Microsoft claims Windows users running 64-bit versions of the operating system are less likely to get infected by attack code.

However, an outside security researcher claimed that just because attacks are less likely it doesn't mean users won't get infected.

"64bit Windows has some of the lowest reported malware infection rates in the first half of 2009," said Joe Faulhaber of the Microsoft Malware Protection Center in a post to the group's blog.

"64-bit malware is still exceedingly rare in the wild."

Faulhaber cited statistics gleaned from Microsoft's Malicious Software Removal Tool (MSRC), a free malware detection and deletion utility the company updates and pushes to users monthly.

According to Microsoft's data, the 64bit version of Windows XP was 48 percent less likely to be infected than the 32bit edition during the first half of 2009; PCs running Vista 64bit, meanwhile, were 35 percent less likely to be infected than Vista 32bit.

Windows 7, which was not included in the data for the first half of this year because it had not been released in final form, also is available in both 32 and 64bit editions.

Faulhaber noted that Windows 7 64bit is the dominant flavor of that new OS as he touted its security. "Most PCs shipping with Windows 7 come with the 64bit versions of Windows," he observed.

Windows 64bit is safer to run, he argued, in large part because malware, which is written for the much more widely used 32bit versions of Windows, is "confused by 64bit".

That's not necessarily true, said Alfred Huger, formerly with Symantec and currently vice president of engineering at security start-up Immunet.

"There's a lot of 64-bit malware," said Huger.

"They can run their code in compatibility mode, or they can compile it for 64bit. The reason they're not is that there's still not a lot of 64-bit deployment. There's 64bit malware out there, just like there's Mac OS malware out there. But right now, [64bit] is just not as opportune a target as 32bit."

It's relatively simple for criminals to customise their attacks against 64bit systems, Huger maintained.

"We almost never see just one [piece of malware] on a machine. It's almost always eight or ten or a dozen," he said.

"Most malware gets on your system because you put it there, and one of the things most attacks do is download a bootstrapper that then downloads other malware. It's easy for attackers to have their bootstrapper check whether the OS is 64bit, then grab 64bit malware to download onto the PC."

In the end, said Huger, there just isn't a "compelling reason" for hackers to bother with 64bit, but there's nothing inherently more secure about a 64bit operating system.

"Malware is just software," he observed. "It can execute on 64bit just like other software."

Faulhaber argued that 64bit Windows was safer by design than the less-powerful 32bit version, ticking off such measures as PatchGuard, which makes it more difficult for malware to tamper with the operating system's kernel.

PatchGuard is included in the 64bit versions of XP, Vista and Windows 7. He also mentioned WOW64 (Windows On Windows 64), the lightweight emulation mode that lets 64bit versions run 32bit code.

"The additional protections built into 64bit Windows will make it harder for malware to make the 64bit jump," Faulhaber said.

While Faulhaber trumpeted 64bit XP's and Vista's - and by extension, Windows 7's - ability to sidestep more malware, the bi-annual Microsoft Security Intelligence Report he cited said that some of the lower infection rates might have nothing to do with the OS, and everything to do with the user.

"Infection rates for the 64bit versions of Windows XP and Windows Vista are lower than for the corresponding 32bit versions of those platforms, a difference that might be attributable to a higher level of technical expertise on the part of people who run 64bit operating systems," the report concluded.

"This difference may be expected to decrease as 64-bit computing continues to make inroads among mainstream users."

Nor did Faulhaber go so far as to claim that 64bit Windows, even Windows 7, was stout enough to do without security software.

"64bit Windows needs 64bit anti-malware software like Microsoft Security Essentials to protect the whole computer," he acknowledged, touting his company's free security suite, which shipped in late September .

PC security advice

See also: Windows 7, XP or Vista: which OS is best