Latest EMET Bypass Targets WoW64 Windows Subsystem

msm1267 writes: Backwards compatibility, a necessary evil for Microsoft and its need to support so many legacy applications on Windows, may be its undoing as researchers have found a way to exploit this layer in the operating system to bypass existing mitigations against memory-based exploits. Specifically in this case, researchers slid past Microsoft's Enhanced Mitigation Experience Toolkit, or EMET, a suite of more than a dozen freely available mitigations against memory attacks. The soft spot, the researchers said, is the Windows on Windows, or WoW64, Windows subsystem that allows 32-bit software to run on 64-bit Windows machines. The researchers said 80 percent of browsers in their sample size were 32-bit processes executing on a 64-bit host running WOW64, meaning they're all vulnerable to this attack.

Linux solved this

[Anonymous Coward]

by constantly breaking the ABI.

Re:Wow64 has the 32 bit...

[aberglas]

Windows did something far weirder than focus on the ABI.

The WoW64 folder holds the 32 bit DLLs while the System32 folder holds the 64bit DLLs. There is then black magic that usually redirects 32 bit applications to the different Wow64 folder.

The idea was not binary compatibility but source compatibility. Someone in the hierarchy must have dictated that C programs must be able to be recompiled in 64bit with zero code changes. Only an MBA with zero programming background could think that this largely impossible mandate justifies permanently twisting the system with weird rules.

Don't get me started on Program Files (X64) ...

Re:

[Dog-Cow]

The fun with the System and System32 folders was not done for source compatibility. It was done for programs that hardcoded the path/folder name instead of querying the system for it.

Re:

[aberglas]

Um, yes, that is what source compatibility is all about. Some source would have needed to be change for programs that hard coded the System32 folder name, among other things. I have never seen a non-trivial 32 bit program that could be run 64 bit without changes.

OTOH, what about a 32 bit program that is expected to remain 32 bit. It might also have hard coded System32. And that is where weird and dangerous hacks refer some, but not other, file references to WoW64!!! One thing that is for sure is that 32

Re:

[Anonymous Coward]

Slash/Backslash.

Back in the day, each operating system had to be "different". If they weren't, AT&T and IBM would sue your ass for stealing from Unix or System/360. In case you didn't know, MacOS (classic, not X) used colons as directory separators. At least backslash looked somewhat familiar and didn't require holding Shift as part of the keystroke.

WinME

Even Microsoft employees joked about WinME at launch, saying that the line for MS employees to receive their copy would be the longest anywhere. They w

Re:

[lgw]

The idea was not binary compatibility but source compatibility. Someone in the hierarchy must have dictated that C programs must be able to be recompiled in 64bit with zero code changes. Only an MBA with zero programming background could think that this largely impossible mandate justifies permanently twisting the system with weird rules.

Remember Windows95? The OS that took MS from a bit player to world domination? Yeah, the entire focus of Win95, including the reason it was so unreliable, was this exact sort of compatibility between the 16-bit and 32-bit worlds. Win95 could run 16-bit shared-memory drivers in a 32-bit, protected-memory OS (not safely, but they would work).

Backwards compatibility with 0 code changes is the entire reason anyone today has even heard of MS. Their decline started about the time they abandoned backwards comp

It is obvious that support most be provided...

[EzInKy]

...for legacy applications, especially true in the closed source world where simple recompiles are not possible to do lack of source. Still one would think that Microsoft would have provided protection against holes that exist in its legacy systems. Perhaps even a simple walled chroot would suffice? Very few if any honest user applications really need access to system level permissions.

Re:

[DrXym]

Well the protection in this case is for browsers to stop shipping 32-bit only binaries when the OS is predominantly 64-bit. During the download / upgrade process, detect if the OS is 64-bit and install the 64-bit binary or at least ask the user to stop using the 32-bit binary and manually upgrade.

I expect the main reason 32-bit has been around for so long is the extra support effort of building two binaries and some issues with plugins and suchlike. Plugins are effectively deprecated these days (and besid

Re:It is obvious that support most be provided...

[Z34107]

If MS put real effort into providing good security [...]

You're bitching about an OS with mandatory access controls, DEP, ASLR, virtualized filesystem access, application whitelists, secure boot, and that runs its own authentication daemon in a VM [microsoft.com] so that not even the kernel itself can directly manage password hashes. You're doing this bitching in an article about a tool they maintain [krebsonsecurity.com] so you can harden and sandbox third-party programs, even when those programs weren't built with stack smashing or ASLR or all those neat Visual Studio canaries [msdn.com] in mind.

