ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    HP Possible pulling a Lenovo with Stealthy spyware?

    Scheduled Pinned Locked Moved News
    malwarehpspywaresecurity
    122 Posts 18 Posters 19.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @guyinpv
      last edited by

      @guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

      Just the other day on a fresh load of Win10 on a laptop I was installing various programs and I think the antivirus automatically installed Chrome. I don't remember being asked to install Chrome, or the little checkbox was tiny and passed my view. Does that make Chrome malware? No, it just got installed without my explicit permission. It was opt-out rather than opt-in. Same as the HP software I guess.

      How is this even similar in your mind? I can't even imagine what aspect of this you are picturing makes one anything like the other. I truly have no idea how you missing a CHrome installer as being related to HP hacking customers. What's the connection?

      guyinpvG 1 Reply Last reply Reply Quote 0
      • guyinpvG
        guyinpv @scottalanmiller
        last edited by

        @scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:

        @guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

        Just the other day on a fresh load of Win10 on a laptop I was installing various programs and I think the antivirus automatically installed Chrome. I don't remember being asked to install Chrome, or the little checkbox was tiny and passed my view. Does that make Chrome malware? No, it just got installed without my explicit permission. It was opt-out rather than opt-in. Same as the HP software I guess.

        How is this even similar in your mind? I can't even imagine what aspect of this you are picturing makes one anything like the other. I truly have no idea how you missing a CHrome installer as being related to HP hacking customers. What's the connection?

        The connection is something being installed without express permission. How is it you aren't seeing the connection? Chrome is a legit program, very likely the HP DaaS management tool is also a legit tool. You said yourself malware can also be legit packaging. But you call the HP malware and not Chrome. How is that confusing? It's the same thing to me.
        In one case, some random program also thew in Chrome without my permission. And in the other case Windows updates threw in some HP software without permission. Both legitimate software with legitimate purposes and uses, but neither expressly permitted.

        scottalanmillerS 2 Replies Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @guyinpv
          last edited by

          @guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

          @scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:

          @guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

          Just the other day on a fresh load of Win10 on a laptop I was installing various programs and I think the antivirus automatically installed Chrome. I don't remember being asked to install Chrome, or the little checkbox was tiny and passed my view. Does that make Chrome malware? No, it just got installed without my explicit permission. It was opt-out rather than opt-in. Same as the HP software I guess.

          How is this even similar in your mind? I can't even imagine what aspect of this you are picturing makes one anything like the other. I truly have no idea how you missing a CHrome installer as being related to HP hacking customers. What's the connection?

          The connection is something being installed without express permission. How is it you aren't seeing the connection?

          Because one is installed by you, the other is not.

          1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @guyinpv
            last edited by

            @guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

            In one case, some random program also thew in Chrome without my permission.

            You said you didn't notice, you didn't say you were sure it never checked. Also, Chrome isn't collecting data, so isn't related. It's not spying on you. It is likely just classified as part of the original package.

            I can't stress enough how every aspect here is flipped completely.

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller
              last edited by

              I can make software that includes Chrome as part of it. I can deploy that without asking you if you agree to deploy my software. You make the decision, not me. You can remove if you want. It's all open and above board. It's not malware.

              If I install software without your permission, and RUN that software without your permission, and STEAL your data without your permission... that's malware.

              Installing with, running with, collecting data with permissions versus all the same without permissions. Don't you see how they are opposites?

              guyinpvG 1 Reply Last reply Reply Quote 0
              • guyinpvG
                guyinpv @scottalanmiller
                last edited by

                @scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:

                I can make software that includes Chrome as part of it. I can deploy that without asking you if you agree to deploy my software. You make the decision, not me. You can remove if you want. It's all open and above board. It's not malware.

                If I install software without your permission, and RUN that software without your permission, and STEAL your data without your permission... that's malware.

                Installing with, running with, collecting data with permissions versus all the same without permissions. Don't you see how they are opposites?

                No, I see them as the same. Programs that were automatically installed without explicit permission. Don't give a crap what the programs DO, it's about them being installed not by me and I didn't ask for them.

