Saturday, 14 September 2013

Why the 64-bit Version of Windows is More Secure


64-bit-intel-core-cpu
Most new PCs have been shipping with the 64-bit version of Windows — both Windows 7 and 8 — for years now. 64-bit bit versions of Windows aren’t just about taking advantage of additional memory. They’re also more secure than 32-bit versions.
64-bit operating systems aren’t immune to malware, but they do have more security features. Some of this also applies to 64-bit versions of other operating systems, such as Linux. Linux users will gain security advantages by switching to a 64-bit version of their Linux distribution.

Address Space Layout Randomization

ASLR is a security feature that causes a program’s data locations to be randomly arranged in memory. Before ASLR, a program’s data locations in memory could be predictable, which made attacks on a program much easier. With ASLR, an attacker has to guess the correct location in memory when trying to exploit a vulnerability in a program. An incorrect guess may result in the program crashing, so the attacker won’t be able to try again.
This security feature is also used on 32-bit versions of Windows and other operating systems, but it’s much more powerful on 64-bit versions of Windows. A 64-bit system has a much larger address space than a 32-bit system, making ASLR that much more effective.

Mandatory Driver Signing

The 64-bit version of Windows enforces mandatory driver signing. All driver code on the system must have a digital signature. This includes kernel-mode devices drivers and user-mode drivers, such as printer drivers.
Mandatory driver signing prevents unsigned drivers provided by malware from running on the system. Malware authors will have to somehow bypass the signing process through a boot-time rootkit or manage to sign the infected drivers with a valid certificate stolen from a legitimate driver developer. This makes it more difficult for infected drivers to run on the system.
Driver signing could also be enforced on 32-bit versions of Windows, but it isn’t — likely for continued compatibility with old 32-bit drivers that may not have been signed.
To disable driver signing during development on 64-bit editions of Windows, you would have to attach a kernel debugger or use a special startup option that doesn’t persist across system reboots.

Kernel Patch Protection

KPP, also known as PatchGuard, is a security feature only found on 64-bit versions of Windows. PatchGuard prevents software, even drivers running in kernel-mode, from patching the Windows kernel. This has always been unsupported, but it’s technically possible on 32-bit versions of Windows. Some 32-bit antivirus programs have implemented their antivirus protection measures using kernel patching.
PatchGuard prevents device drivers from patching the kernel. For example, PatchGuard prevents rootkits from modifying the Windows kernel to embed themselves in the operating system. If an attempt at kernel patching is detected, Windows will immediately shut down with a blue screen or reboot.
This protection could be put into place on the 32-bit version of Windows, but it hasn’t been — likely for continued compatibility with legacy 32-bit software that depends on this access.

Data Execution Protection

DEP allows an operating system to mark certain areas of memory as “non-executable” by setting an “NX bit.” Areas of memory that are supposed to hold data only will not be executable.
For example, on a system without DEP, an attacker could use some sort of buffer overflow to write code into a region of an application’s memory. This code could then be executed. With DEP, the attacker could write code into a region of the application’s memory — but this region would be marked as not-executable and could not be executed, which would stop the attack.
64-bit operating systems have hardware-based DEP. While this is also supported on 32-bit versions of Windows if you have a modern CPU, the default settings are more stringent and DEP is always enabled for 64-bit programs, while it’s disabled by default for 32-bit programs for compatibility reasons.
The DEP configuration dialog in Windows is a bit misleading. As Microsoft’s documentationstates, DEP is always used for all 64-bit processes:
“System DEP configuration settings apply only for 32-bit applications and processes when running on 32-bit or 64-bit versions of Windows. On 64-bit versions of Windows, if hardware-enforced DEP is available it is always applied to 64-bit processes and kernel memory spaces and there are no system configuration settings to disable it.”

WOW64

64-bit versions of Windows run 32-bit Windows software, but they do it through a compatibility layer known as WOW64 (Windows 32-bit on Windows 64-bit). This compatibility layer enforces some restrictions on these 32-bit programs, which may prevent 32-bit malware from functioning properly. 32-bit malware will also be unable run in kernel mode — only 64-bit programs can do that on a 64-bit OS — so this may prevent some older 32-bit malware from functioning properly. For example, if you have an old audio CD with the Sony rootkit on it, it won’t be capable of installing itself on a 64-bit version of Windows.
64-bit versions of Windows also drop support for old 16-bit programs. In addition to preventing ancient 16-bit viruses from executing, this will also force companies to upgrade their ancient 16-bit programs that could be vulnerable and unpatched.
Given how widespread 64-bit versions of Windows now are, new malware will likely be capable of running on 64-bit Windows. However, the lack of compatibility can help protect against old malware in the wild.