[...]it would destroy the lucrative market for anti-malware software.

They bundle anti-malware software with the OS. They're, clearly, very concerned about not destroying all that filthy McAfee lucre.

Re:

[fredgiblet]

This is also the company that re-wrote an OS almost from scratch to focus on security. The whole reason Vista took so long is because they basically restarted when it was almost done to focus on security. That probably cost them an enormous amount of money.

Re:

[UnknowingFool]

Well that's some revisionist history. Vista took so long because Longhorn was broken. The development was troubled and was haphazard. [wikipedia.org] Features were added without thought about the overall picture. Yes security was a major problem with XP that they wanted to fix with Longhorn, but it wasn't the main reason they had to start from scratch.

Re:

[KGIII]

Strangely true. There are all sorts of exploits for all sorts of things but this is actually a rarity these days. We don't see a whole lot of exploits for Windows, itself, any more. If we determined kernel vs. kernel security vulnerabilities then someone posted a link not too long ago that showed Microsoft had fewer than Linux as of late but I didn't check to see how they compiled the stats.

I don't see me returning to Microsoft again, for a variety of reasons, but they're stepped up their game quite a bit -

Re:

[Serzen]

Largely off topic, but I've had my Windows Phone for about a year, and love it. Originally, Mrs Serzen wanted the WP for the camera, and when we upgrade I always get the same make as her, since I have to support it; they've turned out to be great devices overall. Her phone survived 3 days in a snow drift in subzero temps with only a charge and hard reset needed because the touchscreen was unresponsive. I also love that OS updates are pushed by MS, not by my carrier.

Re:

[chihowa]

I'd recommend checking out Windows phones, too. My wife's had one for about a year now and liked it, so I decided to try it out myself when my Nexus finally kicked the bucket. I'm pretty impressed so far. The dev tools are pretty decent, too (though now I have to run 7 in a VM, too). Cortana's creepy, though, and they tie too much other functionality into it.

I hadn't used anything of Microsoft's past XP, but I agree that they're really stepping up their game as of late.

Re:

[EndlessNameless]

I *still* got hit with something, no clue what, but my AV of course shows nothing.

So you admit you have no clue what the problem is, but you're *sure* it's a virus that came in thru a Microsoft vulnerability. I, for one, will totally take your word on that.

On top of this, the GWX shill-ware just wont stop.

And here is the proof that you don't know what you're talking about. You can google this shit. I ignored it for a month while I waited to see how Windows 10 looked.

When I decided to hold off on upgrading, I removed the updates that added it. It takes less than 10 minutes unless you have some kind of mental deficiency.

Use Sandboxie

[ITRambo]

The sandboxed web browser will keep this from happening as it will only occur virtually. Close the browser and - poof - its normal again.

Re:

[MyAlternateID]

The sandboxed web browser will keep this from happening as it will only occur virtually. Close the browser and - poof - its normal again.

... until a vulnerability is also found in the sandbox, which will probably be 32-bit if it's a wrapper for a 32-bit browser.

What are the architectural reasons why Windows doesn't behave more like multi-lib on Linux? Is it just the fact that recompilation is not an option because most Windows software is closed-source? Or are these business/design decisions getting in the way, once again? Specifically I would like to know what the significant differences are between WoW64 and the implementation of mul

Re:

[EndlessNameless]

Windows does not just provide 32-bit libraries for older applications. There is a larger compatibility framework, and some of it is black box and/or unconfigurable. E.g., it transparently redirects registry and folder access to several locations for all 32-bit processes.

Unlike multi-lib, this particular functionality is automatically included in all Windows installations, enabled by default for all executables, and configured to allow maximum backward compatibility. Microsoft's old 32-bit DLLs are there, ap

Will 64 bit web browser avoid this?

[slashgordo.]

I assume that if you run a native 64 bit web browser, it will avoid this vulnerability. For chrome, on https://www.google.com/chrome/... [google.com] you can select "Download Chrome for another platform" to get the 64 bit version.

Re:

[Anonymous Coward]

See how simple it can be when you have source? For those who invested in the Microsoft ecosystem, I wish them the best of luck.

To suggest that Firefox for Windows is not open-source is disingenuous. You can compile Firefox yourself on Windows, too. It's not that difficult [mozilla.org] and can be done using the free version of Visual Studio.

