[Cryptography] Is "drivers for foo" a major malware vector?

[Phillip Hallam-Baker]

There are multiple problems.

One is that many manufacturers see control of the driver as an
opportunity to install crapware of their own on user's machines. I
stopped buying Brother printers in favor of HP purely because there
was much less bloat in their driver stack.

Another problem is that there are many sites that make money by just
aggregating information people might want and creating SEO lures to
get search engines to index them. And a lot of those sites do not care
very much if at all about where the stuff they are aggregating comes
from. Collections of drivers are an obvious set of material to
collect.

So if someone throws a malware infested driver up on one site, it can
quickly be caught up and published far and wide.

These days, there is really no need for any code other than the
display drivers to run in kernel mode. Converting documents to the
format understood by the printer and sending them over the network is
a user mode task if I ever saw one. Come to that, it is a bit idiotic
that so many printers need drivers at all. I have a 36" plotter that
is a bit old but works fine for my purposes. Every time I use it, I
have to futz with the drivers as HP don't support it any more. Some
time I will get round to making a RaPi into a print server just for
it. Right around the time I make my fifth dalek.

Drivers are a choice malware target as users are primed to give them
full system privs on install.