LG Split Screen Software Compromises System Security

jones_supa writes: The Korean electronics company LG ships a split screen tool with their ultra wide displays. It allows users to slice the Windows desktop into multiple segments. However, installing the software seriously compromises security of the particular workstation. The developers required administrator access for the software, but apparently they hacked their way out. The installer silently disables User Account Control, and enables a policy to start all applications as Administrator. In the article there is also a video presentation of the setup procedure. It is safe to say that no one should be running this software in its current form.

Brian Fox is a Black Man

Brian Fox wrote the GNU Bash shell. If you've ever used Linux or OSX, you've used his software.

Re:Brian Fox is a Black Man

[hcs_$reboot]

What is informative, that he is a Black man, or that he wrote Bash? I'm happy to know that Brian Fox is the author of bash, a nice addition to sh that I'm using every day, but why the need to specify he is a Black man? Is it an American thing?

Re:Brian Fox is a Black Man

[wbr1]

It's in response to the trolling,racist, parent comment. That is why his race is mentioned. It to s not obvious the comment has a parent since the author removed the re and changed the title. Click parent on that post and see for yourself the anus of society.

UAC - A Double Edged Sword

[some1001]

I realize that the software probably shouldn't have disabled UAC out of the box without at least informing the user, but having worked on some out-of-process COM applications (yes, legacy) in Windows Vista/7/8/10, UAC can be extremely frustrating. The biggest issue is that having UAC on creates a different user context between user and admin. If I execute a program as myself with admin privileges, it is not exactly the same as executing the program as myself without admin privileges.

For example, if your user with admin priveleges creates a COM component, that component may not be able to be accessed by a non-admin context even though your user may be in the local administrators group, DCOM Users group, etc.

I wouldn't be surprised if LG ran into a COM issue with Windows and decided to make the program for reliable for the user by disabling UAC instead of resolving the problem in a different way.

Re:UAC - A Double Edged Sword

[thegarbz]

since most Windows programs are written incorrectly

What a load of garbage. I rarely if ever see UAC prompts other than installing software. This goes for programming tools both well written and poorly hacked together, all manner of internet related things (reads browsers, Acrobat, flash, etc) remote administration tools, games, office productivity applications, even my explorer replacement program doesn't bug me with a UAC prompt.

In fact the only program I've ever used that needed UAC prompts was a custom VPN tool, and it only needed UAC because it had the ability to tie into windows settings and modify the system's own L2TP VPNs on top of providing an OpenVPN client, something that requires elevated privileges to do.

What you're saying I haven't experienced since maybe 2-3 months after Vista was released. So please share some more details on what exactly you are doing that makes a UAC prompt appear every time you move the mouse, and which of the many millions of programs on the PC actually require administrator to run?

Re:UAC - A Double Edged Sword

[ATMAvatar]

If you need to use COM components, and you don't want to require admin rights, you register them in HKEY_CURRENT_USER instead of HKEY_CLASSES_ROOT. After that, it just works.

The sad part is, it would have not have taken any more time to Google that than to find how to disable UAC through the installer.

Re: UAC - A Double Edged Sword

[DigitAl56K]

Yes, a component in an admin context may not be accessible to a component used by user in a non-admin context. This is called a "security" model, and prevents the non - admin process manipulating the admin-context process to do things it shouldn't be able to do. You make it sound like a quirk, but the entire design is that "non elevated components can't talk to elevated components". Try starting Notepad as admin and dropping a text file on it from the non - elevated explorer view, it won't work by design.

Re:UAC - A Double Edged Sword

I'd tell you why that's a horrible idea, but I think it'll be more fun if it's a surprise.

Re:UAC - A Double Edged Sword

[dAzED1]

As others have said...the "problem" you're describing is *exactly the farking point of UAC* - it's *intentional*. of course the context is different - that is almost completely the entire design concept of UAC, and as an infosec and 20+ year UNIX guy, I personally appreciate UAC in windows when I'm forced to use that OS (which is all too often). UAC isn't a bad thing, it's a *good* thing. And if you can't get your program to work with UAC, either you're bad at design, or your program shouldn't exist.

Re:UAC - A Double Edged Sword

[kilogram]

I wouldn't be surprised if LG ran into a COM issue with Windows and decided to make the program for reliable for the user by disabling UAC instead of resolving the problem in a different way.

There really isn't any reason they needed to do this, besides incompetence or malice. I know, I develop commercial software that does much the same thing as their software.

I commented further down with more details regarding why.

