Worth considering: 0patch for Win7 after January 2020

Topic

New Reply

I just got a note from @Microfix that pointed me to an interesting discussion from Ionut Ilascu at BleepingComputer: After Microsoft ends support for
[See the full post at: Worth considering: 0patch for Win7 after January 2020]

12 users thanked author for this post.

SueW, abbodi86, LHiggins, FakeNinja, Nibbled To Death By Ducks, Geo, satrow, nazzy, OscarCP, AJNorth, fernlady, jburk07

Reply | Quote

Replies

I wonder if there will be a Windows 7 point-of-sale hack to keep getting Windows 7 patches past Jan 2020 like there was with XP.

Group "L" (Linux Mint)
with Windows 8.1 running in a VM

4 users thanked author for this post.

Kranium, HiFlyer, nazzy, AJNorth

Reply | Quote

Excellent question; however, from my (albeit limited) understanding, MS will be requiring a new SSU (Servicing Stack Update) that will only be made available to [paid] subscribers.

(If one of the MVPs has more information, needless to say, as Ross Perot might have put it, “We’re all ears.”)

Reply | Quote

The updates will be available to anyone, but not applicable for everyone

http://go.microsoft.com/fwlink/p/?linkid=2086115

What delivery options are available for Extended Security Updates?

The updates themselves will be delivered via all normal update delivery processes, including SCCM, WU, WUfB, and WSUS. The update will be programmed to look for the MAK activation on the endpoint and will install only on those systems with the MAK key.

2 users thanked author for this post.

AJNorth, FakeNinja

Reply | Quote

A MAK key/license from Microsoft? And, if so, as it might seem to be the case you are considering in your reply, the way it is written, will that also be a requirement for the third-party updates under discussion here? My understanding is that those are for everyone that cares to pay $25 a year and has a compatible (Win 7) computer.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

OPaatch is not Microsoft. It is a third-party organization not under MS contracts for extended support.

2 users thanked author for this post.

AJNorth, OscarCP

Reply | Quote

I asked this on the forums a year ago but it didn’t get much attention, from what I’ve heard from other people, it doesn’t work the same way as it did with XP but that it still might be possible. I think we’re just gonna have to wait and see.

Reply | Quote

MrJimPhelps wrote:

I wonder if there will be a Windows 7 point-of-sale hack to keep getting Windows 7 patches past Jan 2020 like there was with XP.

Amusingly, the tills at my local bargain store (quite a big chain) are still using Windows XP Professional..

Reply | Quote

If I wasn’t already on Linux, I would just keep using Windows 7 past 2020 to spite Microsoft. There are literally millions (billions?) of Android smartphones running obsolete operating systems that have not been patched and never will again. The phone industry learned from the PC industry; as such, most phones cannot be updated unless the manufacturer or carrier explicitly chooses to allow it, and only for 2 or 3 years at most. The vast majority of Android devices aren’t even supported for THAT long!

Anyway, the world has yet to melt down because of a huge number of insecure and potentially vulnerable cell phones, aka computers, that are in general always connected to the Internet. And I would rather continue using a system where I am the ultimate decider of how it works and what it does than board the Windows 10 train. So yeah, I would steadfastly keep using Windows 7 and refuse to “upgrade”… If I didn’t already move to Linux, where I get the best of all worlds. Privacy, freedom, no financial cost (this is different from freedom!), and security.

8 users thanked author for this post.

Steve, johnf, Lori, Kranium, FakeNinja, SueW, HiFlyer, TaskForce141

Reply | Quote

You’re right, I have one of those phones (a Galaxy S5, Android 6.0.1, last security patch April 2017).  Even so, the newest Chrome and Firefox mobile releases still work on it.

Just like the cellular carriers and the phone makers, MS is willing to put profits over security, halting patches even though there are still so many Win 7 machines.

And why are there so many Win 7 devices?  Because Microsoft royally destroyed the reputation of its successor, Win 10.  And MS refuses to admit fault, or improve/fix/address its terrible Win 10 update policies or the testing of those updates.

• A crazy, frantic, unnecessary double horror feature upgrade cycle that overloads users and admins, is the CORE problem with today’s Windows.  One service pack every 2-3 years was bad enough, but twice a year?
• The new “pause” functionality is no substitute for a true ‘Stop’ or “Notify but only download if I say yes”.
• And Insider guinea pigs are no substitute for the professional testers that Satya Nadella fired (one of the dumbest mistakes ever by a tech CEO).
• Then again, perhaps the CORE problem of Windows today is:  Satya Nadella.

 

3 users thanked author for this post.

Charlie, ve2mrx, Kranium

Reply | Quote

According to the BleepingComputer article: “Micropatches will normally be available to paying customers (Pro – $25/agent/year – and Enterprise license holders).”

Does this means that if one has Windows 7 Pro and pays $25 a year, then one will get those patches — and whatever is needed to install them, such as the SSU that AJNorth suspects that will be necessary to install first?

If that interpretation is correct, that would be good news for many small-business owners that use PCs with Win 7 Pro for their office work and the archiving of their important data, right?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Greetings,

The Opatch protocol circumvents the requirement for [purchasing] the updated post-EOL MS SSU via what they refer to as “micropatching” (see https://www.bleepingcomputer.com/news/security/windows-7-and-server-2008-get-0patch-security-fixes-after-eos/).

