search

microsoft / Network-Adapter-Class-Extension

Network Adapter Class Extension to WDF (NetAdapter Cx) makes it easy to write high quality and high speed drivers for Network Interface Controllers
MIT License
54 stars 17 forks source link

Document security regarding malicious USB devices and traffic #10

Closed DemiMarie closed 1 year ago

DemiMarie commented 2 years ago

Is this driver intended to be secure against a malicious USB device?

tylerretzlaff commented 1 year ago

hi demi,

very sorry for the delayed response.

netadaptercx is a framework component that allows the writing of a client driver (potentially for a USB device), the framework contract with the driver is that it provide verified data and metadata via callbacks and data path rings. if the driver fails to conform with the contract then system behavior will be undefined.

there is work underway to mitigate the effect of malicious USB hardware but it isn't available yet.

DemiMarie commented 1 year ago

hi demi,

very sorry for the delayed response.

netadaptercx is a framework component that allows the writing of a client driver (potentially for a USB device), the framework contract with the driver is that it provide verified data and metadata via callbacks and data path rings. if the driver fails to conform with the contract than system behavior will be undefined.

The driver obviously must be trusted.

there is work underway to mitigate the effect of malicious USB hardware but it isn't available yet.

This is what I was asking about, and I hope it will (a) be in a future version of Windows and (b) not just take the form of refusing to use untrusted USB devices.

tylerretzlaff commented 1 year ago

This is what I was asking about, and I hope it will (a) be in a future version of Windows and (b) not just take the form of refusing to use untrusted USB devices.

a. yes, a future version of windows. b. i'm not aware of any plan to block untrusted usb devices.