News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Worth considering: 0patch for Win7 after January 2020

    Home Forums AskWoody blog Worth considering: 0patch for Win7 after January 2020

    Tagged: ,

    This topic contains 40 replies, has 15 voices, and was last updated by  OscarCP 3 weeks, 2 days ago.

    • Author
      Posts
    • #1959144 Reply

      woody
      Da Boss

      I just got a note from @microfix that pointed me to an interesting discussion from Ionut Ilascu at BleepingComputer: After Microsoft ends support for
      [See the full post at: Worth considering: 0patch for Win7 after January 2020]

    • #1959159 Reply

      MrJimPhelps
      AskWoody_MVP

      I wonder if there will be a Windows 7 point-of-sale hack to keep getting Windows 7 patches past Jan 2020 like there was with XP.

      Group "L" (Linux Mint)
      with Windows 8.1 running in a VM
      4 users thanked author for this post.
      • #1959188 Reply

        AJNorth
        AskWoody Plus

        Excellent question; however, from my (albeit limited) understanding, MS will be requiring a new SSU (Servicing Stack Update) that will only be made available to [paid] subscribers.

        (If one of the MVPs has more information, needless to say, as Ross Perot might have put it, “We’re all ears.”)

        • #1960077 Reply

          abbodi86
          AskWoody_MVP

          The updates will be available to anyone, but not applicable for everyone

          http://go.microsoft.com/fwlink/p/?linkid=2086115

          What delivery options are available for Extended Security Updates?

          The updates themselves will be delivered via all normal update delivery processes, including SCCM, WU, WUfB, and WSUS. The update will be programmed to look for the MAK activation on the endpoint and will install only on those systems with the MAK key.

          2 users thanked author for this post.
          • #1960113 Reply

            OscarCP
            AskWoody Plus

            A MAK key/license from Microsoft? And, if so, as it might seem to be the case you are considering in your reply, the way it is written, will that also be a requirement for the third-party updates under discussion here? My understanding is that those are for everyone that cares to pay $25 a year and has a compatible (Win 7) computer.

            Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W(?) + Mac&Lx

            • #1960149 Reply

              PKCano
              Da Boss

              OPaatch is not Microsoft. It is a third-party organization not under MS contracts for extended support.

              2 users thanked author for this post.
      • #1959649 Reply

        FakeNinja
        AskWoody Lounger

        I asked this on the forums a year ago but it didn’t get much attention, from what I’ve heard from other people, it doesn’t work the same way as it did with XP but that it still might be possible. I think we’re just gonna have to wait and see.

      • #1959781 Reply

        BobT
        AskWoody Lounger

        I wonder if there will be a Windows 7 point-of-sale hack to keep getting Windows 7 patches past Jan 2020 like there was with XP.

        Amusingly, the tills at my local bargain store (quite a big chain) are still using Windows XP Professional..

    • #1959287 Reply

      anonymous

      If I wasn’t already on Linux, I would just keep using Windows 7 past 2020 to spite Microsoft. There are literally millions (billions?) of Android smartphones running obsolete operating systems that have not been patched and never will again. The phone industry learned from the PC industry; as such, most phones cannot be updated unless the manufacturer or carrier explicitly chooses to allow it, and only for 2 or 3 years at most. The vast majority of Android devices aren’t even supported for THAT long!

      Anyway, the world has yet to melt down because of a huge number of insecure and potentially vulnerable cell phones, aka computers, that are in general always connected to the Internet. And I would rather continue using a system where I am the ultimate decider of how it works and what it does than board the Windows 10 train. So yeah, I would steadfastly keep using Windows 7 and refuse to “upgrade”… If I didn’t already move to Linux, where I get the best of all worlds. Privacy, freedom, no financial cost (this is different from freedom!), and security.

      6 users thanked author for this post.
      • #1959574 Reply

        TaskForce141
        AskWoody Lounger

        You’re right, I have one of those phones (a Galaxy S5, Android 6.0.1, last security patch April 2017).  Even so, the newest Chrome and Firefox mobile releases still work on it.