Cheers,

AJN

2 users thanked author for this post.

woody, satrow

Reply | Quote

OK, but what does it mean “$25 per agent per year?” Can I, for example, owner of one PC located in my “Home Office “, in a spare room in my apartment, running Win 7 Pro, be such an “agent” and can get those patches for one year without any further qualifications than being able to click on  the “Buy Now” button and paying those $25?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Well, from the site you had linked above, it appears that for “personal and non-profit educational use only”, the cost [for manual updating] is zero.  Of course, you might send an inquiry to their sales department at sales@0patch.com  to get the full details (which a whole lot of people will be interested to know as well…).

2 users thanked author for this post.

HiFlyer, satrow

Reply | Quote

Difference between free and pro patches:

When we issue a micropatch, we decide whether it will only be offered to users with 0patch PRO license or also to users without one (i.e., 0patch FREE users). A micropatch offered only to 0patch PRO license holders is called a PRO patch, otherwise it’s called a FREE patch.

While decisions will be made on a per-case basis, we have set some rough guidelines:

Patches for vulnerabilities affecting predominantly home users and users in educational institutions (e.g., WinRAR or Equation Editor patches) shall be FREE patches.
Patches for 0days that affect many home/educational users shall be FREE patches for some period of time (usually one month), or until official vendor fixes for such 0days are issued, at which time they will turn into PRO patches.
Patches for issues affecting predominantly organizations (e.g., Windows Server issues) shall be PRO patches.
Patches for end-of-life products (e.g., old Java runtime versions, Windows Server 2003, or Windows 7 after January 14, 2020) shall be PRO patches.

Plenty more info on their site/FAQs.

7 users thanked author for this post.

ve2mrx, Lori, SueW, jburk07, LHiggins, OscarCP, AJNorth

Reply | Quote

Thanks for going through the FAQs.

At the end of the day, $25 per year for maintaining the security of Win 7 after EOL is a pretty good deal; heck, it’s only about the cost of one bottle of good bourbon (and I’ve been meaning to cut down anyway).

3 users thanked author for this post.

Steve, SueW, LHiggins

Reply | Quote

It’s not specifically Windows (file) patching, it looks to be mainly Office/3rd party software.

Reply | Quote

From this BleepingComputer article, I had inferred that 0patch would be issuing their own in-house-created patches (based on the MS security bulletins and security releases): https://www.bleepingcomputer.com/news/security/windows-7-and-server-2008-get-0patch-security-fixes-after-eos/ .

Have I misread the article?

Reply | Quote

AJNorth wrote:

(based on the MS security bulletins and *other* security releases)

The above looks to be more accurate, example from their Home page

And from my W7 Pro:

There are no patches listed as relevant to my PC, which certainly isn’t fully updated (though I have a number of mitigations in place for those I feel are relevant but I’m reluctant to take MS’ updates for).

2 users thanked author for this post.

jburk07, AJNorth

Reply | Quote

I’m a paying 0patch user. I recently removed it because since I paid for it, I’ve not seen a single new patch applicable to my system (W7 x64 Pro) and it slows system startup considerably while it scans everything which is loaded. YMMV.

4 users thanked author for this post.

jburk07, wavy, SueW, satrow

Reply | Quote

Copying what I see as a key portion of the article, at least as far as we Win 7 addicts are concerned, I think these paragraphs clear up the issue of what the patches are for (not discounting the possibility that there might be also patches for some of the applications that run on windows)

“After Microsoft ends support for Windows 7 and Windows Server 2008 on January 14, 2020, 0Patch platform will continue to ship vulnerability fixes to its agents.

“Each Patch Tuesday we’ll review Microsoft’s security advisories to determine which of the vulnerabilities they have fixed for supported Windows versions might apply to Windows 7 or Windows Server 2008 and present a high-enough risk to warrant micropatching.”

High-risk problems eligible for micropatching are defined here and include those that are easy to exploit, are already used in attacks, flaws leading to a realistic remote code execution scenario, or those that have a patch that cannot be applied immediately.

If the vulnerable code is present in the unsupported Windows versions, the 0Patch team starts work triggering the vulnerability and porting the patch.

If tests are successful, all Windows machines will receive the micropatch within 60 minutes, 0patch co-founder Mitja Kolsek says in a blog post today.

It is unclear how fast the code will ship to end of support (EoS) products after Microsoft rolls out the official updates. 

Kolsek told BleepingComputer that shipping time depends on the difficulty of re-implementing the official patch on supported binaries and how soon they can get proof-of-concept (PoC) code to test the glitch.”

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

A few months ago I posted that “there was an awful lot of money to be made by servicing Windows 7 due to the high number of users sticking with it after Jan. 2020…”

Looks like I was right…something like this happened with Win 98SE after 2006 EOS; don’t remember if it was 0patch or someone else, but they kept cranking out security patches for free for individuals for quite a while afterwards. (Note I use EOS instead of EOL…plenty of “life” left in 7!)

I said it was a potential goldmine, and so it is at $25 for Pro, times how many million?…(and home users for free? Wow.).M$FT’s usual business decision not to do something similar points out, once again, their blurry vision of the future, pure wrong-headedness, (“CEO’s are never wrong!”) and the train wreck Win 10 has become.

Hey, Nadella: how’s that Windows Phone  and Surface thing working out for you?

(shakes head)

https://www.gocomics.com/nonsequitur/2019/09/20

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"Windows Update? Bah! I could carve a better ecosystem out of a banana!" -Jamrach Holobom

4 users thanked author for this post.

Charlie, SueW, LHiggins, AJNorth

Reply | Quote

More folks staying on Window 7 after  Jan 2020 should give MS a good indication of maybe the possibility and profitability of selling extended Windows 7 security updates past 2020 for consumers and not just Enterprise and Volume licensing clients.

