Helping people with computers... one answer at a time.

64 bit PCs bring more power to computing, but not necessarily more security. It sometimes seems like bigger is always better, but not always.

I see that there's an 64-bit version of Windows Vista. Will it be more secure on a 64-bit machine that the 32-bit version on a 32-bit machine?

Looking into it a while back I thought I read that there was greater security on a 64 platform versus 32-bit because there weren't as many viruses, and so on. It also dawned on me that banks and so on all insist on 128-bit security, so I figured that more bits must be better, right?

Well, yes, no, and maybe.

There's a little bit of apples to oranges comparison going on here, but there are also some grains of truth.

Let's look at just what all the differences are and how they do, and do not, impact security.

Let me start by saying that a 64-bit computer running 64-bit Windows is not going to be inherently that much more secure than the 32-bit equivalent. They're they same operating system, and most vulnerabilities that appear in one are likely to appear in the other.

There's certainly nothing about being 64-bit versus being 32-bit that makes the computer any more secure.

To oversimplify, when we talk about a computer being a 32-bit versus 64-bit, we're really just talking about the size of the biggest integer number that the process can operate on at a time. On a 32-bit computer an integer number can range from 0 to 4,294,967,295. On a 64-bit computer, however, it's 0 to 18,446,744,073,709,551,615.

Now, as I said, that's an over simplification, but it's important. When a computer needs to work on numbers or other concepts that can't be simply represented within those ranges it has to break them down to multiple operations that are within those ranges. Perhaps easier to understand are old 8-bit computers where the range was 0-255. That doesn't mean that the computer couldn't work with larger numbers, it means that programs had to be written to break operations on larger numbers into pieces that worked on numbers within the 0-255 range. Depending on what was happening, it could be complex to do so and certainly slower.

"There's certainly nothing about being 64-bit versus being 32-bit that makes the computer any more secure."

There are other differences as well. For example a 64-bit computer will typically load data from memory into the CPU 64 bits at a time, compared to 32 bits at a time on a 32-bit computer. For our discussion here, though, those differences are transparent.

64-bit computers have actually been around for while. In fact, many of the processors in newer machines are already 64-bit, but running the 32-bit operating system in 32-bit mode. The free GRC utility Securable will tell you what you have; you may find you have a 64-bit machine and not even know it. (It turns out that my laptop has a 64-bit processor, and I didn't know it until I ran that utility. Smile)

One of the reasons 64-bit Windows is not used as commonly as you might expect is the lack of hardware drivers. Drivers need to be modified to work in 64-bit Windows, and most manufacturers have yet to do so. It's kind of a chicken and egg situation: manufacturers would do it if more people ran 64-bit windows, but more people would run 64-bit Windows only if drivers were already there.

So this brings us to our first explanation of why 64-bit Windows might, for now, be slightly more secure: some, though not all, types of Viruses and spyware implicitly depend on 32-bit Windows and will fail on 64-bit Windows. Like the drivers, virus writers need to "upgrade" their viruses for the new platform.

Now, I say all that reluctantly, and use the words "slightly more secure" for two reasons:

  • Many viruses and spyware are not dependant on the platform. Meaning they'll work just as well in the 32-bit world as they would in the 64-bit world. 64-bit Windows is just as vulnerable as 32-bit Windows to these threats.

  • If 64-bit does become as successful as 32-bit is today, the virus and spyware writers are sure to follow. If you build it, they will come.

So, in summary, I certainly wouldn't choose a 64-bit machine over a 32-bit machine for security purposes. There may be other reasons to choose one over the other, but in my opinion inherent security isn't one of them.

So, that was the apples, now what about the oranges?

When banks or other firms talk about 128 bits it's really something else entirely.

They're talking about how big a number is used to encrypt the data that's traveling between your computer and theirs. The larger the encryption key, the harder it is to crack or decrypt the encrypted data without knowing the decryption key.

As we mentioned above, a 64-bit number can be as large as 18,446,744,073,709,551,615. In early forms of wireless encryption, a 64-bit number was commonly used as the encryption key. Unfortunately computers have become powerful enough that it's become fairly easy to crack 64-bit encryption.

Today 128 bits (which for the record can be as large as 340,282,366,920,938,463,463,374,607,431,768,211,455) is the currently accepted minimum size for encryption keys to be considered secure. 256 bits is becoming more common, and for other security applications 1024 and 2048 bit keys are considered current state-of-the-art when used with the appropriate encryption algorithms.

But none of that has anything to do with the 32/64-bit question relating to your computer. Even my old 8 bit computer could handle computing 2048 bit encryption keys ... given enough time.

The bottom line is that the best and basic steps for your security are the same no matter what platform you're running. Check out my recommendations in Internet Safety: How do I keep my computer safe on the internet?

Article C3211 - November 13, 2007 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

5 Comments
64bitfreak
March 2, 2008 8:18 PM

This guy has absoultely no idea what he is talkin about. In order for a virus to work on a 64bit operating system it must be specifically encoded for 64bit. I could give a much better explanation than leo on this subject. WOW64 is written so that viruses that are written in 32bit mode cannot infect the 64 bit kernel of the operating system. Also, must companies are offering 64 bit drivers. LEO=dumb

Amit
July 23, 2008 1:05 AM

Yes, I agree with 64bitfreak, leo's talk is good no doubt as far as explaining some of the basics about OS and CPU relationship is concerned. But unfortunately it does not answer to the origianl question i.e; "64-bit windows Vs 32-bit OS from security and safety per se" is not correct.

Many viruses are written keeping in mind the addressing scheme of the OS. Of course, a 64 bit OS would be more secure than a 32 bit OS because a hacker has more to crack.
In a bit more detail, I would like to say that viruses are all about manipulating numbers and performing arithmetic operations using pointers in a non-formal way, and that's why they can attack the the memo0ory locations.

Yes, bit ness of a OS of course matters in terms of secuirty from viruses.

lona
September 18, 2009 6:34 PM

How can I recover my 64 bit processor, help plz?
I ran a 32 bit vista premium over my 64 bit vista home, how can I get it back to running 64 bit processor speed, I tried to install a windows 64 bit upgrade over it but nothing. I read on internet that I cant get my 64 bit back that way. Can anyone tell me how I can get my 64 bit back fully, do I have to buy a premium 64 bit upgrade and put it over the 32 bit upgrade. Please someone with intimate computer knowledge please help. Thanks

64bit isn't something that you "get back" - it's something that you have and the software either uses or it doesn't. A 64 bit operating system is a start.
Leo
19-Sep-2009

Ayush
May 14, 2011 7:04 PM

64bitfreak, once you write a virus for 32 bit, it shouldn't be that hard to compile it with a 64 bit browser. Since the internal working strategy is almost the same in both cases, i wouldn't say its more secure.

Andrew
August 19, 2011 4:47 PM

@ 64bit freak...

I have had to work on 2 Windows 7 64 bit systems loaded with spyware/viruses/toolbars/hosts file injections

if 64 bit is more secure, they certainly seem to have no problem attacking it!

I have seem pretty much the same type of malware/viruses on 64 bit systems, as 32 bit. End result is the same.

I have to agree with Leo, because in theory, 64 bit is secure. In practice, it isn't really that much better.

Once something is hacked/patched/cracked, it is that way forever. The fact that people love to share guarantees that if one person has it, all do.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.