Recent blog posts

64-bits of protection?

Microsoft claims that the 64-bit version of Windows 7 is actually safer than ordinary Windows 7. They actually have a point. Sort of.

By sjvn  5 comments

November 18, 2009, 10:48 PM Joe Faulhaber of the Microsoft Malware Protection Center has made the interesting claim that 64-bit Windows 7 is actually safer than ordinary, 32-bit Windows. He's right. "64-bit Windows [does] has some of the lowest reported malware infection rates in the first half of 2009." But, that's not the whole story.

Why? As Faulhaber explains, "Computer viruses are very confused by 64-bit. Taking a look at 64-bit executable code detected by Microsoft anti-malware technologies in the past month, the vast majority is innocent 64-bit files infected by 32-bit viruses. While a 32-bit virus can only see other 32-bit processes, it unfortunately can see the file system, and can tamper with files it finds there."

That's the good news. The bad news is that this works only because malware makers haven't been targeting 64-bit Windows. 64-bit Windows XP and Vista both had stability problems and good old regular 32-bit software often had problems running on it. Because of this few people ran either one.

Indeed, 64-bit Windows includes, as Faulhaber points out, WOW64 (Windows On Windows) 64, which lets 64-bit Windows run 32-bit applications. Windows 7 Professional and Ultimate also include Windows XP Mode, which allows you to run a virtual 32-bit copy of Windows XP on Windows 7 for older applications.

64-bit Windows 7, however, is better than either of its older 64-bit siblings. As time goes on though more and more users are moving to 64-bit Windows and applications are being ported to 64-bit Windows for them. The virus makers will soon follow them.

Today, when most people running Windows are still using 32-bit versions, malware creators are continuing to focus on it. As 64-bit version of Windows gets more popular its 'immunity' will decline.

You see what Microsoft is talking about here isn't really security. It's 'security by obscurity.' Essentially, all this means is that few people have busted into 64-bits Windows because no one has bothered to break into it. There's no real security here.

People like to claim that this is also the case with Linux or Mac OS X. They're wrong. Those systems actually are more secure than Windows. Relying on 64-bit Windows for added security is like driving in a car with a good safety record but that haven't been on the roads for that long. You may be safer for the moment, but, eventually, chances are you will have an accident.

So, if you're going to keep using Windows, 32 or 64-bit, you'll still need to good anti-viral protection. 64-bit Windows, by itself, is no protection.

