> 1) downloading Windows exe files from Chinese forums

VMs exist. I highly doubt the author daily drives windows XP.

> 2) the USB storage provided by network card can still contain malware

Well yes, but so can any other drivers. Downloading from the manufactures website isn't any more secure. Even signed drivers have been caught doing nasty stuff.

> 3) or can be accidentally booted from

True, but again this is quite a convoluted, noticeable, and unreliable way to compromize a system. Just injecting a handful of keystrokes will do it, and once the dead is done, the device can hide all evidence of malicious intent.

> 4) it has universal USB controller, so can become any HID device: keyboard, mouse...

This isn't wtf: a lot of devices nowadays are just microcontrollers hooked up to a USB connector. Quite a few normal USB drives can be reprogrammed to act as keyboards, and be used to get up to all sorts of shenanigans, including ones made outside of China.