things are blocked by default.

Re:UAC is for idiots

Fantastic? There has never been a version of Windows as good as the concurrently available version of MacOS, even when MacOS was a single-user OS.

The hardware was sometimes better, but that's it. Microsoft's operating systems since has always been wannabe products. They pick something good and then imitate it poorly*.

Yes, NT was better than 3.1 or 95, buy about as much as a kick in the shin is better than a kick in the groin.

KDE and pals have been take over by people who liked XP. It shows.

*The same can be said about most, but not all, Linux Desktop environments since about 2001. The bad thing there is that they chose to imitate the imitator. Blech.

Re:UAC is for idiots

[Zero__Kelvin]

"As what I'd consider a 'power user', one of the first things I do is turn that obnoxious thing off."

Ironically, the first thing you do as a 'power user' immediate exposes you as incompetent.

Re:UAC is for idiots

[Mr+Z]

The difference is on my corporate-issue Windows 7 box, even though I'm nominally Administrator, there are things I can't disable / shut off that I could if I were root in UNIX / Linux.

Re:UAC is for idiots

[arielCo]

You misspelled “cowboy user”.

Re:UAC is for idiots

If you don't go to lyrics sites, or free flash games sites, or other sites that don't have a solid monetization strategy, you will get garbage installed in your Chrome, or in your Windows.

Stick to porn sites, and you're good.

captcha is 'purity'

Re:UAC is for idiots

He's just saying that UAC shouldn't be true root. Imagine four privilege levels:

0:kernel
1:root
2:UAC
3:normal user

Now if only CPUs had four rings of protection...

Re:UAC is for idiots

[fisted]

Look at the pertinent CVEs related to (in particular) adobe flash, java, the usual suspects. I'm not doing your homework for you.

That attitude in people who don't know better

[dbIII]

That attitude in people who don't know better is part of the problem.
Yes, you are a "power user", but so are the developers that wrote this stuff in their mind even if they did seriously fuck up. IMHO no developer should have seamless admin/root access on the machine they are testing their software out on and for new developers preferably not on their "daily driver" either.

Not that I wrote seamless and bolded it - they may need full admin/root access but they should know when they are a normal user and when they are not so that when the software is released it has been shown to run in an environment where it can be used as a normal user.
I've had this problem for YEARS where some people who still have the single user MSDOS mindset keep on writing software for internal company use that needs admin rights for utterly braindead reasons, simply because the developers were writing for their own "power user" environment and everyone else can go fuck themselves. One gem required admin access for the sole reason that it was putting a temporary file on the root of the "C" drive (it would also not work for people who had a different drive letter for their system drive). That was fixed, but of course the developer now thinks I'm an utter prick for insisting that his trivial VB app that should be replaced by a simple webpage has to be able to run as a normal user.

So while you may be fine, others that copy what you do without understanding the implications are not.

Re:That attitude in people who don't know better

[duke_cheetah2003]

That attitude in people who don't know better is part of the problem.

Already said I understand the point of it. Fortunately, I do think i know better, and I do think I do a reasonably good job of monitoring what my computer is doing with itself and what's on it. I've been around these things since the late 80's. Not trying to boast, just say I do think i have a pretty good idea what I'm doing.

I could leave it on, sure. Sure it's a huge red-flag of something amiss. But at the same time I feel confident enough by monitoring the firewall between my desktop PC and the internet, and keeping an eye on how my machine behaves (I've picked up malware before by accident, I tend to notice it, and reformat my PC promptly if it shows up, I don't mess with the anti-virus removal junk, it never does a good job. Nuke from orbit please!)

So while you may be fine, others that copy what you do without understanding the implications are not.

As I already pointed out, there was an article right here on /. just a week or so ago that pointed to a study that security popups are basically ineffective on people who don't understand. So what's the point? They bother me and the people they were intended for ignore them.