5 comments

    Anonymous 2 years ago
    "Relying on 64-bit Windows for added security is like driving in a car with a good safety record but that haven't been on the roads for that long. You may be safer for the moment, but, eventually, chances are you will have an accident."You wouldn't actually be safer at the moment if you're driving a car that's a deathtrap, you're only "safe" until you get in an accident. With 64-bit windows you ARE actually safer AT THE MOMENT. If you "get in an accident" (dl some malware) you won't get "injured" (infected) until such time as someone writes 64-bit malware. 64-bit windows is currently safe, while that unsafe car isn't.It's more like driving a car that has a proven record of the brakes going out completely but that has a 5-star crash rating. At some point, it's going to happen, and you're going to be screwed. But at the moment, you're perfectly fine.
    Flag comment  |  Permalink Reply
    Anonymous 2 years ago
    @ the author:These comments obviously show ignorance and did not read the article. You are absolutely correct!@ the commentersYes the Mac went down first at PWN2OWN but that was HACKING not malicious software. There is a difference (mind you, they tend to go hand in hand). It is harder to write viruses for Mac due to it's unix based structure, although the security has been severely weakened due to Apple trying to make them easier to use. Mac lost PWN2OWN due to safari (&safari's ease of use. read about it!).@mburton325Windows enjoys a majority of the "Desktop" market. ---Key word there ---- DESKTOP. If malware is about making money (which it mostly is), why would you not try to gain control of the most valuable things on the internet? Such as the NYSE.... Oh wait - They are running Red Hat Enterprise Linux! Why don't you write a virus for it? The source code is freely available.... by your logic you should be able to poke holes in it in no time.... what's stopping you? How many more financial transactions are done per day on the NYSE than your average person? Linux does have security problems that pop up, but NO ONE waits till a patch tuesday to fix it! A million eyes are better than 1. Linux controls the worlds most valuable and reliable things in the world. You use it every day but take it for granted. You sure as hell would be aware of the things in your life if they were running Windows. Please stop spouting ignorant nonsense as it lowers the IQ of you and everyone around you.
    Flag comment  |  Permalink Reply
    Anonymous 2 years ago
    mburton325, I couldn't agree with you more. If anything MAC and Linux enjoy the same benefit as Windows 7 64-bit. They just don't have the market share. If they did it would be a different story.
    Flag comment  |  Permalink Reply
    mburton325
    mburton325 2 years ago
    "People like to claim that this is also the case with Linux or Mac OS X. They're wrong. Those systems actually are more secure than Windows. " I don't know if you are ignorant or just stupid but please do some research before putting your foot in your mouth. Evidence shows that Mac OS X is NOT more secure then Windows ex. PWN2OWN Mac OS X fell First Windows didn't get hack till close to the end of the competition and this was the BETA version of Windows 7. Linux has security holes in the code, but since it is the least popular of the three "Main" Operating Systems it is not targeted as much there for researchers do not feel the need to look at the code. Windows which still enjoys a 65% plus Market share not including Pirated copies is the main focus of malware writers due to the popularity and/or vast numbers of Windows PC. In the end it comes down to this, neither Linux or Mac OS X are more secure then Windows the numbers are not there due to the low number of users using the two operating systems.
    Flag comment  |  Permalink Reply
    Anonymous 2 years ago in reply to mburton325
    Still to date. MAC and *NIX are MORE SECURE than Windows. SECURITY is about virus' and malware, NOT the ability to PHYSICALLY HACK / Infiltrate a machine. There is a difference.
    Flag comment  |  Permalink Reply

      Add a comment

      Post a comment using one of these accounts
      Or join now
      At least 6 characters

      Note: Comment will appear soon after you have activated your account.
      Obscene/spam comments will be removed and accounts suspended.
      The information you submit is subject to our Privacy Policy and Terms of Service.

      ITworld LIVE

      SecurityWhite Papers & Webcasts

      White Paper

      Overcome Top 7 Admin Challenges of Active Directory

      As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable, enforceable processes that reduces administrative overhead and enables robust, customizable reporting and auditing capabilities. Brought to you by NetIQ.

      White Paper

      Insiders Can Ruin Your Company. Take Action.

      Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in organizations worldwide. This white paper from NetIQ, discusses key technology solutions that help to prevent and detect insider threats.

      White Paper

      Top Solutions and Tools to Prevent Devastating Malware

      Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring (FIM) tools that provide immediate alerts. This white paper has been brought to you by NetIQ, the leader in solving complex IT challenges.

      White Paper

      Streamline Compliance and Increase ROI

      Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will help your business gain the maximum return on investment possible while aligning your compliance programs.

      White Paper

      X-Ray of the PCI Process-4 Proactive Steps

      This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into creating a compliant and secure IT environment. Follow these four proactive steps now before your next audit. Brought to you by NetIQ.

      See more White Papers | Webcasts

      Answers - Powered by ITworld

      ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

      Join Now

      New questions

      Best tools for testing website performance
      0 answers
      What can be done to control noise levels in data centers?
      2 answers
      How much will the security flaws in Google Wallet set back the transition to "digital wallets"?
      3 answers
      What type of enterprise user is going to use Ubuntu Business Desktop Remix?
      2 answers
      How well does facial recognition work for device security?
      3 answers
      View more questions

      Ask a question

      Join Now or Sign In to ask a question.
      Ask a Question