Jump to content

Recommended Posts

Hi Malwarebytes support,

 I wondered if Ethernet adapters, such as the Plugable USB 3.0 to Ethernet Gigabit 10/100/1000 LAN Network Adapter, remain safe against malware since they contain rewriteable firmware in EEPROM.

If the product was only connected via the USB 3.0 cable and its circuitry was never removed from the casing and modified, is there any chance this device could retain malware?

 The reason I ask is I am currently salvaging a Windows PC and want to assess what accessories I may still use. My mouse had to be disposed of due to its ability to store commands, so I'm attempting to be careful.

Thank you for your help.

Share this post


Link to post
Share on other sites

Ethernet adapters are always safe.  Same with Token Ring, ArcNET and other topologies.  It doen't make a difference if it a PCI, PCIe, USB or embedded chipset. It is the network protocols such as TCP/IP ( HTTP/HTTP, FTP, NNTP, SMTP, NFS, etc )  that can be exploited and can make using them unsafe.  They can't retain malware.  It is the Operating System that gets infected and thus affected.

Mice are an Input only device.  Nothing is stored in them.

 

 

Share this post


Link to post
Share on other sites
Posted (edited)

I must agree with David's above comments.  Basically short of some NSA level hardware/spyware or deep level BIOS/firmware infection custom built to target your specific component(s) (something that is EXTREMELY unlikely as that's a lot of effort to go to, not to mention the fact that it would likely require physical access to the machine/hardware), the chances of those hardware devices containing any actual infections/malware is pretty much nil.  Run-of-the-mill malware infections do not and cannot infect such devices and the criminals that create most of the common malware seen today would never target such devices because the number of users/systems/devices they would be able to infect would be far too small for the effort to be profitable, and profit is the name of the game (this is many modern threats are written to be cross-platform, infecting browsers and common extensions since there are so many mobile devices in use and why most PC-only threats are written to avoid requiring admin permissions to avoid UAC (an issue that renders the use of limited user accounts pretty much pointless, at least as long as you keep UAC active for all admin user accounts).

Edited by exile360

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.