Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Software Displays Windows

LG Split Screen Software Compromises System Security 187

jones_supa writes: The Korean electronics company LG ships a split screen tool with their ultra wide displays. It allows users to slice the Windows desktop into multiple segments. However, installing the software seriously compromises security of the particular workstation. The developers required administrator access for the software, but apparently they hacked their way out. The installer silently disables User Account Control, and enables a policy to start all applications as Administrator. In the article there is also a video presentation of the setup procedure. It is safe to say that no one should be running this software in its current form.
This discussion has been archived. No new comments can be posted.

LG Split Screen Software Compromises System Security

Comments Filter:
  • by some1001 ( 2489796 ) on Saturday April 11, 2015 @06:25PM (#49455093)

    I realize that the software probably shouldn't have disabled UAC out of the box without at least informing the user, but having worked on some out-of-process COM applications (yes, legacy) in Windows Vista/7/8/10, UAC can be extremely frustrating. The biggest issue is that having UAC on creates a different user context between user and admin. If I execute a program as myself with admin privileges, it is not exactly the same as executing the program as myself without admin privileges.

    For example, if your user with admin priveleges creates a COM component, that component may not be able to be accessed by a non-admin context even though your user may be in the local administrators group, DCOM Users group, etc.

    I wouldn't be surprised if LG ran into a COM issue with Windows and decided to make the program for reliable for the user by disabling UAC instead of resolving the problem in a different way.

    • by Anonymous Coward

      If I execute a program as myself with admin privileges, it is not exactly the same as executing the program as myself without admin privileges.

      No shit, Sherlock. Here's a clue: you're supposed to be writing the program as if the user did not have admin privileges so that sysadmins and home users can properly run a locked down system with your software.

      Frankly, I wish M$ had won their anti-trust trial just so they could strong-arm the crapware writers like Adobe, Norton, various extremely shitty HW OEMs th

    • by ATMAvatar ( 648864 ) on Saturday April 11, 2015 @07:32PM (#49455311) Journal

      If you need to use COM components, and you don't want to require admin rights, you register them in HKEY_CURRENT_USER instead of HKEY_CLASSES_ROOT. After that, it just works.

      The sad part is, it would have not have taken any more time to Google that than to find how to disable UAC through the installer.

    • by DigitAl56K ( 805623 ) on Saturday April 11, 2015 @07:36PM (#49455327)

      Yes, a component in an admin context may not be accessible to a component used by user in a non-admin context. This is called a "security" model, and prevents the non - admin process manipulating the admin-context process to do things it shouldn't be able to do. You make it sound like a quirk, but the entire design is that "non elevated components can't talk to elevated components". Try starting Notepad as admin and dropping a text file on it from the non - elevated explorer view, it won't work by design.

      • The problem is that it works both ways. For example, if a non-admin user has smb://foo/bar mapped to z:, but the admin user does not, attempting to make a scheduled task running as admin that involves data in z: will fail, because admin doesn't have it mapped. If you go to %userprofile% in an elevated command prompt, you go to Administrator's profile folder, not the currently logged in user. "non-elevated being unable to talk to elevated" is the 'by design' situation you speak of. 'elevated being unable to

        • by Dog-Cow ( 21281 )

          The mapped drive situation is working as designed. You're implying that it should work, and that's just opening up for a hack. It's like having non-locked down paths in root's PATH. What happens when the user remaps Z: to point to another drive with specially-crafted data in it?

    • The biggest issue is that having UAC on creates a different user context between user and admin.

      That's kind of the point. Sudo does the exact same thing.

      Running everything as the admin is idiotic, because everything you do is as admin, and the machine is wide open. Back in the bad old days of Windows everybody was always admin ... we keep malware out by not running as admin.

      If you need to be logged in as the admin, be logged in as admin to do only do the tasks you need.

      Saying "oh noes, teh COM says we ha

    • by dAzED1 ( 33635 ) on Saturday April 11, 2015 @10:04PM (#49455771) Journal
      As others have said...the "problem" you're describing is *exactly the farking point of UAC* - it's *intentional*. of course the context is different - that is almost completely the entire design concept of UAC, and as an infosec and 20+ year UNIX guy, I personally appreciate UAC in windows when I'm forced to use that OS (which is all too often). UAC isn't a bad thing, it's a *good* thing. And if you can't get your program to work with UAC, either you're bad at design, or your program shouldn't exist.
    • I wouldn't be surprised if LG ran into a COM issue with Windows and decided to make the program for reliable for the user by disabling UAC instead of resolving the problem in a different way.

      There really isn't any reason they needed to do this, besides incompetence or malice. I know, I develop commercial software [maxto.net] that does much the same thing as their software.