And  Windows 8/8.1 is closer to Windows 7 than Windows 7 is to 10 and it’s not like the Windows OS kernel is that different between Windows 7 and Windows 8/8.1 anyways. And that’s even with that lightweight containerized OS/Sandbox like environment on Windows 8/8.1 that moved some functionality out of kernel space and into the user/sandbox space. And that functionality was all developed under Windows 7 but did not make it into the OS release cycle until Windows 8/8.1 was  released.

Purchasing a Windows 8/8.1 “OEM” license key may be the better option and installing some third party TIFKAM taming UI modding software to make the 8/8.1 UI look and act like Windows 7’s UI.

But the most important thing that MS needs to do for Windows 7 is some final convenience Roll-up and all the KBs included for folks wanting to re-image their systems or just update them one final time and make sure that everything that should be patched is patched and folks being better protected. This final Roll-up  should come without any unnecessary telemetry and other functionality(Nagware) that’s really not going to be needed after 2020 anyways.

So just like Windows XP there will be some edge use cases for folks remaining on Windows 7 longer in some offline state on some CNC milling machines/other use cases that can only function properly with the software/OS ecosystem that shipped with the machinery.

Both Windows 7 and 8/8.1 will eventually disappear by attrition down to some minimal level as all new hardware will ship/has been shipping for some time with Windows 10 anyways. And windows 8/8.1 will be EOL in 2023.

Reply | Quote

from #post-1959946

But the most important thing that MS needs to do for Windows 7 is some final convenience Roll-up and all the KBs included for folks wanting to re-image their systems or just update them one final time and make sure that everything that should be patched is patched and folks being better protected. This final Roll-up should come without any unnecessary telemetry and other functionality(Nagware) that’s really not going to be needed after 2020 anyways.

I’ve read this in another thread. The best image to fit all your custom needs is an image you make yourself, of the exact system you use every day. When you have tailored it exactly to your desires and verified free of “Nagware”. That way, on the day you have need of an image, you know exactly what is in it. Additional benefit it will look and feel very familiar, and you will not have to prove your rights to anyone.

Or is your desire to have a clean copy to resell to others who will not make their own image as part of an overall backup plan? Microsoft stopped development of Windows 7 years ago, as planned, as scheduled, as publicized. They will stop free (gratis) support all together as planned, as scheduled, as publicized. There is no burden to finally produce a product they have refused to provide over the last several years. If it turns out they do, it will be a very generous gift that no one paid for (gratis).

Reply | Quote

“Or is your desire to have a clean copy to resell to others who will not make their own image as part of an overall backup plan?”

Oh no that sort of thing may be illegal but Windows 7, post Service pack 1, has already had one KBs convenience Roll-Up and why not do that one final time to reduce the need of users having  to search the Windows Update catalog, or Windows Update, for the individual patches. Just put all the Windows 7 KBs in a final convenience Roll-Up and have that available after Jan 2020 for the consumer versions of Windows 7.

In addition users will still need their OEM’s Recovery DVDs to get the PC’s/Laptop’s hardware specific drivers for their makes and models of PCs/Laptops.

I really  wish that all the PC/Laptop OEMs would push out some utilities that are designed to pull out all the PC/Laptop drivers from the specific device’s Windows recovery DVDs that shipped with the devices, or recovery partition. That’s so users could burn a driver only DVD, or flash drive image, and then have that specifically set up by the utility to install the drivers for OEM PC/Laptops on any 7/8.1 generic Windows OS image. And more often than not Windows 7 drivers for PCs/Laptops will work on Windows 8/8.1

On PCs built on parts purchased from off the shelf components, the home system builder market, the Motherboard makers provide the motherboard specific CPU/Chipset and other MB related device drivers on a Driver DVD. But for OEM PCs, and especially OEM laptops, the drivers are already slip-streamed  onto the Windows Recovery DVDs by the device’s OEM.  But that’s done by the OEM only for the OS recovery DVD’s  that shipped with the laptop when the laptop was new, and on newer laptops there may not be any DVDs with the recovery image being on a special recovery partition.

There are plenty of Retail OEM Windows 8.1 license keys still in the channels and available to be purchased but the device’s user is going to have to Download a generic Windows 8.1 OS Image and then register that with the purchased license key  if they want to update from 7 to 8.1 and be good for updates until 2023. But the Motherboard Chipset/other drivers and the CPU drivers for the specific make and model of OEM PC/Laptop are not going to be on any generic windows 8.1 image so that has to come off the Recovery DVDs or be downloaded from the OEM in advance and be installed manually.

Reply | Quote

Just a FYI regarding “In all cases, I’ve refrained from recommending them, simply because I’m concerned about applying third party patches directly to Windows binaries.”

The following is from their FAQ:

Does 0patch modify executable files?
mitja.kolsek – March 21, 2019 10:25
All micropatching is done in memory only; 0patch never changes any executable files on file system. Therefore all signatures on files remain valid and all file integrity checks remain unaffected.

Reply | Quote

another question: does end of support in january 2020 also affect windows defender for win7? will there also be no updates for defender? so will i need a third party antivirus solution?

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

Windows Defender is NOT an antivirus solution in Win7. It has NEVER BEEN an antivirus solution for Win7.
It is only an AV for Win8.1 and Win10.

You need OTHER virus protection in Win7 – Microsoft Security Essentials or a third-party virus program. If you do not have this you are not protected.

Reply | Quote

okay, then will updates microsoft security essentials also end after january 2020 or is it worth installing mse?

