Hacker News new | past | comments | ask | show | jobs | submit login
SteelSeries include adware in driver automatically installed by Windows Update (reddit.com)
122 points by supernes on Sept 17, 2020 | hide | past | favorite | 74 comments



Steelseries, Razer and Nvidia drivers are all a pain in the ass. How hard is it to make a driver that works and has a config page?

Instead they make you jump through a million extra hoops to get it to work

It’s only a matter of time until we get a DRM mouse that only works when online


Nvidia can't even figure out how to build an application that remembers my login details, every time I open it up I have to login again.


The bigger question though is why do you need to login in the first place?

For the longest time the GeForce Experience application didn't need a login. A lot of users (like me) have that application just to do the automatic driver updates. Why do I need to login to do that?


There are nefarious reasons. But drivers like Razer/Nvidia also sync your individual game/device settings to the cloud so that if you have multiple computers or reinstall the OS you don't have to set everything up again. It should definitely be optional though.


Solution to a problem that doesn't exist. Just a plausible cover for the actual nefarious reasons.


I know I am weird, but I have a Razer Naga with several game profiles and find it really nice when it synchronizes the settings. I use the same mouse on my laptop and can pick up right where I left off.


the main reason I reinstall my PC is to remove that accumulated crud


It's to reduce signup friction for their geforce now cloud gaming service. Also probably to target you with ads when they release a card that would be a nice upgrade for your current one. Very annoying, yes.


I would have loved to be a fly on the wall when that decision was made.

"Let's add friction to all of our users so that the small percentage of those users who do want to sign up to our cloud gaming service won't have any friction."

"Brilliant! Make it happen."


Yeah. You can always manually check & download the drivers from NVIDIA's website, like people used to do until geforce experience was released. Then there were a few blissful years where it was just a simple auto-updater for your GPU drivers. Then NVIDIA wanted to expand. I guess they view it as a transaction: in return for your login, you get driver auto-updates. Don't like it? Get used to checking the website. I'm thinking I'll go AMD for my next rig. Their linux support is apparently much better.


I'm on the same page as you, just waiting for RDNA2 and Zen3 to drop so I can be free from the garbage nvidia software. I know AMD has had driver issues but at this point idc, I've come to associate nvidia with spyware between this and their awful VM detection practices.


Yup. And if you have a pihole running the login fails silently.

Took me forever to figure out that an ad blocker breaks their driver stuff login...which is all sorta of wtf in itself


Sadly, this is becoming the new norm. In another decade, that won't even be "wtf" any more. There's just not enough pressure on these giant corporations to change. And with the next generation being indoctrinated to a constant stream of ads, live services, and generally trading privacy for features, I doubt they will care either.

Ugh. I think my bad week is spilling into my comments.


I just counted - for one mouse, Razer has 12 processes running using nearly 200MB of RAM

Bindings are already stored in the hardware anyhow


Anecdote warning.

Not to mention the quality of the mouse itself. I bought 2 and they both only lasted 10 months and a year. I know a streamer that replaces them every 6 months.

I switched to another brand. Looks like they spend more resources on adware and not on quality hardware.


I bought the original Razer Mamba mouse and just now replaced it after ~10 years of happy use. I bought the latest Mamba model, Wireless 2020 or whatever it's called.

Quality is just awful in comparison with the original.

They removed the docking station, battery life is terrible and the drivers are buggy.

I'm incredibly disappointed. I wish they still manufactured the original product instead of this new mouse whose only improvement is that the LED changes colour.

Oh and it doesn't work in wired mode on the mac ...


What are these processes even doing?


Logitech isn't great with this either. Last I used their "drivers" for my mouse it would randomly reset settings, have constant notifications and a UI that was probably designed by their marketing team. I just removed the driver, used the generic one and booted into Linux where I can adjust settings and save it to the mouse itself through some open-source drivers. Those settings then work in Windows as well as long as I don't install the drivers there.


> It’s only a matter of time until we get a DRM mouse that only works when online

A VR headset is much like a mouse (with built-in screen and speakers), and there's already one on the market that will require a particular social media account soon in order to keep working. [1]

1. https://www.gamesindustry.biz/articles/2020-09-15-oculus-use...


Lots of the smaller peripheral brands intentionally omit always-running background software. I think it's more about gaming performance than privacy, but I'll take it.


Logitech does this too.

Just plug in a mouse - Windows fetches the driver package and, voila, you are a proud owner of LogiLDA.dll that will pester you with random marketing bullshit until forcibly removed from the system.


MS explicitly allows this; to spam you regarding a more featured driver when the one from WU is installed.


I think the problem is still Logitech doing this, not MS allowing it. Just because something is allowed it doesn't mean you have to do it.


MS doesn't have any self respect and any respect for its users. Luckily there is Apple which side with the user in these kind of matters.


