Patched MS Bluetooth Flaw Exposes Even Disconnected PCs

An anonymous reader writes "Among the 22 security holes Microsoft issued updates to fix yesterday is a critical kernel-level Bluetooth flaw that could let nearby attackers break into vulnerable systems even when the targeted computer is not connected to a network. An attacker could use the bug to gain access to any unpatched, Bluetooth-enabled Windows Vista or Win7 computer within 100 meters (or much further with specialized tools), all before the target system even gets an alert that another computer is requesting a Bluetooth connection."

Confusing

[Haedrian]

"even when the targeted computer is not connected to a network."
"target would merely need to have Bluetooth turned on."

Meh, not as scary as I thought. You shouldn't be running around with bluetooth on anyway. Also, if you're using a 'hidden' connection there's no real way for an attacker to find you is there?

So basically computers at risk are those who always leave bluetooth on and shown to everyone. Which unless you're trying to connect to a new device should be NEVER.

Re:Confusing

[ledow]

But considering that leads to a complete OS compromise, that's pretty poor coding.

You literally only have to turn it on for a second and someone can root you without you knowing. You only have to witness someone pair with a device, or do a single Bluetooth transfer and you can root them. And what are the implications for embedded versions of Windows in, say, phones.

A lot of people use Bluetooth, it's expected to be quite secure in terms of not rooting your computer (people being able to monitor and sniff your Bluetooth data is a different class of problem entirely, and puny in comparison). And like the article says - you probably have the faulty software installed already and only an single tap of that Bluetooth switch will make you vulnerable to automatic rooting, like a virus.

A virus that exploits this will potentially go quickly global and be hard to cleanse because you literally may not even notice that you've been infected and switching on Bluetooth for a split second to send a file to your phone, answer your parent's Skype on a headset, etc. isn't generally considered an infection route.

I agree in that I have BT turned off on everything I own and set to hidden by default but it would be scary if I were using one of the vulnerable systems. That's the sort of thing that will still be catching people out five years from now and it's probably only the first of many such problems. Now before you can put a PC on the net, you need to make sure you've never enabled Bluetooth while Windows was executing until you've got it to the latest patch level.

Re:Confusing

[mogness]

No need to worry. Reports around the web are contradictory to this article, all say it's extremely unlikely that an attacker could gain access to your machine using this vulnerability. You're more likely to get blue-screened.

http://blogs.technet.com/b/srd/archive/2011/07/12/ms11-053-vulnerability-in-the-bluetooth-stack-could-allow-remote-code-execution.aspx [technet.com]
https://threatpost.com/en_us/blogs/microsoft-fixes-critical-windows-bluetooth-bug-july-patch-tuesday-071211 [threatpost.com]

What's more, you'd have to be sharing your bluetooth id AND the attacker would have to be within range of your signal.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[mcgrew]

A virus that exploits this will potentially go quickly global

That's the opposite of what TFA said. In order to gain access the target computer needs some sort of (unspecified by TFA) memory corruption. My guess is you would need another flaw in conjunction with this (paired flaws?) to make it work.

I agree in that I have BT turned off on everything I own and set to hidden by default

I bought a tiny bluetooth dongle for the computer so I can bluetooth pictures and such from my phone to my computer. I keep blue

Re:

[mcgrew]

I had an Acer Aspire One (actually two of them, someone broke into my house and took the first one, then it happened again with the second one), and its built-in wifi worked flawlessly out of the box in both Windows and Linux, with WPA-2 security as its default in both OSes. I had an ancient Thinkpad I paid twenty bucks for (HD and battery were shot, used a thumb drive as a HD replacement), I never could get that sucker to network at all, even with a cable.

I considered the Acer a netbook, bit some folks her

Re:Confusing

[PNutts]

I have never seen a laptop that did not require considerable effort to get wireless networking going.

Did you press Submit 10 years ago? Your wireless network may need more effort as it appears you have some network latency.