Lastly to the other posters saying I'm infected with malware, or I've been hacked, I doubt it. Maybe. I do believe I know what I'm doing, I've been around these goofy things pretty much since my age was in the single digits. No malware is gunna hide from the traffic monitoring I have setup on my firewall machine. That's linux and I don't run everything as root on Linux, because unlike Windows, linux does properly separate user space from root space and I can rely on it to do things correctly. Windows I cannot. I can guarantee you, if something in this house I didn't install and know about starts generating traffic over the internet I will see it on the monitoring and find it and eradicate it.

Re:That attitude in people who don't know better

[duke_cheetah2003]

Yes, you are a "power user", but so are the developers that wrote this stuff in their mind even if they did seriously fuck up. IMHO no developer should have seamless admin/root access on the machine they are testing their software out on and for new developers preferably not on their "daily driver" either

I'm not much of a developer. I tinker a little as a hobby, but I generally don't do any development anymore.

Re:That attitude in people who don't know better

[dbIII]

I wasn't saying it's not fine for you, but for a newbie developer (or a developer than makes newbie mistakes) it's a headache for others.

As I already pointed out, there was an article right here on /. just a week or so ago that pointed to a study that security popups are basically ineffective on people who don't understand. So what's the point? They bother me and the people they were intended for ignore them.

That's a very good point, but they do at least mark some sort of attempt at separation and the sign of a good program in the MS environment is not triggering the popups unless to operate it has is do something the OS thinks it should not (such as openvpn making major changes to the network layer).

My point is that I suspect these samsung guys run everything as admin and at the last minute found that some of their customers do not, hence an ugly hack to force it to run as admin. It's 2015 and so many developers just do not get this multiuser thing that I had my head around as an ordinary fourteen year old before MS Windows was even written. Samsung guys, you are not on a fucking Apple ][, learn how to fucking program on a late 20th century system.

Re:That attitude in people who don't know better

[dbIII]

I didn't mean for you to take it personally I was just pointing a finger at a general attitude that includes many people who are way out of their depth as well as those who actually know what they are doing.

I try to do all mundane work on systems that are as close to "stock" as possible so that they resemble a typical environment. That's possibly why Windows7 still pisses me off at times (reboot in the middle of a game on my home system again - yes I could turn off updates, but then I don't get to see how much of a POS it is so can't empathise with the users whom have no other choice) and why I feel dirty and frustrated every time I've been in contact with Win8. There are fixes for the broken halves of the control panel and the bipolar interface but they are a crutch I can't depend on if a user has a problem that gets sent up the tree.

Re:That attitude in people who don't know better

[cbhacking]

As a point of random curiosity, are you aware that there's malware that installs into your hard drive controller and/or your motherboard firmware? Reformatting won't help you there. Also, have you heard of cryptolocker (and friends)? If you reformat, you lose just as much data as if the malware has its way with your machine.

Re:That attitude in people who don't know better

[Zero__Kelvin]

"Already said I understand the point of it. "

You state that you understand it, but show that you clearly don't understand it, or you wouldn't disable it.

remember......

[Lumpy]

LG was the bottom end manufacturer GoldStar and they honestly have never changed their ways. LG smart TV's happily spy on you and they will not stop doing that, I have found several times that LG commercial sets will give you a ROOT login via the rs232 port if you reboot the set rapidly.

It is no surprise that LG decided to ship a half baked solution for their new flagship displays.

Re:remember......

[arglebargle_xiv]

It is no surprise that LG decided to ship a half baked solution for their new flagship displays.

It's kind of a surprise they shipped it at all. I didn't know what this thing did without a bit of googling, it appears that it's custom software that allows you to display multiple windows at once on your desktop, like, um, what's that Microsoft OS called that does that too? Not Microsoft Window (aka Windows 8), but the one where you can have multiple windows tiled across your desktop.

Oh yeah, Windows 1.0, that was it.

Re: remember......

Their dishwashers are crap too. Seriously, 3 hours to do a barely acceptable job?

re: s/split/slit/

Fucking yellow goons, can't code for shit. Even worse than paki's.

P.S. Has anyone, anyever, where, met a nigger programmer?