                It's no more malware than Spiceworks is malware, or Speccy is malware. It collects system health data and what not. Did you not look at the what the HP DaaS program is, or the the HP Management tool before it? It's for central management and system care.

                My bigger concern is why did HP (or MS?) decide to install this on computers that were not in the DaaS program. Since they are not in the DaaS program, the data is just going to HP themselves I guess, which does smell of stealing data.

                Could it be that these computers were already using the previous HP Management tool and so HP just upgraded it to this newer thing? Could it be HP was already collecting system health data and they just weren't aware of it before?

                For all anyone knows, the computers were already pumping this data out, not it just got exposed when upgrading to the DaaS service.

                Frankly, I feel like we still know nothing about it. Why was it installed, what does it do, what data is it sending to HP and why? Did it replace a previous program that was doing the same? Was it an accident? Or do you truly believe HP just wanted to stick random malicious malware on peoples computers to steal data? Is THAT proved yet?
                We know nothing, so as far as I see it, a random HP system health service/app was auto installed and nobody knows why.

                scottalanmillerS ObsolesceO 10 Replies Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @guyinpv
                  last edited by

                  @guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

                  No, I see them as the same. Programs that were automatically installed without explicit permission. Don't give a crap what the programs DO, it's about them being installed not by me and I didn't ask for them.

                  But one had NO permission, the other had either implicit or explicit. Bottom line, one is legal and ethical. One is criminal and totally unethical. No overlap. None.

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @guyinpv
                    last edited by

                    @guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

                    Don't give a crap what the programs DO, it's about them being installed not by me and I didn't ask for them.

                    You don't care that one you chose to install, and one you had no choice? You don't care that one ran only when you chose, and one ran without permission? You doestn' collect your data, the other steals it? You don't care about those things?

                    guyinpvG 1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @guyinpv
                      last edited by

                      @guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

                      It's no more malware than Spiceworks is malware, or Speccy is malware. It collects system health data and what not. Did you not look at the what the HP DaaS program is, or the the HP Management tool before it? It's for central management and system care.

                      One is given data, the other steals it. How are you overlooking the steals portion here?

                      1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @guyinpv
                        last edited by

                        @guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

                        My bigger concern is why did HP (or MS?) decide to install this on computers that were not in the DaaS program. Since they are not in the DaaS program, the data is just going to HP themselves I guess, which does smell of stealing data.

                        The DaaS program is irrelevant. This is spyware in this case. Why do you keep mentioning the DaaS program as if it has some relevance? I'm so confused.

                        1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @guyinpv
                          last edited by

                          @guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

                          Could it be that these computers were already using the previous HP Management tool and so HP just upgraded it to this newer thing? Could it be HP was already collecting system health data and they just weren't aware of it before?

                          Possibly, but that doesn't make this any better.

                          1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @guyinpv
                            last edited by

                            @guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

                            For all anyone knows, the computers were already pumping this data out, not it just got exposed when upgrading to the DaaS service.

                            It got exposed NOT on the DaaS service. The DaaS service is not part of the equation.

                            1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @guyinpv
                              last edited by

                              @guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

                              Frankly, I feel like we still know nothing about it. Why was it installed, what does it do, what data is it sending to HP and why?

                              This is wrong. We know three key things...

                              1. It was installed without permission.
                              2. It was run without permission.
                              3. It is stealing data without permission.

                              Those are the things we know. I've seen nothing that gives any reason to question any of those. And we know this not only from the news, but first hand accounts, even here in ML.

                              guyinpvG 1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @guyinpv
                                last edited by

                                @guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

                                We know nothing, so as far as I see it, a random HP system health service/app was auto installed and nobody knows why.

                                No, this is false. We know a LOT. We know most of what is important. All of the things you are injecting as doubt, like if it is part of a DaaS product at some other time, are red herrings and misdirection. They aren't relevant to the spyware scenario that we are discussing.

                                1 Reply Last reply Reply Quote 0
                                • guyinpvG
                                  guyinpv @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:

                                  @guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

                                  Don't give a crap what the programs DO, it's about them being installed not by me and I didn't ask for them.