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

As far as I can determine, MSE will be supported until Win7 EOL. In that case, I would recommend another AV solution.
There are a lot of free AVs out there. I use BitDefender Free, but there are many more. How long they support Win7 after EOL is anybody’s guess, but I would think until 2023 because there will be paid Enterprise Win7 around until then.

2 users thanked author for this post.

TonyC, jburk07

Reply | Quote

so visualising no updates for security essentials in four months i tend to not install this one for just four months. can you recommend bitdefender free? i think so, as you’re using it. 😀

is it this one? https://www.bitdefender.com/solutions/free.html if so, is there a german version available?

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

Yes, that’s it.
I do not know if there is a German version.

Reply | Quote

[honx]

i just read here (in german: https://www.giga.de/downloads/bitdefender-antivirus-free-edition/) that updating bitdefender free after 30 days needs registration. so in other words, buying it?
Für Updates ist eine Registrierung notwendig

Um Updates herunterzuladen, ist allerdings eine Registrierung beim Hersteller notwendig, die man innerhalb von 30 Tagen vornehmen muss. Der verbleibende Zeitraum wird ebenfalls im Programmfenster angezeigt.

i used google translate for this, i don’t know if it’s translated correct:

For updates a registration is necessary

To download updates, however, a registration with the manufacturer is necessary, which must be made within 30 days. The remaining period is also displayed in the program window.

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

• This reply was modified 4 years ago by honx.
• This reply was modified 4 years ago by PKCano.

Reply | Quote

No, registration is NOT buying it.
They ask only for name and email – I do not pay anything.

Reply | Quote

PKCano wrote:

No, registration is NOT buying it.
They ask only for name and email – I do not pay anything.

okay, thx!

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

? says:

honx, have you looked at GBorn’s pages on antivirus? no need to googtranslate:

https://borncity.com/win/?s=antivirus

2 users thanked author for this post.

geekdom, PKCano

Reply | Quote

anonymous wrote:

? says:

honx, have you looked at GBorn’s pages on antivirus? no need to googtranslate:

https://borncity.com/win/?s=antivirus

i used google translate for pkcano to read. i myself speak german, so i don’t need an english translation… 😀

 

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

PKCano wrote:

There are a lot of free AVs out there. I use BitDefender Free, but there are many more. How long they support Win7 after EOL is anybody’s guess, but I would think until 2023 because there will be paid Enterprise Win7 around until then.

I am currently using MSE with Windows 7. If MSE virus definitions become unavailable after Windows 7 EOS, I might need to use the free edition of BitDefender for a month or two until I get a new PC up and running with Windows 10 and Office. I have some questions:

1. Does BitDefender require any significant management effort? One of the great benefits of MSE from my point of view is that you install it and then, apart from the occasional need to run a quick scan, you can almost forget about it. Is BitDefender like that? I don’t want a geeky anti-virus product.
2. I presume that I would be advised to uninstall MSE before attempting to install BitDefender. Is the function in Programs and Features sufficient to uninstall MSE cleanly? Or is some special clean-up tool or procedure required? And what about the Windows Firewall?
3. All the YouTube videos on installing the free edition of BitDefender that I have looked at show download and installation as a continuous procedure. This seems to imply that my PC must be connected to the Internet in order to install BitDefender. But, if I have previously uninstalled MSE, my PC will then be unprotected. Is it possible to download an installation module of BitDefender while connected to the Internet and install it later while not connected to the Internet? This is the way that I used to install a new version of MSE.

Reply | Quote

1. Does BitDefender require any significant management effort?

In my experience, NO.

2. I presume that I would be advised to uninstall MSE before attempting to install BitDefender. Is the function in Programs and Features sufficient to uninstall MSE cleanly? Or is some special clean-up tool or procedure required? And what about the Windows Firewall?

You can download and install Bitdefender Free, then either uninstall MSE or just turn it off.

3. All the YouTube videos on installing the free edition of BitDefender that I have looked at show download and installation as a continuous procedure. This seems to imply that my PC must be connected to the Internet in order to install BitDefender.

If you are looking at YouTube videos, you already have the answer.
You need to be connected to the Internet to install Bitdefender because what you download is a stub. When you execute it, it downloads the installer, does a preliminary scan of your computer, and updates the definitions. Many of the anti-virus programs operate in this manner. You also have to create a Bitdefender account (ID and email only).
And you certainly have to be connected to the Internet to update the definitions.

1 user thanked author for this post.

TonyC

Reply | Quote

Thank you for the reply.

PKCano wrote:

You can download and install Bitdefender Free, then either uninstall MSE or just turn it off.

Conventional advice is that you might encounter problems if you have two anti-virus products running simultaneously. Are you suggesting that you are unlikely to encounter such problems during the short time that BitDefender Free and MSE are running simultaneously? And, by “turn MSE off”, do you mean turn off the real-time protection?

PKCano wrote:

If you are looking at YouTube videos, you already have the answer.

Not really. Just because YouTube videos demonstrate download and installation as a continuous procedure does not imply that is the only way of installing BitDefender Free. So I needed an explanation like the one you gave.

Reply | Quote

You should not have a problem for the short time it takes to swap AVs.

Reply | Quote

PKCano,

When you say  “You can download and install Bitdefender Free, then either uninstall MSE or just turn it off.”  By  “just turn it off”  I am guessing you mean turn off real-time protection.  Or is there a way to turn off MSE?

Reply | Quote

Yes, turn off real time protection. Or Bitdefender may turn it off for you. You don’t want two AV programs running in the background at the same time.

Reply | Quote

Bitdefender will not install unless I uninstall MSE.

