OOTB: Is Windows 10 32-bit less secure than Windows 10 64-bit?

[Ink]

Comparing an OOTB (Out-of-the-Box) experience of Windows 10 Fall Creators, is running the 32-bit edition inherently less secure than the 64-bit edition?

In 2018, is running 32-bit Windows considered secure?
What threats are more imminent on 32-bit Windows, than 64-bit Windows?

Spoiler: What's OOTB mean?

An out-of-the-box feature or functionality (also called OOTB or off the shelf), particularly in software, is a feature or functionality of a product that works immediately after or even without any special installation without any configuration or modification. It also means that it is available for all users by default, and are not required to pay additionally to use those features, or needs to be configured.
Source: Out of the box (feature) - Wikipedia

 

[Nightwalker]

What threats are more imminent on 32-bit Windows, than 64-bit Windows?

I can think of rootkits and some kind of exploits because 32-bit Windows doesnt have Kernel Patch Protection, mandatory driver signing and some additional exploit mitigations (ASLR) that are present in 64-bit Windows.

Anyway I think Windows 10 32 bit edition can be considered secure OOTB, it isnt that bad ...

 

[vertigo]

From a market share perspective, I would think the 32-bit version would be largely ignored by hackers and malware writers, so in that sense it may be more secure. Any weaknesses that may exist soley based on its architecture are unlikely to be actively exploited. Considering the fact I doubt W10 would even run on a CPU so old as to not be 64-bit, it seems strange to even want to use a 32-bit vs a 64-bit version.

 

[Nightwalker]

From a market share perspective, I would think the 32-bit version would be largely ignored by hackers and malware writers, so in that sense it may be more secure. Any weaknesses that may exist soley based on its architecture are unlikely to be actively exploited. Considering the fact I doubt W10 would even run on a CPU so old as to not be 64-bit, it seems strange to even want to use a 32-bit vs a 64-bit version.

Doesnt make any sense, most malwares are Win32 executables that can run on 64-bit, it isnt the other way.

What you can exploit at 64 bit, you can do at 32 bit without any additional effort (weak memory protection, kernel protection etc)

 

[vertigo]

Doesnt make any sense, most malwares are Win32 executables that can run on 64-bit, it isnt the other way.

What you can exploit at 64 bit, you can do at 32 bit without any additional effort (weak memory protection, kernel protection etc)

Look at the next line:

Any weaknesses that may exist soley based on its architecture are unlikely to be actively exploited.

IOW, 32-bit only exploits are unlikely to be targeted because the user base just isn't there to justify the effort. So hackers and malware authors will very likely only target weaknesses that exist in 64-bit systems. Yes, that means that when those same weaknesses exist in a 32-bit system, they will also be at risk, but no more so than a 64-bit system. My point was that if there are indeed more attack vectors in a 32-bit OS due to it being 32-bit vs 64-bit, those will likely not be specifically targeted, thereby effectively negating the potential reduced security of the 32-bit OS over the 64-bit one. I don't know enough about the deep down differences between the two to know if there are any weaknesses one has the other doesn't, though according to you the 32-bit versions do have some. What I'm saying is that a) those weaknesses are likely not significant because they're not likely to be specifically targeted and b) if there are weaknesses in 64-bit systems that aren't present in 32-bit systems, that would potentially (notice I used the word "may" in my previous post, because I wasn't saying they are more secure, but that they might be more secure, if there was indeed such a case) make the 32-bit systems more secure, since those weaknesses would have a much higher likelihood of being exploited, due to the fact most systems today are 64-bit, which would leave 32-bit systems safe against those attacks. It may be that there are no weaknesses that exist in 64-bit but not 32-bit systems, but even then my point is that it's pretty unlikely the 32-bit systems would be susceptible to something that a 64-bit system wouldn't be, just due to the fact it's not worth it for a bad actor to bother with targeting them specifically.

 

[Prorootect]

so malware for 64-bit system work on 32-bit system - or not

sorry for my question

 

[cruelsister]

Spawn- a really interesting question that can be answered (as far as malware is concerned) by a logic tree:

1). All 32 bit malware can run on a 64 bit system
2). Not all 64 bit malware can run on a 32 bit system
3). There exist some malware that are specific 64 bit applications
4). Therefore as 32 bit systems cannot run ALL the malware extent, but 64 bit systems can,
5). From the malware-acceptance standpoint a 32 bit system would be more secure.