How can it be that your body has not yet rebelled and simply refused to support the 10 pound tumor balanced on your neck?

Fired.

Someone has to get fired for thinking that was a good idea.

Re:Fired.

And by fired you mean promoted to management, for generating front page news!

Re:For when you're too cheap to buy two monitors!

[epyT-R]

Those who've actually done it know that it's actually more productive than multiple displays because of less eye panning. You can see more in less space. I had a high res 21" crt which, with the software back then, was far more productive for me than having two of today's 1080p monitors and the modern software UI designs he talks about.

Re:For when you're too cheap to buy two monitors!

[epyT-R]

OSS is following this trend too.. It's the trend that needs fixing. The software will follow. That will happen when today's 'ux designers' are banished to the hellpits they arose from.

Re:For when you're too cheap to buy two monitors!

[AchilleTalon]

You are full of shit my friend. I started my career on typewriter which were nothing less than computer screens on paper. I experienced the ascii terminals, the graphics terminals, the modern displays on CRT all sizes and flat displays and I am having two physical displays right now and I would take a third and a fourth without any problem and eye strain. Back in the old days, we were writing simple piece of software with simple interactions and well defined input/output access. The world has changed for the better, the proof being people are ready to pay good money for interactive and smart pieces of hardware and good software. I am very sorry for you, but personally I do not regret anything of the past. I'm old and I enjoy the wonderful gadgets we can imagine, build and have today, including multiple screen displays to work efficiently with many document and testing environments at once.

Re:For when you're too cheap to buy two monitors!

[Chas]

Sorry, but typewriters are ANYTHING but computer screens on paper.

With a typewriter, you're looking at the copy you're typing instead of what you're actually typing. If you're looking at what you're typing You Are Doing It Wrong.

The only thing they share is that, hey, QWERTY keyboard!

you're not good at this

[lucm]

Sounds like something a cool kid told you one day back in school, in front of pretty girls. I bet they laughed, and later that day gave him a blowjob duet while you were alone in your room playing with your Magic cards.

Re:you're not good at this

So you imagine what he said was so awesomely cool that a "cool kid" got a spontaneous blowjob from a couple of pretty girls that happened to overhear him utter it. Wow, you must think what he said was fucking awesome!
But you simultaneously insinuate that he couldn't have come up with it himself, even though you don't know him. You could tell by what he wrote that he is a loser alone in his room playing with his Magic cards.
Fuck me you're a confusing cunt. I assume since you decided to attack someone attacking a stupid racist cunt that you are also a stupid racist cunt. And I assume the two cunts that modded you funny are stupid racist cunts too.

Re:you're not good at this

that's right redguard, if you don't insult the racist enough, it means you're a racist yourself! Put your back into it or you're next!

Re: you're not good at this

[lucm]

Reminds me of Bill O'Reilly accusing the ACLU of being pedophiles because they took NAMBLA's side in a freedom of speech case.

Re:UAC is for power users

[jader3rd]

As what I'd consider a 'power user', one of the first things I do is turn that obnoxious thing off.

I remember during the Vista Beta time frame visiting a website that I'd never been to before and all of a sudden having the browser cause a UAC prompt. Now you can go off on what sort of insecure hole could exist that would allow a website to make admin level privileges on a computer, but that doesn't matter; what matters is that fact that it could. I clicked 'No' on the prompt and felt a sudden rush of power over my computer that I hadn't had before. Previously random crap from anywhere could make admin level changes to my computer, and before UAC I'd have no\little idea about it. But with UAC I was in control now.

It happened a few more times too. I was doing something that shouldn't have required admin privileges, got a prompt and denied the poorly written program the access it was trying to usurp.

As a power user, I'm sure you're aware that it's a really bad idea to do your day to day computing logged in as a user with administrative permissions. So with UAC turned off you must have some system setup where you download your installers, and then switch users to the admin to actually install them. Sounds like too much work to me.

