Security News HP is installing spyware on its machines disguised as an "analytics client"

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Heads up, HP users. It appears the $3.5 million Lenovo verdict was not enough of a spyware deterrent for HP, as it now appears the company is installing spyware on its computers without asking permission from users.

The culprit software is called HP Touchpoint Analytics Service, with the latest client version being 4.0.2.1435. It is described on the official HP site:

The HP Touchpoint Manager technology is now being delivered as a part of HP Device as a Service (DaaS) Analytics and Proactive Management capabilities. Therefore, HP is discontinuing the self-managed HP Touchpoint Manager solution.

However, users are up in arms about the stealthy install, saying that the spyware is causing some severe slowdowns and CPU drains in the operation of HP PCs. The HP support site is being flooded with some not-so-glowing reports, such as this one from PurplePassion22:

On 11/18/2017 Hp Touchpoint Analytics Client was installed on my computer without my consent. I'm assuming it was installed in the background as an update to Hp support or framework. However it happened I don't appreciate it's sneaky take over of my computer's system resources. From yesterday to today it's been making my computer work so hard I can hear it like cranking away and the light in the back of my computer is flashing rapidly in-tune with the cranking. In Task Manager I can see it starting and stopping numerous applications, it's client service and installer, console window host, command prompts, timeout-pause command prompt, it's causing a lot of up and down use of antimalware service executable and local system.

According to Günter Born, only one program registers the TouchpointAnalyticsClient.exe client as malware.

While the issue of HP collecting telemetry data behind the backs of its users is problematic, there is a way to get rid of the program, thanks to a fairly easy step-by-step process detailed by Martin Brinkman.

Option 1: Services

  • Use Windows-R to bring up the run box.
  • Type services.msc and hit the Enter-key on the keyboard.
  • Look for HP Touchpoint Analytics Client in the Services listing.
  • If it is there, HP Touchpoint Manager is installed.
  • If it is not there, skip to option 2.
  • Double-click on the service to open its details.
  • Set its startup type to disabled.
  • Select Stop to stop it in the current session.
Option 2: Windows Programs

  • Use Windows-R to load the run box.
  • Type appwiz.cpl to load the Programs and Features control panel applet.
  • Locate HP Touchpoint Manager.
  • Right-click the program name, and select Uninstall to remove it.
Uninstallation of the program should remove the Service as well.

It isn't clear if this is being installed as part of a Windows Update or if it coming from the HP Support Assistant. But no matter where it is coming from, if you have an HP system, you should check for the spyware and remove it, especially if you are noticing a severe overload on your CPU and processes.

Source: ComputerWorld
 
D

Deleted member 65228

I think it would be coming from the HP Support Assistant probably. It is really shocking to see a company like HP doing these things, as if Lenovo didn't already demonstrate that doing something like this will damage reputation and cause problems... Or even Sony!

HP should know better than this. All they are doing now is harming reputation. They could have proceeded with their plans without an issue as long they acquired consent (e.g. from a dialog with a Yes or No) which outlines what will happen if used, and they'd still have had people allow it. Instead they took the shadier route and have done nothing but led to them reaching headlines for installation of spyware, which will hurt them badly.

Luckily for me I don't own a HP machine, and quite frankly I don't think I ever will. Especially not now. They did it once even after all the history of other vendors doing similar and it having bad outcomes, chances are they'll do it again when they next feel like it...
 
D

Deleted member 65228

@Azure Phoenix That is what I was thinking, I guess we shouldn't believe everything we read on the internet but if its good enough for Exterminator then it's good enough for me. And if it isn't really spyware and the source made a post without verification then I'll retract my opinion because its based on the assumption that it really is spyware.

But if the utility is collecting data about the user and submitting it to HP then it is verified to be spyware because it doesn't acquire consent from the user to install it. Not to mention disrupting the user by using resources and slowing them down at the same time which is the icing on the cake..

So if I was HP and pushed out a tool to be auto-installed without you being aware/providing consent which collects your data = spyware

Edit: its an analytics client so that would be collecting data for analytics, and without consent
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Buying prefab machines is risky now days. I never thought I would have justification for that sentence, wow.
I would love to hear more on this, and you know folks like DigitalStorm are so happy to hear of crap like this
going on. lol
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
@_CyberGhosT_ I escaped the never ending paranoia of wondering if my manufacturer can be trusted or not when I did a custom build (had to because there was no point paying like 2x the money for the same specs for little manual effort) hahahaha
I feel ya, I recently updated my 11yr old DigitalStorm, I don't buy pre-fab either :)
 
F

ForgottenSeer 58943

Buying prefab machines is risky now days. I never thought I would have justification for that sentence, wow.
I would love to hear more on this, and you know folks like DigitalStorm are so happy to hear of crap like this
going on. lol

I always work under the assumption pre-fab machines are backdoored/infected, and/or the supply chain has been interdicted. I've worked under this assumption since around 2005 and do a low level format and fresh installation over any new system. For desktops, I build my own, but for laptops, surely they get wiped.

I started this in 2005 because that was the year I purchased 2 new laptops for my kids and found Acer was turning the cameras on when the screensaver executed and sending photographs out to some specific servers. From that day forward, wipe is the rule.
 

Entreri

Level 7
Verified
May 25, 2015
342
I do a clean install on my laptops and pick them up directly from the store. I can't stand pre-installed software which hog system resources and have security holes.

I paid for the machine, I don't like the fact that I can't control what is on it (e.g. Intel ME).
 

Soulbound

Level 29
Verified
Well-known
Jan 14, 2015
1,761
I do a clean install on my laptops and pick them up directly from the store. I can't stand pre-installed software which hog system resources and have security holes.

I paid for the machine, I don't like the fact that I can't control what is on it (e.g. Intel ME).
Not every machine has pre-installed software that is a resource hog etc, i.e Origin, Razer, ROG to name a few. Granted for the price you pay for such systems, you are mainly paying for the hardware and technology. The software is just the added bonus and needed for the machines themselves for full optimization.
 

BoraMurdar

Super Moderator
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Update :
HP Says Its Windows “Spyware” Only Collects Data Anonymously with User Consent

Allegations that surfaced earlier this week indicated that HP might be deploying spyware on users’ computers and not only slow down the systems but also collect their data without consent.
But in a statement today, HP says there’s no such thing happening on their systems, and the only data collection that takes place is completely anonymously and enabled after users give their consent.
HP VP of Customer Experience Mike Nash told LaptopMag that HP Touchpoint Analytics, a service that was enabled recently following a driver update, only collects hardware information just in case something goes wrong.
Furthermore, the data never leaves the computer unless users specifically opted to share logs with HP during the initial screen, in which case the collected information is only useful once you need technical support and engineers need to remotely access your system.

On the other hand, if you do decide to share your logs with HP, everything is submitted anonymously with no personal data leaving the machine, HP says. This should help improve performance, fix bugs, and deliver updates for errors hitting a particular computer model.
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
I have an HP laptop, but I don't see the "spyware." Good for me, then. :cool:

Anyway, even if it's installed, as long as it's not submitting sensitive information and it's an opt-in option, then I would be okay with it installed. :)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top