Windows 64 bit is safer

[_V_]

the 32-bit virus code CAN STILL run on a 64-bit system with WOW

True. HOWEVER:

1. 32bit malcode can NOT see the 64bit processes.

2. If it was a kernel mode malcode (designed for 32bit systms), then it won't work because it can NOT tamper the kernel because of PG. Most 32bit kernel mode malcode relies on tampering the Service Descriptor Table, which is impossible to do under 64bit systems, unless the malcode can circumvent PG (which's very documented now), in which case we talk about 64bit designed malcode, not 32bit anymore.

[Dc'1]

I use x86, not had a virus in years :p

I'd get 64bit but I'd never have a real use for it, it wouldn't speed up my computer much and it would be too annoying trying to get 'hacked' files, uxtheme for example :p

[Mr. Black]

True. HOWEVER:

1. 32bit malcode can NOT see the 64bit processes.

2. If it was a kernel mode malcode (designed for 32bit systms), then it won't work because it can NOT tamper the kernel because of PG. Most 32bit kernel mode malcode relies on tampering the Service Descriptor Table, which is impossible to do under 64bit systems, unless the malcode can circumvent PG (which's very documented now), in which case we talk about 64bit designed malcode, not 32bit anymore.

Correct as well. :)

I'll throw in also for everyone else that any 32-bit malware that adds a (32-bit) device driver, the device driver won't run under 64-bit Windows, as some rootkits and other nastys do.

[Growled Member]

To sum it up, in a couple years, there will be more malware targeting x64 systems and so this equation will shift.

It may not be that long. We should enjoy the peace while we can.

[markwolfe Veteran]

and btw

the funny fact i came by this days

almost all PC today are windows 7 , "vista vaporized quickly"

and most of em are actually 7 x64 "if not all" :cool:

Most PCs (being used for desktops, I presume you did not include servers) are actually XP, according to Net Applications.

7 has an amazing uptake, but is only at about 2% of the market right now.

Reality is not exactly the same as the picture you are painting. ;)

[still1]

It is simply cause most ppl are still using 32bit OS.

Thats not correct... I have seen a lot of people using 64 bit OS... more and more are moving to 64bit ...

Overall, 64-bit is safer for the same reason Macs and Linux are: number of users.

If I'm going to spend an hour writing code to disable systems, would I rather spend

that hour and effect 1 million systems, or 20 million?

Look at the number of "dangerous" websites. You know what MOST of them have in common? Porn. They either have porn, or just advertise it to get you to the site. Why? Because there's more people searching for porn that anything else. It's all in the numbers of potential victims.

Malware are not written based on the architecture... a 32 bit malware can run on a 64 bit machine just like a 32 bit software can run on a 64 bit OS. The reason they are safe is because of kernal patch protection(patch gaurd) in 64 bit OS. This features only in 64 bit OS

[Linkinfamous]

How much x64-specific malware have you seen?

The vast majority of x86 malware will work just fine on x64.

x64, however, has some extra stuff built in that will help protect that x86 does not.

[The_Decryptor Veteran]

Thats not correct... I have seen a lot of people using 64 bit OS... more and more are moving to 64bit ...

...

You knowing people on a 64bit OS doesn't change the fact that the majority of people still use a 32bit OS.

One of my friends, every member of his family have laptops, all of them running Vista and 2 of them came with 4GB of RAM, and all of them had the 32bit version of Windows installed at the factory.

[still1]

You knowing people on a 64bit OS doesn't change the fact that the majority of people still use a 32bit OS.

One of my friends, every member of his family have laptops, all of them running Vista and 2 of them came with 4GB of RAM, and all of them had the 32bit version of Windows installed at the factory.

https://www.neowin.net/forum/index.php?showtopic=704878

This generic poll gives you an idea about how people has adapting 64 bit..... obviously non techy wouldnt go for 64bit..

most vendors has started providing 64 bit OS as default OS..

I am not saying majority use 64 bit but 64 bit is getting adapted at a higher rate...

[hdood]

Malware are not written based on the architecture... a 32 bit malware can run on a 64 bit machine just like a 32 bit software can run on a 64 bit OS.

Not entirely true, because some malware targets system files that aren't accessible from within the 32-bit emulator.

The reason they are safe is because of kernal patch protection(patch gaurd) in 64 bit OS. This features only in 64 bit OS

Isn't that a contradiction? PatchGuard is a function that crashes the machine with a bluescreen if it notices that certain kernel structures have been modified in order to deter developers from doing it (it's almost exclusively legitimate software that does it). In order for malware to do this, it has to be written explicitly for 64-bit Windows, since 32-bit code cannot run in the 64-bit kernel (or find some way of accessing a buggy driver and tricking it into doing something on its behalf).

Any hypothetical 64-bit malware of this sort would have to take things like PG into account and either disable or work around it. This is perfectly possible, although obviously more work than on 32-bit where your code would just run, and so it's a slight deterrent.

Of course this is ignoring the fact that most malware actually does not modify the kernel.

https://www.neowin.net/forum/index.php?showtopic=704878

This generic poll gives you an idea about how people has adapting 64 bit..... obviously non techy wouldnt go for 64bit..

most vendors has started providing 64 bit OS as default OS..

I am not saying majority use 64 bit but 64 bit is getting adapted at a higher rate...

I think you'll find that a poll on an enthusiast forum doesn't disprove the fact that most of the world's billion PCs are 32-bit, and that malware authors will therefore primarily target these.