Memory Attacks on 64-bit machines (Is this article out to lunch?!)

2

I just finished reading an article on Remote BSOD errors on Windows 7 and I had a question about the content. Specifically this line:

Apple's software [...] has gotten more secure with the latest release, whose 64-bit memory space prevents certain kinds of memory attacks from working properly.

To me this statement (although correct) seems absurd since a windows system running 64-bit memory would also prevent certain kinds of memory attacks from working as well.

Is there a gap in my knowledge of Mac/Windows 64-bit memory? Or did the article fail to mention this for Windows?

Gavin Miller

Posted 2009-09-08T18:01:03.633

Reputation: 1 706

3+2 for insight. -1 for a potential Mac vs Win fanbois war. – caliban – 2009-09-08T18:03:29.400

3I doubt Mac OS is any more secure than Windows. It's just targeted less. – alex – 2009-09-08T18:11:34.360

1@alex oh ho, now you must die for saying that!! :) – caliban – 2009-09-08T18:18:51.240

@alex: You're pretty much right. I've commonly heard that Leopard was less secure than Vista, but due to being targeted less, was safer. Snow Leopard was supposed to come closer security-wise, but a large targeting base is what lets exploits get found, exploited, and fixed. – Will Eddins – 2009-09-08T18:26:44.797

Answers

2

This would be correct, that 64-bit Windows also benefits from address randomization across a wider range to better prevent brute-force memory address attacks. Since the Windows bug in the article is network-related, I think it's irrelevant to 64-bitness.

Apple's statement is even more misleading, since only the newest Macs even boot into a 64-bit kernel in Snow Leopard, while most macs will still be using a 32-bit kernel and don't get this additional security benefit at all. See this article for a reference.

Will Eddins

Posted 2009-09-08T18:01:03.633

Reputation: 3 354

Ah, but applications recompiled in 64 bit such as Safari will gain better defense against such attacks. Kernel, no. Apps, yes. – caliban – 2009-09-08T18:19:43.393

@scoopdreams: Do you have a reference for that? From what I understand, either 2 things are going on: 64-bit applications are translated to 32-bit on the fly by the OS where they might just use a 32-bit address space, or the universal binaries contain 32-bit and 64-bit versions (which many applications do now, universal binaries are not only for combining PPC/Intel) – Will Eddins – 2009-09-08T18:24:15.130

Never mind, I suppose my own article addresses that and says the same thing, so I probably just don't really understand how they accomplish this. – Will Eddins – 2009-09-08T18:28:28.383

Even if the kernel boots in 32-bit mode, most apps run in 64-bit mode with 64-bit address space (assuming you have a capable CPU, of course). – Nate – 2009-09-08T19:43:39.103

Asked: 2009-09-08T18:01:03.633

Viewed: 152 times

Active: 2009-09-08T18:13:32.890