Reminds me of Sony's rootkit

The installer silently disables User Account Control, and enables a policy to start all applications as Administrator.

Holy fucking incompetence, Batman. This reminds me of Sony's rootkit, the one that tried to hide itself from AV software, but in doing so, opened up a huge hole that any malicious program could exploit. How does shit like this make it past any kind of review? What CIO/CTO says "hmm OK, gutting security on every customer's PC sounds like a great idea!" This approaches criminal levels of negligence.

Re: Reminds me of Sony's rootkit

The same CxO that says "hmmmm... I'm gonna leave this company in a vulnerable position, but I will make my bonus!"

Re:Reminds me of Sony's rootkit

[Agripa]

How does shit like this make it past any kind of review?

There is little or no criminal and civil liability for the company.

Re:For when you're too cheap to buy two monitors!

[ArcadeMan]

Now you are constantly paging because every single Windows program is unusable unless it is in full screen even though the number of white pixels is approximately 98%.

Have you tried inverting the colours?

UAC is for idiots

[duke_cheetah2003]

As what I'd consider a 'power user', one of the first things I do is turn that obnoxious thing off. I understand it's purpose for being there, it's to protect idiots. Though if you've been reading the studies related to 'security popups', they're pretty ineffective anyway.

A program that magically turns it off for you is definitely a bad thing. However, from a power user perspective, its like.. 'um i don't care, it was already off.'

Windows simply wasn't built from the ground up to insulate the user space from the root space, and frankly I don't know if it ever can properly do that. The fact some program that can change the UAC settings is pretty huge example of why Windows has issues separating userspace from root space. It just simply can't do it right. Who's brilliant idea at Microsoft was it to provide any sort of API that can let any program (besides the control panel widget that lets you adjust UAC settings) adjust UAC settings? Some majorly FUD there. I think this is more Windows' fault than this stupid dual monitor program. No program should be permitted, regardless of it's permissions, to touch things like UAC settings.

Re:UAC is for idiots

[whoever57]

As what I'd consider a 'power user', one of the first things I do is turn that obnoxious thing off. I understand it's purpose for being there, it's to protect idiots.

You never heard of "drive-by installs"? And don't reply with "but I don't go to that type of website", because we have often seen that both ordinary websites and ad networks can be compromised to install malware.

Re:UAC is for idiots

[spire3661]

I dont mind UAC. Its just like sudo warning you 'think before you type'. Its a clear sign you are initiating a system level action.

Re:UAC is for idiots

[complete+loony]

So you don't like UAC, but you want there to be some things that a user can't change? But that's exactly what UAC is *for*. Preventing users from changing system settings. What, you want more than one kind of admin user?

Re:UAC is for idiots

[DigitAl56K]

The fact some program that can change the UAC settings is pretty huge example of why Windows has issues separating userspace from root space. It just simply can't do it right. Who's brilliant idea at Microsoft was it to provide any sort of API that can let any program (besides the control panel widget that lets you adjust UAC settings) adjust UAC settings?

I hope you realize what you are saying here is the equivalent of a Linux user saying "The fact that some program can change permissions after I launched it as root is an example of a huge security hole. Whose brilliant idea was it to provide any sort of mechanism that can let any program I run as root do things a user who is root can do?".

This is an example of why UAC exists, in fact: A program that is not UAC elevated could not change your UAC settings (if you hadn't turned them off already).

Re:UAC is for idiots

[reikae]

A dialog that pretty much only appears when (un)installing software is hardly obnoxious in my opinion. Security popups may well be ineffective for most people, but as a power user I know when UAC prompts should and shouldn't appear; getting a prompt when one shouldn't pop up is a useful warning sign.

Re:UAC is for idiots

[Rhywden]

Anyone who still insists in writing Microsoft as "M$" just shows that you can't take him seriously.

Re:I'll run it if I want, thanks

[holostarr]

You must be thick in the head, that statement isn't ordering you to comply, it is simply advising users against running it. So by all means go ahead and run it and stop looking for reasons to complain!

Re:I knew!

[arglebargle_xiv]

It is a well-known fact that all Samsung software is utter crap.

We're bashing LG here, not Samsung. It's their turn next week, after we do Microsoft on Monday.

Re:Chinese or Indian Devs?

[fisted]

No, I have seen some utterly substandard garbage code written by Ameriancs, so according to my anecdote it's probably from there.

Re:For when you're too cheap to buy two monitors!

[dwywit]

There are some situations where 2 monitors are necessary. I do a little video editing - 1 screen for the controls, and a second screen for the actual video. I can't afford a reference monitor, so I just use a good quality LED/LCD screen calibrated as best I can.

