Slashdot Mirror


LG Split Screen Software Compromises System Security

jones_supa writes: The Korean electronics company LG ships a split screen tool with their ultra wide displays. It allows users to slice the Windows desktop into multiple segments. However, installing the software seriously compromises security of the particular workstation. The developers required administrator access for the software, but apparently they hacked their way out. The installer silently disables User Account Control, and enables a policy to start all applications as Administrator. In the article there is also a video presentation of the setup procedure. It is safe to say that no one should be running this software in its current form.

6 of 187 comments (clear)

  1. Reminds me of Sony's rootkit by Anonymous Coward · · Score: 5, Insightful

    The installer silently disables User Account Control, and enables a policy to start all applications as Administrator.

    Holy fucking incompetence, Batman. This reminds me of Sony's rootkit, the one that tried to hide itself from AV software, but in doing so, opened up a huge hole that any malicious program could exploit. How does shit like this make it past any kind of review? What CIO/CTO says "hmm OK, gutting security on every customer's PC sounds like a great idea!" This approaches criminal levels of negligence.

  2. Re:UAC - A Double Edged Sword by thegarbz · · Score: 4, Insightful

    since most Windows programs are written incorrectly

    What a load of garbage. I rarely if ever see UAC prompts other than installing software. This goes for programming tools both well written and poorly hacked together, all manner of internet related things (reads browsers, Acrobat, flash, etc) remote administration tools, games, office productivity applications, even my explorer replacement program doesn't bug me with a UAC prompt.

    In fact the only program I've ever used that needed UAC prompts was a custom VPN tool, and it only needed UAC because it had the ability to tie into windows settings and modify the system's own L2TP VPNs on top of providing an OpenVPN client, something that requires elevated privileges to do.

    What you're saying I haven't experienced since maybe 2-3 months after Vista was released. So please share some more details on what exactly you are doing that makes a UAC prompt appear every time you move the mouse, and which of the many millions of programs on the PC actually require administrator to run?

  3. Re:UAC - A Double Edged Sword by dAzED1 · · Score: 4, Insightful

    As others have said...the "problem" you're describing is *exactly the farking point of UAC* - it's *intentional*. of course the context is different - that is almost completely the entire design concept of UAC, and as an infosec and 20+ year UNIX guy, I personally appreciate UAC in windows when I'm forced to use that OS (which is all too often). UAC isn't a bad thing, it's a *good* thing. And if you can't get your program to work with UAC, either you're bad at design, or your program shouldn't exist.

  4. Re:UAC is for idiots by DigitAl56K · · Score: 4, Insightful

    The fact some program that can change the UAC settings is pretty huge example of why Windows has issues separating userspace from root space. It just simply can't do it right. Who's brilliant idea at Microsoft was it to provide any sort of API that can let any program (besides the control panel widget that lets you adjust UAC settings) adjust UAC settings?

    I hope you realize what you are saying here is the equivalent of a Linux user saying "The fact that some program can change permissions after I launched it as root is an example of a huge security hole. Whose brilliant idea was it to provide any sort of mechanism that can let any program I run as root do things a user who is root can do?".

    This is an example of why UAC exists, in fact: A program that is not UAC elevated could not change your UAC settings (if you hadn't turned them off already).

  5. Re:Chinese or Indian Devs? by fisted · · Score: 4, Insightful

    No, I have seen some utterly substandard garbage code written by Ameriancs, so according to my anecdote it's probably from there.

  6. Re:Brian Fox is a Black Man by wbr1 · · Score: 4, Insightful

    It's in response to the trolling,racist, parent comment. That is why his race is mentioned. It to s not obvious the comment has a parent since the author removed the re and changed the title. Click parent on that post and see for yourself the anus of society.

    --
    Silence is a state of mime.