HP Possible pulling a Lenovo with Stealthy spyware?
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
It's no more malware than Spiceworks is malware, or Speccy is malware. It collects system health data and what not. Did you not look at the what the HP DaaS program is, or the the HP Management tool before it? It's for central management and system care.
One is given data, the other steals it. How are you overlooking the steals portion here?
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
My bigger concern is why did HP (or MS?) decide to install this on computers that were not in the DaaS program. Since they are not in the DaaS program, the data is just going to HP themselves I guess, which does smell of stealing data.
The DaaS program is irrelevant. This is spyware in this case. Why do you keep mentioning the DaaS program as if it has some relevance? I'm so confused.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
Could it be that these computers were already using the previous HP Management tool and so HP just upgraded it to this newer thing? Could it be HP was already collecting system health data and they just weren't aware of it before?
Possibly, but that doesn't make this any better.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
For all anyone knows, the computers were already pumping this data out, not it just got exposed when upgrading to the DaaS service.
It got exposed NOT on the DaaS service. The DaaS service is not part of the equation.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
Frankly, I feel like we still know nothing about it. Why was it installed, what does it do, what data is it sending to HP and why?
This is wrong. We know three key things...
- It was installed without permission.
- It was run without permission.
- It is stealing data without permission.
Those are the things we know. I've seen nothing that gives any reason to question any of those. And we know this not only from the news, but first hand accounts, even here in ML.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
We know nothing, so as far as I see it, a random HP system health service/app was auto installed and nobody knows why.
No, this is false. We know a LOT. We know most of what is important. All of the things you are injecting as doubt, like if it is part of a DaaS product at some other time, are red herrings and misdirection. They aren't relevant to the spyware scenario that we are discussing.
-
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
Don't give a crap what the programs DO, it's about them being installed not by me and I didn't ask for them.
You don't care that one you chose to install, and one you had no choice? You don't care that one ran only when you chose, and one ran without permission? You doestn' collect your data, the other steals it? You don't care about those things?
What? People chose to have an HP, they chose to have Windows Updates turned on and automatically load software. Windows updates also gets system tools and drivers, so HP came through it as a driver or something. Obviously Chrome can't get installed through Windows updates, but the HP thing apparently was "that kind" of tool where it can be included as if it were a really important driver or system tool. I don't know how that works.
Fact is people gave as much permission to get this HP tool installed as I gave to get Chrome installed. It just came with other things and didn't ask me.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
Was it an accident? Or do you truly believe HP just wanted to stick random malicious malware on peoples computers to steal data? Is THAT proved yet?
They will have to work VERY hard to prove it was an accident, if they even attempt to make that claim. Deploying spyware by accident is a pretty big mistake. You don't hack people by accident.
Of course we believe HP put spyware on machines to steal data. It's pretty crazy to consider anything else. Lenovo did exactly this and showed that there was basically no penalty and that their customers could be convinced of anything by lying about it. HP knows they have basically nothing to lose by doing something malicious. Suggesting that something so blatant could be an accident is pushing the boundaries of reason pretty heavily. Possible? Yes. REasonable to consider? Not really.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
What? People chose to have an HP, they chose to have Windows Updates turned on and automatically load software. Windows updates also gets system tools and drivers, so HP came through it as a driver or something. Obviously Chrome can't get installed through Windows updates, but the HP thing apparently was "that kind" of tool where it can be included as if it were a really important driver or system tool. I don't know how that works.
Obviously it is not a driver. Spyware is not a driver.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
Don't give a crap what the programs DO, it's about them being installed not by me and I didn't ask for them.
You don't care that one you chose to install, and one you had no choice? You don't care that one ran only when you chose, and one ran without permission? You doestn' collect your data, the other steals it? You don't care about those things?
What? People chose to have an HP, ...
And? Once again, why are you mentioning this as it is not relevant to the situation?
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
What? People chose to have an HP, they chose to have Windows Updates turned on and automatically load software. Windows updates also gets system tools and drivers, so HP came through it as a driver or something. Obviously Chrome can't get installed through Windows updates, but the HP thing apparently was "that kind" of tool where it can be included as if it were a really important driver or system tool. I don't know how that works.
All this means is that either HP socially engineered Microsoft and/or MS is in on it. MS is the one in the dangerous position here. They either have to throw HP under the bus, or admit that they intentionally deployed spyware through their updates!
-
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
Frankly, I feel like we still know nothing about it. Why was it installed, what does it do, what data is it sending to HP and why?
This is wrong. We know three key things...
- It was installed without permission.
- It was run without permission.
