Benefit of 64-bit OS?

Discussion in 'other anti-malware software' started by firzen771, Jul 23, 2009.

Thread Status:
Not open for further replies.
  1. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    what really is the difference in general between a 32bit OS and a 64bit OS, i here their is a large performance boost using a 64bit OS? is ther any natural security benefits of using 64bit over 32bit (and im not talking about a certain OS features like patchguard, i mean just natural security benefits of being 64bit?)
     
  2. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,215
    I keep switching from Vista32 to 64, and have often asked myself the same question. My feeling on my machine (Vista Ultimate) is that x64 is slightly faster, uses a bit more memory, and the OS doesn't slow down at all even if you are using 7 programs simultaneously (which I never do in normal circumstances).

    PatchGuard is a very important feature of x64, the main reason a lot of programs need a total overhaul (I read Sandboxie's developer won't bother with x64), and it will protect (for the time being anyway) from most rootkits.

    I'm currently with x32 as I like too much Shadow Defender for my habits, but as soon as the SD x64 version is ready I'll be switching permanently to x64 as I personally like the state of the art in computing technology.
     
  3. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    The only natural feature is that of an OS with limited market share, so malware writers will first focus on 32 bits versions :)
     
  4. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    hmm good to know then.
     
  5. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,215
    Have you tried it on one of your machines? Do you really think this is another strategic move from MS to delay malware attacks?
     
  6. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    I remember some years ago paying over the odds for an Athlon64 cpu thinking that 64bit computing would take over the world imminently.I grabbed a copy of XP64,tried it for a day,then promptly went back to 32bit.Now years later there's still a long way to go with regards to software compatibility to make me feel impelled to switch from Vista/7 32.
     
  7. hany3

    hany3 Registered Member

    Joined:
    Dec 2, 2007
    Posts:
    207
    same here
     
  8. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    That would be quite cool, even if I'm not sure that's what they thought about when making their OS use that architecture. :)

    So, are there many viruses/malware which simply don't work on a 64-bit OS, or are most written to work, no matter if it's 32- or 64-bit? :doubt:
     
  9. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    software compatibility isnt my biggest concern, my biggest concern is if system performance is really that much better using 64bit?
     
  10. demonon

    demonon Guest

    I don't know much about windows, but in linux/ubuntu x64 is actually somewhat faster. Around 10-15% in most tasks.
    Of course, if you have a lot of RAM memory, a x64 OS will benefit from it.
     
  11. JohnnyDollar

    JohnnyDollar Guest

    I think a lot of users would be surprised at just how much 32bit software is compatible with a x64 os. Ironically the majority of compatibility issues that I have noticed is with security apps (firewalls mostly). As others have said you have the benefit of vastly increasing your usable RAM. I got 8G installed on my machine. x64 is the future IMO, it will slowly take over just like 32bit took over 16bit.
     
  12. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    I've not tried a 64bit OS since that time but I'm feeling a need to give windows7 64bit a go,I too am interested to see if there's a noticeable performance increase on a day to day basis.
     
  13. STONEMAN

    STONEMAN Registered Member

    Joined:
    Jan 17, 2009
    Posts:
    98
    Location:
    London,South Of The River
    i would like to go 64 bit but im to happy with my sig to change just yet,
    oh well,:(
     
  14. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Aside from the mentioned intrensic security attributes of fi Vista64 and Windows7 64, the question was what are the natural security advantages.

    Only one what comes to my mind is the advantage of a OS with a smaller market share. Since malware writes are also driven by market economiscs the only 'natural' advantage is of being less attractive.

    This has nothing to do with MicroSoft, but with an average malware writers preference for effort efficiency (highest results in either scope or impact).

    Therefore I do not understand your question.

    Vist64 runs on my son's gaming PC
     
  15. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    As mentioned, x64 provides significant architectural improvements over 32bit. For most malware, it is not a case of smaller market share for not operating on 64bit because a 64bit OS can still run 32bit code. However, the volume of native 64bit malware is extremely low because the infections are fundamentally inoperable on 32bit architecture.

    There are a couple reasons why 32bit malware wouldn't work properly on x64.