Reply | Quote

On my Win 7 Bitdefender will not install unless I remove both MSE and SpywareBlaster.  To my limited knowledge SpywareBlaster is not an AV program.  If SpywreBlaster has any  real time protection it sure keeps it hidden from the user with no way to turn it on or off.

It seems like Bitdefender does not play with others if they have real time protection or not.  Even if real time protection can be turned off as in MSE.

Reply | Quote

Have you tried to make an exception for the other programs’ executables in the Bitdefender application to allow them to run? I have had to do that for some programs.

Reply | Quote

This seems to be a catch 22 unless there is a way to enter the exception before Bitdefender completes installing.  If I recall correctly,  as Bitdefender is going through its installation procedure it comes up with something like “MSE has been found and must be uninstalled to continue.”  Is there a way to enter MSE into exceptions at this point – before Bitdefender has completed installation?  I have more computers on which I would like to install Bitdefender.

Reply | Quote

Now that Bitdefender is installed and Protection Shield is turned on,  should a Bitdefender system scan be run on some regular interval?

Reply | Quote

Run the scan manually or schedule it, your choice. Running it just before a backup and patch is a good time.

cheers, Paul

Reply | Quote

Greetings,

In case you’ve not come across them, here are a few sets of recent reviews & recommendations from trusted sources; perhaps they will be useful:

Best Free Antivirus Software 2020 (updated 2019.12.13)

https://www.tomsguide.com/us/best-free-antivirus,review-6003.html

11 Best Free Antivirus Software of 2019 (updated 2019.12.04)

https://www.lifewire.com/best-free-antivirus-software-4151895

The Best Free Antivirus Protection for 2019 (updated 2019.12.04)

https://www.pcmag.com/roundup/267984/the-best-free-antivirus-protection

(Though the last is from PC Magazine, a commercial publication, Neil J. Rubenking is, IMHO, an honest broker who, in addition to aggregating the results from the various testing labs, also performs his own comprehensive in-house testing.)

FWIW, I have had Avira Free A-V installed on over a dozen Win 7 rigs, along with Malwarebytes Anti-Exploit and Malwarebytes Anti-Ransomware (with a minimum of Ivy Bridge i7 & 8 GB RAM); also installed are uBlock Origin, NoScript, Privacy Badger & HTTPS Everywhere browser protection extensions in both Slimjet Chromium-based browser and Firefox ESR (none has experienced an infection, going back many years now).

Five machines run Bitdefender Antivirus Free instead, as their users do not require the configuration options that Avira offers; they have remained clean, as well.

Cheers,
AJN

5 users thanked author for this post.

OscarCP, Charlie, Cybertooth, jburk07, SueW

Reply | Quote

I am beginning to get the feeling that there is going to be more talk than expected about Windows 7 here, at Woody’s, after next January’s EOL.

I think it was just me (maybe someone else as well?) that commented in an earlier tread, some time ago, that the fact of millions of home and small business (no “Enterprise”) PCs still running Windows 7 after EOL and most likely to continue doing so for quite some time into the future, might interest some enterprising people in starting the possibly quite lucrative business of providing support after MS ended giving it.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

2 users thanked author for this post.

Charlie, LHiggins

Reply | Quote

I think a lot of us have had that thought – and it does make perfect sense that someone would come up with something to allow all of those Win 7 computers to exist safely post Jan 2020.

This news about 0Patch is very interesting and I am actually pretty excited about the possibilities. While I am really enjoying getting my new Linux set up operational, if there is a way to keep Win 7 going – that would be really great!

Hope to hear more – but nice that there is something to look into at least!

Reply | Quote

I consider myself to be a non-techie, but something just doesn’t seem to add up here.

Either I’m inferring or 0patch is implying (or a combination of those two) that bugs, holes, vulnerabilities – whatever you want to call them – that are found in the Windows 7 operating system can be effectively patched with a “few lines” of code. If that’s true, why would Microsoft not also patch in this manner instead of the massive 400MB (roughly) Rollup and 80MB (roughly) Security Only patches? It would seem that the “few lines” patches would be far easier to test and fix if issues with said patches were found. I would think that MS would be all over this “few lines” patching method. Can someone enlighten me why they aren’t, and while you’re at it whether the “few lines” patching method is actually any good?

4 users thanked author for this post.

Charlie, jburk07, wavy, OscarCP

Reply | Quote

DrBonzo: Thanks for bringing this up. I now have the same question. One entry by Anonymous #1959604  further up has provided this partial copy of an article explaining that “All micropatching is done in memory only; 0patch never changes any executable files on file system. Therefore all signatures on files remain valid and all file integrity checks remain unaffected.”

Whatever that means. I am hoping someone will visit this thread at this point and provide an explanation that is reasonably clear and not too technical as well as not too terse.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

DrBonzo

Reply | Quote

I have a question that, most likely, has not been answered already:

How does one prepare one’s Win 7 PC (mine is described in the Signature Panel below the text of this entry) to make it ready to install 0day’patches? (For example, for getting MS’ extended service one needs to have first the November S&Q Rollup installed.)

The requirements are not explained in the 0patch Web site, either among the FAQs or anywhere else I’ve looked into. A way one might find out more about this is by opening an account with 0patch, something I’ll never do unless I already wanted to establish a long-term relationship with a specific online service, which is not the case here, just yet, or would be until I know more, beginning with the answer to this question.

For other common sense questions on similarly practical issues, though, their site already has some very comprehensive and clear explanations.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

@oscarcp, the answer to your question is that no special preparatory steps are needed to get your PC ready for 0patch. All you need to do is to download their software, install it, and simply start using it.

