Programming question - why doesn't malware override muted volume control?

I’m a programmer and have done some low-level Windows API and Linux stuff, but never any driver development so this question has me flummoxed.

Since malware seems to not care how obnoxious it has to be to get your attention, why haven’t there been exploits that talk directly to the sound hardware, overriding any “mute” settings in the OS? Imagine…you’re working happily away, having muted your speakers using, say, the Windows volume control, when some stealthy malware process causes your speakers to yell “visit barely legal goats dot com” or some such.

I’ve tried googling for things like “override volume control” but the hits aren’t useful.

Is there a simple reason why it’s not possible to talk directly to the sound hardware? I have a vague notion of Intel “rings” and I know about kernel mode vs. user mode, but I’d have though that especially on Windows, where most users log on routinely as admin, that wouldn’t be an insurmountable obstacle.

Youre giving malware writers too much credit here. I dont think a lot of them are going to embed a root kit or a custom device driver to get your attention.

Also, most malware likes to stay quiet so you dont suspect youre part of a botnet. I also imagine there’s a line that shouldnt be crossed. If you have your speakers yelling at you then youre going to shut off the computer and take it in. If you have nag boxes asking you for your credit card or making you do captchas, then you might not.

As long as the malware runs with the user’s permissions (or better) I don’t think there’s anything standing in the way of the program just setting the volume to max and playing whatever it wants. At least not on linux, and I think that’s true on Windows too (though on Linux it’s possible to have users that don’t have permissions to access (parts of) the sound API at all, the actual users probably have those permissions, for obvious reasons).

HorseloverFat, I agree with your reasoning. But not one single piece of malware ever seems to have done this. I can’t help wondering if there’s some technical reason it can’t be done, or just the social reasons you listed. Malware purveyors seem to have access to plenty of good programming talent.

Also – it occurs to me that not all malware is about stealing credit cards/involuntary participating in a botnet. it seems a few virus writers just want the exposure, the bragging rights – I can’t believe one of them hasn’t written a “sound exploit”.

Some of them do - Google “Malware Audio” for a plethora of topics where unfortunate victims have had the same situation you describe in your OP. A lot of it is of course browser based, like “PayPerPlay”, which probably isn’t exactly what you meant (although still quite annoying).

Thanks Mr. Kobayashi; I did indeed find a few examples by Googling those words. Still surprised this isn’t more widespread, though: I found a Windows API to do exactly this, and I can see immediately how you’d achieve the same result with Windows messages. No, I’m not going to post either, lest any potential malware authors be reading :smiley:

This could make those “sudden loud noise” prank emails all the deadlier :eek:

Since few people run Windows with the volume control muted, there’s no incentive to bother developing it.

Since virus writers are unwilling (up to this point) to develop viruses for the Mac because Macs are less common than Windows computers, they’re even less willing to develop something that only 5% of users bother with.

Why would they want to alert the clueless user?