This is so much worse that the title makes it out to be:
1. Your OS installs malware (technically manufacturers software) from a 3rd party vendor in background, zero user interaction
2. Happens as soon as you or anyone with physical access plug in a device into the HDMI port
3. That malware has internet and full system access, no sandboxing
4. It starts with every system boot
5. This software gets installed when you plug in a new LG monitor
6. OR ALREADY HAD AN OLDER LG MONITOR PLUGGED IN, BECAUSE LG APPARENTLY ROLLED THIS OUT FOR MANY OLDER MODELS TOO!!
7. And yes, if you think that's horrendous, as mentioned in the video below, that also applies to 'Professional' LG monitors!
This situation has.. no precedent as far as I can tell..GamersNexus has a video diving deeper into what LG did here - https://www.youtube.com/watch?v=Q9uefFYe6bM
>This situation has.. no precedent as far as I can tell..
Printer, mouse, tablet and display tablet makers use this to insert their crapware since at least Windows Vista or Windows 7, I think. The last one I remember is plugging a Razer mouse just to watch it instantly pulling 1.5GB of bloated junk with "telemetry" exfiltrating the data from my gaming PC in realtime. At least it doesn't leave my mouse in a non-working state when I disconnect the internet, like it used to. Thanks, Razer!
Microsoft is to blame here, really. They have a mechanism to block any vendor (supposedly to avoid reputational risks to their brand due to buggy drivers, at least that was their excuse back in the day), but aren't even using it to block these contraptions. Entire businesses are built on this, e.g. Razer is probably more of a marketing/data company now rather than a hardware shop.
Back in my Window days. I would start the driver installation and let it sit. Open the temp folder and copy content the install extracted to a new directory. Cancel the installation. Open Device Manager and install the drivers from there so non of the excessive bloat was installed.
This worked greater with being an IT consultant. The client's machine to run smoother and drivers installed fast since they would buy multiples of the same equipment at once.
Now I only use Linux on personal equipment. You have to pay me to use Microsoft products. Microsoft has become shit-ware.
To be fair Microsoft was always shitware. I don’t remember a time when using a Windows machine just worked, didn’t take up gigabytes of space, didn’t crash, and didn’t get messed up by simply using it requiring a yearly or semi-yearly reinstall.
I remember when Windows didn't take gigabytes of space because there wasn't gigabytes of space, and it was still shitware.
Windows in the 95-XP era wasn't exactly high-quality software, but it was genuine technical innovation, doing what you otherwise couldn't do.
Windows 7 was also incredibly good.
And yeah, there was some pretty neat stuff. Of Linux, macOS and Windows, Windows was the first to get GPU crash recovery, just chugging onward after a stall instead of bringing the entire system down.
The biggest sign for me that Microsoft just doesn't care about Windows (aside from the ads stuffed everywhere after a fresh install) is they stopped caring about its bones. Where is Windows' equivalent of APFS / BTRFS (or even EXT4)..? NTFS is more than 20 years old by now.
> Where is Windows' equivalent of APFS / BTRFS (or even EXT4)..? NTFS is more than 20 years old by now.
There's ReFS, but a lot of NTFS features are basically baked into the filesystem API, so replacing it is hard.
That being said, NTFS works extremely well and reliable. I don't really see a compelling need to replace it (which is always a messy transition unless you're completely backwards-compatible -- but in that case, NTFS has evolved a lot already).
Nothing since then. Thats a long 30 years.
Windows 3.1? It was only 6 3.5” disks.
To be fair, I had stretches of 2K, XP, 7 and 10 working acceptably.
These eras of Windows had their own dark patterns that were incredibly anti-consumer. No one's lives were improved because they installed the Ask Jeeves toolbar, but people were asked to install it millions and millions of times.
Microsoft BASIC was a pretty decent interpreter, I wouldn't call it "shitware", so there you go?
I don't remember DOS 6.22 blue screening on me. Maybe it wasn't so bad.
I would have preferred a Forth on my C64 seriously. But no, we were stuck with this "38911 bytes free" crap.
7zip will do the trick for a lot of self extractors.
When .INF was all you needed (and some .cat / sys)! More recently, I found out that approach can sometimes lead to missing features when using the hardware. Even though the driver is installed correctly. I was probably missing something but didn't dig deeper into it.
These days, even a window gets updates.
https://www.netjeff.com/humor/item.cgi?file=lastwin.95
> but aren't even using it to block these contraptions
Even worse, this one is installed via Windows update. I have an LG monitor and noticed the stupid LG app all of the sudden, uninstalled it, and saw it pop up again as an update in Windows update.
Microsoft is actively enabling this behavior.
I don't understand how this is legal. Isn't this malware? Isn't it illegal to install malware on someone's computer without their permission? Or is this very illegal, but nobody cares about that anymore?
"Isn't it illegal to install malware on someone's computer without their permission?"
Yeah but you almost certainly granted permission to allow updates from our "Partners" when you installed windows. How did you miss clause III of romanette 2 in the 6th paragraph right in front of your face on page 26 of the ToS?
you'd need to legally prove it's malware and they would definitely claim it's useful software tools that come with the hardware or something
I guess it’s becoming harder for MS to define malware in a way that would catch this behavior but does not flag their own products as well.
Microsoft could easily make a rulebook for drivers, and say any company which violates the rulebook can only send open source drivers, or even ban them from driver distribution entirely which would quickly kill a consumer hardware brand.
Microsoft does not care about the quality of Windows. Half the malware comes from them. Windows is just a platform they can sell online services and AI products through.
My Logitech mouse does this but it prompts to install their crapware and adds that to the startup programs, it's not automatically installed.
The last one I remember is plugging a Razer mouse
Oh, yeah. Bought this overpriced but heavily hyped Razer mouse and it wouldn't even work right until it had an internet connection. A MOUSE. I'd never encountered something so blatantly customer hostile in my life. Never even looked at another Razer product, never will, and will tell anyone who will listen that Razer is a terrible company full of objectively terrible people.
Razer was always low quality garbage at premium prices. Gamer marketing for you.
What do you recommend instead? In my opinion the Razer mice are always superior for FPS.
I used to pulverize my friends with a Logitech G700 in Quake3/OpenArena. I'm sure it has a newer version.
Razer was never "definitively better". It's merely competitive with other top ones, that's all. Before G700, Logitech even had a mouse with two sensors and was the undisputed king for FPS quite some time.
Mousereview reddit always recommends looking at Chinese gaming mice, they have reasonable prices, often clone popular mouse shapes from large brands (see [1]) and have the latest sensors.
[1] EloShapes find similar: https://www.eloshapes.com/mouse/find-similar
Logitech all the way.