      I commented further down [slashdot.org] with more details regarding why.

      • by tlhIngan ( 30335 )

        There really isn't any reason they needed to do this, besides incompetence or malice.

        Most likely incompetence.

        You have to remember, LG makes money on the monitor, they don't make money on the software. Once you buy the monitor, the software's just a bonus to help you manage the windows more effectively.

        The problem is, this makes the software a cost center - so a company like LG would basically say "we need software to do this" and give you $0 to develop it. I.e., get the thing out ASAP and spend no more th

  • by Anonymous Coward on Saturday April 11, 2015 @06:33PM (#49455133)

    The installer silently disables User Account Control, and enables a policy to start all applications as Administrator.

    Holy fucking incompetence, Batman. This reminds me of Sony's rootkit, the one that tried to hide itself from AV software, but in doing so, opened up a huge hole that any malicious program could exploit. How does shit like this make it past any kind of review? What CIO/CTO says "hmm OK, gutting security on every customer's PC sounds like a great idea!" This approaches criminal levels of negligence.

    • by Anonymous Coward

      The same CxO that says "hmmmm... I'm gonna leave this company in a vulnerable position, but I will make my bonus!"

    • Most CIO aren't worth shit, trust me at the company I work for our CIO is a total fucking moron and god knows how he landed his job, I doubt its any different at LG.
    • by mpe ( 36238 )
      How does shit like this make it past any kind of review? What CIO/CTO says "hmm OK, gutting security on every customer's PC sounds like a great idea!"

      Maybe they simply don't care. Only that their program "works", regardless of the consequences.
    • by Agripa ( 139780 )

      How does shit like this make it past any kind of review?

      There is little or no criminal and civil liability for the company.

  • It is a well-known fact that all Samsung software is utter crap. I have long suspected that this statement should admit a nice elegant generalization, and here it is.

    Jokes aside, why third party software should ever be allowed to change UAC settings?

    • by dwywit ( 1109409 )

      And why is third-party software allowed to install and run in the SYSTEM context? Even Administrator isn't allowed to terminate them.

      If McAfee et al were nearly as good as they like to claim, I wouldn't have to uninstall them to run a decent malware scanner (after they've let ukash in), instead of just stopping them.

      Yes, I know they usually have a "suspend protection" option, but I need it out of memory completely, and some of them still start in safe mode.

      • What do you mean, Admin isn't "allowed" to terminate SYSTEM processes? Administrator (the user), or members of the Administrators group (after UAC) have exactly the same level of access as SYSTEM; SYSTEM is just a machine/service account, rather than a user account.

        There are certain processes on Windows that the OS will prevent you from trying to terminate, but that's because they're critical OS processes, not because they run under SYSTEM. You can run Calc.exe under SYSTEM with a little effort, but killing

        • by dwywit ( 1109409 )

          Well, I must be doing something wrong, then. Start, run, taskmgr, right-click, run as administrator, right-click {AVG/Trend Micro/McAfee/Symantec} whatever their core process is called, "end process". "access denied". Check again, the account for said process is SYSTEM. Click start, run, services.msc, right-click, run as administrator, locate service/s, right-click. properties, can't stop 'cause greyed out, select "logon" tab, service uses SYSTEM account.

          Start, run, regedit, right-click, run as administrato

          • by dAzED1 ( 33635 )
            and who is the "creator/owner" there? Probably administrators :) You're right though, AV software sortof has to work a bit umm...outside the proper flow, because Windows is poorly designed.
    • Re:I knew! (Score:5, Funny)

      by arglebargle_xiv ( 2212710 ) on Saturday April 11, 2015 @08:31PM (#49455497)

      It is a well-known fact that all Samsung software is utter crap.

      We're bashing LG here, not Samsung. It's their turn next week, after we do Microsoft on Monday.

  • It is safe to say that no one should be running this software in its current form.

    I'd say it's safe to say that the software shouldn't have done this without informing the user, but if someone wants to run it while knowing it is less secure than might otherwise reasonably be expected, who are you to tell them they shouldn't?

    I disable selinux and in some cases I always log in as root, because I've decided that's the way I want to do things - I'd rather have the extra convenience than the extra security.

    • Re: (Score:3, Insightful)

      by holostarr ( 2709675 )
      You must be thick in the head, that statement isn't ordering you to comply, it is simply advising users against running it. So by all means go ahead and run it and stop looking for reasons to complain!
  • I'm getting so fucking sick of this shit.
  • As what I'd consider a 'power user', one of the first things I do is turn that obnoxious thing off. I understand it's purpose for being there, it's to protect idiots. Though if you've been reading the studies related to 'security popups', they're pretty ineffective anyway.

