There are two 64 bit architectures. The Intel Itanium 64 bit processor family that uses explicitly parallel instruction computing (EPIC) technology is known as IA64; the AMD Opteron and Xeon with extended memory 64 technology is known as x64.
If you've been considering upgrading your servers and/or client machines to 64 bit Windows, you may be wondering: what about security? Moving to the new systems will likely make your computing tasks faster, but will it make them more or less secure? Network professionals have even more reason to consider these questions now; in November 2005 at the IT Forum in Barcelona, Spain, Microsoft announced that several of its upcoming products will be made only in 64 bit versions. These include:
- Exchange Server 12
- Longhorn Small Business Server
- Longhorn Server R2
- Centro (Microsoft's recently announced mid-market solution that bundles Longhorn Server, the next version of Exchange and the next version of ISA Server, along with System Center management tools)
In this article, we'll take a look at security issues regarding the relatively new 64 bit Microsoft operating systems.
Why upgrade anyway?
A 64 bit processor can handle twice as much data at a time. That means processor-intensive activities will go much faster. Processor-intensive activities include video editing and numbers crunching, as well as 3D gaming (it's no coincidence that the first group to adopt 64 bit machines have been serious gamers).
Another advantage, and in some cases a bigger one, is that 64 bit systems can utilize more RAM. A 32 bit processor can only address 4 GB of RAM. A 64 bit processor can theoretically access 18 exabytes. Windows XP Pro 64 bit Edition supports 128 GB of RAM and 16 terabytes of virtual memory.
An exabyte is a billion gigabytes. A terabyte is a thousand gigabytes.
The old "security through obscurity" issue
One reason Windows and applications such as Internet Explorer are the target of more attacks is because for the attacker, they present a much larger attack surface than operating systems and applications that have a much lower market share. Although "security through obscurity" is held in disdain by most security pundits, it does work to the extent that more obscure targets attract statistically fewer attacks. Because 64 bit Windows is much less commonly deployed at this time than its 32 bit cousins, few malware authors have turned their attention to it. Of course, this advantage will fade as the 64 bit operating systems become more widely adopted.
In fact, in 2004, Symantec reported the first virus written to infect 64 bit machines, called Shruggle. In May 2005 they reported a second 64 bit virus, written to infect Windows portable executables (PE files), called Rugrat. These won't run on 32 bit platforms and were apparently created as proof of concept viruses, with very few infections in the wild ever reported.
This doesn't mean your 64 bit system is safe from all malware written for 32 bit computers. Many 32 bit programs will run on the 64 bit OS. However, programs that run in kernel mode won't. This means that some of the most dangerous malicious programs won't run on 64 bit Windows. Unfortunately, that's not all it means.
64 bit Windows operating systems run 32 bit applications by using an x86 emulator called Windows on Windows 64 or WOW64. WOW64 won't run older 16 bit applications. IA64 doesn't natively support WOW64.
Less protection for 64 bit machines?
One reason many companies and individuals have not yet upgraded to 64 bit Windows is the relative lack of security software such as antivirus programs. That's because most AV programs do hook into the Windows kernel, so they have to be rewritten to run on 64 bit Windows. For example, Panda Titanium gives an "Unknown OS" message when you try to run it.
Symantec's Antivirus Corporate Edition v.10 does support the x64 version of Windows, and so does McAfee's VirusScan Enterprise 8.01, but most of the major AV vendors haven't yet released 64 bit versions of their products for standalone desktop machines and don't plan to do so until 2006. There are some AV vendors that already have software out that supports both x64 and IA64. These include:
- Avast. This includes their free edition. The same package is used for 32 bit and 64 bit installations; the software detects which operating system it's installing on and uses the appropriate drivers.
- The latest version of AVG Professional now supports 64 bit platforms.
- Tiny Firewall has released a public beta of a native 64 bit version that supports IA64 and x64.
The same problem applies to personal firewall software. McAfee Personal Firewall v.6 doesn't work on 64 bit systems. Sygate's personal firewall fails to start. ZoneAlarm 5.5 doesn't work, although Zone Labs has said they would have a 64 bit compatible version by the end of 2005.
The good news is that most anti-spyware programs, including Microsoft's, will run on 64 bit systems.
No more rootkits?
There's more good news: the current rootkits that have been written for 32 bit systems, including the infamous Sony music CD rootkit, don't work in the 64 bit OS. That's because when updating the kernel code for the 64 bit version, Microsoft programmers took the opportunity to include a "patch guard" - code that is part of the kernel makes it impossible to install a patch in a running kernel (which kernel mode rootkits do on 32 bit systems).
Likewise, processor vendors had an opportunity, in making the new 64 bit processors, to include security mechanisms. Both AMD and Intel include code in their 64 bit products to prevent the exploitation of buffer overflow and buffer underrun conditions.
Boosting security performance
64 bit processing will also make some security mechanisms work better - or at least, faster. For example, encryption is a very processor-intensive task. Encrypting and decrypting data can result in a performance hit on 32 bit systems, but 64 bit systems will be able to perform encryption tasks much more quickly. This will make it more convenient for more people to use encryption technologies such as EFS, IPsec and SSL, resulting in better security for confidential files and network transmissions.
The decision on whether to upgrade to 64 bit machines will be based on a number of factors: cost, performance needs, and security considerations are all likely to be part of the mix. Enterprise customers can safely upgrade now, with antivirus software from major vendors available in corporate versions and with their machines behind perimeter firewalls. You'll reap some security benefits right away, such as the lack of viruses and rootkits that target the 64 bit platform. Home and small business users, however, who rely on personal firewalls and personal editions of AV software, may want to wait until those products are more widely available before taking the plunge.