This sort of thing is a big problem throughout the Windows ecosystem, and it's mostly caused by Microsoft leaving holes in Windows' functionality to be filled by incompetent third parties. The purpose of this program was supposedly to handle hotkeys such as mute/unmute. But that's not something a third-party program should be doing at all! A typical OEM windows system will have a half-dozen pieces of crap in its system tray written by third-party hardware vendors, implementing features that a decent operating system would already have built in.
> A typical OEM windows system will have a half-dozen pieces of crap in its system tray written by third-party hardware vendors, implementing features that a decent operating system would already have built in.
Actually, my OEM Windows laptop came with a half dozen pieces of crap in systray implementing features that Windows already has. A battery monitor, volume icon, WiFi applet, shit like that.
So it's not only Microsoft to blame but also the all-pervasive fu&*( "differentiation", like you just have to crap the system with something others don't have to make TV ads and PowerPoint presentations about it.
Also, just few days ago we had a great example of how "competently" Microsoft plugged the former functionality hole which was antivirus software so it's not like they are perfect or something.
Why does the title mention HP only? Seems that any Windows computer using Conexant audio chips + driver will have the same problem. Pinning this on one specific manufacturer feels weird to me.
How many fewer clicks would Ars Technica get if their headline writer had instead given, "PCs with Conexant audio driver covertly log users’ every keystroke"?
How many fewer bloggers, Tweeters and Facebookers would link to it?
And, to be fair, how many fewer affected users would have learnt about this because they are not aware that their HP laptop is running a "Conexant audio driver"?
I just removed a fuck-ton of crapware from my new probook 17 as I do with all my new laptops this file was one of them thankfully.
The number of Windows 10 (Pro) processes at boot-up dropped from 112 to 80 (As a comparison it used to be 21 on Windows XP Pro but I guess that's progress)
Is it possible to install from a clean medium and have all this activation and licensing stuff handled on an OEM machine without paying for another license?
Last time I used Windows (Vista era) the only choice was OEM installer pre-filled with crapware and The Pirate Bay, neither exactly optimal.
Of course you can reinstall your OS from clean state and you could do it with any Windows. AFAIK Windows 10 will send your hardware information to Microsoft servers and will be activated automatically when you reinstall it.
Installing clean Windows and activating it with fake KMS server should work too, if you want to steal it.
I think in the newer Windows, they put the license key in the bios. That's the case with my Thinkpad at least. Whenever I reinstall Windows from scratch it detects the key automatically.
Thankfully, you can now also just download the Windows ISO from Microsoft directly.
Sounds like something for me to check. I've got an HP Envy with Conexant audio. I'm in Linux most of the time, but I've got a Windows 7 partition, too. That article mentions some version 10.x builds of the driver as being the culprits. Luckily, the newest ones on HP's site for my model are 9.x drivers, so maybe I'm safe.
Just to avoid any misunderstandings, from the article: "There's no indication the driver package uploads or otherwise distributes any of the logged information."
The software writes all key presses to a debug logfile on your own machine (which is overwritten on each reboot), it doesn't send them anywhere. This is bad enough, especially given that the file apparently is readable by any user on that machine. But it's not really a malicious spying tool, it's "only" really sloppy programming.
>"There's no indication the driver package uploads or otherwise distributes any of the logged information."
i remember how PM team (not just a team of typical poor technically clueless PMs, mind you, it was the "product management" team including actual PMs, project leads, lead architects, managers, etc.) waived security bug because it was only starting "notepad.exe" and thus was really harmless. Not joking, true story.
we will probably find the uploader on some sloppy coding for some unrelated piece such as intel management engine firmware. or some crash reporter that sends all debug files in some dir, etc.