                                  You don't care that one you chose to install, and one you had no choice? You don't care that one ran only when you chose, and one ran without permission? You doestn' collect your data, the other steals it? You don't care about those things?

                                  What? People chose to have an HP, they chose to have Windows Updates turned on and automatically load software. Windows updates also gets system tools and drivers, so HP came through it as a driver or something. Obviously Chrome can't get installed through Windows updates, but the HP thing apparently was "that kind" of tool where it can be included as if it were a really important driver or system tool. I don't know how that works.

                                  Fact is people gave as much permission to get this HP tool installed as I gave to get Chrome installed. It just came with other things and didn't ask me.

                                  scottalanmillerS 3 Replies Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @guyinpv
                                    last edited by

                                    @guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

                                    Was it an accident? Or do you truly believe HP just wanted to stick random malicious malware on peoples computers to steal data? Is THAT proved yet?

                                    They will have to work VERY hard to prove it was an accident, if they even attempt to make that claim. Deploying spyware by accident is a pretty big mistake. You don't hack people by accident.

                                    Of course we believe HP put spyware on machines to steal data. It's pretty crazy to consider anything else. Lenovo did exactly this and showed that there was basically no penalty and that their customers could be convinced of anything by lying about it. HP knows they have basically nothing to lose by doing something malicious. Suggesting that something so blatant could be an accident is pushing the boundaries of reason pretty heavily. Possible? Yes. REasonable to consider? Not really.

                                    1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @guyinpv
                                      last edited by

                                      @guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

                                      What? People chose to have an HP, they chose to have Windows Updates turned on and automatically load software. Windows updates also gets system tools and drivers, so HP came through it as a driver or something. Obviously Chrome can't get installed through Windows updates, but the HP thing apparently was "that kind" of tool where it can be included as if it were a really important driver or system tool. I don't know how that works.

                                      Obviously it is not a driver. Spyware is not a driver.

                                      1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @guyinpv
                                        last edited by

                                        @guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

                                        @scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:

                                        @guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

                                        Don't give a crap what the programs DO, it's about them being installed not by me and I didn't ask for them.

                                        You don't care that one you chose to install, and one you had no choice? You don't care that one ran only when you chose, and one ran without permission? You doestn' collect your data, the other steals it? You don't care about those things?

                                        What? People chose to have an HP, ...

                                        And? Once again, why are you mentioning this as it is not relevant to the situation?

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @guyinpv
                                          last edited by

                                          @guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

                                          What? People chose to have an HP, they chose to have Windows Updates turned on and automatically load software. Windows updates also gets system tools and drivers, so HP came through it as a driver or something. Obviously Chrome can't get installed through Windows updates, but the HP thing apparently was "that kind" of tool where it can be included as if it were a really important driver or system tool. I don't know how that works.

                                          All this means is that either HP socially engineered Microsoft and/or MS is in on it. MS is the one in the dangerous position here. They either have to throw HP under the bus, or admit that they intentionally deployed spyware through their updates!

                                          guyinpvG 1 Reply Last reply Reply Quote 0
                                          • guyinpvG
                                            guyinpv @scottalanmiller
                                            last edited by

                                            @scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:

                                            @guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

                                            Frankly, I feel like we still know nothing about it. Why was it installed, what does it do, what data is it sending to HP and why?

                                            This is wrong. We know three key things...

                                            1. It was installed without permission.
                                            2. It was run without permission.
                                            3. It is stealing data without permission.

                                            Those are the things we know. I've seen nothing that gives any reason to question any of those. And we know this not only from the news, but first hand accounts, even here in ML.

                                            1. It was installed without permission.
                                              In the same way Windows Updates installs anything else "without permission". The user gives Win Updates the go ahead to auto install whatever comes through it.

                                            2. It was run without permission.
                                              The same way any system service or driver or bug fix is auto run after Win Updates.

                                            3. It is stealing data without permission.
                                              HP system health service of some sort. It's what it does. Perhaps it replaced a previous telemetry tool by HP, or this is a new thing HP forced on people, in which case, we didn't agree to it, that's the problem.

                                            ObsolesceO 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 5 / 7
                                            • First post
                                              Last post