Saturday, September 18, 2021

How a gaming mouse can get you Home windows superpowers! – Bare Safety

We all know a sysadmin or two (or three, or four) who are seriously into gaming, and have the cool hardware to prove it…

…perhaps including a special chair, dedicated headphones, an ultra-hackable mouse, and an indestructible, mechanically triggered, 6-key-rollover, touch-typist’s keyboard (with multicoloured blank keycaps, configured in COLEMAK format, rather than QWERTY or even DVORAK, natch).

But what if you want to go the other way around?

What if you’re a gamer who wants to be a sysadmin? On someone else’s computer?

Well, apparently, until last week at least, gamer-centric mice and keyboards from popular vendor Razer could help you to do just that.

The problem, it seems, was a Helpful Feature that turned out also to be a bug, as noted on Twitter by a researcher going by @j0nh4t, or jonhat in full:

At first viewing, the video above might seem a bit overwhelming, if not actually confusing, but the bug goes something like this:

  • You plug in a Razer gaming mouse for the first time.
  • Windows detects that this device type has special software and drivers that will make it work Even Better than a regular mouse.
  • Windows finds Razer’s official addons in the Windows Update cloud.
  • Windows downloads and launches the official addons so you don’t have to.
  • The Razer app helpfully ends with a clickable directory name, showing you what ended up where in the installation process.

As risky as this sounds at first, you can argue that it’s better than leaving you to your own devices, literally and figuratively, as early versions of Windows did, casting around on the internet for a download that looks like a driver that might work…

…and then downloading it from a site that might be the real one, or might not…

…and then running it with Admin powers yourself, only to find it’s the wrong driver, and your device now doesn’t work at all, and that you can’t figure out how to revert the installation…

…and then wondering why your computer is slowing to a crawl and uploading hundreds of megabytes of data to a weirdly named server in [REDACTED] while at the same time sending thousands of weird emails to people throughout [REDACTED].

With that in mind, automatically getting and running an official copy of the official drivers and app from an official Microsoft server sounds not only much more more convenient but also much less likely to end badly.