Re:

[Anonymous Coward]

I just compile Firefox from source since this is a Gentoo system.

The ability to compile Firefox from source isn't exclusive to Gentoo, you can do it on Windows or OSX as well if you want.

For those who invested in the Microsoft ecosystem, I wish them the best of luck.

It's not that hard, just follow the guides here [mozilla.org] or here [mozilla.org].

Re:

[SuperDre]

Oh, please... The reason I stopped using Linux was because I got fed up with trying to get my development enviroment up and running after every new update/upgrade of the OS.. And maybe Firefox has it's stuff in order for recompiling on linux, but a lot of applications don't, they break because they can't find the specific stuff in the repositories you have set on your machine..
I've tried many times, but everytime I stumbled upon another crap thing with Linux which prevented me from doing stuff, you need a v

Re:

[Mal-2]

For firefox you'd either have to choose one of their nightly 64-bit versions or settle with Waterfox which usually lags behind a few versions.

Not so. Pale Moon [palemoon.org], my personal choice. They deliberately lag a few versions behind on the user interface rather than accepting the broken shit Firefox foists on everyone.

Re:

[peppepz]

Firefox stable for 64-bit Windows has been released, you can get it from the mozilla FTP site.

Download link [mozilla.org], Download link for the EME-free version [mozilla.org].

I think that they aren’t offering it yet from the main download page because they want to prevent non-tech savvy people from downloading it and finding out that flash doesn’t work. To me, that’s actually a plus.

That's why Windows 10 should have ONLY been 64-bit

[unixisc]

As it is, Windows 8 broke a lot of compatibility w/ Windows 7. There really was no reason to have a 32-bit version of either Windows 8 or 10. All win32 applications were XP applications, so all that could have simply been run on XP-Mode or Hyper-V on Windows 10 platforms.

WoW64 should really be deleted, and only 64-bit Windows programs should be developed. VirtualPC should be brought back to Windows 10, and all win32 applications should be run only under that, and not under native win64 systems like Windows 10 or 8.

Re:

[aberglas]

Not as long as people insist on using archaic programming languages such as C.

Programs are distributed 32 bit, and often rely on 3rd party add ons that are 32 bit. And never the two shall be combined into a single process, even if the actual memory requirements are small. That is why Office is normally run in 32 bit mode -- the add ins.

A better idea would have been to allow 32 bit windows to run with more than 4 gig of ram, and 4 gig per process rather than 2. That would have pushed off the 64bit day qui

Re:

[Dog-Cow]

You were wrong before, and you're wrong here too. WoW64 serves a purpose, and most Windows Apps are not COM servers. I have no idea what warped fantasy you have regarding COM, but it's just that -- a fantasy.

Re:

[Anonymous Coward]

> Not as long as people insist on using archaic programming languages such as C.

The "archaic" programming language C is not the problem. The problem is the fact that there are way too many 3rd-party libraries that are only available as 32-bit binaries. For simplicity often the developers of the application then also compile for 32-bits.

> A better idea would have been to allow 32 bit windows to run with more than 4 gig of ram, and 4 gig per process rather than 2. That would have pushed off the 64bit da

Re:That's why Windows 10 should have ONLY been 64-

[Mal-2]

This would kill the usefulness of Windows 10 for existing games, practically all of which are 32-bit. Without remaining a strong platform for gaming, it would be difficult (to say the least) to upsell a large portion of the existing user base. I suppose you can argue that native 32-bit versions should be discontinued, but that's a totally different argument from saying that WoW64 should be discontinued.

Re:

[del_diablo]

Would it now? I agree with OP here. Vista should not have had 32-bit support. 32-bit should be the XP support. And as we see now, the decision to not do this is still haunting them, when there is legacy for 4 different 32-bit supported OS.

Re:

[Mal-2]

Then what happens to people with perfectly functional machines lacking x64 support -- run an unsupported and vulnerable XP forever? I'm personally quite glad there's a 32-bit Windows 7, or my mother's laptop would be scrap.

Re:

[mister_playboy]

There's no reason to limp along with 32-bit hardware in late 2015. Core 2 came out in 2006 and signalled the "fast enough" era we still live in today... anything older is just wasting electricity and time.

Schools and businesses sell off Core 2 hardware for next to nothing. Craigslist will also yield good deals.

Your mother deserves better.