They offer a free version which is comparatively pretty limited but it will give you an feel for the UI and for how the program operates.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

3 users thanked author for this post.

jburk07, LHiggins, OscarCP

Reply | Quote

[OscarCP]

Thanks, Cybertooth. Now it turns out that a second question comes to mind and I can’t find the answer:

How does one “uninstall” a 0patch that turns out to be not so good? (To screw up something, sometime, it happens to the best of us, so why not to the 0patch people?)

And a third question, answer not found, also comes to mind:

Who will be keeping a weather eye on those patches? Woody’s will be swamped with the questions about and the troubles with Windows 10, releases 0 through 100094567.6.78 and the MVPs and other helpful souls here, sadly, will have neither the time nor the energy left to help out with 0patch issues on top of all that.

Helpful practical answers to these questions shall be deeply appreciated.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

• This reply was modified 3 years, 9 months ago by OscarCP.

Reply | Quote

That’s a very useful question, OscarCP.

Perhaps adhering to the well-established protocol of waiting a reasonable length of time before installing their patches (as with those from MS), as well as performing a full backup and setting a Restore Point, will adequately address that issue.

Reply | Quote

AJNorth: That is a reasonable suggestion, except that it assumes that the 0patches are installed in one’s PC only when one says “OK, go ahead”, or whatever might be the 0patch equivalent of  Windows’ “check for updates and let me know, but don’t install anything until I say so” — and also assuming that such an option is available to their users.

So, fourth question that comes to mind:

Is an option to “wait until I say so before installing anything” available to the users of 0patch?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

@oscarcp, you wanted to know:

How does one “uninstall” a 0patch that turns out to be not so good? (To screw up something, sometime, it happens to the best of us, so why not to the 0patch people?)

The opatch manual (which @lhiggins helpfully linked us to) states on page 6 that:

0patch does not change executable files on the file system. It only modifies code in memory of running processes, which allows it to easily and quickly apply and remove patches without even relaunching applications, much less restarting your computer.

These micropatches are therefore not “installed” in the way we traditionally understand the term. They run only on memory. If this is so, then you don’t need to make backup images or set restore points, because nothing on your hard drive is being changed. If you should encounter issues with micropatches, you can either exclude an application from having any patches applied to it or you can disable a specific patch. From the manual;:

Normally, all applications loading patchable modules are being patched, which allows 0patch to provide maximal protection. However, for troubleshooting purposes any application can be manually excluded from patching. Such application does not get any patches applied until it gets un-excluded.
Each patch, when downloaded from the server, is initially enabled, which means it is getting applied to the module it was designed for, and therefore to all processes loading that module.
For troubleshooting purposes, any patch can be manually disabled, which causes its immediate removal from all processes in which it is applied, and prevents its application to newly launched processes. Naturally, a disabled patch can be manually re-enabled.

Regarding your other questions, unless somebody here has insider knowledge of the 0patch software, you’re probably best off contacting the 0patch people directly as LHiggins suggested. Then you could report back to us on what they said; they might even like to come into Woody’s to participate in the discussion.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

5 users thanked author for this post.

Steve, jburk07, OscarCP, LHiggins, Myst

Reply | Quote

[LHiggins]

Thanks for bringing the 0patch discussion back. I think this is still something that Win 7 users are going to be interested in.

A while back, I emailed 0patch with some questions, and they were very helpful – so perhaps these additional questions would be best answered by 0patch directly. And additional info can then be posted here.

I also have downloaded the 0patch manual:
https://0patch.com/files/0patch_Agent_User_Manual_19.11.15.10650.pdf
which seems to have a lot of information as well. I haven’t read it all through yet – but I think that some of the answers we are seeking will be found there.

The one thing I did get from my initial emailed questions to them is that to get the useful patches, an 0patch Pro license is needed, and they agreed that there wasn’t any reason to pay for that before the Win 7 EOS.

I also found this from the 0patch FAQs that was also important to me with limited internet access:

0patch is really, really light on your bandwidth. In a default setting, each 0patch agent contacts (“syncs with”) the server once every hour when connected to the Internet, and a typical sync consumes less than 4.5 kilobytes in each direction on the Ethernet level. (This includes Ethernet, IP, TCP and TLS layers). When a new micropatch is downloaded from the server, the download link is burdened with an additional 1-2 kilobytes per micropatch. (Note that the actual micropatch code is much smaller, typically under 30 bytes; the rest is for metadata and additional bytes on lower network layers.)

For most enterprises this means that even a large fleet of computers can communicate with our cloud-based server without a noticeable network disruption. However, if needed the frequency of syncing can be adjusted to the available bandwidth.

Sounds much better than the large and very slow MS updates that we’ve been getting lately. My Nov. updates took well over 1 1/2 hours just for two updates!

As I am using Win 7 Home, I am not going to be eligible for the MS extended support, so 0patch is looking very promising. I’ll be interested to hear any other thoughts, and if I do decide to try it, I’ll be happy to post some of my experiences here too.

• This reply was modified 3 years, 9 months ago by LHiggins.

9 users thanked author for this post.

Charlie, Steve, jburk07, OscarCP, SueW, Myst, Microfix, AJNorth, Cybertooth

Reply | Quote

Thank you so much, LHiggings, for your answers and for the link to the 0patch manual, that I have downloaded and looked through.

From reading this manual, it looks like the patches do not wait for permission to be installed, as it is an option in Windows, but get installed automatically by the 0patch Agent that keeps checking, frequently and at regular intervals, the 0patch server for new patches that might have become recently available. The Agent informs the user with pop up messages of their installation, and the user is then free to disable the patches, but this can be done only after the fact.

