Windows Update is now a bloatware channel — LG proves it

4 min read 1 source clear_take
├── "Windows Update is being abused as an OEM software distribution channel, violating user trust"
│  └── baranul / videocardz.com (Hacker News, 1062 pts) → read

The article frames this as a fundamental breach of the implicit contract of Windows Update — a channel reserved for critical patches and audited drivers is now silently delivering full user-space OEM utilities. The author emphasizes that OnScreen Control is not a driver but a full app with background services and network activity, installed with SYSTEM privileges and no user consent.

├── "The EDID-based re-delivery loop makes this effectively un-removable for average users"
│  └── baranul / videocardz.com (Hacker News, 1062 pts) → read

Reports that uninstalling the software is futile because Windows Update reads the monitor's EDID, matches it against Microsoft's device catalog, and reinstalls the payload. Only Windows Pro users can escape via Group Policy — Home users are stuck in a reinstall loop, which the author presents as evidence that the mechanism was designed with no meaningful opt-out.

└── "Blurring the line between critical patches and vendor software is a one-way erosion of the update system's credibility"
  └── top10.dev editorial (top10.dev) → read below

Argues that Windows Update's elevated privileges were justified specifically because the delivery channel was supposed to be narrow and audited. Once Microsoft allows OEM utilities to ride that same rail, the distinction between 'critical patch' and 'vendor advertising' collapses — and that trust, once lost, is very hard to rebuild.

What happened

Windows users with LG monitors started noticing a program called LG OnScreen Control appearing on their machines without ever downloading it. No installer prompt, no UAC dialog, no browser download — just a running application in the Start menu after a routine Windows Update cycle. The story surfaced on Hacker News with over 1,000 points and was corroborated across multiple threads: the software is being pushed through Microsoft's Windows Update infrastructure, signed by LG, and installed with SYSTEM privileges as if it were a device driver.

OnScreen Control is not a driver. It's a full user-space app that manages monitor settings — brightness, split-screen presets, picture modes — and it ships with background services, an update mechanism of its own, and network activity. It's the kind of thing an OEM would traditionally bundle on a new laptop, except this time the monitor itself is delivering it, months or years after purchase, through a channel most users treat as sacred.

Affected users report the app reinstalling itself after uninstall, because Windows Update sees the monitor's EDID (extended display identification data), matches it against Microsoft's device catalog, and re-delivers the payload. Removing the software without also blocking the update entry leaves you in a loop. Windows Pro users can suppress it via Group Policy; Home users have fewer options.

Why it matters

The Windows Update pipeline was designed as the one thing you could trust to run automatically. Kernel patches, security fixes, signed drivers — the whole reason it has elevated privileges is that the delivery channel is supposed to be narrow and audited. Turning it into a distribution channel for OEM monitor utilities blurs the line between "critical patch" and "vendor advertising," and once that line is blurred it's very hard to un-blur.

The technical mechanism here is Microsoft's Windows Update for Business driver policy combined with the older co-installer pattern that lets driver packages ship companion apps. It's been there for years — it's how Intel graphics tools, Realtek audio panels, and vendor keyboard utilities have historically slipped onto systems. What's new is the visibility. HN commenters pointed out that this used to be OEM-laptop territory, where you at least implicitly consented by buying a Dell or an HP. A monitor is a peripheral. You didn't buy an ecosystem; you bought a panel.

The security implications are the part senior engineers should care about. Any code delivered through Windows Update inherits enormous trust: signed by Microsoft-recognized authorities, installed by TrustedInstaller, invisible to most endpoint controls that treat WU as a first-party channel. If LG's OnScreen Control has a vulnerability — and OEM utilities have a long, ugly track record of RCE bugs, elevated-privilege scheduled tasks, and unauthenticated HTTP update checks — it's now on machines where the owner never opted in and probably doesn't know it's there.

Community reaction has been sharper than usual for a bloatware story. Threads on HN and Reddit are pointing out that this is exactly the pattern regulators complained about with Superfish (Lenovo, 2015) and the various Dell/HP telemetry incidents. The difference: Superfish was preinstalled on hardware you knowingly bought. This is push-installed on hardware you already own, via an OS update channel you didn't associate with the peripheral.

What this means for your stack

If you manage Windows fleets, the practical move is auditing what your Windows Update policy actually permits. The default `AllowWindowsUpdateSignedDrivers` and driver co-installer behavior needs to be reviewed against your threat model, because "driver" in the WU catalog now includes companion apps that behave nothing like drivers. Group Policy path: `Computer Configuration → Administrative Templates → System → Device Installation → Prevent installation of devices that match any of these device IDs`, then feed it the LG monitor hardware IDs from Device Manager. For MDM-managed fleets, the equivalent CSP is `DeviceInstallation/PreventInstallationOfMatchingDeviceIDs`.

For individual developer workstations, the fastest mitigation is: (1) uninstall OnScreen Control, (2) disable the LG-specific driver update in `Optional updates`, and (3) block the OnScreen Control update service from running. `wushowhide.diagcab` — the old Microsoft "show or hide updates" tool — still works for suppressing specific KB entries. Windows 11's driver rollback UI does not.

There's also a broader hygiene question. If your build machines, CI runners, or QA hardware happen to have LG panels attached, you now have a piece of vendor software with elevated permissions on infrastructure that touches source code. That's a supply-chain conversation you probably didn't schedule for this week, and it's worth having anyway.

Looking ahead

The uncomfortable truth is that this behavior is technically permitted by Microsoft's current policy — LG is using a documented mechanism the way it was designed to be used, just at a scale and visibility that makes users uncomfortable. Which means the fix has to come from Microsoft: either tighten what "driver co-installer" is allowed to ship, or surface a real consent prompt before non-driver payloads land on the machine. Until then, expect more of this. Every monitor, dock, webcam, and keyboard vendor watching this thread is doing the same math LG did, and the answer they're getting is *this works and nobody stops us*.

Hacker News 1118 pts 572 comments

LG monitors silently install software through Windows Update without consent

→ read on Hacker News
devttyeu · Hacker News

This is so much worse that the title makes it out to be: 1. Your OS installs malware (technically manufacturers software) from a 3rd party vendor in background, zero user interaction 2. Happens as soon as you or anyone with physical access plug in a device into the HDMI port 3. That malware has inte

delta_p_delta_x · Hacker News

Workaround: gpedit.msc Computer Configuration > Administrative Templates > System > Device Installation Prevent automatic download of applications associated with device metadata Set to enabled OK On home editions sans gpedit.msc: sysdm.cpl Hardware tab Click Device Installation Settings Un

tialaramex · Hacker News

Assuming they don't get a revenue cut, pushing back on Microsoft can in principle be effective here.Microsoft decides what happens here, and presumably today they just take it on trust that hardware makers know what software to install. New driver? Sure. McSpam installer? OK. Maybe they have a

gkbrk · Hacker News

A monitor cannot install software on your computer by the way. It's Windows installing this software automatically (for some reason), so the blame should be on Microsoft.Autorun of malware when you plugged in a USB drive was also a Windows issue, I'd classify this as the same security prob

spl757 · Hacker News

Easy fix. Don't use Windows. It's been enshittified so many times over that I can't believe people put up with what it has become. I haven't used Windows on my desktop for well over a decade. People are switching away from it now, and MS is trying to backtrack some, but it's

// share this

// get daily digest

Top 10 dev stories every morning at 8am UTC. AI-curated. Retro terminal HTML email.