    Probably the biggest change and most important change is the requirement for kernel code to be digitally signed. This straight away blocks most of all existing rootkits as the rootkit vendors don't sign their code (they would, but no legitimate signing authority would let them :))

    Second, PatchGuard blocks any kernel modifications straight away so unless the malware is using PatchGuard-disabling techniques (which exist but are unreliable), rootkits would be unable to work with the same techniques as they could on 32bit. This does cause some problems for security vendors who hook the kernel for protection but Microsoft provides interfaces which vendors can use to recreate near-equivalent levels of protection without needing to hook the OS. It is possible for malware authors to use these same new technologies but they would need to have a signed driver and fall into the same loop of needing to appear to be a legitimate company.

    Third, 32bit code runs differently than 64bit code on a 64bit machine and there are cross-process issues when a 32bit module would try and cross over to a 64bit module. While it is "technically" possible to inject code into a 64bit process from a 32bit process, there are significant technical hurdles to jump over first and the malware authors would have to explicitly handle them.

    However, for your average, "run-of-the-mill" non-rootkit, self-contained malware, it will probably still work properly but a 64bit OS is inherently much more secure, especially against future infections which are digging themselves deeper.

    Granted, security isn't the only reason for using a 64bit OS. The ability to reference 4+ GB of ram is a big benefit and logically everyone will eventually move to 4+ GB systems in the future so we will all eventually need to be on 64bit.

    Personally, I've noticed that my 64bit copy of Windows 7 runs faster than my 32bit copy of Windows 7 on the same PC dual-booted and this is primarily because of the ability to use a set of processor instructions which allow specific large operations to take place in a single operation. However, for the average home user who uses Microsoft Word and browses the web, 4+ GB of RAM or a 64bit OS isn't going to provide much of a benefit. But for a frequent Photoshop/AutoCAD/Video-encoder/heavy user, there is definitely a benefit - provided the application is written in native x64.

    You can tell if your applications will be able to take advantage of the 64bit architecture by where they're installed - if a program is installed under C:\Program Files (x86)\ it is not a native 64bit application but if it is installed under the plain C:\Program Files\ folder on a 64bit OS, it is native and will receive the benefits of the architecture.

    Hope that helps! :)
     
  16. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    that clears up a lot, thx for all the great info, it was a great help :thumb:
     
  17. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    This is pure ~Snip~.

    1. MS guys knows that PatchGuard do not protects against rootkits. It is possible to implement a rootkit with using only legitimate kernel API.

    2. MS filtering API is so limited it is impossible to build any reasonable defense with it.

    The worth thing here- MS is not going to change things and get their face back to security products developers.
     
    Last edited by a moderator: Jul 23, 2009
  18. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    :doubt: What are you unable to do with the new protection that you were able to do with older hooks? We aren't having any trouble using the new framework and most of the other security products are already 64bit compatible as well.

    PatchGuard + kernel signing does a very good job at preventing kernel rootkits and although it requires security vendors to use different techniques, I think it is in Microsoft's best interest to protect their OS inherently and I'm surprised they didn't have PatchGuard around from the onset.
     
  19. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Ilya thats not very professional.:mad:

    TH
     
  20. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It's saddening that people complain in droves about how Microsoft is so security ignorant and Windows is so inherently insecure... but when Microsoft does make a good move to improve security they continue to complain.

    I know I might be playing devil's advocate here (and am not affiliated with Microsoft at all) but I think Microsoft's new interfaces are more than enough.

    PatchGuard isn't perfect of course, but it sure is a good step in the right direction.
     
  21. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Well Microsoft themselves manage to use it fine with MSE? So I think I'll agree with you.

    The reasons you stated above are even more reason for me to buy 64bit Windows 7 when the time comes. Thanks for the info.
     
  22. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    I'm totally unable to: control screen grabbing, GetAsyncKeyState-type keyloggers, windows messaging, per-process driver/services manipulations and so on. The list is too huge. Very huge.
     
  23. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Maybe, but I just really ~Snip~ by the people who are not system programmers and have no clue about technical details to say something they really don't understand.
     
    Last edited by a moderator: Jul 23, 2009
  24. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Take a look at: http://msdn.microsoft.com/en-us/library/bb648425.aspx for process/handle manipulations. Trying to block point attacks by hooking through the shadow SSDT for GetAsyncKeyState/others is not really a solid approach anyway, which is why MS allows you to use a keyboard filter driver.

    :rolleyes:
     
    Last edited by a moderator: Jul 24, 2009
  25. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Do malware coders have same or similar issues? Good. If they can somehow adopt then surely security developers can adopt too.
     
Loading...
Thread Status:
Not open for further replies.