(please note that my cat, Ophelia, had a leering grin on Her face as She reviewed the above post)

 

[Prorootect]

Spawn- a really interesting question that can be answered (as far as malware is concerned) by a logic tree:

1). All 32 bit malware can run on a 64 bit system
2). Not all 64 bit malware can run on a 32 bit system
3). There exist some malware that are specific 64 bit applications
4). Therefore as 32 bit systems cannot run ALL the malware extent, but 64 bit systems can,
5). From the malware-acceptance standpoint a 32 bit system would be more secure.

(please note that my cat, Ophelia, had a leering grin on Her face as She reviewed the above post)

glad for you

 

[212eta]

Running x64

 

[Stas]

IOW, 32-bit only exploits are unlikely to be targeted because the user base just isn't there to justify the effort. So hackers and malware authors will very likely only target weaknesses that exist in 64-bit systems.

Recently hackers infected CCleaner's 32-Bit App but not 64-Bit.

 

[vertigo]

Recently hackers infected CCleaner's 32-Bit App but not 64-Bit.

Hence my usage of the words "unlikely," "(very) likely," etc. The fact is, most of the time, if one or the other is going to be exploited, it's going to be 64-bit, which meanas that most of the time, 32-bit would actually be more secure. Also, that's an app, not the OS itself, which is what the discussion is about, and as was pointed out, 32-bit malware can run on both systems (so in your example, CCleaner would have affected everyone, regardless of OS, if they used the 32-bit version), whereas 64-bit malware can run only on 64-bit systems (in your example, if it had only been the 64-bit version that was infected, 32-bit users would have been fine).

 

[Prorootect]

Hence my usage of the words "unlikely," "(very) likely," etc. The fact is, most of the time, if one or the other is going to be exploited, it's going to be 64-bit, which meanas that most of the time, 32-bit would actually be more secure. Also, that's an app, not the OS itself, which is what the discussion is about, and as was pointed out, 32-bit malware can run on both systems (so in your example, CCleaner would have affected everyone, regardless of OS, if they used the 32-bit version), whereas 64-bit malware can run only on 64-bit systems (in your example, if it had only been the 64-bit version that was infected, 32-bit users would have been fine).

So you confirm, that
"64-bit malware can run only on 64-bit systems (in your example, if it had only been the 64-bit version that was infected, 32-bit users would have been fine"

- thank you for responding at my pertinent/dumb question from post #6...

 

[vertigo]

So you confirm, that
"64-bit malware can run only on 64-bit systems (in your example, if it had only been the 64-bit version that was infected, 32-bit users would have been fine"

- thank you for responding at my pertinent/dumb question from post #6...

Correct, and not a dumb question. Purely out of curiosity, though, why are you wanting to run a 32-bit OS? If it's just for the potentially reduced threat, I would definitely say it's not worth it for that reason alone and to just use 64-bit.

 

[Prorootect]

Correct, and not a dumb question. Purely out of curiosity, though, why are you wanting to run a 32-bit OS? If it's just for the potentially reduced threat, I would definitely say it's not worth it for that reason alone and to just use 64-bit.

32-bit vs. 64-bit: What’s the difference, and what does it mean for your PC?
on digitaltrends.com: 32-bit vs. 64-bit: What’s the difference, and what does it mean for your PC?
...
"Most software is backwards compatible, allowing you to run applications that are 32-bit in a 64-bit environment without any extra work or issues. Virus protection software (these are our favorites) and drivers tend to be the exception to this rule, with hardware mostly requiring the proper version be installed in order to function correctly."

 

[vertigo]

All that's saying is that while you can run 32-bit programs on 32-bit or 64-bit systems, anti-virus software (I'm guessing due to their low-level operation) and drivers (this I knew, and I assume it's also for the same reason) should be the same as the system, i.e. use 32-bit on a 32-bit system and 64-bit on a 64-bit system, not 32-bit on a 64-bit system. Bottom line, if your hardware supports x64, and you have the choice with your OS, use x64. Performance will almost certainly be better, you'll be able to run apps that are 64-bit only (uncommon, but I'm sure there are examples), and you won't be able to use more than ~3.5GB of RAM (technically 4, but the system reserves some for other stuff, so you basically end up losing around half a gig).