Ah, yeah Apple and mice. The operating system where the shoulder buttons of my old but perfectly fine Logitech MX518 don't work and I have to jump through hoops to get them to simply make them take me back in a browser. Truly a masterpiece of engineering. /s

Apple's drivers for basic input devices are extremely bad. I couldn't believe it when I was first using a Mac. You need vendor drivers for everything.


Luckily another part of the traditional Apple ecosystem are well engineered community generated extensions to cover for Apple's lack of advanced options for some functionality:

https://sensible-side-buttons.archagon.net/


Oh yeah, Apple is to be faulted for many things, including monopolistic behaviour, poor support for "alternative" ways of using their devices etc. But at least they don't ship an OS with ads, data tracking and other shenanigans like MS does. MS in the past never held their products to a high standard of quality. Apple's success forced them to consider that aspect, but they are still far away from being able to compete on that front.


hmm i have it on system, but haven seen any adds. Where do they pop up ?


At logon, via HKLM\Software\Microsoft\Windows\CurrentVersion\Run.

You can switch it off with SysInternal's Autoruns [1] ... along with all other stuff that Autoruns will dig up.

[1] https://docs.microsoft.com/en-us/sysinternals/downloads/auto...


I've had only Logitech keyboards and mice on my main desktops for over 2 decades, on Windows, with SetPoint installed, and never once have I ever seen an ad pop up from their software.


I have this but never saw an ad. Where are the ads?


In a dedicated application popup window in the bottom right corner of the main display.


https://old.reddit.com/r/steelseries/comments/ishp8t/unwante...

Fixed link to avoid Reddit’s horrible new interface.


Not sure where the setting is exposed, but O&O ShutUp10 has a toggle for "Disable automatic downloading of manufacturer's apps and icons for devices" that I suspect would prevent this. I haven't dug into it, but from my own usage I believe this setting ensures that only the driver dlls and not any extraneous software is installed by Windows Update.


I'm not sure where I originally saw the recommendation for OOSU10, but it was someone on HN, so whoever you were, thank you! After Firefox, it's the first thing I install on a fresh Windows install, and just applying their recommended actions makes Windows a much more tolerable experience!


Sadly I have to agree. Not using something like OOSU10 is like not running an ad blocker on the web. Not coincidentally I blame a lot of the ways Windows has been ruined lately on the adoption of web development trends.


I do wonder how Microsoft verifies 3rd party drivers before pushing them through Windows Update. I've seen some very low quality drivers (and associated bloat of services and background exes) be pushed through, to the point where I disabled driver updates and went back to doing it manually. A supply chain attack here could be devastating.


Low quality drivers? At least two drivers released by games companies had privilege escalation as a feature:

https://securelist.com/elevation-of-privileges-in-namco-driv...

https://twitter.com/thewack0lian/status/779397840762245124

https://old.reddit.com/r/Games/comments/545cjy/sfvs_new_pc_u...

https://github.com/tandasat/ExploitCapcom

I don't think I trust proprietary drivers anymore. Especially if they come from the gaming industry.


If its the official driver from the hardware manufacturer they'll "verify" it.

I don't really blame MS people just want to plug in and play.


Absolutely, that could get very expensive for MS if someone does something really nasty and people start sueing MS for distributing malware.

Come to think of it, they are probably also partially liable through the GDPR alone...


I am experiencing same thing with asus ROG mechanical keyboard. Windows automatically installed crapware along with couple services. Its uninstaller gives error, parts that uninstalled get re-installed again. I hate it.


What is the adware here? The SteelSeries control center most certainly has never displayed an ad to me.


See the screenshot in the linked post. The software is advertising Steelseries Engine.


What is Engine? It looks like a driver for the hardware installed.


SteelSeries Engine is the fat-drivers for the mouse. This is not an ad to buy new mice, it is an indication that the user paid a lot of money for a mouse and is unable to utilize it's features without the full drivers.


This is USB HID hardware, right? People can use wireshark to capture USB packets and create an equivalent driver for Linux. Assuming there aren't any already.

The only reason to use this proprietary malware is to reverse engineer it.


There is apexctl repository on GitHub that is a userspace driver for SteelSeries keyboards. Written in Haskell, but binaries are also available.


Their hardware, in the case of gaming mice/keyboards at least, runs absolutely fine with generic drivers. The issue here is them pushing an extra "control center" type app through ads that pop up on the desktop without any consent or interaction from the user.


I guess that proprietary drivers are required to configure additional buttons, DPI, etc. Though Logitech mices save configuration inside, so I was able to configure the mice, then reinstall Windows and use generic driver.


> The issue here is them pushing an extra "control center" type app through ads that pop up on the desktop without any consent or interaction from the user.

Yeah, that's exactly what I mean. These fancy input devices usually have LEDs, macros, variable sensitivity and other nifty features that are configured via vendor-specific driver applications. I've never used one that was even remotely good.

