Helping people with computers... one answer at a time.
64 bit PCs bring more power to computing, but not necessarily more security. It sometimes seems like bigger is always better, but not always.
I see that there's an 64-bit version of Windows Vista. Will it be more secure on a 64-bit machine that the 32-bit version on a 32-bit machine?
Looking into it a while back I thought I read that there was greater security on a 64 platform versus 32-bit because there weren't as many viruses, and so on. It also dawned on me that banks and so on all insist on 128-bit security, so I figured that more bits must be better, right?
Well, yes, no, and maybe.
There's a little bit of apples to oranges comparison going on here, but there are also some grains of truth.
Let's look at just what all the differences are and how they do, and do not, impact security.
Let me start by saying that a 64-bit computer running 64-bit Windows is not going to be inherently that much more secure than the 32-bit equivalent. They're they same operating system, and most vulnerabilities that appear in one are likely to appear in the other.
There's certainly nothing about being 64-bit versus being 32-bit that makes the computer any more secure.
To oversimplify, when we talk about a computer being a 32-bit versus 64-bit, we're really just talking about the size of the biggest integer number that the process can operate on at a time. On a 32-bit computer an integer number can range from 0 to 4,294,967,295. On a 64-bit computer, however, it's 0 to 18,446,744,073,709,551,615.
Now, as I said, that's an over simplification, but it's important. When a computer needs to work on numbers or other concepts that can't be simply represented within those ranges it has to break them down to multiple operations that are within those ranges. Perhaps easier to understand are old 8-bit computers where the range was 0-255. That doesn't mean that the computer couldn't work with larger numbers, it means that programs had to be written to break operations on larger numbers into pieces that worked on numbers within the 0-255 range. Depending on what was happening, it could be complex to do so and certainly slower.
There are other differences as well. For example a 64-bit computer will typically load data from memory into the CPU 64 bits at a time, compared to 32 bits at a time on a 32-bit computer. For our discussion here, though, those differences are transparent.
64-bit computers have actually been around for while. In fact, many of the processors in newer machines are already 64-bit, but running the 32-bit operating system in 32-bit mode. The free GRC utility Securable will tell you what you have; you may find you have a 64-bit machine and not even know it. (It turns out that my laptop has a 64-bit processor, and I didn't know it until I ran that utility. )
One of the reasons 64-bit Windows is not used as commonly as you might expect is the lack of hardware drivers. Drivers need to be modified to work in 64-bit Windows, and most manufacturers have yet to do so. It's kind of a chicken and egg situation: manufacturers would do it if more people ran 64-bit windows, but more people would run 64-bit Windows only if drivers were already there.
So this brings us to our first explanation of why 64-bit Windows might, for now, be slightly more secure: some, though not all, types of Viruses and spyware implicitly depend on 32-bit Windows and will fail on 64-bit Windows. Like the drivers, virus writers need to "upgrade" their viruses for the new platform.
Now, I say all that reluctantly, and use the words "slightly more secure" for two reasons:
Many viruses and spyware are not dependant on the platform. Meaning they'll work just as well in the 32-bit world as they would in the 64-bit world. 64-bit Windows is just as vulnerable as 32-bit Windows to these threats.
If 64-bit does become as successful as 32-bit is today, the virus and spyware writers are sure to follow. If you build it, they will come.
So, in summary, I certainly wouldn't choose a 64-bit machine over a 32-bit machine for security purposes. There may be other reasons to choose one over the other, but in my opinion inherent security isn't one of them.
So, that was the apples, now what about the oranges?
When banks or other firms talk about 128 bits it's really something else entirely.
They're talking about how big a number is used to encrypt the data that's traveling between your computer and theirs. The larger the encryption key, the harder it is to crack or decrypt the encrypted data without knowing the decryption key.
As we mentioned above, a 64-bit number can be as large as 18,446,744,073,709,551,615. In early forms of wireless encryption, a 64-bit number was commonly used as the encryption key. Unfortunately computers have become powerful enough that it's become fairly easy to crack 64-bit encryption.
Today 128 bits (which for the record can be as large as 340,282,366,920,938,463,463,374,607,431,768,211,455) is the currently accepted minimum size for encryption keys to be considered secure. 256 bits is becoming more common, and for other security applications 1024 and 2048 bit keys are considered current state-of-the-art when used with the appropriate encryption algorithms.
But none of that has anything to do with the 32/64-bit question relating to your computer. Even my old 8 bit computer could handle computing 2048 bit encryption keys ... given enough time.
The bottom line is that the best and basic steps for your security are the same no matter what platform you're running. Check out my recommendations in Internet Safety: How do I keep my computer safe on the internet?
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.