Logitech is a truly innovative company. They actually care deeply about ergonomics. They also introduced the first mass market application of programmable magnets (in the MX Master mouse scroll wheel) - that's incredibly advanced materials science.
I’m no longer sure about their quality though. Out of four Logitech mice I bought recently (four different models), two died within a year. At least their warranty repair/replace process was decent.
I had several Marathon mice which broke their 3-year battery life promises, by lasting way longer. I had to retire them since their plastics degraded in some cases after 6-7 years (I had several at one point due to having multiple PCs being used every day for long stretches).
Currently I use their MX Keys Minis, MX Anywhere mice and trackballs. All are rock solid. Bolt receiver works great with Linux via Solaar allowing full suite of features.
Oh, Firmware Update Daemon supports Logitech hardware, too. If Logitech sends in new firmware, it pops up instantly to upgrade.
In my family we use the Glorious Model O. My son wanted one ages ago (I got him a mini), and it was so nice, I got one for myself. Now my oldest has a big one, and my youngest uses the mini.
We've had them for years. The mini has lost the button that lets you select speed, but other than that they're still great. For better than the various Logitechs I had before.
The only real downside is the bright flashing led patterns. I've gotten used to them.
Their buttons fail way too easily, but can usually be fixed with some WD-40, CRC 5-56, or any similar thin oil.
The switches on my $80 MX Anywhere 3 failed in under 2 years.
What do you do to your mouses to make them fail so quickly? Are you throwing them randomly accross the room?
Some Logitech mouse switches have been known to fail in normal use.
At least one person has put together a good overview of what they think is happening: https://www.youtube.com/watch?v=v5BhECVlKJA (details in video description)
They just fail. Particularly the office mice don't last very long for gaming (orders of magnitude more travel and clicks)
Use cats. For all great Logi ergonomics, they fall prey to cat hair; and pads cover the screws, so they can't be reassembled pristine after cleaning. Still, M500s is the best.
They also managed to develop a steaming pile of shit called Logi Options+ which you need to set up your mouse (I only used the mac version to be fair)
I can happily share that there is an open-source alternative, https://github.com/TomBadash/Mouser
You don't need it. The mouse functions perfectly fine without it. And you can even switch DPI when the mouse has a button to do that.
The software allows for fine-tuned settings, button remapping, etc. It is awful software, to be sure, but it's not necessary to use the mouse.
I'd say any cheap mouse off Amazon that has a pleasing shape is usually good enough, but I've also never ranked above gold in any competitive PvP shooter, so there's that :')
I'm currently using a wireless ProtoArc mouse. Good shape, can adjust DPI on the fly, hasn't broken even after a year. I think it was like 30 bucks maybe?
80% of a mouse decision should be which form fits best for your hand. Unfortunately for me that's razor mice. (Well, the Viper v2, I dont love the v3 I have now.)
Some Razer mice were somewhat good in the times when the sensor mattered, with the rest of them being absolute garbage (starting with the Copperhead which barely worked). Today there's a ton of niche manufacturers with great internals that will exceed any requirements you might possibly have.
If you're really interested in FPS performance and not just the brand, choose for the ergonomics first, it's not possible to recommend anything without knowing your play style, hand size etc. The shape and weight you like, and complementary feet and mat with the exact static/dynamic friction you need. Then check if the internals are good enough (they likely are) and whether there are any firmware issues like extra jitter on flicks or unavoidable debounce lag, then look at the required software. There's a ton of mice with excellent performance that are configurable without ANY software.
> choose for the ergonomics first
This is unfortunately why I keep buying the Razer Deathadder Pro. It fits my hand perfectly and is super accurate. I hate their software, and the company, but the performance and ergonomics of the mouse are worth it to me.
DA has probably the most widely cloned shape in the market and has many identical or compatible alternatives and clones, check e.g. MCHOSE A7 Ultra RE or Pulsar Xlite v4 Large (never had either so can't vouch for their software)
https://www.eloshapes.com/mouse/compare?p=razer-deathadder-v...
https://www.rtings.com/mouse/tools/3d-model-shape-compare/3d...
If you can find an original Glorious [0] Model O, that's a nice piece of hardware. The new Model O looks like it only works with their new, totally garbage Glorious CORE v2 software.
If you never want to change the DPIs, lighting, or button assignments, & etc then you don't need the software... so if what the hardware does out of the box is fine for you, then you don't need to worry about how trash CORE v2 is.
CORE v1 is okay, but still notably worse than the Model O software. I don't know why they farmed out the development of CORE v2 to "the CEO's middle-school nephew who's 'good with computers'", but they did.
[0] ...they were originally called "Glorious PC Gaming Race" (in homage to the Reddit meme), but dropped that last bit from their company name a while back...
Model I with four thumb buttons is irreplaceable for me
I also have a Model I and am unhappy with the fact that -when last I checked- you can't configure the three or four extra buttons so they're actually buttons. Your only option is for them to generate keypresses, or do mouse-management functions -such as "cycle DPI"-.
This is... frustrating. Multi-button HID devices are -arguably- easier to do than something that pretends to be both a mouse and a keyboard. I get that some games may not understand how to deal with mice that have more than four or five mouse buttons, it'd be quite nice if I had the option to set things up so that I can use them as buttons in games that know how to handle them.
Depends on which one and when it was sold. Some razers have pretty outdated sensors, plenty of better, lighter and cheaper options available.
Logitech have always made great gaming mice in my experience, at a reasonable price
Most logitech mice have rubberized outsides which turn to goo after about a year.
I know hardly anything about FPS but the reason I like Razer mice is the hardware macros. Configuration profiles are saved to the device and macros are performed at the hardware level. Some actions work with the razer software but most of them don't have to.
You literally need two or three mouse buttons for a FPS game. This argument might have worked if you said MMO because there’s a million abilities you can use but there’s absolutely nothing special about Razer mice when it comes to FPS specifically.
Gamer marketing for you.
Which I fell for. Fool me once and all that...
This. Microsoft has chosen to allow this functionality, despite it being a very clear breach of trust with customers.
LG/Dell/et al should be shamed and blamed for even trying this shit in the first place, but it’s Microsoft who holds the blame for allowing such malware and spyware trash through their own update service.
You’re acting like Microsoft aren’t pushing malware themselves.
That's just a parallel fact, no one's "acting" like anything?
What were you actually trying to say?
I am saying that people here seem to be appealing to Microsoft as an authority that should be interested in stopping this, perhaps because they are morally superior or concerned about their reputation. They are not.
No, Microsoft should be stopping this because Microsoft is doing it, and it is wrong. HDMI does not, to my knowledge, provide a mechanism for loading code: it's Microsoft software looking the product model up in a Microsoft database, downloading the appropriate malware, and executing it with elevated privileges (bypassing UAC).
