Expert Debunks MS’ 64-Bit Safety Claims

Windows users running 64-bit versions of the
operating system are less likely to get infected by attack code,
Microsoft’s security team said yesterday. But that doesn’t mean they won’t, countered an outside security researcher. “There’s a lot of 64-bit malware,” said security researcher Alfred Huger. “They can run their code
in compatibility mode, or they can compile it for 64-bit. The reason
they’re not is that there’s still not a lot of 64-bit deployment.
There’s 64-bit malware out there, just like there’s Mac OS malware out
there. But right now, [64-bit] is just not as opportune a target as
32-bit.” Read the full article. [Computerworld]

Windows users running 64-bit versions of the
operating system are less likely to get infected by attack code,
Microsoft’s security team said yesterday. But that doesn’t mean they won’t, countered an outside security researcher. “There’s a lot of 64-bit malware,” said security researcher Alfred Huger. “They can run their code
in compatibility mode, or they can compile it for 64-bit. The reason
they’re not is that there’s still not a lot of 64-bit deployment.
There’s 64-bit malware out there, just like there’s Mac OS malware out
there. But right now, [64-bit] is just not as opportune a target as
32-bit.” Read the full article. [Computerworld]

Discussion

  • Larry Seltzer on

    Only at the end are the good reasons why 64-bit Windows is more secure listed, and perhaps the biggest one is not listed. DEP is forced on for all processes, making overflows almost impossible to exploit. Social engineering is a much more relevant factor in security today than software vulnerabilities, but it's still important and it's the reason why one system might be more secure than another. PatchGuard blocks many, not all rootkit techniques.

  • Larry Seltzer on

    I just remembered one more important reason why malware should be rare on 64-bit Windows: All kernel-mode code, including all device drivers, has to be signed by a code signing certificate issued by a trusted CA. These aren't cheap and they do verify ID.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.