Viruses embedded in device drivers...

[sl00py99]

I have been shopping for a Wireless N adapter for my laptop recently. With so many consumer electronic devices coming from foreign countries which so blatantly attempt to hack us, is it possible for them to embed viruses in device drivers?

[Geek-9pm]

This has been topic of concern. Quick answer is 'Yes'. However, the rash of Malware currently out there is coming over then Internet. You need to worry more about the sites your visit.

This observation is both my own personal observations as well as the consensus of many others. Don't worry too much about then embedded firmware threat. Right now it is the myriad** or more malicious web sites out there. And yes, I have many external devices from unknown pleas with embedded firmware. But the infections I get come from web sites.

** myriad = 10,000.

[Transfusion]

Well, it would definitely be possible to embed a virus into a setup executable, seeing as adware is already rampant in programs like the "Ask Toolbar" in various setup EXEs. Personally I dislike the client software shipped with these dongles, so I manually install the drivers by selecting the .INF from Device Manager.
Here are the top ten WiFi dongles of 2011:
http://wireless-adapter-review.toptenreviews.com/
Cisco, Belkin, Buffalo, DLink, and Netgear are among the most reputable wireless networking equipment manufacturers.

[sl00py99]

Thanks, folks, for your thoughts. Embedding a virus into a setup exe would probably be easy for most anti-virus apps to spot; but I wonder about a virus actually embedded in the driver (.inf or whatever). 

[sl00py99]

I agree with you, Trans. I have often used Device Manager as you suggest to go around the setup exe. Windoze's built-in wireless connection manager does a better job of creating and managing the connection than the crappy utilities that some of the wireless nic mfrs ship with their drivers.

[Linux711]

is it possible for them to embed viruses in device drivers

Possible, yes. Probable, no. Especially not if it is a signed driver.

[StevenTechy]

so again, the importance of signed drivers, but I'm afraid that not all the installed drivers installed on my computer are digitally signed. What to do?