HP Possible pulling a Lenovo with Stealthy spyware?
-
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
Frankly, I feel like we still know nothing about it. Why was it installed, what does it do, what data is it sending to HP and why?
This is wrong. We know three key things...
- It was installed without permission.
- It was run without permission.
- It is stealing data without permission.
Those are the things we know. I've seen nothing that gives any reason to question any of those. And we know this not only from the news, but first hand accounts, even here in ML.
-
It was installed without permission.
In the same way Windows Updates installs anything else "without permission". The user gives Win Updates the go ahead to auto install whatever comes through it. -
It was run without permission.
The same way any system service or driver or bug fix is auto run after Win Updates. -
It is stealing data without permission.
HP system health service of some sort. It's what it does. Perhaps it replaced a previous telemetry tool by HP, or this is a new thing HP forced on people, in which case, we didn't agree to it, that's the problem.
-
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
What? People chose to have an HP, they chose to have Windows Updates turned on and automatically load software. Windows updates also gets system tools and drivers, so HP came through it as a driver or something. Obviously Chrome can't get installed through Windows updates, but the HP thing apparently was "that kind" of tool where it can be included as if it were a really important driver or system tool. I don't know how that works.
All this means is that either HP socially engineered Microsoft and/or MS is in on it. MS is the one in the dangerous position here. They either have to throw HP under the bus, or admit that they intentionally deployed spyware through their updates!
This is the most interesting part for me.
Unless I got the story wrong, this came through Windows Updates. And I thought MS only updated MS software, or system drivers through updates. How would HP "spyware" get into Win Updates?
-
@guyinpv They have been expanding this to include large 3rd party vendors. Adobe Flash is now updated through Windows Update for example.
-
@momurda said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv They have been expanding this to include large 3rd party vendors. Adobe Flash is now updated through Windows Update for example.
Ya, but does Flash get installed automatically if it's not already on the machine? Does Updates simply decide everybody needs Flash and install it?
Either the HP software was replacing something already there, or they literally were install as if it was an important system driver for HP hardware.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
No, I see them as the same. Programs that were automatically installed without explicit permission.
Closing your eyes when you install something and calling it malware when you get something you didn't expect is not malware.
In that example it was your own ignorance or eyes being closed that Chrome was installed.
In HPs case, they did it all themself. You were not a part of it. It was all behind your back and all done in a malicious way. No choice was given in the first place.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
Frankly, I feel like we still know nothing about it. Why was it installed, what does it do, what data is it sending to HP and why?
This is wrong. We know three key things...
- It was installed without permission.
- It was run without permission.
- It is stealing data without permission.
Those are the things we know. I've seen nothing that gives any reason to question any of those. And we know this not only from the news, but first hand accounts, even here in ML.
-
It was installed without permission.
In the same way Windows Updates installs anything else "without permission". The user gives Win Updates the go ahead to auto install whatever comes through it. -
It was run without permission.
The same way any system service or driver or bug fix is auto run after Win Updates. -
It is stealing data without permission.
HP system health service of some sort. It's what it does. Perhaps it replaced a previous telemetry tool by HP, or this is a new thing HP forced on people, in which case, we didn't agree to it, that's the problem.
All of this is completely different... pretty much the opposite of what HP did.
Also, you have an option of whether or not to include other software updates in Windows update.
Some of what you said just straight up isn't relavant or make any sense.
-
@tim_g said in HP Possible pulling a Lenovo with Stealthy spyware?:
No choice was given in the first place.
Tomato Tomahto
I can easily say people had a choice to not have auto-updates on. It's just as much "missing a checkbox" when Chrome got installed. I had choices in both cases, I "missed an option" in both cases. I could have prevented it in both cases if I paid more attention or changed a setting.
This is splitting hairs. HP did not hack into computers and install things without permission. It was a freaking Windows update.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
@tim_g said in HP Possible pulling a Lenovo with Stealthy spyware?:
No choice was given in the first place.