How in the world does that absolve Dell/etc, OR reduce Microsoft’s culpability for letting their update service be abused?
Microsoft could end up being a higher barrier but how much do we really want that?
To me, it seems like LG is the one to blame.
> Microsoft could end up being a higher barrier but how much do we really want that?
For drivers installed automatically via Windows Update? Absolutely yes.
For software the user installs manually? No.
Microsoft has been coddling big devs (read: the devs that code this absolute garbage) for decades. They have this mentality "if we change anything, and anything breaks for current users, they're going to blame us instead of the vendor" and that might have been useful in the 95 days, but it's outmoded. They need to have the balls to break every vendor in 2026 if they're doing things they shouldn't.
I don't trust Microsoft not to be a modern capitalist, but I trust the companies they enable even less.
> This situation has.. no precedent as far as I can tell..
Microsoft has been allowing this sort of ludicrous behavior for decades at this point, it's not a new issue. What's new is how visible LG made their malware, compared to previous auto-installs that happen like this, where they try to make the thing not so in your face, as they know there will be a huge backlash.
I don't know what Microsoft is thinking even allowing and enabling this sort of thing, they've lost all touch when it comes to building things for users.
Maybe some decision makers do indeed have negative aspirations…
If you have been reading the news about Windows 11 then I will enlighten you -- they view the Windows 11 consumer business as a cost center that must be mitigated.
As such, all manner of monetization has been approved and it will continued to be approved without regard for user experience.
This article obviates that this is not an LG problem, it is a Microsoft problem.
Also, don't fool yourself if you think this won't come to the Linux world.
Just look at Microsoft’s revenue breakdown that they publish. Windows revenue is alarmingly small.
I don’t think it’s a loss leader but Microsoft gets almost nothing from OEM Windows licenses and basically nobody buys it retail.
This is not coming to the Linux world. The moment this sort of thing happens, distros get forked.
Aren’t ms completely dependent on consumer windows for mindshare?
I doubt anyone would bother getting into programming with ms tech unless they just happened to run it on their desktop.
I don't think they are anymore. The vast majority of ordinary person computer/internet use has already moved to smartphones, tablets, smart TVs and other such devices. It seems nowadays many people don't even know the basics about how to use a desktop operating system.
I find this hard to believe considering how bad the UIs are on phones and TVs. Even google.com does not offer feature parity between their desktop and mobile websites.
My phone still didn't come with a functional paint or notepad apps. Google docs is a horrible experience on phones (but at least it works now - a few years ago it was straight up unusable).
And you're telling me that this is the only computing platform for a lot of people? How is everything still so unusable about it then?
My experience tells me that everything mobile is basically an afterthought outside of a few dozen websites and I guess phone games.
All that stuff actually works decently well on mobile... as long as one is willing to accept certain compromises.
Note-taking works fine, in Google Keep, Apple Notes, or some other cloud equivalent. Yup, your data is in the cloud and owned by one of those tech megacorps, but most people just don't care.
Basic photo editing works okay too, in Google Photos, Apple Photos, etc. Ditto the cloud stuff.
What really makes most desktop users outliers is caring about, or even being aware at all of the concept of, actually owning your own data versus trusting cloud providers for everything.
> My phone still didn't come with a functional paint or notepad apps [...] And you're telling me that this is the only computing platform for a lot of people? How is everything still so unusable about it then?
Not to sound harsh, but you come at this with an somewhat old perspective, the same one I grew up with too and probably also retain too much of.
People don't open their phones looking for something like paint or notepad apps, they want a messenger/social network to connect with their family/friends which is most likely why they got the phone in the first place, and if they're "advanced", they'll even edit their own photos and images but via a whole host of various phone image editors. Sometimes the social network offers those things too, sometimes as separate apps, people use that sort of stuff instead of looking for "paint.exe" or tools to crop/edit images in a more, I guess "crude" way that you and I might be used to and favor still today.
My kid was in a ECE program at a top 25 university. About a third of their first year classmates did not know how to navigate a desktop file system. And these are the kids interested in tech. It’s far, far worse for the ones with no interest in tech. Tablets in school have left a generation of kids behind where the previous generation was.
That fact that you're posting on a web forum makes you an outlier. Most people only passively consume, and mobile devices are good enough for that.
My phone still doesn't have a calculator app. The thought of trying to add one that isnt wolfram alpha is anxiety-producing.
Calculator Note apps are much better anyway
Right. Laptops are basically work (or school) tools now for a lot of people. They might have one tucked away that they pull out now and then when they need it, similar to a power drill or a sewing machine. It’s not a daily use device.
I think it helped Microsoft historically that people used their operating systems at home, although even then a lot of people would have learned Windows at work or school first.
Microsoft will happily sell you someone else’s tech stack on Azure.
My macOS-using employer gives much more money to Microsoft than Apple.
Cloud SaaS things they’re using: Entra ID, Power BI, Sharepoint, corporate email (365), OneDrive.
Microsoft applications installed by my employer on my PC: Teams, Office including Outlook, Defender.
Our applications are Java running on Linux and we could migrate 100% of our platform to Azure without any issue if we had a reason to do that.
MS owns Typescript and NPM and Azure and LinkedIn. I know you meant programming on Windows, but even if Windows disappears, many of us will owe our job to Microsoft.
Dont forget they own github too. The vast majority of open source software is on there these days.
Yes there are other options: gitlab.com, some project specific gitlab instances (freedesktop for example), forejo / codeberg, and the Linux kernel is off doing it's own thing with mailing lists instead. I even come across code on SourceForge every now and then still. But all of these are super niche.
They own Typescript? I wasn’t aware that they control the organization, but that ought to be easy enough to fork. NPM is a bigger one, but also not too huge. Azure is only used by people who already have Microsoft/Windows buy-in.
They created TypeScript, and maintain it now. It's not exactly a business for them, no one is buying "TypeScript Enterprise" subscriptions. It's all under the Apache License 2.0 and certainly big enough that if they started pulling anything untoward, it would see a fork. Sometimes Microsoft produces an unalloyed good, they're not a monolith.
> They own Typescript? I wasn’t aware that they control the organization,
I genuinely don't know, got curious and went to typescriptlang.org to find some "About" page or "Governance" or something else, but couldn't find anything at all about it. It was exclusively developed by Microsoft for two years, and with no other clear governance/decision structure today as far as I can see, doesn't that exactly mean that Microsoft controls the entire "organization"? It's not clear what "organization" you're referring to either, the GitHub organization? I'd assume that's also 100% Microsoft controlled.