Turning off UAC is like have a setting that will click 'yes' to every prompt. An idiot would click 'yes' to every prompt. A power user knows when to click 'no'.

Re:For when you're too cheap to buy two monitors!

[lucm]

With a typewriter, you're looking at the copy you're typing instead of what you're actually typing. If you're looking at what you're typing You Are Doing It Wrong.

I have no idea what this means. I think you have inhaled (or ingested) too much correction fluid during your typewriter days. Also please stop saying "You Are Doing It Wrong" out of context, you are ruining a perfectly good catchphrase.

Waste of time

[lucm]

Why don't you do like me, and put "sudo bash" in your .bashrc. A lot more efficient.

Re:Chinese or Indian Devs?

[fisted]

No, I have seen some utterly substandard garbage code written by Ameriancs, so according to my anecdote it's probably from there.

Re:For when you're too cheap to buy two monitors!

[dwywit]

There are some situations where 2 monitors are necessary. I do a little video editing - 1 screen for the controls, and a second screen for the actual video. I can't afford a reference monitor, so I just use a good quality LED/LCD screen calibrated as best I can.

You can't edit video efficiently on a single screen, even a big one. There's just too much else on the screen to allow a decent sized window for the actual footage.

M$? how cute

it's like you're a fuckwit linux zealot from 2005, somehow teleported to present day.

They didn't have to

[kilogram]

There are ways to work around UAC without disabling it in this case. I know, because I wrote MaxTo, which does much the same things, and works with software running under UAC.

If you want MaxTo to work with UAC, you'll need to run MaxTo elevated. If you say deny elevation, it simply won't work with elevated software.

I'm pretty sure LG just took the "easy way" out (or they may have nefarious purposes, but I won't speculate), instead of figuring out how to communicate between elevated and non-elevated processes.

To do this sort of thing, you'll need to divide your software into a few parts. First and foremost, you'll need to install a global system hook. That hook has to be written in unmanaged code (meaning C/C++). You'll need software that controls the hook (but it can be written in a managed language). Now, both the controlling software and the hook has to be compiled as both x64 and x86 code. They will probably also have to communicate with eachother across the x86/x64 platform boundary.

Now, to get the software to communicate (using window messages) across the UAC boundary, you have to specifically let Windows know which window messages your app will accept from the other side. This is probably the step they missed. You do this by using ChangeWindowMessageFilter or ChangeWindowMessageFilterEx .

Re:They didn't have to

[cbhacking]

Looks pretty good. LG should have just licensed/bought that from you. They'd probably have made it a service that starts (with elevation) automatically, but eh, much better than what they actually did!

Re:For when you're too cheap to buy two monitors!

[Chas]

If you're using a typewriter, you're looking directly at the content you're supposed to be typing. You're not looking at the pieces of paper on the roller that you're actually typing.

In an OS with thought out security...

[Viol8]

.... this would be next to impossible without hacking the kernel itself. I'm sure there's a way to make every program start with setuid root in unix/linux but short of hacking init or the kernel filesystem code I can't think of one.

But then with Windows process privilidge levels always were a bolted on after thought so no surprises really.

Yeah mod me down, you know its true.

I didn't read TFA, but...

what is this "Windows" thing, anyway? Is that something like Wayland? Or rhather like ncurses?

Re:For when you're too cheap to buy two monitors!

You mean all people are (should be) like you AND no modern software is just a sad waste of money and time? I may consider the old ways of CRT and early windoze systems over glorified the way they were presented here but it is still trough modern software production has lowered bar for crapware. Still I consider your statement a typical murcan way of looking at things - me god of universe, you jane

Windows is poorly designed, Linux is way better

Windows is poorly designed, and to do anything you need to hack the whole system.
And after you get around all the stupid designs and quirks used by windows to actually achieve what you need, you end up with Picasso-style operating system that barely works anymore and has no security at all (not that it had much of it before).

Windows design enforces using all the security holes to get around limitations that prevent you from implementing your functionality. So you end up exposing these holes and security issues to the world.
It's not a bug, it's the design. No freedom for you, no API to let you in securely, no layers of abstraction, one blob to rule them all... And you with your task to be completed in such environment.