Re:

[Mal-2]

Thing is, she likes it. It's a ThinkPad, so I can't say I blame her for that. If there had been no replacement for 32-bit XP at the EOL for XP, she would have just gone on using it anyhow, in a defiant "why should I replace a working computer" stance. For the netbook I bought in 2009, I could deal with a switch to some flavor of Linux, but she would not.

Re:

[david_thornley]

Microsoft has always been big on backward compatibility. When Windows 95 was being programmed, Raymond Chen made it a personal quest to make sure every program that ran on 3.1 would run on 95.

Had Vista been 64-bit only, with no 32-bit support, a very large amount of software would have ceased to work. As Chen put it, if you get a new OS and your old stuff fails to run, you blame the OS. If the 32-bit support was limited to running XP, the computer would need to have two full OSes loaded, and XP would

Re:

[unixisc]

Somewhat apples & oranges. When Microsoft introduced Windows 95, it was an immediate migration from Windows 3.1, and there were no existing 32-bit applications (other than win32s apps like Freecell). Also, at the time, hardware was more expensive, and virtual machines hadn't caught on as a major concept: VMware was still new, and working to establish the proof of concept.

It's very different now. I don't recall whether Vista had VirtualPC or not, but in Windows 7, the way to run native XP apps that

How about NO

[Sycraft-fu]

If you want a platform that breaks older shit, well then go ahead and find one. However many of us would like our software to keep working. WoW64 has been a great success because 32-bit apps run seamlessly and very fast. So you can just use whatever software you want. This has made widespread 64-bit adoption possible. If suddenly 80+% of your programs stop working because there's no compatibility layer, people just won't want to use it. Many, many programs these days are still 32-bit. You may not like that or agree with the choice, but it is what it is. I want to be able to run my software, I don't care about ideological purity.

Also you might want to do your research a bit better, VirtualPC -IS- back. It's called Hyper-V now and it is MS's all encompassing virtualization solution. You can have it on the desktop all the way up to big clusters of servers.

Re:

[aberglas]

Compatibility is important. But there was no need to put the 32 bit binaries in WoW64! They should have stayed in System32, and a new folder (or folders!) created for the 64bit, and then no magic registry hacks etc.

Re:

[Dog-Cow]

Or you could do some research and find out that it was done for backwards compatibility with binary-only programs.

Re:

[Ed Tice]

This comment doesn't seem to make much sense. It's not about where the files are placed on disk. Wow64 is a Windows subsystem to let you run 32-bit apps on 64-bit Windows. Every major OS has some layer to do this (except maybe Linux, I don't now). HP-Itanium can run HP-RISC binaries. Many AIX systems can run binaries from architectures that went out of existence before I was born. Microsoft also provides a toolkit to help you harden third-party apps if the developers of those apps haven't done so them

Re:

[aberglas]

It is actually worse than that. If binary backwards compatibility is your goal, then why would you move the 32 bit DLLs at all! Leave them there and all will be good for legacy, but new programs will need some changes which is also OK. And then no funny mappings are required.

Re:

[unixisc]

There will always be a point of discontinuity. Even at a CPU level, Intel no longer supports 16 bit compatibility for its current CPUs. Similarly, Windows too no longer runs ancient native win16 apps. It's been a while that XP has been dead, and there have been 2 OSs since before Windows 8 came in w/ the new Metro paradigm. So that was the point where 32-bit support could have been moved to sandboxes, rather than overload the code w/ all that legacy support.

Also, 32-bit apps don't run seamlessly: I co

Re:

[unixisc]

Another point I forgot to mention - resource requirements of Windows 10 have grown to 4GB, which 32-bit can't address anyway. So it makes sense to make Windows a 64-bit only OS, and define 4GB as the minimum requirement

Re:

[Sycraft-fu]

Intel CPUs fully support 16-bit mode still. Look it up. What they don't support is going to VM86 while in Long Mode which leads to the old WoW system not working for 16-bit support.

There is just no need to sandbox 32-bit support, since it works great how it is. If you are interested, go and read about how WoW64 works and how Compatibility Mode inside Long Mode (on the CPUs) works. It allows for 32-bit software to execute in a 64-bit system with no fuss, and it is something people highly value.

Also again, do

Re:

[unixisc]

32 bit compatibility layer is a massive problem in terms of the lack of backwards compatibility w/ older 32-bit programs. Or else, I should have had no problems running an old XP based version of Adobe Acrobat on a Windows 7 system w/o bringing in XP mode.