And VS Code, and Github...
Soooo... Not anything we couldn't miss.
>This is not coming to the Linux world. The moment this sort of thing happens, distros get forked.
I installed Debian 13 recently. The first time I opened Firefox ESR (installed by default), I got something that looked like adverts on the home page (banner blindness means I have no memory of what they actually were, only of the feeling of disgust). The Home section of the Settings page had options for "Sponsored shortcuts" and "Sponsored stories" enabled by default. Changing a default setting is a lot easier than forking software, yet it was not done.
thats entirely on Firefox
As long as you have a computer that can run unsigned software, or software signed by yourself, this won't come to Linux as non-optional features: you can always recompile your kernel removing things you do not want like this.
And before anyone goes "but I can't patch that!", all it takes is one clever guy to write the patch.
This is also why the bazaar model of Linux distributions is beneficial. You get more choice.
Ubuntu snap
Just use Debian. It's just as easy to install and use nowadays, and does not come with bloatware/malware.
Neither does Ubuntu.
snaps auto-update
Yes, and?
and "minimal" ubuntu install is like 12GB
It hasn’t come for the much larger Mac world yet.
I think literally the only driver I’ve installed for any accessory of any kind is the config utility for a Stream Deck. I certainly never install mouse (thank you Steermouse!) or printer drivers, let alone a monitor driver of all things.
> don't fool yourself if you think this won't come to the Linux world.
I'm curious what you mean by this. I'm not necessarily rejecting the point, but I also don't see how this could happen without substantial shifts in the industry first.
Yeah, curious here too. Torvalds would need to pass first I think, and I just don't see other major players like RedHat, Google, Canonical, or Valve introducing this themselves or agreeing to do it in aggregate. And as end users we could still fork and patch it out. Some shitty company might try but I don't think it would stand.
Lots of bad ideas have come to Linux, like non-consensual telemetry, mobile-first interfaces etc. Don’t believe? Run OpenSnitch.
Traditional CADT means features get lost over time.
It is not immune from these forces, just not a focus by the powers that be. Fewer developers remember the good old days of Y2Kas as well, meaning they don’t resist these forces instinctively, since they grew up in iOS captivity.
Telemetry is anything including a process list. If you're talking about eBPF it's also used for debugging and server fleets and recently in basic task managers. Any data can be used to take a magnifying glass to the system. The kernel has literally thousands of toggles for this from networking to threading. And yes a program can see what your kernel supports and yes it can refuse to run if you're not running a specific kernel with a specific feature. How do you think programs like open snitch even work?
https://github.com/evilsocket/opensnitch/wiki/monitor-method...
>I don't know what Microsoft is thinking even allowing and enabling this sort of thing
This has been a feature since Windows 7, and it worked great since it would pull all necessary drivers after installation without you going hunting on the internet like in the Windows XP days.
Just that no HW manufacturer thought to push spyware in their driver repos at that point to improve some team's KPIs.
>and it worked great since it would pull all necessary drivers after installation without you going hunting on the internet like in the Windows XP days.
A driver shouldn't be a front-facing program that shows ads of any kind. It should be sandboxed and follow strict APIs to talk to the OS and that's it - any extra options should be shown inline in the main e.g. printer or mouse dialog.
And then what, ever single gaming mouse/keyboard config is going to appear in the Windows UI dialog? I think extra options in an app is fine, but you should have to download it. At which point who knows what you’ve opened yourself to but at least you chose to do it.
> And then what, ever single gaming mouse/keyboard config is going to appear in the Windows UI dialog?
Actually, why not? The driver could declare a list/tree of extra configurable options, and windows could generate a configuration dialog for them. I think this is already is thing in Windows for NICs, I remember seeing TCP offload options when I go into properties for a NIC in the device manager.
You just need to make it a bit more accessible to non-tech users and with more modern control options such as colour wheels for RGB.
And the Linux software for these sort of devices (when such software exist) don't tend to be as bloated. Usually the driver just exposes some control files under /sys and someone else builds a GUI or such on top. But there is no reason you couldn't also expose a schema that describes what the options do to make a more generic GUI for those.
As a user I agree, but I think this misunderstands the Windows market. Forget about mice for a second, if you look at GPU drivers between Linux and Windows on Linux they... just work, and you can use some apps to modify exposed features, like you said.
On Windows out of the box they kind of work, but you really need a manufacturer's software suite to take full advantage of them, and that software suite is, surprise, an advertising and analytics platform, a situation I think both Microsoft and the peripheral manufacturers are very happy with.
>On Windows out of the box they kind of work, but you really need a manufacturer's software suite to take full advantage of them, and that software suite is, surprise, an advertising and analytics platform, a situation I think both Microsoft and the peripheral manufacturers are very happy with.
What we're saying is this shouldn't be allowed by the OS to begin with. Not to merely use the peripheral in any case.
Whether Microsoft is happy with allowing it, is another matter.
Perhaps some law accompanied with hefty fines can make them less happy doing it.
Configurable peripherals should store their configurations entirely on-board, and they should be configurable using a well-understood protocol. Users can then use either the vendor's application, a common third-party application, or the configuration interface native to their desktop environment to configure them. When they plug them into a new machine, they should just keep working without having to install any configuration software.
Many generations of Roccat peripherals were usable this way on Linux, thanks to the work of one generous volunteer who reverse-engineered them.
Companies like Logitech don't store their devices' configs in firmware in a way that "forces" you to run some additional shit to use all of their features (some features aren't implemented in software). It's a convenient excuse that allows them to push their spyware onto users, but it's totally unnecessary.
A vendor that was actually "user friendly" in the deep sense (opposite of "user hostile") would do this themselves; configuration would be upstream-first via libratbagd or whatever, and then they'd provide their own configuration interface as a value-add for a uniform cross-platform experience, or in areas where they thought they could provide a better UI than the design principles of KDE and GNOME, or so that they could have a uniform interface to refer to in their documentation.
>And then what, ever single gaming mouse/keyboard config is going to appear in the Windows UI dialog?
Yes. Via some standard protocol to show checkboxes, radio buttons, drop down selections, etc.
Drivers should just make my stuff work. If I want to configure my hardware, I download the app from the manufacturer's website.
Yes! Extra apps suck.
Linux users think of a driver as the thing that makes my silently hardware do the existing things its supposed to do like every other item in its class.
Windows users think of the driver as what makes the hardware do what everything in its class does but subtly different and somehow glued to a command center with its own unique and bad GUI auto started, in the tray, with its own update schedule, and ads.
