HP Possible pulling a Lenovo with Stealthy spyware?
-
@tim_g said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
This is either malicious or an accident pushing DaaS tools to computers that don't need it.
We can't know that. We cannot have any assumption that only legitimate data is being collected. Is that a possibility? Yes. Can we assume it? Absolutely not. Unless you can prove everything that is and can be collected with it, you have to treat it as stealing anything and everything. This is malware we are talking about.
It's not malware if it's just a system management tool as part of their DaaS program. In this case it would just be a tool accidentally getting installed on systems that haven't been enrolled in the program.
Just the other day on a fresh load of Win10 on a laptop I was installing various programs and I think the antivirus automatically installed Chrome. I don't remember being asked to install Chrome, or the little checkbox was tiny and passed my view. Does that make Chrome malware? No, it just got installed without my explicit permission. It was opt-out rather than opt-in. Same as the HP software I guess.
Trojans are just management tools, too.
Object your honor, relevance.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
This is either malicious or an accident pushing DaaS tools to computers that don't need it.
We can't know that. We cannot have any assumption that only legitimate data is being collected. Is that a possibility? Yes. Can we assume it? Absolutely not. Unless you can prove everything that is and can be collected with it, you have to treat it as stealing anything and everything. This is malware we are talking about.
It's not malware if it's just a system management tool as part of their DaaS program.
This is totally untrue. What it CAN be included with has no relevance. That it is malware is the issue here. Malware can have legit uses too.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
@tim_g said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
This is either malicious or an accident pushing DaaS tools to computers that don't need it.
We can't know that. We cannot have any assumption that only legitimate data is being collected. Is that a possibility? Yes. Can we assume it? Absolutely not. Unless you can prove everything that is and can be collected with it, you have to treat it as stealing anything and everything. This is malware we are talking about.
It's not malware if it's just a system management tool as part of their DaaS program. In this case it would just be a tool accidentally getting installed on systems that haven't been enrolled in the program.
Just the other day on a fresh load of Win10 on a laptop I was installing various programs and I think the antivirus automatically installed Chrome. I don't remember being asked to install Chrome, or the little checkbox was tiny and passed my view. Does that make Chrome malware? No, it just got installed without my explicit permission. It was opt-out rather than opt-in. Same as the HP software I guess.
Trojans are just management tools, too.
Object your honor, relevance.
It's totally relevant. You just excused malware on the basis of the potential of being included in a legit package.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
m. In this case it would just be a tool accidentally getting installed on systems that haven't been enrolled in the program.
There is no grounds for this claim. How do you know that this is an accident? And accidental hacking is still hacking. It's better, but it's not nothing.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
Just the other day on a fresh load of Win10 on a laptop I was installing various programs and I think the antivirus automatically installed Chrome. I don't remember being asked to install Chrome, or the little checkbox was tiny and passed my view. Does that make Chrome malware? No, it just got installed without my explicit permission. It was opt-out rather than opt-in. Same as the HP software I guess.
How is this even similar in your mind? I can't even imagine what aspect of this you are picturing makes one anything like the other. I truly have no idea how you missing a CHrome installer as being related to HP hacking customers. What's the connection?
-
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
Just the other day on a fresh load of Win10 on a laptop I was installing various programs and I think the antivirus automatically installed Chrome. I don't remember being asked to install Chrome, or the little checkbox was tiny and passed my view. Does that make Chrome malware? No, it just got installed without my explicit permission. It was opt-out rather than opt-in. Same as the HP software I guess.
How is this even similar in your mind? I can't even imagine what aspect of this you are picturing makes one anything like the other. I truly have no idea how you missing a CHrome installer as being related to HP hacking customers. What's the connection?
The connection is something being installed without express permission. How is it you aren't seeing the connection? Chrome is a legit program, very likely the HP DaaS management tool is also a legit tool. You said yourself malware can also be legit packaging. But you call the HP malware and not Chrome. How is that confusing? It's the same thing to me.
In one case, some random program also thew in Chrome without my permission. And in the other case Windows updates threw in some HP software without permission. Both legitimate software with legitimate purposes and uses, but neither expressly permitted. -
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
Just the other day on a fresh load of Win10 on a laptop I was installing various programs and I think the antivirus automatically installed Chrome. I don't remember being asked to install Chrome, or the little checkbox was tiny and passed my view. Does that make Chrome malware? No, it just got installed without my explicit permission. It was opt-out rather than opt-in. Same as the HP software I guess.
How is this even similar in your mind? I can't even imagine what aspect of this you are picturing makes one anything like the other. I truly have no idea how you missing a CHrome installer as being related to HP hacking customers. What's the connection?
The connection is something being installed without express permission. How is it you aren't seeing the connection?
Because one is installed by you, the other is not.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
In one case, some random program also thew in Chrome without my permission.
You said you didn't notice, you didn't say you were sure it never checked. Also, Chrome isn't collecting data, so isn't related. It's not spying on you. It is likely just classified as part of the original package.
I can't stress enough how every aspect here is flipped completely.
-
I can make software that includes Chrome as part of it. I can deploy that without asking you if you agree to deploy my software. You make the decision, not me. You can remove if you want. It's all open and above board. It's not malware.
If I install software without your permission, and RUN that software without your permission, and STEAL your data without your permission... that's malware.