For win64, the market is still relatively new, so there ain't much backwards compatibility for Microsoft to worry about, so it can pretty much write what it likes. But in 32-bit, the bulk of it is the old win32 based XP compatible software, as opposed

Re:

[jarkus4]

Main reason not to do this is the fact that you would still need to build and provide 32 bit versions for users on 32 bit only systems (eg windows xp still has about 10% share and its all 32bit). Then you also get bonus support issues when users download the wrong version, it doesnt work for obvious reasons and they explain it in some completely incomprehensible way to your support (or just drop your app altogether).

Re:

[KGIII]

Well, there was a 64 bit Windows XP but I don't imagine that many of those are running today.

Re:

[unixisc]

That's why I suggested bringing back VirtualPC, not Hyper-V

Re:

[KGIII]

I get email every day, pretty much, telling me about the new vulnerabilities in my operating system of choice. It's Linux. There are all sorts of serious security holes, popping up all the time. Hell, I get updates a couple of times a day, some days.

Re:

[Bert64]

I see these advisories too, but it's very hard to compare windows to linux by number of vulnerabilities reported...

Linux (and most application software for it) is developed in the open, so issues discovered during development are publicised, microsoft dont publish any vulnerabilities discovered during internal development.
A typical linux distribution supplies far more software than microsoft do, there are hundreds of applications any of which could have vulnerabilities discovered. The linux package managers

Re:

[KGIII]

Bah, we'll lump an exploit in IE, Outlook, Office, even Adobe products all in with Windows vulnerabilities. It's not like we're unbiased! *chortles*

I don't know how they compiled the stats but, suffice to say, Windows has come a long ways. I'm truly impressed. I'm not going to switch back to Windows but I'm impressed with their progress. Security was not the reason I left Windows. Collecting telemetry data was not the reason that I left Windows. I left mostly because I prefer Linux. I started in the Unix re

Re:

[SuperDre]

uhh, please get a reality check..... For windows 10 to succeed it needs 'native' support of legacy applications, otherwise there would be no business that would adopt Windows 10..
A LOT of business applications being used are still 32-bit (because they were developed in older languages), and porting a lot of those applications doesn't make real sense if the actual port isn't performing as good, or doesn't do anything different.. If it ain't broke, don't fix it..
It's all to easy to just say, 'oh they should j

Re:

[unixisc]

And the support would remain w/ sandboxes under VirtualPC, based on what I suggested

Re:

[SuperDre]

sandboxes isn't like native, it has it's limitations and especially it's another performance hit.. I buy a new computer to have the current software run faster, not to have it run slower due to sandboxing and emulation/virtualisation..
There is nothing wrong with most 32bit applications as most applications won't need to address 64bit memoryspace anyway..
Which doesn't mean a new application should be developed for 32bit when all your customers are running 64bit, but that's not the case, a lot of customers st

Re:

[TheDarkMaster]

It would be a stupid move. The greatest advantage of Windows over other OS is exactly the ability to continue supporting legacy applications that are fundamental to a lot of people. Virtualization is an option, but it is important to note that not everyone have the computational resources required to use a VM and rarely these VMs have all the features that baremetal offers (as example, running a DirectX 9 game in a VM is currently impossible or very, very slow).

Re:

[unixisc]

Such systems cannot be upgraded in the first place, and would probably remain w/ XP. What if you have an old computer w/ 256MB of RAM? There is no way Windows 10 will run on it - be it 32-bit or 64-bit. Also, the claim of legacy support the way you describe it is false: I was forced to use XP-Mode to run Acrobat 6.0 under Windows 7. Anything that can run Windows 10 can also run VirtualPC, and support 32-bit w/ that.