Also thanks, Cybertooth, for your answers.

Though I have one quibble about this:

“These micropatches are therefore not “installed” in the way we traditionally understand the term. They run only on memory. If this is so, then you don’t need to make backup images or set restore points, because nothing on your hard drive is being changed.”

If “installed” means keeping around, for future uses, the code of the micropatch after it is downloaded and has been made ready to work by the Agent, then this code has to be kept in some form of permanent storage either in the HD or the non-volatile memory in or along with the BIOS or UEFI. You probably did not mentioned this, because it seemed too obvious, but, just in case I thought I would mention it here.

And, finally, I think that with the information received yesterday and today, the next steps, for me, should be: to install the 0patch Agent and give this service a try using the free version that, according to LHiggins, might actually be the complete Pro service being made available for free until January the 14th:

“The one thing I did get from my initial emailed questions to them is that to get the useful patches, an 0patch Pro license is needed, and they agreed that there wasn’t any reason to pay for that before the Win 7 EOS.”

I hope this thread continues to be visited by Win 7 loungers and anonymous passers by, so we all may learn more about this service, particularly now that Win 7’s Day of Doom is approaching fast.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

LHiggins

Reply | Quote

? says:

glad there is the 0patch option. i read through the posts and still wondering if it can fill in the blanks since i’ve skipped the July, and September  “Security Only\w baked in telemetry,” microsoft ones and will likely not install the December win7 eol nag patch…

 

Reply | Quote

[Cybertooth]

OscarCP wrote:

If “installed” means keeping around, for future uses, the code of the micropatch after it is downloaded and has been made ready to work by the Agent, then this code has to be kept in some form of permanent storage either in the HD or the non-volatile memory in or along with the BIOS or UEFI. You probably did not mentioned this, because it seemed too obvious, but, just in case I thought I would mention it here.

My understanding of the way it works is that the micropatches are used as needed each time–the programs getting protection undergo no permanent changes. See this paragraph from page 6 of their manual (my emphasis):

0patch does not change executable files on the file system. It only modifies code in memory of running processes, which allows it to easily and quickly apply and remove patches without even relaunching applications, much less restarting your computer. Patching is done instantly and (if you want) silently, and so is un-patching.

These patches apparently are stored locally in a database for the 0patch program, but from the looks of it they do not modify the stored files for the programs (i.e., Java or Windows) that they patch, only while the programs are running and only in memory. See this paragraph:

A patch is considered installed as soon as it is downloaded from the server along with an appropriate license and stored in a local database. This does not automatically mean that it is applicable to your computer, only that it is there waiting to be used in case it is needed.

This page from their FAQ may also help in understanding what happens with these micropatches. And this category of FAQs will be of particular interest to us Windows 7 users.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

• This reply was modified 3 years, 9 months ago by Cybertooth.

2 users thanked author for this post.

jburk07, LHiggins

Reply | Quote

Cybertooth,

I entirely agree on the 0patches being saved to a data base, but that must be stored somewhere in the user’s PC or in the Cloud. But 0patch, as far as I have been able to find out, does not offer a yes or yes Cloud option, least of all to those that choose the free option. So “somewhere” has to be a permanent storage device in the PC itself. That leave, as the only choices, the HD (or SSD) and the UEFI, BIOS… non-volatile memory. That was actually my point.

So you are right: 0patching does not change any Win 7 (the OS) files or any of the user’s own files,because it changes just that 0patch data base (that is neither) dedicated to keeping the micropatches once they are downloaded and installed, and where they may be later replaced or deleted, if necessary, either automatically, under the command of the 0patch Agent software following instructions received over the Internet from 0patch Central command, or deliberately by the user ordering it through the Agent’s GUI.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

LHiggins

Reply | Quote

[Cybertooth]

OscarCP wrote:

I entirely agree on the 0patches being saved to a data base, but that must be stored somewhere in the user’s PC or in the Cloud. But 0patch, as far as I have been able to find out, does not offer a yes or yes Cloud option, least of all to those that choose the free option. So “somewhere” has to be a permanent storage device in the PC itself. That leave, as the only choices, the HD (or SSD) and the UEFI, BIOS… non-volatile memory. That was actually my point.

@oscarcp, thanks for clarifying. It had seemed to me that your concern was that 0patch might make some kind of persistent change onto the saved files for the software that it offers patches for, in the same manner that (for instance) Microsoft modifies Windows files or Adobe modifies Acrobat files with their respective patches… which is the way that the concept of “installing” a patch has historically been understood.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

• This reply was modified 3 years, 9 months ago by Cybertooth.
• This reply was modified 3 years, 9 months ago by Cybertooth.

2 users thanked author for this post.

jburk07, LHiggins

Reply | Quote

Thanks everyone who has added to this discussion, especially Cybertooth ! Very much appreciated!

From my limited understanding, the PC needs to be “fully patched” with the latest Win 7 updates before starting the 0patch process – so I think that means that we do need to get the December and January updates to be sure that we are “ready” after EOS? Not sure that is right, but I’ll look back to see where I got that idea.

I think that as we all learn more it will be very helpful for everyone to keep posting ideas and updates and things that they’ve learned.

Cybertooth wrote:

Then you could report back to us on what they said; they might even like to come into Woody’s to participate in the discussion.

That would be great, too – to be able to ask questions directly!

OscarCP wrote:

I hope this thread continues to be visited by Win 7 loungers and anonymous passers by, so we all may learn more about this service, particularly now that Win 7’s Day of Doom is approaching fast.