Re:

[mcgrew]

Lets see, 20% tip would be a hundred bucks at the FIRST bar? Lets see, you're drinking Cabo or something equally expensive, say $5 a shot. Sixteen shots at the FIRST bar?

You, sir, can drink me under the table! I get $1.25 drafts and stagger home after ten of them.

Re:

[KingMotley]

I haven't seen $5 shots for a long time. Even the dives around here are $8+ shots, go somewhere nice, and you're up around $12-$15.

Re:

[mcgrew]

It's nice living in a small city in the midwest. Cheap shit (e.g. Evan Williams) is usually about $1.75, better whiskey (e.g. Crown) usually about $5. Cabo or Petron is usually a $5 shot, Joe Crow (Jose Cuervas) $1.75-2.00.

Downtown bars are a little more expensive, $3 bottles of beer instead of $2.25-2.50 bottles.

Re:

[KiloByte]

This brand new Lenovo laptop my mother bought on Friday (guess why I had it in my hands...) had Bluetooth on, out of the box.

The plural of "anecdote" is not "data", thus to be accurate let's keep it to this single sample :p (Honestly, I basically never deal with laptops.)

Re:

[KiloByte]

But what is a laptop good for? You can get two desktops, each with better performance, for the price of one laptop -- and you don't have to deal with a fiddly keyboard that makes your hands hurt after 15 minutes, a narrow strip of a screen (seemingly no new laptops have 4x3 displays...), several times as big hardware failure rate, and so on.

For when I'm on the go, I have a non-toy smartphone. Runs a compiler, shell, perl, Postgres -- both client and a server, browser, etc. The keyboard is even more fiddl

Re:

[Anonymous Coward]

So basically computers at risk are those who always leave bluetooth on and shown to everyone. Which unless you're trying to connect to a new device should be NEVER.

Or you have a bluetooth mouse/keyboard.
None of the advisories say anything about being in "discoverable" mode.

Re:

[Haedrian]

Right, you pair the devices, then you set it to hidden.

That wasn't so hard was it?

I assumed that to start a bluetooth connection there needs to be something to connect TO.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[ArsenneLupin]

Right, you pair the devices, then you set it to hidden.

But as soon as you actually use the keyboard or mouse, packets fly around, which have this "hidden" number in their headers, from where it can be snarfed by the bluetooth equivalent of tcpdump...

Re:

[Plunky]

No, you will need more than a standard Bluetooth dongle to sniff packets from the air.. the BlueZ hcidump program only dumps packets passing through the host OS stack (to or from the host), and the controller cannot be set to 'promiscuous' mode like a wifi radio can..

Re:

[Haedrian]

Just read one of the links someone posted:

". If your system were “discoverable,” it would respond to attacker SDP queries with its Bluetooth address. But in the default state, an attacker must obtain your Bluetooth address another way – either via bruteforcing it or extracting it from Bluetooth traffic captured over-the-air."

"you have paired a Bluetooth peripheral and are actively communicating, it is hard but not impossible to extract the Bluetooth address from the traffic sent over-the-a

Re:

[makomk]

Alternatively, the Ubertooth One [sparkfun.com] costs a lot less than $10,000 and can do this, at least in theory.

Re:Confusing

[c0lo]

You shouldn't be running around with bluetooth on anyway.

Meh - trying to get to the root of the problem.

You shouldn't be running around with bluetooth on.
You shouldn't be running around with bluetooth
You shouldn't be running around
You shouldn't be running
You shouldn't be
You shouldn't

YOU! Ah, it is always you at fault.

Re:

[kevinmenzel]

Yeah, there are ways of protecting the user. WHICH IS WHY THEY PATCHED THE HOLE. This isn't an unpatched vulnerability. The title even notes that this vulnerability was patched. They found the hole. They patched the hole. No more hole. No more trench. No blaming the user.

The only way a user would be vulnerable to this, is if they never updated. At which point, hell yeah, blame the user.

