Microsoft Subnet An independent Microsoft community View more

LG's split screen software allegedly undermines your PC's security

LG's split screen software allegedly disables the Windows User Account Control feature, meaning everything unwisely runs with full administrative privileges.

LG ultra-wide screen monitor, split screen software
Credit: LG

Does LG's Split Screen software "destroy" your PC's security? It does according to Christopher Bachner's write-up on Developer's Couch.

He purchased an ultra-wide LG monitor and installed LG's split screen software. While he likes the hardware, Bachner is "utterly disappointed" with "how LG treats security."

The TL;DR version is that instead of writing software properly, they just disable your security in order to make their software work.

It's important to understand that Bachner uses the Windows User Account Control (UAC) feature. Microsoft advises using UAC to "help you stay in control of your computer by informing you when a program makes a change that requires administrator-level permission. UAC works by adjusting the permission level of your user account. If you're doing tasks that can be done as a standard user, such as reading email, listening to music, or creating documents, you have the permissions of a standard user—even if you're logged on as an administrator." In security bulletins, Microsoft frequently suggests not using full privileges if the user doesn't need it.

A week after installing the LG software, Bachner realized his Notepad++ session was in Administrator mode even though he did not right-click to launch it in admin mode. Additionally, every time he launched "Run," instead of starting in UAC it ran with the notification, "This task will be created with administrative privileges."

Suspicious now that something was wrong if "everything" started with full privileges, he discovered that his UAC had been disabled. Bachner wrote:

I suspected that it has to be the split screen software that made the changes as it was the most recent installed software on my system. Quickly I fired up my Windows 10 VM to run the setup and see if it disables the UAC. Unfortunately, the answer to this is that it does disable your UAC and therefore decreases your computer's security by a lot. (Think of it like removing your walls and everything you have is in one room and accessible by everyone who is in the room).

Sure enough, Bachner was prompted to restart his computer in order to turn off UAC. He added:

This result was very surprising and raised some anger in me because I would have expected more from such a large company. I suspect they disable UAC because their software needs to run in full privilege mode. However, there are plenty of other ways to solve this… LG just neglected security to make their application work. This is not only lazy, but also extremely dangerous since applications that should never run with admin privileges were executed with admin privileges.

Curious now, I looked up the software. Oddly, LG has several misspellings in the description of the software. It does not all show up in the captured image, but here is a copy/paste example listed under Screen Split:

Screen Split is application SW to devide window layout for efficient managment of windows with LG monitor. The Software is pacakged as an installshield installation pacakge.

LG Split Screen software LG

Since the allegations of LG software "destroying," or at least undermining, computer security are fairly serious, I contacted LG. Other than stumbling over LG's spelling, attempts to obtain a comment were met with stumbling blocks. After dealing with four different departments, I finally was connected to the "computer" department 45 minutes later. I basically read Bachner's write-up and described the screenshots to the guy on the phone, who could not access an external web page himself. At first he blamed antivirus for disabling UAC, but later the official quote I was told to run with is that the "LG application never really did disable UAC."

Riiiiight. After LG's denial, Bachner recorded video of the LG split screen software "destroying" his PC's security.

On a Windows box, it isn't wise to run every little thing with full privileges. If you don't care if a program disables UAC or if you want to run everything as admin, then you probably wouldn't have an issue with LG's software. Otherwise, it might be wise to steer clear of it until LG makes some changes. Maybe the company can correct the misspellings in the software description if its split screen software is revised?

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10