Tomato Tomahto
I can easily say people had a choice to not have auto-updates on. It's just as much "missing a checkbox" when Chrome got installed. I had choices in both cases, I "missed an option" in both cases. I could have prevented it in both cases if I paid more attention or changed a setting.
This is splitting hairs. HP did not hack into computers and install things without permission. It was a freaking Windows update.
No. It is very far from the same thing.
HP did exactly what Scott mentioned here:
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
This is wrong. We know three key things...
It was installed without permission.
It was run without permission.
It is stealing data without permission.Those are the things we know. I've seen nothing that gives any reason to question any of those. And we know this not only from the news, but first hand accounts, even here in ML.
Everything else you are comparing it against is the opposite.
-
See more updates on this:
https://www.laptopmag.com/articles/hp-touchpoint-analytics-controversySee also HP on this:
https://community.spiceworks.com/topic/post/7408989 -
@dbeato said in HP Possible pulling a Lenovo with Stealthy spyware?:
See more updates on this:
https://www.laptopmag.com/articles/hp-touchpoint-analytics-controversySee also HP on this:
https://community.spiceworks.com/topic/post/7408989So HP claims that everyone opted in to this, which is possible, but goes against what the reports are saying.
-
So what's the current verdict?
-
@dashrender said in HP Possible pulling a Lenovo with Stealthy spyware?:
So what's the current verdict?
He said, she said. Customers are saying it is running without permission, HP says that they were given permission.
-
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@dbeato said in HP Possible pulling a Lenovo with Stealthy spyware?:
See more updates on this:
https://www.laptopmag.com/articles/hp-touchpoint-analytics-controversySee also HP on this:
https://community.spiceworks.com/topic/post/7408989So HP claims that everyone opted in to this, which is possible, but goes against what the reports are saying.
Right - so who do you trust? There have been so many security reports lately, that it seems almost like security research firms are now making headlines to bring attention to their businesses.
-
@dashrender said in HP Possible pulling a Lenovo with Stealthy spyware?:
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@dbeato said in HP Possible pulling a Lenovo with Stealthy spyware?:
See more updates on this:
https://www.laptopmag.com/articles/hp-touchpoint-analytics-controversySee also HP on this:
https://community.spiceworks.com/topic/post/7408989So HP claims that everyone opted in to this, which is possible, but goes against what the reports are saying.
Right - so who do you trust? There have been so many security reports lately, that it seems almost like security research firms are now making headlines to bring attention to their businesses.
Except it is also reported by ML community members, whom I trust more than I trust HP.
-
I don't trust hardware manufacturers to write good software. I trust them to make good hardware.
-
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@dashrender said in HP Possible pulling a Lenovo with Stealthy spyware?:
So what's the current verdict?
He said, she said. Customers are saying it is running without permission, HP says that they were given permission.
So there's no verdict. At least with Lenovo - they flat out denied it only to have it proven, and then a quiet back-peddle driver update from Lenovo.
I guess there hasn't been enough time to independently test this yet? -
From that article: "However, we checked in Windows 10's Task Manager on our Spectre x360, and it revealed that HP Touchpoint Analytics Client used a measly 24 MB of RAM, while zero burden was placed on CPU and network."
Measily 24MB? Um, you can fit nearly a whole modern OS into that size!
-
@momurda said in HP Possible pulling a Lenovo with Stealthy spyware?:
I don't trust hardware manufacturers to write good software. I trust them to make good hardware.
That, too.
-
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@momurda said in HP Possible pulling a Lenovo with Stealthy spyware?:
I don't trust hardware manufacturers to write good software. I trust them to make good hardware.
That, too.
This really doesn't compute to me. If you have bad drivers, how can you expect your hardware to perform well?
-
Trust no one. Especially not a big corporation. HP is to blame, fair and square. If they got permission, it was probably obscured in such a way the end user couldn't tell what the hell it was.