Really, what would you expect from this piece of crap from microsoft?

In Linux you can do anything, you can even redesign parts you want to use to work in a way you need them to.
Achieving this multi-screen functionality in Linux would be a piece of cake, even under the old X11 system.

Re:Windows is poorly designed, Linux is way better

There's a lot of crustiness under Linux too, for example the X11 screen lockers are a bubblegum hack. I'd really like to see you implementing this splitscreen functionality for Linux. Even the normal multi-monitor support is still unreliable today.

Re:Windows is poorly designed, Linux is way better

[Zero__Kelvin]

Multi-monitor support has been rock solid for at least 5 years. Nice troll though!

Re:Windows is poorly designed, Linux is way better

Troll?

Re:s/split/slit/

There are no nigger programmers.
If a black person is a programmer, than they are most likely educated and decent human.

Nigger is a state of the mind.
Unfortunately 90% of black people have it (and 10%-20% of white people as well).
Hence the stereotypes for black and white people (which are not racist, they are just statistics).

Surely its a bug/bad design

[Chrisq]

Surely its a bug/bad design that it's possible to silently disable User Account Control, and enable a policy to start all applications as Administrator. If you can do this without acknowledging a UAC popup then it makes UAC itself pretty useless

Re:Surely its a bug/bad design

The software would have to ask for Administrator rights in order to do that... but pretty much every installer does anyway, and you can't know what it plans to do once it has those rights.

Re:Surely its a bug/bad design

You have to acknowledge an UAC popup when you start the LG installer.

Oblig.

It is safe to say that no one should be running this software in its current form.

We already know all know about Microsoft Windows but what about this LG thingy?

Re:Chinese or Indian Devs?

[MichaelSmith]

The system I had to deal with: the intranet installed an activex component onto each workstation. The component checked to see if a USB device was mounted and if it was, it refused to connect to the internet. You had to disconnect the USB device, download your file, then reconnect it and copy the file. This was their idea of "security".

So, Linux has no security thought?

[cbhacking]

Uh, no offense, but you don't know much about Linux, I take it?

There's a bunch of options, ranging from "mark everything setuid and owned by root" (the least efficient, but you could do it in a few lines of shell script) to simply making each user be UID 0 (which is a trivial edit to /etc/users).

Frankly, you kin of sound like you're mouthing off without knowing anything of what you're talking about (Windows or Linux. Windows NT (which everything since XP has been, in kernel and core components) was very much designed from the beginning with security options in mind. The fact that everybody then ran as Admin instead of running as a normal user unless a program needed admin is unfortunate, and is partially Microsoft's fault, but only somebody utterly ignorant would think that Windows security is an afterthought.

To be the kind of person who would be utterly ignorant and then open your damn fool mouth is... well, I'm sorry. Nobody wants to be that person. You do deserve to be modded down, but what you say is not true at all. I have mod points, as it happens, but chose to reply instead. Maybe somebody else will take care of you and your unfortunate attitude...

For what it's worth, here's some more info: It's true that mandatory integrity control (MIC), which has security impacts, is relatively new (Vista) to Windows, but at least Windows uses it at least slightly; a typical Linux distro doesn't use it at all (though it is available). Speaking of afterthoughts, though, Windows (NT family) has supported ACLs since its initial release, while Linux only supported basic Unix permissions (which are a small subset of the control that ACLs give you unless your group count balloons absurdly) until 2002.

Re:So, Linux has no security thought?

Till 2002? SELinux and AppArmor are both quite good.

Re:So, Linux has no security thought?

[Viol8]

Oh dear, you got modded up, what a surprise.

"There's a bunch of options, ranging from "mark everything setuid and owned by root" (the least efficient, but you could do it in a few lines of shell script)"

Yes, and it would take literally hours on a bit system plus a lot of things would break because they check their user id and won't run if they have superuser permissions for security reasons. As for NFS mounts... Next...