- It is stealing data without permission.
Those are the things we know. I've seen nothing that gives any reason to question any of those. And we know this not only from the news, but first hand accounts, even here in ML.
-
It was installed without permission.
In the same way Windows Updates installs anything else "without permission". The user gives Win Updates the go ahead to auto install whatever comes through it. -
It was run without permission.
The same way any system service or driver or bug fix is auto run after Win Updates. -
It is stealing data without permission.
HP system health service of some sort. It's what it does. Perhaps it replaced a previous telemetry tool by HP, or this is a new thing HP forced on people, in which case, we didn't agree to it, that's the problem.
-
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
What? People chose to have an HP, they chose to have Windows Updates turned on and automatically load software. Windows updates also gets system tools and drivers, so HP came through it as a driver or something. Obviously Chrome can't get installed through Windows updates, but the HP thing apparently was "that kind" of tool where it can be included as if it were a really important driver or system tool. I don't know how that works.
All this means is that either HP socially engineered Microsoft and/or MS is in on it. MS is the one in the dangerous position here. They either have to throw HP under the bus, or admit that they intentionally deployed spyware through their updates!
This is the most interesting part for me.
Unless I got the story wrong, this came through Windows Updates. And I thought MS only updated MS software, or system drivers through updates. How would HP "spyware" get into Win Updates?
-
@guyinpv They have been expanding this to include large 3rd party vendors. Adobe Flash is now updated through Windows Update for example.
-
@momurda said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv They have been expanding this to include large 3rd party vendors. Adobe Flash is now updated through Windows Update for example.
Ya, but does Flash get installed automatically if it's not already on the machine? Does Updates simply decide everybody needs Flash and install it?
Either the HP software was replacing something already there, or they literally were install as if it was an important system driver for HP hardware.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
No, I see them as the same. Programs that were automatically installed without explicit permission.
Closing your eyes when you install something and calling it malware when you get something you didn't expect is not malware.
In that example it was your own ignorance or eyes being closed that Chrome was installed.
In HPs case, they did it all themself. You were not a part of it. It was all behind your back and all done in a malicious way. No choice was given in the first place.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
Frankly, I feel like we still know nothing about it. Why was it installed, what does it do, what data is it sending to HP and why?
This is wrong. We know three key things...
- It was installed without permission.
- It was run without permission.
- It is stealing data without permission.
Those are the things we know. I've seen nothing that gives any reason to question any of those. And we know this not only from the news, but first hand accounts, even here in ML.
-
It was installed without permission.
In the same way Windows Updates installs anything else "without permission". The user gives Win Updates the go ahead to auto install whatever comes through it. -
It was run without permission.
The same way any system service or driver or bug fix is auto run after Win Updates. -
It is stealing data without permission.
HP system health service of some sort. It's what it does. Perhaps it replaced a previous telemetry tool by HP, or this is a new thing HP forced on people, in which case, we didn't agree to it, that's the problem.
All of this is completely different... pretty much the opposite of what HP did.
Also, you have an option of whether or not to include other software updates in Windows update.
Some of what you said just straight up isn't relavant or make any sense.
-
@tim_g said in HP Possible pulling a Lenovo with Stealthy spyware?:
No choice was given in the first place.
Tomato Tomahto
I can easily say people had a choice to not have auto-updates on. It's just as much "missing a checkbox" when Chrome got installed. I had choices in both cases, I "missed an option" in both cases. I could have prevented it in both cases if I paid more attention or changed a setting.
This is splitting hairs. HP did not hack into computers and install things without permission. It was a freaking Windows update.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
@tim_g said in HP Possible pulling a Lenovo with Stealthy spyware?:
No choice was given in the first place.
Tomato Tomahto
I can easily say people had a choice to not have auto-updates on. It's just as much "missing a checkbox" when Chrome got installed. I had choices in both cases, I "missed an option" in both cases. I could have prevented it in both cases if I paid more attention or changed a setting.
This is splitting hairs. HP did not hack into computers and install things without permission. It was a freaking Windows update.
No. It is very far from the same thing.
HP did exactly what Scott mentioned here:
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
This is wrong. We know three key things...
It was installed without permission.
It was run without permission.
It is stealing data without permission.Those are the things we know. I've seen nothing that gives any reason to question any of those. And we know this not only from the news, but first hand accounts, even here in ML.
Everything else you are comparing it against is the opposite.
-
See more updates on this:
https://www.laptopmag.com/articles/hp-touchpoint-analytics-controversySee also HP on this:
https://community.spiceworks.com/topic/post/7408989