Unless you use creaky old 16-bit programs, ancient hardware that only offers 32-bit drivers, or a computer with a fairly old 32-bit CPU, you should be using the 64-bit version of Windows. If you’re not sure which version you’re using but you have a modern computer running Windows 7 or 8, you’re likely using the 64-bit edition.
Of course, none of these security features is foolproof, and a 64-bit version of Windows is still vulnerable to malware. However, 64-bit versions of Windows are definitely more secure.

7 Ways To Free Up Hard Disk Space On Windows

hard-disk
Hard drives are getting larger and larger, but somehow they always seem to fill up. This is even more true if you’re using a solid-state drive (SSD), which offers much less hard drive space than traditional mechanical hard drives.
If you’re hurting for hard drive space, these tricks should help you free up space for important files and programs by removing the unimportant junk cluttering up your hard disk.

Run Disk Cleanup

Windows includes a built-in tool that deletes temporary files and other unimportant data. To access it, right-click one of your hard drives in the Computer window and select Properties.
Click the Disk Cleanup button in the disk properties window.
Select the types of files you want to delete and click OK. This includes temporary files, log files, files in your recycle bin, and other unimportant files.
You can also clean up system files, which don’t appear in the list here. Click the Clean up system files button if you also want to delete system files.
After you do, you can click the More Options button and use the Clean up button under System Restore and Shadow Copies to delete system restore data. This button deletes all but the most recent restore point, so ensure your computer is working properly before using it – you won’t be able to use older system restore points.

Uninstall Space-Hungry Applications

Uninstalling programs will free up space, but some programs use very little space. From the Programs and Features control panel, you can click the Size column to see just how much space each program installed on your computer is using.
If you don’t see this column, click the options button at the top right corner of the list and select the Details view. Note that this isn’t always accurate – some programs don’t report the amount of space they use. A program may be using a lot of space but may not have any information in its Size column.

Analyze Disk Space

To find out exactly what is using space on your hard drive, you can use a hard disk analysis program. These applications scan your hard drive and display exactly which files and folders are taking up the most space. We’ve covered the best 10 tools to analyze hard disk space, but if you want one to start with, try WinDirStat.
After scanning your system, WinDirStat shows you exactly which folders, file types, and files are using the most space. Ensure you don’t delete any important system files – only delete personal data files. If you see a program’s folder in the Program Files folder using a large amount of space, you can uninstall that program – WinDirStat can tell you just how much space a program is using, even if the Programs and Features Control Panel doesn’t.

Clean Temporary Files

Windows’ Disk Cleanup tool is useful, but it doesn’t delete temporary files used by other programs. For example, it won’t clear Firefox or Chrome browser caches, which can use gigabytes of hard disk space. (Your browser cache uses hard disk space to save you time when accessing websites in the future, but this is little comfort if you need the hard disk space now.)
For more aggressive temporary and junk file cleaning, try CCleaner, which you can download here. CCleaner cleans junk files from a variety of third-party programs and also cleans up Windows files that Disk Cleanup won’t touch.

Find Duplicate Files

You can use a duplicate-file-finder application to scan your hard drive for duplicate files, which are unnecessary and can be deleted. We’ve covered using VisiPics to banish duplicate images. If you want a tool that also checks for other types of duplicate files, try dupeGuru – the free version can only delete or move up to ten files at once, but it will show you what duplicate files are cluttering up your hard drive.

Reduce the Amount of Space Used for System Restore

If System Restore is eating up a lot of hard drive space for restore points, you can reduce the amount of hard disk space allocated to System Restore. The trade-off is you’ll have less restore points to restore your system from and less previous copies of files to restore. If these features are less important to you than the hard disk space they use, go ahead and free a few gigabytes by reducing the amount of space System Restore uses.

Nuclear Options

These tricks will definitely save some space, but they’ll disable important Windows features. We don’t recommend using any of them, but if you desperately need disk space, they can help:
  • Disable Hibernation – When you hibernate your system, it saves the contents of its RAM to your hard drive. This allows it to save its system state without any power usage – the next time you boot your computer, you’ll be back where you left of. Windows saves the contents of your RAM in the C:\hiberfil.sys file. To save hard drive space, you can disable hibernate entirely, which removes the file.
  • Disable System Restore – If reducing the amount of space System Restore uses isn’t good enough for you, you can disable System Restore entirely. You’ll be out-of-luck if you need to use System Restore to restore your system to an earlier state, so be warned.