Re:

[mcgrew]

This isn't an unpatched vulnerability.

It was before they patched it, which in Vista was how long?

Re:

[Amouth]

and please do sir tell us WHAT OS has ZERO unpatched vulnerabilities in it's history?

Re:

[mcgrew]

The answer is of course zero, and the question is of course meaningless. The meaningful question is how many unpatched vulns, and unpatched for how long? Windows fails against all other OSes in these matrics iinm.

Re:

[Amouth]

yea - but i rather view errors and patchs and see that they are learning from their mistakes..

Adobe doesn't and it shows

MS learns and does well and has been doing a lot better this last decade.

but of all the bugs there are and have been my favorite for irony is

http://digitaloffense.net/tools/debian-openssl/ [digitaloffense.net]

Re:

[mcgrew]

Adobe and Macromedia took away Microsoft's "king of the exploited software" crown long ago. Microsoft has come a long way in the last ten years when it comes to security, but they still have a long way to go.

Adobe and Macromedia have the 2001 Microsoft mindset. As to Macromedia, I seriously doubt they'll ever take security seriously -- or even understand it, considering they got their start copy-protecting VHS tapes. I have old tapes that were copied from Macromedia copy protected tapes that play fine, but

Re:

[Amouth]

you are correct - but i bet all of them have something.. or had something at some point..

mcgrews argument was not that it is a problem now because it is patched but that it was a problem for so long before it (even though it was not exploited).

during the creation of any software project there is going to be a bug at some point.. even if it is fixed before release it had it and was patched/fixed.

nothing is flawless

Re:

[imric]

"Linux is a pile of security vulnerabilities waiting to be discovered."

As is every OS. Apparently, ESPECIALLY Windows.

"It's just that no one bothers, at least not on the scale that Windows "enjoys"."

This has been debunked so many times its ridiculous. Go on living in fairyland, though.

Re:

[mcgrew]

Lets see, one OS you have the source code to look for vulnerabilities, one you don't. I assure you that people DO look for vulns in Linux, especially those who use it for their file and web servers. The only folks looking for vulns in Windows are black hats looking for virus vectors, and white hats fighting the black hats.

What's that saying about Many Eyes? [google.com] (PDF from Wash U, "Many Eyes Hypothesis") Wait, now I remember -- Linus' Law [wikipedia.org].

Linus's Law is a claim about software development, named in honor of Linus

Re:

[Haedrian]

Of course who'd want to hack linux, it only runs around ~ 60% of the most used web servers in the world.

That said, Linux is open source, I can take a look at it and look for flaws. Windows is closed, looking at it is illegal.

So the only people who will look at Windows/OS X/anything closed are black hats, while linux can be looked at by anyone.

Re:

[bmo]

>Of course who'd want to hack linux, it only runs around ~ 60% of the most used web servers in the world.

I'm with you here, bro.

>That said, Linux is open source, I can take a look at it and look for flaws. Windows is closed,

Still with you

> looking at it is illegal.

Aw hell no....

> So the only people who will look at Windows/OS X/anything closed are black hats,

Never go full retard.

--
BMO

Re:

[Haedrian]

Wait, so you're suggesting that with copyright law its actually legal to decompile Windows and play around with its source code?

Re:

[bmo]

Who says you need to look at source code to find vulnerabilities?

You actually think that's how blackhats find vulnerabilities in Windows? By decompiling? I don't know how to tell you how wrong you are as I lack the words to describe the magnitude of wrongness.

Also, it's not just black hats that look for vulnerabilities in closed source. White and Grey hats do too.

Your message also suggests that you have no idea what decompiling actually does. It does not give the original source code. It generally give

Re:

[peppepz]

You shouldn't be running around with bluetooth on anyway.

Actually, I should be able to, because it's useful.
It's my OS that should drop any packet I'm not interested in. Machines are supposed to do the work for me, not the opposite.