How exactly do you propose to sandbox drivers running in kernel space? Do you even know how drivers work? (I'm guessing no, based on this comment)
There are people working on this problem honestly. The general solution 10 years ago was a micro kernel. Today, I’m not sure. The linux model is starting to look dated, with similar problems elsewhere. Modern hardware design looks less and less like classic textbook design, with all kinds of random chips having direct memory access to memory the cpu uses on some shared bus. Where even things like on board blue tooth chips can become attack vectors on the system.
There was a good keynote on the topic 5 years ago By Timothy Roscoe
https://www.usenix.org/conference/osdi21/presentation/fri-ke...
Agree with all of those points and there are some partial solutions (IOMMU, userspace drivers, virtualization,...), but we're still quite far from being able to safely connect untrusted hardware and load its driver without effectively giving it privileged access.
The User-Mode Driver Framework is a thing. Most plug-in devices do not need (or have) a kernel-mode driver.
Yes, but unless all 3rd party drivers can run in userspace (which is not really feasible), Microsoft needs to give vendors the option to install a kernel driver, at which point a vendor can always decide to ship a kernel driver and bypass any restrictions.
Imo, the only thing Microsoft can meaningfully do here from their side is threaten LG with pulling all their drivers if they keep doing this.
Drivers still need to pass certification & get signed. Microsoft does get to reject them.
I can't imagine the group doing this validation is sufficiently manned/funded; it's a cost centre, and the effects of cutting it don't show up for years.
I expect that process to be mostly automated, I wouldn't expect the MS folks at the testing lab to do much (if any) manual testing, especially for a new version of a previously approved driver.
I'm not surprised that the driver got approved, especially if the previous versions already had some user UI and this update "just" added the ads. What I would hope now is for MS to either pull the updated driver or ask LG to roll the change back themselves, possibly under the thread of pulling their drivers altogether (iirc they done that with other companies in the past).
Microsoft has a program to do static and dynamic analysis of drivers... not a sandbox, but better than nothing. Of course, wonky drivers plus wonky hardware can still do bad things (io-mmu can help, a bit).
The problems tend to be in the userspace software that's also installed with the driver. Sometimes there's also some pretty derpy stuff where the driver wants to talk to the userspace software but there's no validation/verification and that opens up a big hole.
First of all, drivers don't have to run in kernel space. Do you know that? I'm guessing no, based on your comment.
Second, we're not talking about the drivers per se, as those aren't what shows you ads, it's the configuration software and accompanying crapware. Did you get that? I'm guessing no, based on your comment.
Third, there are capability-based kernels, microkernels, drivers that are allowed into as restricted bytecode, IOMMU, and several other layers of security. Do you know that? I'm guessing no, based on your comment.
To answer in a more constructive way:
No mainstream desktop OS tries very hard to sandbox drivers. Some drivers on both Windows and Linux (not very familiar with Mac) can be implemented as userspace drivers, as long as the performance hit is acceptable, but for many devices (e.g., graphics drivers), you need a kernel driver to get reasonable performance.
Therefore, if your OS supports loading 3rd party binary drivers (Windows do, Linux technically does as well, but tries to make them hard to use in practice), it cannot really refuse to load kernel drivers and only allow userspace ones without breaking a lot of machines.
Even if you have a userspace driver, the device may still get DMA access to RAM. IOMMU is a thing, but due to backwards compatibility, the driver chooses whether to enable IOMMU protection for the specific device on Windows.
If you're willing to write your own microkernel and bootstrap its driver ecosystem from scratch, your claims would be reasonable. With current desktop OS architecture, not really.
As for the accompanying software, there is a good explanation in another comment of all the valid use cases it has (printer dialogs, audio interface configuration,...). LG abusing that to show ads is primarily LG's problem.
You don't have to counterbalance every useful sentence with a toxic message.
You do, when you're responding to "Do you even know how drivers work? (I'm guessing no, based on this comment)". I'm merely giving them back their toxic comment right back.
I'm not sure how I missed they did it first, but doing it more isn't really helping. Oh well, I shouldn't have said anything, it's not great but it's not worth fussing about.
Though there is a limit to how much you can effectively sandbox a driver for most devices. They do have a point even if they made it badly. I know you listed some methods but they don't generalize to arbitrary devices very well.
You're right regarding the tone, it just rubbed me off the wrong way. Especially since I (originally) made a neutral comment and didn't insult anybody.
>Though there is a limit to how much you can effectively sandbox a driver for most devices. They do have a point even if they made it badly. I know you listed some methods but they don't generalize to arbitrary devices very well.
Likely not, but the rarer cases could always be exceptions.
Most devices, screens, printers, mice, audiocards, etc should not have to go through this, at least not for basic functioning.
Which is why I like e.g. "class compliant" devices for example, whereas the configurations can be managed directly from the OS with no third party driver loaded. Some of those do come with the custom proprietary driver, but for most I don't even bother installing it.
Read sibling comments to get answers to all your (non)questions.
Strange how you didn't read them then, based on your rude and false response to my comment.
> Just that no HW manufacturer thought to push spyware in their driver repos at that point to improve some team's KPIs.
Except for every printer, some popular GPUs, Microsoft's peripherals...
Auto-run when inserting a CD worked great, until people realized you could do bad stuff with it. User action must be required to run or install new software.
OK so you get a pop-up that says "install driver or it won't work" and so you do and then you're at the same situation.
Or you don’t and you return this piece of garbage for a refund. I hope you can see how this is much superior to auto-installing malware.
A few years ago, plugging in a Razer USB mouse made Windows download and run a installer from which the current user could start PowerShell with administrator privileges. Razer first tried to downplay the issue, but fixed it later. [1]
The USB protocol does not have any authentication, just a VendorID/ProductID pair: 2×16 bits that Windows uses for looking up the driver package to install. Programming a MCU to use any VendorID/ProductID is straightforward. A USB device could even appear innocuous at first but after a timer or external trigger disconnect and reconnect masquerading as another device.
1. https://arstechnica.com/information-technology/2021/08/need-...
not a usb programmer, but are you saying i can buy any old usb chip and program it with any vendors ID and spoof windows into giving me admin? if so, gj micrcosoft.
You could use any programmable microcontroller with a USB interface. Consumer products tend to have fuses set to they can't be programmed again.
The latest driver registered with Microsoft for the product you're going to spoof would need to have a vulnerability to exploit. You can't supply any driver.
ok thanks, so its not as bad as i thought.
You can pretend to be any vid:pid with usb gadget mode. For example with a raspberry pi zero something.
But you can't pretend to be any vendors id, only the ones with vulnerabilities. And the drivers or spyware will be downloaded by windows from the vendor's site, not from your peripheral.
But yes, usb device identifier is done through software/firmware.
Oh, it's worse than that.