"which is a trivial edit to /etc/users)."

$ ls -l /etc/users
ls: cannot access /etc/users: No such file or directory

Oh 'm sorry, did you mean /etc/passwd ?

Yes you could set all users to uid 0. And nothing would happen except no one would be able to login since in unix users are actually distinguised by their numeric user id, not their name which is merely an attribute thats used for login.

"Frankly, you kin of sound like you're mouthing off without knowing anything of what you're talking about"

Ah, theres nothing like a nice bit of irony in a post :o)

" have mod points, as it happens, but chose to reply instead"

You shouldn't have bothered. You might know ignorance about unix is quite apparent since you don't even realise why ACLs are required in Windows but rarely used in unix due to group permissions and multiple group membership.

Now go away and educate yourself.

You're part of the problem

[cbhacking]

Wow, I've rarely seen so much idiocy written in one post! I honestly can't tell if you're trolling just a little too subtly, or are sincerely that clueless. People are modding you up though, which is really unfortunate. Here, let me see if I can correct even a little of that...

If you run as a full Admin, nobody cares what you consider yourself; people who know anything about security (on *any* OS) are going to consider you an idiot. The fact that you think you know anything is just extra pathetic. People who actually understand security turn UAC up (to make it require your password, like the equivalent mechanism does on non-Windows OSes), or don't run as a member of Administrators at all (in which case UAC requires an Admin's password).

Windows simply wasn't built from the ground up to insulate the user space from the root space.

Welcome to... 1993? Windows NT was very much built from the ground up to do (among other things) exactly that. It was a core design goal and generally successful; while local EoP exploits have been found (and fixed) much like they are on every multi-user OS, I challenge you to get from my normal account to Admin on either my work or personal boxes. Fortunately, on a properly-used machine - even one being used by a security engineer, which I am - UAC prompts are very rare.

The fact some program that can change the UAC settings is pretty huge example of why Windows has issues separating userspace from root space.

You're aware that the installer for this thing runs as Administrator (like most installers), right? How exactly do you propose separating Admin (the installer) from Admin (the privileges needed to change the way UAC works), and what the fuck does that have to do with separating user from Admin? Oh, by the way, "userspace" or "user mode" is the opposite of "kernel mode" or "supervisor mode". Everything in kernel runs as root, but not everything in root is in the kernel. Most processes running under root (or Administrator, or even SYSTEM) are user mode.

Who's [SIC] brilliant idea at Microsoft was it to provide any sort of API that can let any program (besides the control panel widget that lets you adjust UAC settings) adjust UAC settings?

Do you have any fucking clue how an operating system works? I mean, even at the basic, general level? Here's a hint: when that Control Panel widget adjusts UAC settings, it is flipping some bits in some configuration store somewhere (*nix mostly uses text files for these stores, Windows mostly uses the registry; in this case the relevant bits are, indeed, in the registry). *ANYTHING* with arbitrary privileges on the system (like an installer running as root) can flip those bits; that's just a basic function of the way OS security works.

I think

No, you actually don't. It's really kind of pathetic.

No program should be permitted, regardless of it's permissions, to touch things like UAC settings.

And how, exactly, do you propose to stop a program that has (worst case) the required permissions to load a driver that can touch physical memory directly from doing anything at all, including changing an OS setting? I sincerely ask you, please, tell me your brilliant idea for revolutionizing the entire field of computer security more than anything since Multics development started 50 years ago.

Re:You're part of the problem

[mattpalmer1086]

While I agree with a lot of what you say, the obvious solution is that installers should *not* run as Admin, but as a user with only the permissions required to install software for a normal user. Certainly not with permissions to do anything it likes on the system, and particularly not to change existing security settings.

This is actually one of the biggest potential advantages of the Windows security model over Unix and Linux. There is no god-like root user with a complete pass to do anything it likes. Even Admin's permissions can be altered (although Admin can put them back again if it likes). And the security model is much more fine-grained (and therefore complex, so nobody uses it to its full advantage).