Re:Confusing

[TheRaven64]

Absolutely! Needing to activate bluetooth every time you want to use it removes a lot of its use. Some of the things that I've done with Bluetooth:

• Tie the 'device enter range' notification to a script that checks whether the device has been sync'd in the last day, and if not runs the sync program.
• Configure my laptop to lock its screen when I walk away from it carrying my phone ('phone exits range' notification triggering screen saver).
• Send vcards from my phone address book to another person's phone, or from their phone to my phone or laptop.
• Send pictures from my phone to my laptop.
• Control presentations from my phone.
• Use wireless keyboards and mice with my laptop.

Why would I want to have an extra enable step before doing each of these and a disable step after?

Re:

[pmontra]

The point is that nobody should tell you or me what we must do. There are some security best practices but if you know what you're doing (and it seems you do), you evaluated the tradeoffs and you can do whatever you want. Actually your setup looks pretty useful even if I don't trust the security of anything wireless, not even at my home. Cables are great things :)

Re:

[vegiVamp]

So, basically, something that should be called bttables ?

Re:

[Blymie]

For an idea of what it is like to experience this bug, watch this:

http://www.youtube.com/watch?v=sZqPQPhsuX4 [youtube.com]

You cant get too much worse than that

[nzac]

From MS SB

The vulnerability could allow remote code execution if an attacker sent a series of specially crafted Bluetooth packets to an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Almost remote full admin access. Seriously how much worse can it get, guess your still safe from internet attacks but still.

Anyone found a page on the exploit, you can do the entire list of immature things to other peoples computers to all your friends with Bluetooth with this one.

Re:

[kevinmenzel]

I'm pretty sure, given that my friends and family all keep their computers updated, I can't do any of that stuff. At least not via this vulnerability. You know, because this was patched already...

Re:

[nzac]

Some will have chosen to delay restarting just for an update but i guess since its a service pack things running better will be expected. I would expect a small window for a few. I guess its not clear but the last sentence was sensationalist. The casual nature of the post should have given some indication of it.

Apart from is a little difficult for the Russian to access it and least for primary infection this is a pretty bad exploit i cant remember worse for a while. Must have been a window for the FBI to ga

Security services pi55ed at this...

[advocate_one]

losing yet another method of gaining access to a target PC...

Searching for a funny Nokia N900 app...

[ArsenneLupin]

something that would permanently send out a bluetooth beacon to make all Windows 7 or Vista computers within earshot show goatse.ragingfist.net fullscreen...

Might be fun walking through a computer shop (or just some offices...) with this on... And coming near to one of those giant display walls at a trade fair would be still better...

So Windows still has vulnerabilities

[bryan1945]

Like every other OS. Granted, an interesting new attack vector/approach.

Bluetooth devices?

[antdude]

I noticed newer OSes of Linux/Debian, Windows, Mac OS X, etc. have Bluetooth features. I wished I could yank them out since I don't have any Bluetooth devices or plan to. Why keep the bloats and possible security holes?

Re:

[dlgeek]

Uhhh...you can for linux? You said you're on debian, just sudo apt-get remove libbluetooth2 libbluetooth3.

Re:

[antdude]

Can't because of Gnome:

# apt-get purge libbluetooth3
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
gnome-themes-standard gnome-screensaver gtk2-engines-pixbuf gnome-themes
libtotem-plparser17 totem-common libgmime-2.4-2 dmz-cursor-theme totem
file-roller
Use 'apt-get autoremove' to remove them.
The following packages will be REMOVED:
gno

Re:

[hackerjoe]

That won't necessarily help much, actually -- libbluetooth is just the userspace component, the kernel drivers will probably still be initializing the hardware. You'd be better off disabling kernel support: blacklist the kernel modules [wikipedia.org] for your hardware. Then you don't need to remove random packages, they just won't have anything to talk to in the kernel and will remain harmless and inert.

Bluetooth on "disconnected" PC.