A USB attack-widget isn't limited to just one VID:PID pair. It can present itself as as hub with as many VID:PIDs behind it as is useful. (This isn't new or exotic functionality; the very first USB thumb drive I ever owned did this as a built-in, maybe 20 years ago.)
So, for instance: A single physical widget can present as a thing that makes Windows install vulnerable software, and as a keyboard that issues commands hook that vulnerability, and as a storage device that provides a payload, while also [or ultimately] appearing as the fully-functional device that the user actually intended to use.
Game over.
The end-user might see a brief flurry of stuff happening while this goes on, but that's no big deal: End-users are already accustomed to seeing that kind of thing when new hardware is introduced, and clicking whatever button it is that they're required to click in order to proceed.
You can also spoof a keyboard and simulate keystrokes to open terminals and run arbitrary commands. I don't know about Windows, but on Linux it's possible to block USB connections by default and filter them in userspace:
https://usbguard.github.io/
This allows enforcing rules like "never add an additional keyboard". But the USB protocol has no support for strong device authentication, so there's no way to prevent a device from acting like a malicious version of something in the device class you expected it to be without abandoning "plug and play" altogether (a reasonable solution in secure environments where unused ports are often physically blocked).
You can also spoof a keyboard and simulate keystrokes to open terminals and run arbitrary commands
This is what any decent barcode reader does, by the way; and before USB, they would be inline taps that pass through a regular PS/2 keyboard.
I've heard so before: that USB is a massive security hole. At least in Windows; I don't know if other OSs are also vulnerable.
Better to just never stick strange USB sticks in your computer.
You can "spoof" any system where you can load older drivers into giving you admin/root, you just need to find a vulnerable driver. Nothing Windows-specific in that.
Also, disabling drivers from windows update is enforceable with group policy (iirc).
The BSDs have config, Linux can run without module support.
> This situation has.. no precedent as far as I can tell..
- https://support.microsoft.com/en-us/windows/hardware/drivers...: “Windows can automatically download recommended drivers for the hardware and devices connected to a system by using Windows Update“
- eight years ago: https://www.reddit.com/r/Windows10/comments/8tlre3/why_is_it...: “I can't seem to stop it from installing device drivers, even after unchecking the 'Do you want to automatically download manufacturers' apps and custom icons available for your devices?' and saving.
I uncheck it, reboot. Uninstall all drivers except USB (so I can use mouse and keyboard) and reboot. Aproximately two minutes after the reboot, I get notification ballons telling me everything is installed again. Heck, even the super old Nvidia 388.1 driver is installed (the latest now is 393.2).”
I can only conclude that Windows is basically malware now... Thank $deity I haven't used any form of Windows for 10+ years anymore.
“Now”?
This is nothing new. For about 30 years now Microsoft has been constantly repeating various flavors of this “make it so a thing can automatically and silently run programs as soon as it touches your computer” thing. It’s always done in the name of user convenience. It always ends up being a fiasco. I don’t know why they keep doing it, it’s not like the exact same PHB keeps making the same decision over and over for 30 years. It’s probably one or a combination of the many well documented flavors of stupid that are deeply baked into the company’s organizational culture.
(And before the inevitable response, no this is not defending Microsoft. Pointing out that an organization’s culture is too deeply, chronically stupid to avoid opening the exact same obvious and gaping security hole over and over and over and over again is not the same as saying, “it’s fine, actually.”)
> It’s probably one or a combination of the many well documented flavors of stupid that are deeply baked into the company’s organizational culture.
It all comes from the increasingly widely held idea that the user should not be the ultimate authority over what should run on his computer. The OS vendor should have a say. Third party developers should have a say. Device manufacturers should have a say. Anyone except the user, who is just a passenger on his own system. And this mentality is not limited to Microsoft.
> I can only conclude that Windows is basically malware now...
Windows has worked like spyware since what, the late Windows 7 days or thereabout?
End users should not regard this as inevitable. Or get caught up in the how-it-works-how-to-disable swamp. Instead, cut through to the essence. It's about respect:
# Microsoft does not respect Windows users (or users of any of their offerings?).
# LG does not respect people who buy their monitors (and perhaps other products?).
Knowing that, why would you use such a sleazy company's product for daily driving? Or give them your money? Would you buy bread from a baker who pisses on your lawn every time you're not looking?
User rights or consumer protection laws aren't even part of this equation. Although they do help (sometimes a lot!) to keep companies honest.
> why would you use such a sleazy company's product for daily driving
Because alternatives are much worse or not available for scenarios people need.
There, I've said the obvious.
That may sound obvious to you, but it's not for many, and this opinion of yours is shared by fewer and fewer people.
Some things not having viable alternatives on MacOS/Linux/BSD/whatever-else is not an opinion of mine. It's just life.
I didn't mean that you were nonfactual, only that you overgeneralise.
It should be a choice. They were or nearly were convicted for being a monopoly. For most users, they're not even aware there's a hardware/software distiction.
MS-Windows GUI has cashed on this unawareness since 95. "My Computer", "The computer needs to restart"... Being deliberately incorrect to add to the existing confusion.
You're missing out on 37 different unrelated things being named copilot.
81, not 37: https://teybannerman.com/strategy/2026/03/31/how-many-micros...
Copilot’s T&Cs clearly explain that it is for entertainment purposes only though.
Does that mean I can complain about anybody that creates an excel spreadsheet at work for violating the T&C?
Like Fox News
How it it a Windows issue that driver developers pack garbage with their drivers? If Linux supported loading 3rd party drivers (it mostly doesn't, and if Windows did that, the whole internet would be up in arms about Microsoft locking down their OS), it would have exactly the same issues.
This is basically the same as downloading a program, running it and when it downloads garbage on your computer, complaining that Windows are dumb for allowing a program to download garbage.
> How it it a Windows issue that driver developers pack garbage with their drivers?
Because windows update automatically installs the garbage when the device is connected.
Microsoft could control the content of the software it automatically installs, but they don't. That's the issue.
This is one of those typical HN replies that adds absolutely nothing to the discussion.
Much like your own, and this one!
I wonder if this ritual of meta-self-policing serves some particular purpose or if it's just a case of the brain drawing comfort from going through a familiar ritual. "This comment adds nothing" is like the reverse amen in church of our days.
Another example of context collapse. Meta-meta commenting always adds something if only unironically.
The purpose was to discourage comments which added nothing I thought.
The GP comment adds social pressure so useless comments are less likely to be made.
It's a discussion, it's not a panel to further scientific inquiry. Sentiments and opinions also further a discussion.
It confirms for me that I too made the right choice and it reminds people that haven't made the jump yet that they have a choice in how their operating system treats them. I'd say it added a lot more than your comment.