Installing with, running with, collecting data with permissions versus all the same without permissions. Don't you see how they are opposites?
-
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
I can make software that includes Chrome as part of it. I can deploy that without asking you if you agree to deploy my software. You make the decision, not me. You can remove if you want. It's all open and above board. It's not malware.
If I install software without your permission, and RUN that software without your permission, and STEAL your data without your permission... that's malware.
Installing with, running with, collecting data with permissions versus all the same without permissions. Don't you see how they are opposites?
No, I see them as the same. Programs that were automatically installed without explicit permission. Don't give a crap what the programs DO, it's about them being installed not by me and I didn't ask for them.
It's no more malware than Spiceworks is malware, or Speccy is malware. It collects system health data and what not. Did you not look at the what the HP DaaS program is, or the the HP Management tool before it? It's for central management and system care.
My bigger concern is why did HP (or MS?) decide to install this on computers that were not in the DaaS program. Since they are not in the DaaS program, the data is just going to HP themselves I guess, which does smell of stealing data.
Could it be that these computers were already using the previous HP Management tool and so HP just upgraded it to this newer thing? Could it be HP was already collecting system health data and they just weren't aware of it before?
For all anyone knows, the computers were already pumping this data out, not it just got exposed when upgrading to the DaaS service.
Frankly, I feel like we still know nothing about it. Why was it installed, what does it do, what data is it sending to HP and why? Did it replace a previous program that was doing the same? Was it an accident? Or do you truly believe HP just wanted to stick random malicious malware on peoples computers to steal data? Is THAT proved yet?
We know nothing, so as far as I see it, a random HP system health service/app was auto installed and nobody knows why. -
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
No, I see them as the same. Programs that were automatically installed without explicit permission. Don't give a crap what the programs DO, it's about them being installed not by me and I didn't ask for them.
But one had NO permission, the other had either implicit or explicit. Bottom line, one is legal and ethical. One is criminal and totally unethical. No overlap. None.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
Don't give a crap what the programs DO, it's about them being installed not by me and I didn't ask for them.
You don't care that one you chose to install, and one you had no choice? You don't care that one ran only when you chose, and one ran without permission? You doestn' collect your data, the other steals it? You don't care about those things?
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
It's no more malware than Spiceworks is malware, or Speccy is malware. It collects system health data and what not. Did you not look at the what the HP DaaS program is, or the the HP Management tool before it? It's for central management and system care.
One is given data, the other steals it. How are you overlooking the steals portion here?
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
My bigger concern is why did HP (or MS?) decide to install this on computers that were not in the DaaS program. Since they are not in the DaaS program, the data is just going to HP themselves I guess, which does smell of stealing data.
The DaaS program is irrelevant. This is spyware in this case. Why do you keep mentioning the DaaS program as if it has some relevance? I'm so confused.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
Could it be that these computers were already using the previous HP Management tool and so HP just upgraded it to this newer thing? Could it be HP was already collecting system health data and they just weren't aware of it before?
Possibly, but that doesn't make this any better.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
For all anyone knows, the computers were already pumping this data out, not it just got exposed when upgrading to the DaaS service.
It got exposed NOT on the DaaS service. The DaaS service is not part of the equation.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
Frankly, I feel like we still know nothing about it. Why was it installed, what does it do, what data is it sending to HP and why?
This is wrong. We know three key things...
- It was installed without permission.
- It was run without permission.
- It is stealing data without permission.
Those are the things we know. I've seen nothing that gives any reason to question any of those. And we know this not only from the news, but first hand accounts, even here in ML.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
We know nothing, so as far as I see it, a random HP system health service/app was auto installed and nobody knows why.
No, this is false. We know a LOT. We know most of what is important. All of the things you are injecting as doubt, like if it is part of a DaaS product at some other time, are red herrings and misdirection. They aren't relevant to the spyware scenario that we are discussing.
-
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
Don't give a crap what the programs DO, it's about them being installed not by me and I didn't ask for them.
You don't care that one you chose to install, and one you had no choice? You don't care that one ran only when you chose, and one ran without permission? You doestn' collect your data, the other steals it? You don't care about those things?
What? People chose to have an HP, they chose to have Windows Updates turned on and automatically load software. Windows updates also gets system tools and drivers, so HP came through it as a driver or something. Obviously Chrome can't get installed through Windows updates, but the HP thing apparently was "that kind" of tool where it can be included as if it were a really important driver or system tool. I don't know how that works.
Fact is people gave as much permission to get this HP tool installed as I gave to get Chrome installed. It just came with other things and didn't ask me.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
Was it an accident? Or do you truly believe HP just wanted to stick random malicious malware on peoples computers to steal data? Is THAT proved yet?
They will have to work VERY hard to prove it was an accident, if they even attempt to make that claim. Deploying spyware by accident is a pretty big mistake. You don't hack people by accident.
Of course we believe HP put spyware on machines to steal data. It's pretty crazy to consider anything else. Lenovo did exactly this and showed that there was basically no penalty and that their customers could be convinced of anything by lying about it. HP knows they have basically nothing to lose by doing something malicious. Suggesting that something so blatant could be an accident is pushing the boundaries of reason pretty heavily. Possible? Yes. REasonable to consider? Not really.