[bored]

I fail to see how a PC with an active wireless network standard enabled, can be considered "disconnected".

Bluetooth has long been a target of undesirable types, its just that a PC is a richer target than most peoples phones full of garbage apps.

Faraday cages for new installs

[Culture20]

I remember installing windows without a firewall, where I'd have to sneakernet technet patches to the machine before enabling internet access. Looks like I need a faraday cage now.

The only safe computer is an unpl...

[sgt scrub]

I guess that rule of thumb no longer rings true. Get it? Rings...

Not a new attack vector

[Mia'cova]

Bluetooth has always been a known attack vector. I remember one that affected symbian phones for example. I used to get the odd file transfer request on my phone from other people who were infected. I think this might have been it.. http://www.f-secure.com/v-descs/cabir.shtml [f-secure.com]

Re:

[ledow]

And thus we reach the point where XP is hardly targeted anymore, isn't vulnerable to the same bugs, is still under support for another three years, and Windows 8 comes out "later this year".

Tell me why I should be on 7 already, after having all my Vista testing thrown out of the window once already?

Re:XP

[kevinmenzel]

Because 7 has features XP doesn't. Like support for the TRIM command for SSDs. Like an audio mixer that lets you set different volumes for each application, instead of each hardware output, which is floating point from the ground up. Like desktop rendering that is accelerated by your GPU. Like UAC. Like Aero Snap. Etc. It's not like Windows 7 is just a facelift on Windows XP, There are differences that aren't even hard to find.

Re:

[Haedrian]

Right so basically.

"If I want to use lots of complicated or modern features, I need to use Windows 7"

But if I just want to chat with my buddies, browse the internet and write a document once in a while, and don't want to try linux XP is fine. Until it gets an open exploit which never gets closed.

Most of the public doesn't use SSDs, doesn't need volume for each application nor does it need GPU accelerated rendering.

Re:

[kevinmenzel]

Most of the public could do all that on their phone. Most of the public don't particularly "need" computers. Seriously, when the hell did "computers should only do exactly what people need them to do the day they buy them and anything else is a waste" become such a fashionable sentiment?

Re:

[tehcyder]

Most of the public could do all that on their phone. Most of the public don't particularly "need" computers.

No, they couldn't. Browsing the internet or writing a document is horrible on most phones. Tablet, yes maybe.

Re:

[Nadaka]

My phone is far better than any tablet at writing documents. My phone has a keyboard.

Tablets are toys intended to be used consuming media, not creating it.

Re:

[perryizgr8]

most of the public need a fucking ipad. do you WANT to be most of the public?

Re:

[xouumalperxe]

Most of the public doesn't use SSDs, doesn't need volume for each application nor does it need GPU accelerated rendering.

I'll give you the SSDs. GPU acceleration is not critical but still a nice-to-have even for the average Joe. Sound per application? This is a lot less esoteric than you'd expect -- all it takes is trying to Skype someone while you have ANY other application open and you'll see why you want that. Not sure how much use it gets by most people, but I like Aero Snap enough that I installed BetterTouchTool on my Mac just to get that one feature.

Re:

[SenseiLeNoir]

GPU accelleration goes beyond that, and has its uses for the average Joe. In the old days, each application would have to write onto an off screen buffer, which then the CPU woudl have to work out which ones are in front of each other, then finally copying onto the screen, although older Graphics Chipsets could help (via BITBLT, Bit Move, etc) when you have things such as transparency, etc, it gets pretty hairy for the CPU to process.

By offloading the entire window management onto the GPU, means the 3d capa

Re:

[macs4all]

Because 7 has features XP doesn't. Like support for the TRIM command for SSDs. Like an audio mixer that lets you set different volumes for each application, instead of each hardware output, which is floating point from the ground up. Like desktop rendering that is accelerated by your GPU. Like UAC. Like Aero Snap. Etc. It's not like Windows 7 is just a facelift on Windows XP, There are differences that aren't even hard to find.