        Just like the cellular carriers and the phone makers, MS is willing to put profits over security, halting patches even though there are still so many Win 7 machines.

        And why are there so many Win 7 devices?  Because Microsoft royally destroyed the reputation of its successor, Win 10.  And MS refuses to admit fault, or improve/fix/address its terrible Win 10 update policies or the testing of those updates.

        • A crazy, frantic, unnecessary double horror feature upgrade cycle that overloads users and admins, is the CORE problem with today’s Windows.  One service pack every 2-3 years was bad enough, but twice a year?
        • The new “pause” functionality is no substitute for a true ‘Stop’ or “Notify but only download if I say yes”.
        • And Insider guinea pigs are no substitute for the professional testers that Satya Nadella fired (one of the dumbest mistakes ever by a tech CEO).
        • Then again, perhaps the CORE problem of Windows today is:  Satya Nadella.

         

        1 user thanked author for this post.
    • #1959312 Reply

      OscarCP
      AskWoody Plus

      According to the BleepingComputer article: “Micropatches will normally be available to paying customers (Pro – $25/agent/year – and Enterprise license holders).

      Does this means that if one has Windows 7 Pro and pays $25 a year, then one will get those patches — and whatever is needed to install them, such as the SSU that AJNorth suspects that will be necessary to install first?

      If that interpretation is correct, that would be good news for many small-business owners that use PCs with Win 7 Pro for their office work and the archiving of their important data, right?

      Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W(?) + Mac&Lx

      • #1959315 Reply

        AJNorth
        AskWoody Plus

        Greetings,

        The Opatch protocol circumvents the requirement for [purchasing] the updated post-EOL MS SSU via what they refer to as “micropatching” (see https://www.bleepingcomputer.com/news/security/windows-7-and-server-2008-get-0patch-security-fixes-after-eos/).

        Cheers,

        AJN

        2 users thanked author for this post.
        • #1959346 Reply

          OscarCP
          AskWoody Plus

          OK, but what does it mean “$25 per agent per year?” Can I, for example, owner of one PC located in my “Home Office “, in a spare room in my apartment, running Win 7 Pro, be such an “agent” and can get those patches for one year without any further qualifications than being able to click on  the “Buy Now” button and paying those $25?

          Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W(?) + Mac&Lx

          • #1959368 Reply

            AJNorth
            AskWoody Plus

            Well, from the site you had linked above, it appears that for “personal and non-profit educational use only”, the cost [for manual updating] is zero.  Of course, you might send an inquiry to their sales department at sales@0patch.com  to get the full details (which a whole lot of people will be interested to know as well…).

            2 users thanked author for this post.
            • #1959393 Reply

              satrow
              AskWoody MVP

              Difference between free and pro patches:

              When we issue a micropatch, we decide whether it will only be offered to users with 0patch PRO license or also to users without one (i.e., 0patch FREE users). A micropatch offered only to 0patch PRO license holders is called a PRO patch, otherwise it’s called a FREE patch.

              While decisions will be made on a per-case basis, we have set some rough guidelines:

              Patches for vulnerabilities affecting predominantly home users and users in educational institutions (e.g., WinRAR or Equation Editor patches) shall be FREE patches.
              Patches for 0days that affect many home/educational users shall be FREE patches for some period of time (usually one month), or until official vendor fixes for such 0days are issued, at which time they will turn into PRO patches.
              Patches for issues affecting predominantly organizations (e.g., Windows Server issues) shall be PRO patches.
              Patches for end-of-life products (e.g., old Java runtime versions, Windows Server 2003, or Windows 7 after January 14, 2020) shall be PRO patches.

              Plenty more info on their site/FAQs.

              6 users thanked author for this post.
            • #1959397 Reply

              AJNorth
              AskWoody Plus

              Thanks for going through the FAQs.

              At the end of the day, $25 per year for maintaining the security of Win 7 after EOL is a pretty good deal; heck, it’s only about the cost of one bottle of good bourbon (and I’ve been meaning to cut down anyway).

              2 users thanked author for this post.
            • #1959426 Reply

              satrow
              AskWoody MVP

              It’s not specifically Windows (file) patching, it looks to be mainly Office/3rd party software.

            • #1959441 Reply

              AJNorth
              AskWoody Plus

              From this BleepingComputer article, I had inferred that 0patch would be issuing their own in-house-created patches (based on the MS security bulletins and security releases): https://www.bleepingcomputer.com/news/security/windows-7-and-server-2008-get-0patch-security-fixes-after-eos/ .

              Have I misread the article?

            • #1959506 Reply

              satrow
              AskWoody MVP

              (based on the MS security bulletins and *other* security releases)

              The above looks to be more accurate, example from their Home page

              0patch-rac1

              And from my W7 Pro:

              0patch-available

              There are no patches listed as relevant to my PC, which certainly isn’t fully updated (though I have a number of mitigations in place for those I feel are relevant but I’m reluctant to take MS’ updates for).

              Attachments:
              2 users thanked author for this post.
            • #1960984 Reply

              anonymous

              I’m a paying 0patch user. I recently removed it because since I paid for it, I’ve not seen a single new patch applicable to my system (W7 x64 Pro) and it slows system startup considerably while it scans everything which is loaded. YMMV.

              3 users thanked author for this post.
    • #1959487 Reply

      OscarCP
      AskWoody Plus

      Copying what I see as a key portion of the article, at least as far as we Win 7 addicts are concerned, I think these paragraphs clear up the issue of what the patches are for (not discounting the possibility that there might be also patches for some of the applications that run on windows)

      After Microsoft ends support for Windows 7 and Windows Server 2008 on January 14, 2020, 0Patch platform will continue to ship vulnerability fixes to its agents.

      “Each Patch Tuesday we’ll review Microsoft’s security advisories to determine which of the vulnerabilities they have fixed for supported Windows versions might apply to Windows 7 or Windows Server 2008 and present a high-enough risk to warrant micropatching.”

      High-risk problems eligible for micropatching are defined here and include those that are easy to exploit, are already used in attacks, flaws leading to a realistic remote code execution scenario, or those that have a patch that cannot be applied immediately.

      If the vulnerable code is present in the unsupported Windows versions, the 0Patch team starts work triggering the vulnerability and porting the patch.

      If tests are successful, all Windows machines will receive the micropatch within 60 minutes, 0patch co-founder Mitja Kolsek says in a blog post today.

      It is unclear how fast the code will ship to end of support (EoS) products after Microsoft rolls out the official updates. 

      Kolsek told BleepingComputer that shipping time depends on the difficulty of re-implementing the official patch on supported binaries and how soon they can get proof-of-concept (PoC) code to test the glitch.”

      Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W(?) + Mac&Lx

    • #1959554 Reply

      A few months ago I posted that “there was an awful lot of money to be made by servicing Windows 7 due to the high number of users sticking with it after Jan. 2020…”

      Looks like I was right…something like this happened with Win 98SE after 2006 EOS; don’t remember if it was 0patch or someone else, but they kept cranking out security patches for free for individuals for quite a while afterwards. (Note I use EOS instead of EOL…plenty of “life” left in 7!)

      I said it was a potential goldmine, and so it is at $25 for Pro, times how many million?…(and home users for free? Wow.).M$FT’s usual business decision not to do something similar points out, once again, their blurry vision of the future, pure wrong-headedness, (“CEO’s are never wrong!”) and the train wreck Win 10 has become.

      Hey, Nadella: how’s that Windows Phone  and Surface thing working out for you?

      (shakes head)

      https://www.gocomics.com/nonsequitur/2019/09/20

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
      --
      "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

      3 users thanked author for this post.
      • #1959946 Reply

        anonymous

        More folks staying on Window 7 after  Jan 2020 should give MS a good indication of maybe the possibility and profitability of selling extended Windows 7 security updates past 2020 for consumers and not just Enterprise and Volume licensing clients.

        And  Windows 8/8.1 is closer to Windows 7 than Windows 7 is to 10 and it’s not like the Windows OS kernel is that different between Windows 7 and Windows 8/8.1 anyways. And that’s even with that lightweight containerized OS/Sandbox like environment on Windows 8/8.1 that moved some functionality out of kernel space and into the user/sandbox space. And that functionality was all developed under Windows 7 but did not make it into the OS release cycle until Windows 8/8.1 was  released.

        Purchasing a Windows 8/8.1 “OEM” license key may be the better option and installing some third party TIFKAM taming UI modding software to make the 8/8.1 UI look and act like Windows 7’s UI.

        But the most important thing that MS needs to do for Windows 7 is some final convenience Roll-up and all the KBs included for folks wanting to re-image their systems or just update them one final time and make sure that everything that should be patched is patched and folks being better protected. This final Roll-up  should come without any unnecessary telemetry and other functionality(Nagware) that’s really not going to be needed after 2020 anyways.

        So just like Windows XP there will be some edge use cases for folks remaining on Windows 7 longer in some offline state on some CNC milling machines/other use cases that can only function properly with the software/OS ecosystem that shipped with the machinery.

        Both Windows 7 and 8/8.1 will eventually disappear by attrition down to some minimal level as all new hardware will ship/has been shipping for some time with Windows 10 anyways. And windows 8/8.1 will be EOL in 2023.

        • #1960201 Reply

          anonymous

          from #post-1959946

          But the most important thing that MS needs to do for Windows 7 is some final convenience Roll-up and all the KBs included for folks wanting to re-image their systems or just update them one final time and make sure that everything that should be patched is patched and folks being better protected. This final Roll-up should come without any unnecessary telemetry and other functionality(Nagware) that’s really not going to be needed after 2020 anyways.

          I’ve read this in another thread. The best image to fit all your custom needs is an image you make yourself, of the exact system you use every day. When you have tailored it exactly to your desires and verified free of “Nagware”. That way, on the day you have need of an image, you know exactly what is in it. Additional benefit it will look and feel very familiar, and you will not have to prove your rights to anyone.

          Or is your desire to have a clean copy to resell to others who will not make their own image as part of an overall backup plan? Microsoft stopped development of Windows 7 years ago, as planned, as scheduled, as publicized. They will stop free (gratis) support all together as planned, as scheduled, as publicized. There is no burden to finally produce a product they have refused to provide over the last several years. If it turns out they do, it will be a very generous gift that no one paid for (gratis).

          • #1960746 Reply

            anonymous

            “Or is your desire to have a clean copy to resell to others who will not make their own image as part of an overall backup plan?”

            Oh no that sort of thing may be illegal but Windows 7, post Service pack 1, has already had one KBs convenience Roll-Up and why not do that one final time to reduce the need of users having  to search the Windows Update catalog, or Windows Update, for the individual patches. Just put all the Windows 7 KBs in a final convenience Roll-Up and have that available after Jan 2020 for the consumer versions of Windows 7.

            In addition users will still need their OEM’s Recovery DVDs to get the PC’s/Laptop’s hardware specific drivers for their makes and models of PCs/Laptops.

            I really  wish that all the PC/Laptop OEMs would push out some utilities that are designed to pull out all the PC/Laptop drivers from the specific device’s Windows recovery DVDs that shipped with the devices, or recovery partition. That’s so users could burn a driver only DVD, or flash drive image, and then have that specifically set up by the utility to install the drivers for OEM PC/Laptops on any 7/8.1 generic Windows OS image. And more often than not Windows 7 drivers for PCs/Laptops will work on Windows 8/8.1

            On PCs built on parts purchased from off the shelf components, the home system builder market, the Motherboard makers provide the motherboard specific CPU/Chipset and other MB related device drivers on a Driver DVD. But for OEM PCs, and especially OEM laptops, the drivers are already slip-streamed  onto the Windows Recovery DVDs by the device’s OEM.  But that’s done by the OEM only for the OS recovery DVD’s  that shipped with the laptop when the laptop was new, and on newer laptops there may not be any DVDs with the recovery image being on a special recovery partition.

            There are plenty of Retail OEM Windows 8.1 license keys still in the channels and available to be purchased but the device’s user is going to have to Download a generic Windows 8.1 OS Image and then register that with the purchased license key  if they want to update from 7 to 8.1 and be good for updates until 2023. But the Motherboard Chipset/other drivers and the CPU drivers for the specific make and model of OEM PC/Laptop are not going to be on any generic windows 8.1 image so that has to come off the Recovery DVDs or be downloaded from the OEM in advance and be installed manually.

    • #1959604 Reply

      anonymous

      Just a FYI regarding “In all cases, I’ve refrained from recommending them, simply because I’m concerned about applying third party patches directly to Windows binaries.”

      The following is from their FAQ:

      Does 0patch modify executable files?
      mitja.kolsek – March 21, 2019 10:25
      All micropatching is done in memory only; 0patch never changes any executable files on file system. Therefore all signatures on files remain valid and all file integrity checks remain unaffected.

    • #1959616 Reply

      honx
      AskWoody Lounger

      another question: does end of support in january 2020 also affect windows defender for win7? will there also be no updates for defender? so will i need a third party antivirus solution?

      PC: Windows 7 Ultimate, 64bit, Group B
      Notebook: Windows 8.1, 64bit, Group B

      • #1959618 Reply

        PKCano
        Da Boss

        Windows Defender is NOT an antivirus solution in Win7. It has NEVER BEEN an antivirus solution for Win7.
        It is only an AV for Win8.1 and Win10.

        You need OTHER virus protection in Win7 – Microsoft Security Essentials or a third-party virus program. If you do not have this you are not protected.

        • #1959621 Reply

          honx
          AskWoody Lounger

          okay, then will updates microsoft security essentials also end after january 2020 or is it worth installing mse?

          PC: Windows 7 Ultimate, 64bit, Group B
          Notebook: Windows 8.1, 64bit, Group B

          • #1959622 Reply

            PKCano
            Da Boss

            As far as I can determine, MSE will be supported until Win7 EOL. In that case, I would recommend another AV solution.
            There are a lot of free AVs out there. I use BitDefender Free, but there are many more. How long they support Win7 after EOL is anybody’s guess, but I would think until 2023 because there will be paid Enterprise Win7 around until then.

            1 user thanked author for this post.
            • #1959623 Reply

              honx
              AskWoody Lounger

              so visualising no updates for security essentials in four months i tend to not install this one for just four months. can you recommend bitdefender free? i think so, as you’re using it. 😀

              is it this one? https://www.bitdefender.com/solutions/free.html if so, is there a german version available?

              PC: Windows 7 Ultimate, 64bit, Group B
              Notebook: Windows 8.1, 64bit, Group B

            • #1959624 Reply

              PKCano
              Da Boss

              Yes, that’s it.
              I do not know if there is a German version.

            • #1959650 Reply

              honx
              AskWoody Lounger

              i just read here (in german: https://www.giga.de/downloads/bitdefender-antivirus-free-edition/) that updating bitdefender free after 30 days needs registration. so in other words, buying it?
              Für Updates ist eine Registrierung notwendig

              Um Updates herunterzuladen, ist allerdings eine Registrierung beim Hersteller notwendig, die man innerhalb von 30 Tagen vornehmen muss. Der verbleibende Zeitraum wird ebenfalls im Programmfenster angezeigt.

              i used google translate for this, i don’t know if it’s translated correct:

              For updates a registration is necessary

              To download updates, however, a registration with the manufacturer is necessary, which must be made within 30 days. The remaining period is also displayed in the program window.