You can't edit video efficiently on a single screen, even a big one. There's just too much else on the screen to allow a decent sized window for the actual footage.

They didn't have to

[kilogram]

There are ways to work around UAC without disabling it in this case. I know, because I wrote MaxTo, which does much the same things, and works with software running under UAC.

If you want MaxTo to work with UAC, you'll need to run MaxTo elevated. If you say deny elevation, it simply won't work with elevated software.

I'm pretty sure LG just took the "easy way" out (or they may have nefarious purposes, but I won't speculate), instead of figuring out how to communicate between elevated and non-elevated processes.

To do this sort of thing, you'll need to divide your software into a few parts. First and foremost, you'll need to install a global system hook. That hook has to be written in unmanaged code (meaning C/C++). You'll need software that controls the hook (but it can be written in a managed language). Now, both the controlling software and the hook has to be compiled as both x64 and x86 code. They will probably also have to communicate with eachother across the x86/x64 platform boundary.

Now, to get the software to communicate (using window messages) across the UAC boundary, you have to specifically let Windows know which window messages your app will accept from the other side. This is probably the step they missed. You do this by using ChangeWindowMessageFilter or ChangeWindowMessageFilterEx .

Re:Chinese or Indian Devs?

[MichaelSmith]

The system I had to deal with: the intranet installed an activex component onto each workstation. The component checked to see if a USB device was mounted and if it was, it refused to connect to the internet. You had to disconnect the USB device, download your file, then reconnect it and copy the file. This was their idea of "security".

So, Linux has no security thought?

[cbhacking]

Uh, no offense, but you don't know much about Linux, I take it?

There's a bunch of options, ranging from "mark everything setuid and owned by root" (the least efficient, but you could do it in a few lines of shell script) to simply making each user be UID 0 (which is a trivial edit to /etc/users).

Frankly, you kin of sound like you're mouthing off without knowing anything of what you're talking about (Windows or Linux. Windows NT (which everything since XP has been, in kernel and core components) was very much designed from the beginning with security options in mind. The fact that everybody then ran as Admin instead of running as a normal user unless a program needed admin is unfortunate, and is partially Microsoft's fault, but only somebody utterly ignorant would think that Windows security is an afterthought.

To be the kind of person who would be utterly ignorant and then open your damn fool mouth is... well, I'm sorry. Nobody wants to be that person. You do deserve to be modded down, but what you say is not true at all. I have mod points, as it happens, but chose to reply instead. Maybe somebody else will take care of you and your unfortunate attitude...

For what it's worth, here's some more info: It's true that mandatory integrity control (MIC), which has security impacts, is relatively new (Vista) to Windows, but at least Windows uses it at least slightly; a typical Linux distro doesn't use it at all (though it is available). Speaking of afterthoughts, though, Windows (NT family) has supported ACLs since its initial release, while Linux only supported basic Unix permissions (which are a small subset of the control that ACLs give you unless your group count balloons absurdly) until 2002.

Re:So, Linux has no security thought?

[Viol8]

Oh dear, you got modded up, what a surprise.

"There's a bunch of options, ranging from "mark everything setuid and owned by root" (the least efficient, but you could do it in a few lines of shell script)"

Yes, and it would take literally hours on a bit system plus a lot of things would break because they check their user id and won't run if they have superuser permissions for security reasons. As for NFS mounts... Next...

"which is a trivial edit to /etc/users)."

$ ls -l /etc/users
ls: cannot access /etc/users: No such file or directory

Oh 'm sorry, did you mean /etc/passwd ?

Yes you could set all users to uid 0. And nothing would happen except no one would be able to login since in unix users are actually distinguised by their numeric user id, not their name which is merely an attribute thats used for login.

"Frankly, you kin of sound like you're mouthing off without knowing anything of what you're talking about"

Ah, theres nothing like a nice bit of irony in a post :o)

" have mod points, as it happens, but chose to reply instead"

You shouldn't have bothered. You might know ignorance about unix is quite apparent since you don't even realise why ACLs are required in Windows but rarely used in unix due to group permissions and multiple group membership.

Now go away and educate yourself.

You're part of the problem

[cbhacking]

Wow, I've rarely seen so much idiocy written in one post! I honestly can't tell if you're trolling just a little too subtly, or are sincerely that clueless. People are modding you up though, which is really unfortunate. Here, let me see if I can correct even a little of that...