Of course, it won't surprise me to learn that most installers do run as Admin, as you claim. I'm mostly on Linux these days, so I'm not fully up to speed on the Windows world any more...

Damn, you're *STILL* spouting bullshit

[cbhacking]

You're aware that Windows 1-3.x, Windows 9x, and Windows NT/2000/XP/Vista/7/8.x/10 are each very different systems, right? No, of course you're not, you're a loudmouth who has no idea what he's talking about. Windows NT (which is to say, every version of Windows for PCs or servers since XP) was very much designed with isolation between *all* users, including between Administrators and non-Administrators, as a central feature. Windows NT is not, and never has been, a single-user operating system.

The last version of Windows that was designed as "A SINGLE USER operating system" was Windows ME. Why the fuck would you want to run as though you're running Windows ME? That's bloody idiotic!

Windows NT 3.1 (the initial release, came out in 1993) was very much multi-user, although it wasn't terribly good at timesharing (it wasn't until Windows 2000 that Microsoft added the ability for multiple interactive logins at the same time).

As for why you shouldn't use your OS as a single-user system, there's a number of reasons. One of them is because you, personally, obviously aren't competent to use a computer securely, and probably shouldn't be trusted with anything you have more control over than an iPad (which is, by the way, very multi-user although the earliest versions of iPhone OS, before it could run third-party apps at all, ran everything as root). Another is because sometimes other people run stuff on your computer (via exploits or Trojans or just by walking up to it while you're taking a piss) and you probably don't want them to be able to change everything they feel like changing (you had an impressively stupid rant above about how even an installer shouldn't be able to change UAC settings, which was funny).

Like Windows Firewall

This sounds a little like Windows firewall (on our company's installation of Windows 7). It's not enough to stop Windows Firewall in "Administrative Tools\Services", one must disable it from starting (set "Startup Type=disabled"), and then reboot the PC. Just stopping Windows Firewall after it has started does not produce the same behavior as not starting it.

Not just this program

Apparently their dual package does the same thing:
http://www.lg.com/ae/microsite/lg-monitor-apps/Dual_Package/section_3.html
archived here in case they change it:
http://web.archive.org/web/20150412154851/http://www.lg.com/ae/microsite/lg-monitor-apps/Dual_Package/section_3.html

Re: Chinese or Indian Devs?

e.g.: every piece of software, samsung ever published

Re: Chinese or Indian Devs?

"written by Ameriancs"

Who the hell are ameriancs?

It's a misspelling

gp obviously meant to say "Ameri-yanks"

Similar story about UAC in Vista days

Several years ago, I was working on a guy's Windows Vista system. He was unable to use the Verizon software to connect to the Internet through his Verizon wifi hotspot. In Vista, you could disable UAC for the whole system, but not just for one specific application. I knew that disabling UAC completely was not a good thing to do. So I spent hours and hours on this problem, not charging him per hour but instead a ridiculously low fee for the whole job. I was getting close to making it work, but I needed to come back. After I left, the guy called up Verizon technical support. They told him to just disable UAC for the whole system!

It sucked because I knew I was trying to do the right thing for him, but then Verizon came along and did the easy but wrong thing. The guy never called me back.

United We Stand

[lucm]

Liberal witch hunters are hilarious. They remind me of those pro-life people who bomb abortion clinics.

So?

Not a big deal. I've used the built in Administrator account as my primary account for all my Windows systems, always. Hated when MS started using "User" accounts as the primary account starting with Windows Vista. It's not like all the malware and crapware out there doesn't give itself administrator access to your system anyway. What's the point of being a User on your own system when malware has administrator access?

"Net user administrator /active:yes"

Use that as soon as you install a Vista or above windows OS, log into the admin account, and start enjoying a UAC free OS experience! Then if you ever download crapware, no more "you need administrative access to remove this program" when trying to remove it :-)

I HATE OS's that use "accounts" so much hassle and hurts system security so much. I miss you Mac OS Classic :-(