Re:

[TheDarkMaster]

Well, why the user would migrate to Windows 7/8.1/10 in this situation? If he have only 256MB of RAM he could just continue with XP if it keeps working. And the simple fact that you can ask the system to use compatibility mode for a particular application is a valid form of support for legacy, as far as I know this way works and does not need to use a VM. And perhaps I was not clear enough, at any moment I'm saying that everybody has to migrate to Windows 10 (which is a disturbing deviation pattern of ways

Re:

[TheDarkMaster]

Dammit. Fucking google translator, I meant that I would not recommend to anyone migrating to Windows 10

Re:

[unixisc]

That's the point. People who have limited computing resources should not migrate. Only people who should migrate are those who have multi-core x64 CPUs w/ at least 4GB of RAM as far as 64-bit goes. For 32-bit, the most your computer can have is 2GB of RAM, and that's fine uptil Windows 7. Also, the compatibility mode you suggested did not work for me in my above example: I was forced to run a VM. Why burden an OS w/ multiple ways of running legacy stuff? Recognize that there is a cutoff point, and

Re:

[TheDarkMaster]

Also, the compatibility mode you suggested did not work for me in my above example:

Well, is well known that not all applications can run in a compatibility mode, especially applications where the really sloppy developer did stupid things like put the path to a system folder in a hardcoded way or worse. Compatibility mode it's also a more efficient way to do the job and works in almost all cases, then why create a entire emulation (the VM) with the costs that this entails?

The point is that using a VM f

You mean

[ThatsNotPudding]

WoW64 should really be deleted, and only 64-bit Windows programs should be developed.

You mean like Microsoft releasing a 64-bit DRIVER FOR ITS OWN 32-BIT ACCESS DATABASES? You can praise MS for their maintaining the ability to run legacy apps, but in some very meaningful instances, they're no different than phone companies refusing to patch Android phones just to cynically move more merch.

Re:

[peppepz]

If we’re talking about Linux proper, then Linux's binary compatibility goes as far as letting you run executables in the a.out format even with the very latest Linux kernel. As long as you provide the ancient libraries required to run them. Why, on Linux, through Wine, you can run 16-bit Windows applications, which won’t even run on 64-bit Windows.

The fact that distributions no longer ship old libraries, or that the community of developers has a certain tendency to introduce new “framewo

Re:

[TheDarkMaster]

Well... Sorry but you just proved his point that Linux depends on a lot of work to keep running while Windows usually just works. I also used Linux to work until I have become tired of fixing things that break at each update.

Re:

[Bert64]

Linux has very good backwards compatibility as peppepz pointed out... The fact that most distros don't include the necessary ancient libraries is because this backwards compatibility is very rarely needed, so those using it are a very small niche who still have the option to install the libs.

The vast majority of linux software comes with sourcecode, and almost all of it has already been compiled for 64bit systems as well as other architectures like arm or mips. It's extremely rare that you would need to be

Re:

[TheDarkMaster]

"Linux has very good backwards compatibility as peppepz pointed out"

You're making fun of me? Look, you are assuming several terribly wrong things:

The vast majority of linux software comes with sourcecode

Correct, but good luck trying to make it work. Things like Freetype2 are easy, now try to compile Firefox or LibreOffice (is a nightmare). And a tip: You are NOT the original developer of the thing (so if you do not have a really good documentation you will spend days trying to understand what's goi

Re:

[Bert64]

My point about source compatibility was to emphasize why binary backwards compatibility is a rarely used feature.

Binary compatibility on linux is actually much better than windows too, it's just required far less often and thus not enabled by default in most distros. Providing you have the appropriate libs (and these libs often wont be installed by default because they waste space if not required), even very early linux binaries will still run on the latest kernels.
Windows does include backwards compatibili

Re:

[TheDarkMaster]

Oh boy... Your comment is so, so stupid it's no surprise that you've made it as AC. Learn to to understand what you are reading before you try to answer anything, as it is obvious to me that you did not understand nothing from what I wrote (or you did not want to understand, what is worse). Otherwise you would have realized that I not only know very well how to compile (and write code, by the way) as I was also talking about something completely different that it is the problems that you encounter when tryi

Re:

[TheDarkMaster]

Dude, you are the only clueless moron here... :-) In the company where I work my colleagues laughed a lot when they saw your comment, you know? I will said again: Learn how to understand what others wrote, THEN try to comment my clueless friend ;-)

Oh, P.S: I comment Using my ID because unlike you I have confidence in what I write. Grow up.

Re:

[unixisc]

Windows is the only platform where an application from 10 years ago is highly likely to run and likely to do it without any efforts.

Meanwhile, OS X breaks something with every incremental release.

And then you have Linux where constant maintenance of all applications are constantly required and nothing is ever done.

Linux = write once, perpetually maintain it or in 6 months it won't work. Windows = write once, it will likely work in 25 years. This is a major advantage and why the appeal of the stability of Windows isn't just only an enterprise thing.