Not trolling, but why does an Operating System care about being "Floating Point"?

Re:

[SenseiLeNoir]

I am assuming you mean Floating point SOUND MIXING of sound channels.

Here are a few pages that talk about the issues in mixing two audio streams, and lead to the benefits of floating point mixing.

http://stackoverflow.com/questions/376036/algorithm-to-mix-sound [stackoverflow.com]
http://www.vttoth.com/digimix.htm [vttoth.com]

Re:

[mcgrew]

None of those features, not even all of them together, are worth the price of a license.

Re:

[JackDW]

Not to mention the ability to quickly recover from a graphics driver crash. It's absolutely amazing when you see it happen. "Oh, my GPU crashed, the screen went black. And... it's back already, and it didn't even affect the game I was playing."

Re:

[ledow]

Seeing as I've never had a graphics driver crash in the last four updates of the nVidia driver that I'm using (going back - what - five years on this particular chip) - and haven't witnessed (or had reported) one in work either on several hundred machines - that's not a big selling point.

"Hey, when random programs crash we can carry on!" is pretty much what I expect of an OS, anyway, and the damn things shouldn't be crashing in the first place.

If you're that accustomed to complete driver crashes that you ju

Re:

[JackDW]

Well, I think it's pretty cool that the kernel can not only recover when random userspace programs crash, but also recover when those programs are third-party graphics drivers running in kernel space. And recover quickly, without taking anything else out.

It is not as if you are not told that the crash has occurred. You are told immediately after automatic recovery. Messages also appear in the event log. That's much more helpful than going to a blank screen with the keyboard unresponsive, killing all applic

Re:

[fast turtle]

You've never used an ATI card then. the damn drivers crash if you even think about doing something and yes I've got an ATI card (4200 onboard - 5670 dedicated) and still see the damn thing puke for no reason. It's getting better with the feedback from the OSS devs but it's still a bit fragile.

Re:

[bored]

Like desktop rendering that is accelerated by your GPU

One step forward, two steps back.

http://www.youtube.com/watch?v=ay-gqx18UTM [youtube.com]

There are a bunch of videos/benchmarks like this, basically the GDI in vista/7 is a dog. Which might not be a problem except that basically all windows apps outside of games are GDI.

Re:

[bored]

Like an audio mixer that lets you set different volumes for each application, instead of each hardware output

I guess I will post on this one too. Turns out that audio mixer adds significant audio latency. Google it!
The separate volume controls are nice, for the once in a million times I'm listening to music and watching youtube videos, but its a real deal breaker for people that want low latency audio.

Re:

[kevinmenzel]

At which point you set your application to use WASAPI in exclusive mode, and get all the low latency you want. A hell of a lot lower than WDM offers in Windows XP. Or you use ASIO. Or whatever. I mean, you probably don't need low latency from EVERY application, so it's not exactly borked is it? After all, Microsoft worked with companies like Cakewalk when they were designing their new audio stack back in the Vista days. Which is why there IS low latency support in the stack, and why there are less audio

Re:

[kevinmenzel]

Is there another operating system that has per-application volume faders and a fully floating point audio path? Because I haven't seen any other OS that does... and I find that incredibly useful on a daily basis...

Re:

[Dr_Barnowl]

I don't know about the "fully floating point audio path", but PulseAudio does support per-application volume faders.

It says it supports floating point [freedesktop.org] sample types, but I don't know if that meets your criteria of being from the hardware up - I guess that would be a driver issue.

Re:

[kevinmenzel]

Do all applications use PulseAudio though? The Windows 7 model is backwards compatible through to well... I haven't seen an application that doesn't get it's own fader no matter what audio model it uses, at which point the audio stream (even if the application generates an integer stream) is converted to floating point, so that the volume sliders aren't as nearly as lossy as they would be if they were dealing with integer-based audio... and then mixed in floating point... and then converted to whatever form

Re:

[anss123]

I haven't seen an application that doesn't get its own fader no matter what audio model it uses

An app can request/get exclusive access to the audio card, and bypass everything including the volume control. But that's only used by audio authoring software.

