How Running 64-Bit Windows Protects You From Malware

One of the weirdest things about Windows security is the fact that some simple changes in how you run the operating system can make a world of difference with regards to malware. For example, who would’ve ever known that running 64-bit Windows makes your computer more secure? Tell this to any so-called computer wiz and they’ll laugh. However, there are some things you have to understand about Windows that will probably make you think twice about ever settling for a 32-bit version ever again.

64bitwin-signature

Sometimes, malware requires access to the operating system’s kernel. To do this, it tries to inject a driver into your system. If you’re not familiar with why this has to happen, go ahead and read up on how drivers work. The 64-bit versions of Windows require driver signing, meaning that every single bit of code within a driver has to be certified┬áby Microsoft.

You may be asking why the 32-bit version doesn’t require such a signature. This is mainly because older drivers aren’t signed. 64-bit driver developers are aware of the requirements and make sure that they digitally sign their stuff. Of course, a driver written in the late 90s isn’t going to magically sign itself. So, if you’re using a 64-bit version of Windows, you’ll actually prevent malware from accessing the kernel of your operating system without your knowledge. But there are also other reasons why 64-bit Windows is more secure!

Address Space Layout Randomization (ASLR) is a method of keeping program addresses within memory unpredictable. In 32-bit Windows, some programs started along the same memory addresses, making it easy for malware to just slip some code in undetected. While some people can argue that the new versions of Windows (Vista, 7, and 8) put ASLR into practice in their 32-bit versions, they fail to see how effective it is when you have a 64-bit addressing system. The bigger the space, the more effectively you can protect programs.

Sure, 32-bit and 64-bit versions of Windows both have the ability to use Data Execution Prevention (DEP). However, with a 64-bit operating system, programs can’t opt out. In comparison, DEP is normally disabled in 32-bit systems so that programs that execute data within their memory spaces wouldn’t be stopped from doing so. Many malware developers take advantage of DEP to, say, add some code at the end of a program’s memory space that it will execute. This causes the system to be infected “ninja style.” If you have no opt-out possibility (in the case of 64-bit Windows) you won’t have this problem.

64bitwin-wow64

You’ve probably noticed in your “Windows” folder that there’s a new “System” subfolder, named “SysWOW64.” This represents a new layer of program execution necessary for running within a 64-bit kernel. While it’s not designed to protect you, it accidentally protects you from 32-bit applications that run in kernel mode. So, any 32-bit malware that tries to run in a 64-bit kernel will fail. This also happens to be a reason behind the incompatibility of a few 32-bit applications in 64-bit versions of Windows. WOW64 stands for “Windows on Windows 64.” Any malware that is re-written to work in 64-bit kernel mode can still infect you, though!

While 64-bit Windows may put a little extra padding in your armor against malware, it’s not impervious. Malware will still infect you if you don’t have adequate added protection. These are just minor security features that prevent some of the worst forms of viruses, worms, and Trojan horses. If malware uses 32-bit mode, but doesn’t access the kernel, execute code at the end of a program’s memory space, or inject code into a program, it will still infect you. Leave a comment below if you’d like to expand more on this!