              PC: Windows 7 Ultimate, 64bit, Group B
              Notebook: Windows 8.1, 64bit, Group B

              • This reply was modified 3 weeks, 3 days ago by  honx.
              • This reply was modified 3 weeks, 3 days ago by  PKCano.
            • #1959651 Reply

              PKCano
              Da Boss

              No, registration is NOT buying it.
              They ask only for name and email – I do not pay anything.

            • #1959653 Reply

              honx
              AskWoody Lounger

              No, registration is NOT buying it.
              They ask only for name and email – I do not pay anything.

              okay, thx!

              PC: Windows 7 Ultimate, 64bit, Group B
              Notebook: Windows 8.1, 64bit, Group B

            • #1959738 Reply

              anonymous

              ? says:

              honx, have you looked at GBorn’s pages on antivirus? no need to googtranslate:

              https://borncity.com/win/?s=antivirus

              2 users thanked author for this post.
            • #1959809 Reply

              honx
              AskWoody Lounger

              ? says:

              honx, have you looked at GBorn’s pages on antivirus? no need to googtranslate:

              https://borncity.com/win/?s=antivirus

              i used google translate for pkcano to read. i myself speak german, so i don’t need an english translation… 😀

               

              PC: Windows 7 Ultimate, 64bit, Group B
              Notebook: Windows 8.1, 64bit, Group B

    • #1960157 Reply

      OscarCP
      AskWoody Plus

      I am beginning to get the feeling that there is going to be more talk than expected about Windows 7 here, at Woody’s, after next January’s EOL.

      I think it was just me (maybe someone else as well?) that commented in an earlier tread, some time ago, that the fact of millions of home and small business (no “Enterprise”) PCs still running Windows 7 after EOL and most likely to continue doing so for quite some time into the future, might interest some enterprising people in starting the possibly quite lucrative business of providing support after MS ended giving it.

      Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W(?) + Mac&Lx

      1 user thanked author for this post.
      • #1960162 Reply

        LHiggins
        AskWoody Plus

        I think a lot of us have had that thought – and it does make perfect sense that someone would come up with something to allow all of those Win 7 computers to exist safely post Jan 2020.

        This news about 0Patch is very interesting and I am actually pretty excited about the possibilities. While I am really enjoying getting my new Linux set up operational, if there is a way to keep Win 7 going – that would be really great!

        Hope to hear more – but nice that there is something to look into at least!

    • #1960729 Reply

      DrBonzo
      AskWoody Plus

      I consider myself to be a non-techie, but something just doesn’t seem to add up here.

      Either I’m inferring or 0patch is implying (or a combination of those two) that bugs, holes, vulnerabilities – whatever you want to call them – that are found in the Windows 7 operating system can be effectively patched with a “few lines” of code. If that’s true, why would Microsoft not also patch in this manner instead of the massive 400MB (roughly) Rollup and 80MB (roughly) Security Only patches? It would seem that the “few lines” patches would be far easier to test and fix if issues with said patches were found. I would think that MS would be all over this “few lines” patching method. Can someone enlighten me why they aren’t, and while you’re at it whether the “few lines” patching method is actually any good?

      2 users thanked author for this post.
      • #1961586 Reply

        OscarCP
        AskWoody Plus

        DrBonzo: Thanks for bringing this up. I now have the same question. One entry by Anonymous #1959604  further up has provided this partial copy of an article explaining that “All micropatching is done in memory only; 0patch never changes any executable files on file system. Therefore all signatures on files remain valid and all file integrity checks remain unaffected.”

        Whatever that means. I am hoping someone will visit this thread at this point and provide an explanation that is reasonably clear and not too technical as well as not too terse.

        Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W(?) + Mac&Lx

        1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Worth considering: 0patch for Win7 after January 2020

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.