My favorite Win7 audio feature in any case is the ability to redirect live audio. I can now watch a movie and while it's playing switch the audio to/from my headphones painlessly (earlier I would have to restart the movie, and sometimes the whole app). I don't have headphone jacks I can easily reach, so it saves me a bit of trouble.

Re:

[perryizgr8]

I haven't seen an application that doesn't get its own fader no matter what audio model it uses

An app can request/get exclusive access to the audio card, and bypass everything including the volume control. But that's only used by audio authoring software.

My favorite Win7 audio feature in any case is the ability to redirect live audio. I can now watch a movie and while it's playing switch the audio to/from my headphones painlessly (earlier I would have to restart the movie, and sometimes the whole app). I don't have headphone jacks I can easily reach, so it saves me a bit of trouble.

how do you do that?

Re:

[anss123]

Depends on what kind of audio card you have. Some support two audio streams, some do not. If you have the same Realtech chip I got then just set it to use separate audio streams for front/back panel, alternately you can also simply have two audio cards.

Then just right click the little speaker icon, select playback devices and change default. Any app that plays to the default playback device will then change to play to the new target.

If you, like me, have more than one audio card there can be a lot of

Re:

[perryizgr8]

looks like mine does not :(
serves me right for buying cheap acer.

Re:

[Amouth]

i love that it works across sound devices - example playing pandora on the laptop speakers.. turn on my Bluetooth headphones (which are set to be primary audio when connected) and it is a seamless switch.. the on-board speaker goes dead and music in the head phones.. turn them off and easy auto switch back.

moving the live audio to other devices is a very nice feature for me..

Re:

[kevinmenzel]

Not only that, because Windows 7 deals with communication vs. regular audio separately in terms of devices, you can set up a headset to be the default communication input/output when connected, and that will just fall back to the default in/out when not connected - so for instance, when someone calls you on skype and you're just browsing the web or something, and you're too lazy to put on your headset - why bother, all is quiet, not too much audio interference - then you hear the other person through your s

Re:

[ledow]

And I would find that a complete waste of investment, personally. I don't have any problems with per-application faders (if you have more than one program playing sound simultaneously, of course it will sound a mess, and if you have that you can adjust those programs - a volume control is an almost universal widget on anything that plays audio) and certainly wouldn't ever use them.

If something is playing sound, it's because I need to hear it. I haven't touched the volume control panel in YEARS on this mac

Re:

[bhtooefr]

What if I'm playing music while browsing the web, and stumble on a Flash ad that blasts me with sound, and has no mute button? Or, worse, some ancient site that's blasting MIDI music?

On XP, my options are:

1. Block Flash (which, yes, I do already) - but that doesn't work if it's one of those ancient sites blasting MIDI music
2. Mute ALL sound, including my music
3. Navigate away from the page

On 7, I can pause my music, bring up the mixer, and mute my web browser only.

Re:

[ledow]

*Cough* hardware speaker volume.

Seriously, I don't adjust volumes in games (except to turn off music on some of them). Everything is at "max". And then I use either the master volume *in WINDOWS* (usually via some hotkey on laptops) or the speaker volume itself to bring it down to a decent level. I don't need the games to have volume settings, either internally or via some Windows hack, at all. It all "just works" and has since Windows 3.1! It's honestly not a problem that I, or anyone I support, has e

Re:

[VGPowerlord]

Windows still has the global volume setting as well. If you don't need the per-app volume settings, that's fine.

Having said that, there is one *other* thing this fixes:
An app can no longer directly change the system's audio volume. Instead, it changes its own volume slider. This is a nice change for those of us who don't keep the Windows and app volumes cranked to 100%, but the app insists on cranking its up to 100%.

