Antivirus in 64 vs 32 bit environments

Do AV programs differ in their effectiveness when in in 64 vs 32 bit environments?

I came across a series of security tests that Matousec.com ran in 64 bit systems and they posted some interesting results. The results for their 32 bit systems were odd as well. Being that I don't believe everything I read on the internet I decided to post here in hope of some clarification. Thanks.

Edit: After do some research I understand why the results that Matousec posted where the way they were. It seems a bit misleading. Still, I'm still curious if there is a difference in the two operating environments.

 

The 64bit should faster as it is just signature comparisons... which is primarily hash comparisons. If your talking host based security it is sometimes heuristics based which is slightly different. Depends on if the software manufacturer actually addresses this. Also some viruses are different on the 64 bit platform vs the 32 bit, but most likely same definition repository. Effectiveness is subjective to what your perception on what that it means to be effective.

 

There is a difference because of x64 KPP/Kernel Patch Protection aka PatchGuard. link
Hooking fuctions possible in x86, can't be done the same in 64-bit.
Protection against f.i. rootkits is often done on x86 by 'hooking' the kernel; protection against malware changing the kernel(=core), is achieved by security software, changing/'hardening' the kernel itself.
In x64, Microsoft prevents kernel changes with KPP, so security software will need to use different techniques to offer similar protection.
Protection results therefore could be different on x86 and x64 but AV companies have come up with new mechanisms by now, to offer similar protection on both environments.

 

Thanks for the answers!

 

KPP isn't bad, but it's not an AV. and it is stated in the article you linked as not foolproof. Just a single attack vector slow down aka bump in the road. Speed bump - Wikipedia, the free encyclopedia

 

Anyone said KPP is an AV?
And of course it isn't foolproof/100% solution/alpha&omega. Nothing is.

 

lol, just giving you a hard time.
I do think AV has a wider spectrum of coverage though and the 64bit is faster to do the hash comparisons. I also think a SSD makes reading those data files faster. It can also be argued that those same speed increases can be used against you when you are a pivot point, but guess you fix it when you find it.