My Clevo laptop shipped with gamer-style bloatware that would take over a minute just to start up. I managed to reverse engineer it with wireshark and made a command line program that implements most of the features I cared about. The code is pretty short, here is the project in case anyone wants to see how it works or create a custom version for their own hardware:

https://github.com/matheusmoreira/ite-829x

It was just a matter of figuring out what data the manufacturer's application sends to the device and making my program do the same thing.


Is the issue here that the driver installation program looks so pretty that people can't understand it's a driver installation program, and so they assume it's trying to scam them?


Laughable nonsense and misleading title. The updated driver suggests additional software to use all features of the hardware he plunged in. This usually is because Microsoft does not want to auto install the full version of third party "drivers" so you only get a minimal version of the driver without extensive settings and all that. No one wants windows to download a 300MB Electron app if you plug in a mouse you may only temporary use. But its fair to notify the user about the existence of said app.


negative, getting a pop up from an updated driver is bot fair. it is infuriating. i use my computer to do work, pop ups interrupt that. it becomes a growing practical problem as more people believe it is acceptable to this as it happens more often.


When I plug in new hardware for work, I expect it to help me install the control software as soon as possible so I can use the device and get back to work.


IM NOT ALWAYS WORKING WITH GAMER HARDWARE

Jonathan_Goldsmith.jpg

BUT WHEN I DO I SWITCH MY MOUSE MODELS EVERY WEEK


> I use my computer to do work

Yes, well, not everybody does; and plugging in a gaming mouse is a pretty good signal that you’re one of the people that don’t. (Or that you’re at least a person with multiple computers who doesn’t use that one for work.)


I've used a Roccat Tyon mouse for work. Gaming mouse, but the macro system & chord button makes automating common actions easy. The extra axis is also great for working in 3D modeling (CAD) programs, though not as good as having a true 3D mouse (but also a lot cheaper).


Not saying it’s a guarantee — just a good signal. If that signal increases the cumulative probability that you’re someone who’d maybe want the full control panel, to be greater than the probability that you wouldn’t, then it’d make sense to show the notification.

Then again, recalling the marketing of Windows 7 way back when, centralizing notifications like this was supposed to be what the Windows Action Center was for. But they just never added support for arbitrary third-party “actions” to it. Kind of perplexing.


Great, you are the target of the popup, there is a chance you want the full software made for your specific hardware. If you don't want it ffs click it away and move on.


Mac is not immune to this type of crap, I tried Corel Painter demo version and the updater it installed put up random windows with ads after a while until I figured it out and removed it.


Apple advertises for stuff as well. I never installed adware, but Apple installs it, and I don't know how to shut if off.

Just so people are aware, here is just one example: https://discussions.apple.com/thread/7428677

A fullscreen add after you go into Music, and apparently no way to turn it off permanently. I've had this happen to me this year.

I had this happen after I went to play music, and this popped up for me AFTER selecting a song I owned to play.

So, if we are going to go after Steelseries for advertising for free software specifically used for the hardware the person owns, let's make sure we call it out wherever it's happening.


Corel has become so spammy and nickel-and-dimey. I'm probably going to just stop using their design products when my current subscription ends. I'd love it if they'd just focus on having great products instead of selling add-ons that are of little value (no I don't want to buy huge packs of stock art like its 1999 and everything comes on a stack of cd-roms).


God the Reddit comments on that post are absolute rubbish.

The most upvoted comments are along the lines of "you're using Windows 10, who cares if something else spies on you LUL" which is the dumbest argument I've ever heard, which makes me suspect they might be corporate puppets.

Or perhaps we've just been conditioned to ignore any privacy concerns as bullshit and just laugh and shrug whenever yet another company wants to make money off our data.


I have SteelSeries headphones and if you don't have SteelSeries engine installed, you are losing quite a bit of functionality.

I think it's a grey zone as for most of the cases people are going to be happy to get that software.


It does improve the experience of using their hardware, even though mice for example work absolutely fine without it. I had it running for a while, but decided not to use it as it added nothing in my case.

The issue is they're pushing unwanted software that displays ads on the desktop through a (possibly bogus) driver update that you can't really refuse without halting Windows Update altogether.


I would not say mice work “fine” without engine software. You need engine to set DPI etc, which you want to do, if you want to get the most of it for gaming.


There is little to no point of buying their hardware without it, you can’t change settings, create profiles, macros or rebind keys.


on my apex pro I can do all of the above except rebind keys just by using the keyboard


How is it bogus?


No it's really not.

Installing adware on my computer without any input from me is NOT ok.

And I have been using headphones(wired) for 5 years without feeling the need to use their sowtware.


In case of mouse their software is required to disable the annoying blinking leds.


It's really funny to see the redditors defend this.


Booooo


Okay, so then technically, Apple does this as well.

Apple installs adware of the same type that SteelSeries does.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: