[Cryptography] Is "drivers for foo" a major malware vector?
Christian Huitema
huitema at huitema.net
Mon Apr 18 17:44:42 EDT 2016
On Monday, April 18, 2016 1:40 PM, Ray Dillinger wrote:
>
> On 04/17/2016 10:20 PM, Yui Hirasawa wrote:
> >> Nevertheless, when I searched for a possible replacement, I came up
> >> with hundreds and hundreds of sites that were offering free downloads
> >> of the drivers.
> >
> > It's 2016. Why are you looking for drivers online?
>
> Hah! I'm not. I'm looking for a replacement for my smart keyboard. The issue
> is that the only people who seem to have even heard of it are offering drivers
> which don't exist.
As far as Windows is concerned, most people don't look online either. They get the driver installed on their PC by the OEM (e.g. Dell) or they get it from Windows Update. Some adventurous folks may try to get a more up-to-date driver directly from the manufacturer site (e.g. Intel). There are fewer and fewer reasons to do that as most manufacturers will just publish the latest driver on Windows Update.
Going to some random third party web site looks like a really bad idea. The only plausible rationale is because the original manufacturer has gone out of business, or has abandoned the product. You would need to exercise a lot of caution. I would certainly not do that for a keyboard.
-- Christian Huitema
More information about the cryptography
mailing list