> This situation has.. no precedent as far as I can tell..
You got a lot of replies already, but there's so much precedent. Plugging a Logitech mouse installs a network capable, autolaunch capable, pop up app for at least the past 10 years. LG's thing seems grodier, but this has been common Windows-ism for a while.
Plus even when the Logitech mouse has been moved to a different PC, the former PC will continue to get Logitech updates anyway.
Apparently so they will be one step ahead of you in case you decide to plug it in again sometime.
Graphics cards can do this too, you remove the card and go back to the motherboard's built-in HDMI port, then one day here comes a big update for the non-existent graphics adapter.
> This situation has.. no precedent as far as I can tell..
depending on how you look at it it has quite a bit of precedence as this falls under a long list of MS shipping "intended behavior most security researcher would assign a CVE and require it to be fixed as min. requirement for Windows usage in any company"
other wtf. microslop cases include:
- "install arbitrary software w. admin rights hooks" in BIOS which theoretically is there to install BIOS update software but there had been cases of 1. it installing other unwanted software, 2. the updater not fulfilling most minimal security standards (i.e. similar, due to 2. maybe even worse then the monitor case)
- "on boot without password requirement boot arbitrary stuff from a USB stick if correctly named" allowing a trivial bypass of TPM based full disk encryption, yes different thing but another "MS without authentication runs potentially harmful 3rd party software"
- "init scripts on USB devices", I think they stopped doing that
- ...
given that Microsofts security researchers are definitely _not_ incompetent idiots, you can safely assume that all of this features where implemented knowing what user hostile hazards they are and against their own security teams recommendations (or bypassing that team knowing they would say "wtf. no", or similar)
most absurdly MS has in all of this cases enough means to enforce a "just drivers no ad-ware/spy-ware or you get banned" policy, and could do it in a way where they still allow non-allow-listed/ban-listed hooks to be run iff the user consented to it with appropriate warnings and "remember this decision" functionality in case they say no (which besides other aspects might be relevant from a "not steeping onto anti-trust landmines" POV, through mostly older judgements as the US kinda moved from hindering oligopoly to pushing for it).
combine that with the huge f*-up of Azure in the past and their systematic mishandling of it, and no indication they will change this behavior, I really don't understand how any Company/Government agency could trust them
Unprecedented? Have you installed a Dell/Alienware monitor recently? I hope you enjoy having the unsigned awcc.exe autostarting with no visible ui doing good knows what with no documentation from Dell
Yeah, I was looking for this comment. Dell/Alienware have been doing this for YEARS. Part of the many reasons I moved from Window to Linux.
Is Linux certain to be safe from this sort of thing? I used to use lots of Dell monitors.
Are there any brands that are known not to do anything like this? I'd like to reward them with my patronage.
Linux doesn't go install software just because you plug in a certain peripheral, so yeah. Same with Mac. This isn't even an attack, Windows is doing it intentionally.
I would like to know too. I purchased a OLED Alienware monitor back in 2022 when they first came out. Ive had a Linux/Windows dual-boot system but around 2023-24 I erased my Windows partition.
My uneducated guess is that it would be pretty difficult for something like this to autoinstall on linux without your permission. They can "recommend" you to install their app, but just plugging it and getting adware/malware, I hope it would be difficult.
Unlikely for any brand out there not to do this. Samsung will do it eventually if backlash isn't bad with this one with Alienware/Dell/LG. Maybe Benq, viewsonic, monoprice? I dont trust Asus not to do it either.
I have a LG TV and never connect it to Wifi. Never did I think just plugging in a HDMI cable would do this.
Perhaps no precedent in hardware, but it's basically the same as the good old Sony CD autoplay rootkit fiasco. Except this one runs in mere userland AFAICS.
there's tons of frustratingly equally bad precedent.
for some reason it also seems like a lot of this companion software from oems is often written by part time contract / interns.
years ago there was a classic example of iirc a logitech mouse driver that was writing the coordinate position of the mouse at ~100hz to the registry.
microsoft should be applying _at least_ app store level / whql level rigor to these, but it seems if the oem is large enough they'll just gladly yolo a 2gb package of crap onto your machine because the oem said "this our driver package"
I have a windows computer that tries to install HP Printer software automatically because it detects an HP printer on the WiFi. No physical access needed
8. ANd this isn't specific to LG. If LG can do it, anyone can, even if they aren't right now.
Buying from companies you trust isn't a solution either. Founders sometimes get into fatal car accidents or lose some of their assets in messy divorces. THe new owners may not care about "brand reputation" and sell the company to the highest bidder.
LG Electronics display monitor as Trojan Horse
Except this Trojan Horse isn't offered for free
It is the same when you plug in a Logitech mouse nowadays, no? At least they don't install McAfee
I have a logitech mouse and I'm pretty sure I was asked whether to install the logitech app, it didn't do it automatically. Same for the dell mouse I have at work, it asked to install dell somethingorother, which I declined, and it left me alone.
Anecdata from two days ago, after installing a fresh Windows 10: after inserting the dongle, a definitely non-native (styled by Logitech) popup asks me whether I want to install their app. I decline. One reboot later, the app is available in the start menu.
Edit: To be fair, I immediately uninstalled it, so I don't know if this was "just" a link to their installer app or the full app. But something definitely got downloaded and moved to a place I could not have moved it myself without accepting a UAC prompt m
Yeah, the questions showed up in non-native dialogues in both cases. I installed the Logitech one, but not the Dell. But then again, even freaking Office looks non-native on Windows, so I don't really pay attention to this aspect.
> OR ALREADY HAD AN OLDER LG MONITOR PLUGGED IN, BECAUSE LG APPARENTLY ROLLED THIS OUT FOR MANY OLDER MODELS TOO!!
Just think about how many times hardware manufactures told customers to buy new equipment because they can't be bothered to patch the older models.
And people think macOS sandboxing is "hyperbolic"
How can HDMI affect the host computer?
Because Windows is cooperating and installing the malware on behalf of the OEM.
This kind of exploit could not be done on MacOS or Linux.
As if the world needs more reasons to understand that windows is activly making your life worse. Step by step.
>This situation has.. no precedent as far as I can tell..
I want to believe you, but somehow I can't, I feel like our industry has already mastered the art of installing malware on customers' devices.
That's just living in the Windows world.
After start menu ads, I don't understand why people are being surprised anymore.
Thanks - really got my attention. And, the video makes me sick.
I'm still looking at my 10 year-old LG monitor with suspicion, now, but I'm thinking (hoping) it's just too old...
Thank you for the summary. As a Linux user, am I spared because of relative obscurity, or is it that Microsoft is explicitly allowing this to happen?