    A program that magically turns it off for you is definitely a bad thing. However, from a power user perspective, its like.. 'um i don't care, it was already off.'

    Windows simply wasn't built from the ground up to insulate the user space f

    • Re: (Score:3, Insightful)

      by whoever57 ( 658626 )

      As what I'd consider a 'power user', one of the first things I do is turn that obnoxious thing off. I understand it's purpose for being there, it's to protect idiots.

      You never heard of "drive-by installs"? And don't reply with "but I don't go to that type of website", because we have often seen that both ordinary websites and ad networks can be compromised to install malware.

    • That attitude in people who don't know better is part of the problem.
      Yes, you are a "power user", but so are the developers that wrote this stuff in their mind even if they did seriously fuck up. IMHO no developer should have seamless admin/root access on the machine they are testing their software out on and for new developers preferably not on their "daily driver" either.

      Not that I wrote seamless and bolded it - they may need full admin/root access but they should know when they are a normal user and w
      • That attitude in people who don't know better is part of the problem.

        Already said I understand the point of it. Fortunately, I do think i know better, and I do think I do a reasonably good job of monitoring what my computer is doing with itself and what's on it. I've been around these things since the late 80's. Not trying to boast, just say I do think i have a pretty good idea what I'm doing.

        I could leave it on, sure. Sure it's a huge red-flag of something amiss. But at the same time I feel confident enough by monitoring the firewall between my desktop PC and the inter

        • by dbIII ( 701233 )
          I wasn't saying it's not fine for you, but for a newbie developer (or a developer than makes newbie mistakes) it's a headache for others.

          As I already pointed out, there was an article right here on /. just a week or so ago that pointed to a study that security popups are basically ineffective on people who don't understand. So what's the point? They bother me and the people they were intended for ignore them.

          That's a very good point, but they do at least mark some sort of attempt at separation and the sign

        • As a point of random curiosity, are you aware that there's malware that installs into your hard drive controller and/or your motherboard firmware? Reformatting won't help you there. Also, have you heard of cryptolocker (and friends)? If you reformat, you lose just as much data as if the malware has its way with your machine.

        • "Already said I understand the point of it. "

          You state that you understand it, but show that you clearly don't understand it, or you wouldn't disable it.

      • Yes, you are a "power user", but so are the developers that wrote this stuff in their mind even if they did seriously fuck up. IMHO no developer should have seamless admin/root access on the machine they are testing their software out on and for new developers preferably not on their "daily driver" either

        I'm not much of a developer. I tinker a little as a hobby, but I generally don't do any development anymore.

        • by dbIII ( 701233 )
          I didn't mean for you to take it personally I was just pointing a finger at a general attitude that includes many people who are way out of their depth as well as those who actually know what they are doing.

          I try to do all mundane work on systems that are as close to "stock" as possible so that they resemble a typical environment. That's possibly why Windows7 still pisses me off at times (reboot in the middle of a game on my home system again - yes I could turn off updates, but then I don't get to see how
    • by sinij ( 911942 )

      I keep mine on. While it could be annoying, if you don't expect it to show up and it does, it is huge red flag for you to start paying attention.

    • Re: (Score:2, Funny)

      As what I'd consider a 'power user', one of the first things I do is turn that obnoxious thing off.

      And I appreciate that, I really do, although I wish you had less crap on your machine, it's slowing down the warez site I'm running on it. Some of the other guys have been complaining as well.

      Oh, and could you at least write or call your mother once a week or so, I'm getting sick of seeing her nagging in your inbox.

    • by spire3661 ( 1038968 ) on Saturday April 11, 2015 @09:05PM (#49455585) Journal
      I dont mind UAC. Its just like sudo warning you 'think before you type'. Its a clear sign you are initiating a system level action.
      • I dont mind UAC. Its just like sudo warning you 'think before you type'. Its a clear sign you are initiating a system level action.

        I turn that warning off too. Annoying thing. I don't need to be warned, I do believe I know what I'm doing.

    • So you don't like UAC, but you want there to be some things that a user can't change? But that's exactly what UAC is *for*. Preventing users from changing system settings. What, you want more than one kind of admin user?
    • by DigitAl56K ( 805623 ) on Saturday April 11, 2015 @11:16PM (#49455949)

      The fact some program that can change the UAC settings is pretty huge example of why Windows has issues separating userspace from root space. It just simply can't do it right. Who's brilliant idea at Microsoft was it to provide any sort of API that can let any program (besides the control panel widget that lets you adjust UAC settings) adjust UAC settings?