As far as web browsers go, I am uncertain of what remaining web browsers are 32-bit. But no doubt it is a rapidly declining number.

First point is false. Years ago, I had an Adobe Acrobat 6 CD, which I ran on my computer w/ XP. Later, when I upgraded it to 7, it couldn't run on that: I had to run it under XP Mode (No, I wasn't gonna buy another more recent Acrobat version). Which was my point above: just have VirtualPC, w/ the ability to have any historical Windows VM - from Windows 95 to 32-bit Windows 7, and make that the default way for Windows to run win32 programs.

Discussions about OS-X or Linux is a non-sequitur to this discu

Microsoft makes the legacy apps

[Anonymous Coward]

I noticed Visual Studio is only 32 bit only, and defaults to making 32 bit builds. I don't think Microsoft is big on the whole 64 bit thing.

Fun fact: your 32 bit DLLs are in syswow64 and your 64 bit ones are in system32. Legacy makes such a mess when you don't plan ahead...

Re:

[tlhIngan]

I noticed Visual Studio is only 32 bit only, and defaults to making 32 bit builds. I don't think Microsoft is big on the whole 64 bit thing.

That's because Microsoft believes you should just stick with 32 bit unless there's a really good reason to go 64. And they're not incorrect - there's many good reasons to stick with 32 bit - compatibility with 32 bit systems for starters (yeah, you could provide two builds, but that's two times the QA work) and other things.

The other thing is - 32 bit has been around fo

Re:

[Dog-Cow]

Legacy makes a mess when app developers are idiots. Which is always.

WoW64?

[U2xhc2hkb3QgU3Vja3M]

I think World of Warcraft has been a 64-bit application for quite some time now.

Fight for your bitcoins! [coinbrawl.com]

"Browsers in their sample size"??

[Bing Tsher E]

There can't be that many browsers to "sample". Browsers aren't like the population of field mice in the world. You don't use a statistical process to analyze a random sample of them, then declare a ridiculous statistic like "80 percent of them". In the real world there are four or five or eight (some finite quantity). Any declaration should read something like: "five of the seven browsers examined..."

How does this not affect *nix ?

[Anonymous Coward]

Linux (and I assume *BSD) can run mixed mode with no problems. What's the deal?

Blame browsers for security lapses ..

[nickweller]

"80 percent of browsers in the researchers’ sample size were 32-bit processes executing on a 64-bit host running WOW64, putting them all at risk. ref [threatpost.com]

What were the names of these browsers with no 64-bit versions?

"Duo Security, a cloud-based access security provider" ref [duosecurity.com]

Re:

[nickweller]

Anonymous: "Most of the browsers have a 64bit option, but default to using the 32bit one. I'd be surprised if at least 20% of the Internet users primarily use a 64bit browser."

I don't understand what you mean by 'default to using the 32bit one'. You get either a 32-bit or a 64-bit installer. Most/all desktop operating systems out there are 64-bit and most all browsers come in 64-bit flavors.

Re:

[nickweller]

"Most browsers 64 bit? No, I don't think so."

What browsers don't have a 64-bit version? If a bug in a 32-bit application running on a 64-bit system leads to a security violation, that's a defect in the underlying 32-bit emulator. I don't know what you mean by 'the default version of Chrome', Chrome doesn't come with Windows, you have to install it yourself, the end user decides what version to use, the choice is up to you. Here's the link for the 64-bit Windows [google.com] version.

Re:

[Ed Tice]

The browsers have both versions but the code was historically 32-bit. You don't benefit by using a 64-bit browser. If it takes 4GB of RAM to render a page, you have bigger issues. Microsoft discouraged the use of 64-bit IE. This is not about a but in the emulator. This is about bugs in the browsers. The EMET tool tries to protect buggy programs from being exploited. The vulnerabilities are there but the ability to successfully exploit is mitigated (reduced but not eliminated). Those tools can't effe

Re:

[nickweller]

What are the names of the current browsers that don't have a 64-bit version?

Re:

[Ed Tice]

You obviously didn't read my post! All of the browsers have 64-bit versions but they have bugs that don't exist in the 32-bit version and don't offer any benefit over the 32-bit version. So people end up using the 32-bit installs. In fact it was only in September of this year that Mozilla considered Firefox 64 to be *stable*. If you started with a 32-bit Firefox, the update tools don't switch you to 64-bit. This isn't about whether 64-bit builds *exist* it's whether people *use* them. And the research