64-bit Only Improvements


Windows (and other PC-based operating systems) are quickly moving to 64-bit environments. XP Pro and Windows Server 2003 are available in both 32-bit and 64-bit versions. Windows Vista shipped simultaneously in 32-bit and x64 versions, a first for Microsoft. In the near future, only 64-bit PC hardware will be available for purchase and Microsoft will be strongly pushing 64-bit versions of Windows. In fact, already as of this writing, it seems the majority of desktops are 64-bit capable, although laptops appear to lag far behind, sadly.

The 64-bit versions of Windows are significantly more secure than the 32-bit versions. For one, all boot critical code, including the HAL and OS kernel, is code integrity-checked before running. System catalogs (for example, Nt5.cat) contain the image hash integrity values. In addition, because all device drivers must be re-written to take advantage of the 64-bit platform, Microsoft cares less about backward compatibility and more about making third-party vendors build in security from the start.

This new approach allows Microsoft to mandate things it could not before For instance, all kernel code must be digitally signed by a certificate obtained by Microsoft. This is known as PatchGuard or Kernel Patch Protection. Unsigned code cannot be loaded into the kernel under normal operations. Microsoft is releasing dozens of new tools to third-party vendors so they can check for security problems and stability issues. In 32-bit versions of Windows, unsigned kernel code can be loaded, although it is still not recommended.

64-bit versions of Windows include a 32-bit emulation layer for legacy applications, and contain a virtualized 32-bit registry area for 32-bit applications. Microsoft is doing its best to prevent 32-bit code from touching 64-bit code and memory. 16-bit drivers and programs will not be supported on 64-bit versions of the OS, and can only be hosted by running in virtual sessions. By default, future Windows server versions will include virtualization software built-in. There will be no need to purchase separate virtualization software (for example, Virtual PC, VMware, and so on) for many purposes.



Windows Vista Security. Securing Vista Against Malicious Attacks
Windows Vista Security. Securing Vista Against Malicious Attacks
ISBN: 470101555
EAN: N/A
Year: 2004
Pages: 163

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net