Re:

[ledow]

That, I'll give you.

That's gotta be worth at least 50p of anyone's money, being all of a few thousand lines of code at best. Now - how much is a Windows 7 license again?

Re:

[TheRaven64]

FreeBSD has had per-application volume controls for a while. It uses fixed-point arithmetic for the audio path, because that gives lower latency. Unless your source is floating point and your audio device supports floating point samples, then having a floating point audio path just involves translating from integer to float and back again, which isn't such a great selling point. And, yes, it is backwards compatible. Any application using the OSS 3 or 4 APIs (also supported on most other *NIX variants) g

Re:

[macs4all]

Is there another operating system that has per-application volume faders and a fully floating point audio path? Because I haven't seen any other OS that does... and I find that incredibly useful on a daily basis...

Don't know about the floating point thing, but OS X has per-application volumes; just not all in one place (which I will admit has always annoyed me).

Re:

[SenseiLeNoir]

I dont think you understand what is being spoken here. Yes, individual APPS may have their own volume controls (such as itunes/mediaplayer/flash players/vlc) this is the app itself generating the sound at different volumes.

What Windows 7 (and i think Vista too) has is each application that plays sounds play to a "pipe" that is only associated with it. There is a system mixer that then mixes each pipe after applying a volume to it to a master pipe that is sent to the Audio Hardware. (Some audio hardware does

Re:

[kevinmenzel]

Whereas with Windows XP you get none of those things. And frankly, Pulseaudio tries to be Windows 7/Vista audio. Pulseaudio came out in what, 2008/2009? Whereas Vista was available in 2006, and betas were available before then...

Re:

[mcgrew]

The point, though, is that you don't have that problem with Linux at all. Update the os? Download and install. Old programs seldom stop working unless there's a major revision to the kernel or libraries, when that happens just download and install a newer version of the software or a compatible replacement. There are usually a dozen or more programs with similar functionalities for most stuff you'd need.

If you're a Gamer, though, you're going to need the latest hardware and the latest Windows OS. Your best

Re:

[Belial6]

No. It is not. That is a myth. All of my C64, Atari 2600, SNES, NES, GENESIS, Vectrex, etc... Software runs just fine on Windows 7. My Windows XP software should run fine too.

Re:

[tehcyder]

95 is saferer

Windows 3.11 FTW

Re:

[Thud457]

Windows 3.0 is much safer, no network stack for reprobates to invade your computer by.

Re:

[kevinmenzel]

Microsoft already issued the patch. Yesterday. And systems without bluetooth capability are not affected.

Re:

[bloodhawk]

Sooooo you expect highly secure devices in military installations, cash machines, banks etc are blue tooth enabled and you think MS is the one that doesn't have a clue?

Re:

[m50d]

Merely having bluetooth-capable hardware and software should not expose you to anything. Computers should be secure by default, out-the-box, and it is not unreasonable to expect this.

Re:

[tehcyder]

Sounds ridiculous for a system software used in military installations, cash machines, banks

Somehow I doubt that military or bank computers have bluetooth installed.

Re:

[aardwolf64]

No, this is similar to saying "If your computer isn't plugged into a network, but you haven't disabled your internal NIC in device manager, your computer is vulnerable."

The lines are blurred a bit because Bluetooth is a wireless technology, but their point is you don't have to be actively connected to anything to get hacked.

Re:

[ledow]

Sounds like a pretty usual hotfix scenario to me. Then they'll hotfix the hotfix, and hotfix the hotfix to the hotfix, then they'll service pack it and bundle it with a dozen other things that fix that problem and introduce ten more.

As always - don't have Windows Update turned on by default unless you really do have proper (byte-level) backups of the computer that are up-to-date.

I've yet to take a batch of computers through a Service Pack without at least one of them hitting blue-screens or reboot loops an

Re:

[vegiVamp]

Assuming Windows Phone is vulnerable, it could spread pretty fast all over the place.