      I hope you realize what you are saying here is the equivalent of a Linux user saying "The fact that some program can change permissions after I launched it as root is an example of a huge security hole. Whose brilliant idea was it to provide any sort of mechanism that can let any program I run as root do things a user who is root can do?".

      This is an example of why UAC exists, in fact: A program that is not UAC elevated could not change your UAC settings (if you hadn't turned them off already).

    • As what I'd consider a 'power user', one of the first things I do is turn that obnoxious thing off.

      I remember during the Vista Beta time frame visiting a website that I'd never been to before and all of a sudden having the browser cause a UAC prompt. Now you can go off on what sort of insecure hole could exist that would allow a website to make admin level privileges on a computer, but that doesn't matter; what matters is that fact that it could. I clicked 'No' on the prompt and felt a sudden rush of power over my computer that I hadn't had before. Previously random crap from anywhere could make admin le

    • by reikae ( 80981 ) on Sunday April 12, 2015 @02:12AM (#49456325)

      A dialog that pretty much only appears when (un)installing software is hardly obnoxious in my opinion. Security popups may well be ineffective for most people, but as a power user I know when UAC prompts should and shouldn't appear; getting a prompt when one shouldn't pop up is a useful warning sign.

    • Comment removed based on user account deletion
    • Wow, I've rarely seen so much idiocy written in one post! I honestly can't tell if you're trolling just a little too subtly, or are sincerely that clueless. People are modding you up though, which is really unfortunate. Here, let me see if I can correct even a little of that...

      If you run as a full Admin, nobody cares what you consider yourself; people who know anything about security (on *any* OS) are going to consider you an idiot. The fact that you think you know anything is just extra pathetic. People wh

      • While I agree with a lot of what you say, the obvious solution is that installers should *not* run as Admin, but as a user with only the permissions required to install software for a normal user. Certainly not with permissions to do anything it likes on the system, and particularly not to change existing security settings.

        This is actually one of the biggest potential advantages of the Windows security model over Unix and Linux. There is no god-like root user with a complete pass to do anything it likes.

    • "As what I'd consider a 'power user', one of the first things I do is turn that obnoxious thing off."

      Ironically, the first thing you do as a 'power user' immediate exposes you as incompetent.

    • by arielCo ( 995647 )

      You misspelled “cowboy user”.

  • LG was the bottom end manufacturer GoldStar and they honestly have never changed their ways. LG smart TV's happily spy on you and they will not stop doing that, I have found several times that LG commercial sets will give you a ROOT login via the rs232 port if you reboot the set rapidly.

    It is no surprise that LG decided to ship a half baked solution for their new flagship displays.

    • It is no surprise that LG decided to ship a half baked solution for their new flagship displays.

      It's kind of a surprise they shipped it at all. I didn't know what this thing did without a bit of googling, it appears that it's custom software that allows you to display multiple windows at once on your desktop, like, um, what's that Microsoft OS called that does that too? Not Microsoft Window (aka Windows 8), but the one where you can have multiple windows tiled across your desktop.

      Oh yeah, Windows 1.0, that was it.

  • They didn't have to (Score:3, Interesting)

    by kilogram ( 520192 ) on Sunday April 12, 2015 @02:25AM (#49456353) Homepage

    There are ways to work around UAC without disabling it in this case. I know, because I wrote MaxTo [maxto.net], which does much the same things, and works with software running under UAC.

    If you want MaxTo to work with UAC, you'll need to run MaxTo elevated. If you say deny elevation, it simply won't work with elevated software.

    I'm pretty sure LG just took the "easy way" out (or they may have nefarious purposes, but I won't speculate), instead of figuring out how to communicate between elevated and non-elevated processes.

    To do this sort of thing, you'll need to divide your software into a few parts. First and foremost, you'll need to install a global system hook. That hook has to be written in unmanaged code (meaning C/C++). You'll need software that controls the hook (but it can be written in a managed language). Now, both the controlling software and the hook has to be compiled as both x64 and x86 code. They will probably also have to communicate with eachother across the x86/x64 platform boundary.

    Now, to get the software to communicate (using window messages) across the UAC boundary, you have to specifically let Windows know which window messages your app will accept from the other side. This is probably the step they missed. You do this by using ChangeWindowMessageFilter [microsoft.com] or ChangeWindowMessageFilterEx [microsoft.com] .

    • Looks pretty good. LG should have just licensed/bought that from you. They'd probably have made it a service that starts (with elevation) automatically, but eh, much better than what they actually did!

  • Surely its a bug/bad design that it's possible to silently disable User Account Control, and enable a policy to start all applications as Administrator. If you can do this without acknowledging a UAC popup then it makes UAC itself pretty useless

Real programmers don't comment their code. It was hard to write, it should be hard to understand.

Working...