Linux only auto-loads the drivers in the kernel tree
> This situation has.. no precedent as far as I can tell..
No, this has been going on for years. Vendors have been pushing malicious software through the Windows Update automatic driver installation since forever. MSI and Nahimic/A-Volute (this has watchdog daemon to instantly reinstall it as well as the main app protecting the daemon), the ASUS Armory Crate bullshit, the Lenovo garbage, which initially they only put into their own images, but then started force-installing via Windows Update, Gigabyte, ... the list is really long.
If you have to use Windows, you really absolutely should disable driver installation through Windows Update.
I understand shitty brands want to do this.
The bit I don’t understand is Microsoft making an infrastructure that allows this, lets shine the shame light here.
Have you installed Windows recently? It is full of ads.
If Microsoft can push ads to users, why can't LG?
Logitech have been doing this for years
Have you been using Gentoo or FreeBSD for a long time and then suddenly remembered Windows exists on the same day this news dropped?
In your mind. Average joes do not even know there is a firewall in windows, which is off by default. Actually none of the games, not even chrome respects the built in Windows firewall. If you have configured a firewall, it will make your life much harder, since almost nobody designs software based on the assumption that a firewall will exist. So almost everyone flies without one.
> 1. Your OS installs malware ...
Your OS is malware.
We're talking about Windows here.
> Your OS installs malware
Malware??
this has happened to me with dell monitors since years ago, also with razer peripherals.
I'm tired of everything being classified as "malware". The word has no meaning anymore. Malware can mean "zero-day state-sponsored ransomware attack" or it can mean "software was automatically installed by a trusted consumer-beloved company because they forgot to make an opt-out window" (which is what I'm guessing happened here).
If this were a person doing this, they would be in jail.
Companies consist of people.
USB devices can also do this now. I have a Razor microphone which is otherwise a great device and requires no software to function. At soon as you plug it in to windows it tries to install some Razor crapware.
It's not quite as bad because it's not silent and you can say no, but I'm pretty sure that's only because Razor decided not to be completely evil.
Logitech pulls (pulled?) the same shit when you connect one of their pheriferals to your PC.
But thanks to Secure Boot, your computer is secure. /s
When will people understand that malware is signed by the vendor ?
Buddy let me welcome you to the Internet where your phones and emails are literally listening to your microphone like it’s Watergate.
It’s not unprecedented at all for Microsoft or anyone to download what amounts to spyware.
The days of antivirus were replaced by advertising a long time ago. There is no privacy.
Most savvy types are hyper aware of every process running on their machine especially those using network lol
Kill the process or don’t by an LG. Everyone just uses Dell, or you’re rich and you get a Mac one. I don’t make the rules
Savvy types use Linux
I've gotten to the point that if you're trying to show me something and I see you're using Windows, I just assume you're an unserious person and it's worthless.
All the major tools for advanced work are Linux-based, and there's maybe a Windows version, but it's probably a kludge like Docker Desktop.
> All the major tools for advanced work are Linux-based
No, they aren't. Linux hasn't yet got anything remotely close to PDB symbol servers and WinDbg's record-replay debugging. perf is... an attempt.
Source: worked on Windows and Linux drivers and user-mode applications. Windows tooling blows the competition out of the water in actually advanced developer experience. Vim is cool to the ricing hackerman types but not people who actually earn salaries. Windows doesn't need Docker because it has a stable user-mode ABI.
You could exhaust Windows networking or filesystem features in an afternoon. Linux could give you a career.
I spent 20 years supporting Windows server and server applications like Exchange, SQL Server, IIS, etc, etc, and when I left that industry and got back to Linux, I was absolutely floored about what I had been missing. No wonder Windows had it's lunch eaten in virtually every facet by Linux server applications.
I know you’re joking, but there is a very small sliver of truth in there somewhere. There are some tools on windows that stand shoulder to shoulder with better os’s.
advanced work != advanced tools
You can have basic and not very user friendly tool, and work on very advanced topics, such as new forms of networking, innovative database, cool filesystem or storage devices, etc...
Or you can be an advanced windows developer with very nice tools, and yet work on something utterly mundane, like an internal app which tracks time off in your company, schedules delivery of parts, or provides a (granted, very nice and polished) UI to the backend database server which runs Linux.
In my experience, most of the advanced work is done on Linux nowadays. Just look at HN front page - how many posts are Windows-only and are not "new UI over existing library/service"?
Windows does plenty of 'advanced work'. Almost all video games are written primarily on and for Windows.
> In my experience, most of the advanced work is done on Linux nowadays
That's because your experience probably hasn't ever included work on Windows internals. Take it from someone who has—the complexity and 'advancedness' of the stuff running on Windows is at least equal to that of Linux or any other OS. The fact that Windows can so thoroughly abstract the computer away from the user is in itself a massive feat that few other OSs have really managed.
> Just look at HN front page - how many posts are Windows-only
The overwhelming majority of posts on the HN front page are now LLM slop or web development. I seriously dislike this insinuation that work done on Windows is, as the grandparent claims, 'unserious' or less advanced.
I have no doubt that Windows internals are at least as complex as Linux internals. Actually they are likely much more complex - all that backward compatibility won't shrink the API surface or make it easier to program.
But are they "advanced", in the sense of "to make progress or improve"?
Take filesystems for example... Linux has zfs (this one actually came from Solaris, but the latest versions come from ZfsOnLinux), btrfs, bcachefs was pretty cool if not for all that drama. What about Windows? It has NTFS and ReFS, the latter is for enterprise segments only, and is less capable than ZFS. Don't get me wrong, I am sure that ReFS is very complex - it has many lines of code and managing it is hard, it's just it has less features than zfs.
So if you love filesystems, and want to make a difference there, which OS should you work with? Linux, or some sort of BSD.. anything but Windows.
Now, what about networking? I've read about some marketing blurbs about Windows networking features that could mean something innovative. Unfortunately that was it - marketing blurbs. No technical designs, packet formats, no blog posts... You have to go to Linux/BSD for this.
Maybe security? There is a lot of information about Windows security, because it is such a popular target. But what about active defenses? Kernel hardening, sandboxing, lightweight VMs, etc...? This all originated outside of Windows.
Now, I am happy to admit that Windows is a very complex system, and that Microsoft did a great job polishing everything and presenting it to user. Microsoft is also great at taking an experimental systems and getting them in front of everyone (all that GUI hardening comes to mind).
But if you are interested in progress of operating systems and adjacent things, the projects which advance state of the art and introduce ideas no one has implemented before... Don't look at Windows.
> people who actually earn salaries
Maybe a hot take but the world's "most advanced software engineering" is not happening in W-2 employment scenarios.