If you run as a full Admin, nobody cares what you consider yourself; people who know anything about security (on *any* OS) are going to consider you an idiot. The fact that you think you know anything is just extra pathetic. People who actually understand security turn UAC up (to make it require your password, like the equivalent mechanism does on non-Windows OSes), or don't run as a member of Administrators at all (in which case UAC requires an Admin's password).

Windows simply wasn't built from the ground up to insulate the user space from the root space.

Welcome to... 1993? Windows NT was very much built from the ground up to do (among other things) exactly that. It was a core design goal and generally successful; while local EoP exploits have been found (and fixed) much like they are on every multi-user OS, I challenge you to get from my normal account to Admin on either my work or personal boxes. Fortunately, on a properly-used machine - even one being used by a security engineer, which I am - UAC prompts are very rare.

The fact some program that can change the UAC settings is pretty huge example of why Windows has issues separating userspace from root space.

You're aware that the installer for this thing runs as Administrator (like most installers), right? How exactly do you propose separating Admin (the installer) from Admin (the privileges needed to change the way UAC works), and what the fuck does that have to do with separating user from Admin? Oh, by the way, "userspace" or "user mode" is the opposite of "kernel mode" or "supervisor mode". Everything in kernel runs as root, but not everything in root is in the kernel. Most processes running under root (or Administrator, or even SYSTEM) are user mode.

Who's [SIC] brilliant idea at Microsoft was it to provide any sort of API that can let any program (besides the control panel widget that lets you adjust UAC settings) adjust UAC settings?

Do you have any fucking clue how an operating system works? I mean, even at the basic, general level? Here's a hint: when that Control Panel widget adjusts UAC settings, it is flipping some bits in some configuration store somewhere (*nix mostly uses text files for these stores, Windows mostly uses the registry; in this case the relevant bits are, indeed, in the registry). *ANYTHING* with arbitrary privileges on the system (like an installer running as root) can flip those bits; that's just a basic function of the way OS security works.

I think

No, you actually don't. It's really kind of pathetic.

No program should be permitted, regardless of it's permissions, to touch things like UAC settings.

And how, exactly, do you propose to stop a program that has (worst case) the required permissions to load a driver that can touch physical memory directly from doing anything at all, including changing an OS setting? I sincerely ask you, please, tell me your brilliant idea for revolutionizing the entire field of computer security more than anything since Multics development started 50 years ago.

Re:You're part of the problem

[mattpalmer1086]

While I agree with a lot of what you say, the obvious solution is that installers should *not* run as Admin, but as a user with only the permissions required to install software for a normal user. Certainly not with permissions to do anything it likes on the system, and particularly not to change existing security settings.

This is actually one of the biggest potential advantages of the Windows security model over Unix and Linux. There is no god-like root user with a complete pass to do anything it likes. Even Admin's permissions can be altered (although Admin can put them back again if it likes). And the security model is much more fine-grained (and therefore complex, so nobody uses it to its full advantage).

Of course, it won't surprise me to learn that most installers do run as Admin, as you claim. I'm mostly on Linux these days, so I'm not fully up to speed on the Windows world any more...

Damn, you're *STILL* spouting bullshit

[cbhacking]

You're aware that Windows 1-3.x, Windows 9x, and Windows NT/2000/XP/Vista/7/8.x/10 are each very different systems, right? No, of course you're not, you're a loudmouth who has no idea what he's talking about. Windows NT (which is to say, every version of Windows for PCs or servers since XP) was very much designed with isolation between *all* users, including between Administrators and non-Administrators, as a central feature. Windows NT is not, and never has been, a single-user operating system.

The last version of Windows that was designed as "A SINGLE USER operating system" was Windows ME. Why the fuck would you want to run as though you're running Windows ME? That's bloody idiotic!

Windows NT 3.1 (the initial release, came out in 1993) was very much multi-user, although it wasn't terribly good at timesharing (it wasn't until Windows 2000 that Microsoft added the ability for multiple interactive logins at the same time).

As for why you shouldn't use your OS as a single-user system, there's a number of reasons. One of them is because you, personally, obviously aren't competent to use a computer securely, and probably shouldn't be trusted with anything you have more control over than an iPad (which is, by the way, very multi-user although the earliest versions of iPhone OS, before it could run third-party apps at all, ran everything as root). Another is because sometimes other people run stuff on your computer (via exploits or Trojans or just by walking up to it while you're taking a piss) and you probably don't want them to be able to change everything they feel like changing (you had an impressively stupid rant above about how even an installer shouldn't be able to change UAC settings, which was funny).