Yes – let’s keep it alive and we can all learn more!

Thanks again!

2 users thanked author for this post.

Cybertooth, jburk07

Reply | Quote

From my limited understanding, the PC needs to be “fully patched” with the latest Win 7 updates before starting the 0patch process

I know this is not going to sit well with Group B people, but the question arises, so I’ll ask it.
Does this also include the July and September SO patches (that contained the telemetry)?

5 users thanked author for this post.

Microfix, Charlie, LHiggins, Cybertooth, jburk07

Reply | Quote

Hmm, interesting question. I’ve been Group B but I did install those months’ Windows SO patches. I thought that one would be OK by then proceeding to apply the suggested method for disabling the telemetry in Task Scheduler. Or have I been absorbed by the Borg anyway?  🙂

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

2 users thanked author for this post.

Charlie, LHiggins

Reply | Quote

Same here, and I’m not hearing the voices of the collective.

Being 20 something in the 70's was much more fun than being 70 something in the 20's.

1 user thanked author for this post.

Cybertooth

Reply | Quote

LHiggins wrote:

From my limited understanding, the PC needs to be “fully patched” with the latest Win 7 updates before starting the 0patch process – so I think that means that we do need to get the December and January updates to be sure that we are “ready” after EOS?

OK – I think this is what I was thinking of:

What will I have to do to receive post-EOS Windows 7 and Windows Server 2008 micropatches?

To receive our post-End-of-Support Windows 7 and Windows Server 2008 micropatches, you will have to:

1. Apply all official Windows updates to your Windows 7 and Windows Server 2008 computers up to the latest ones (or the latest available monthly rollup, which includes both latest security fixes and all past security and non-security fixes), and also any subsequent updates that Microsoft may issue (like they have issued EternalBlue and BlueKeep updates for Windows XP and Windows Server 2003 after their support had ended).
2. Install 0patch Agent on each Windows 7 and Windows Server 2008 computer you want to protect with 0patch, and register these agents with your 0patch account.
3. Have a suitable number of 0patch PRO or 0patch Enterprise licenses in your 0patch account.
4. Allow your 0patch-protected computers to connect to 0patch server for periodic syncing in order for them to receive new micropatches and in order for you to remotely manage them (included in the Enterprise license).

That may be a deal breaker for some who are hoping to avoid MS update issues, so maybe we need more info – but that does seem to me that the PC needs to be completely up to date on updates for this to work.

Reply | Quote

Maybe we need to start a list of a few questions to ask 0patch directly? I’ll be happy to gather them up and email 0patch and post back with answers.

I’ll start with PKCano’s question from above:

PKCano wrote:

I know this is not going to sit well with Group B people, but the question arises, so I’ll ask it. Does this also include the July and September SO patches (that contained the telemetry)?

Exactly what is required beforehand? -My post above #2018726 does indicate “updates to your Windows 7 and Windows Server 2008 computers up to the latest ones (or the latest available monthly rollup, which includes both latest security fixes and all past security and non-security fixes)” but maybe we do need more specifics.

Anyone who wants to add on a question – please do – or if you have already asked 0patch – let us know your Q&A, too.

 

2 users thanked author for this post.

jburk07, Cybertooth

Reply | Quote

OK – and sorry that this is another separate comment – I ran out of editing time.

So – here are the questions and answers I got when I emailed Mitja Kolsek at 0patch in the fall:

Q1. First – do I need to have a Pro version of Windows 7 to purchase a Pro subscription – or will those patches work on the Home version as well?
A. You don’t need Windows 7 Pro – all Windows 7 versions including Home will be receiving our post-EOS micropatches

Q2. I believe that I read that 0patch will download and install patches automatically whenever they are available – so does that mean that my computer would need to be online continuously, or will it just “catch up” with patches once it goes back online after a patch has been issued?
A. Micropatches are delivered to your computer automatically when it’s online, but once they’re there, they’re getting applied when needed whether the computer is online or not. So yes, 0patch will “catch up” when you go back online.

Q3. Will 0patch be as effective in protecting my laptop as the monthly MS updates?
A. 0patch vs. Microsoft’s Extended Security Updates is best described here.

Q4. How long will 0patch issue Win 7 patches?
A. We plan to provide Windows 7 and Windows Server 2008 post-EOS micropatches for three years

Q5.As a home user – just mainly internet and email, will a free version be sufficient, or do I need a Pro license? What are the advantages of a Pro license for a home user?
A. Windows 7 and Windows Server 2008 post-EOS micropatches will only be delivered to agents with a PRO license.

Q6. Can I start using 0patch now – or do I need to wait until the last MS update in Jan 2020
A. You can start using 0patch now to get any patches that are currently relevant on your computer. (On a fully updated Windows 7, at least one micropatch should be relevant for a vulnerability Microsoft decided was not worth patching – but we did.) Windows 7 post-EOS micropatches will, of course, only start arriving after January 2020.

Q7. “Windows 7 and Windows Server 2008 post-EOS micropatches will only be delivered to agents with a PRO license.”
So – just to clarify – does that mean that I would need a paid Pro subscription to receive the EOL patches after Jan 2020, even though I am a home user?
A. Correct, you will need a paid PRO subscription to receive the EOL patches.

A start – but as you can see, Mitja Kolsek was very helpful and answered all of my questions quickly!

 

6 users thanked author for this post.

Pierre77, jburk07, OscarCP, Cybertooth, DrBonzo, AJNorth

Reply | Quote

up to the latest ones (or the latest available monthly rollup, which includes both latest security fixes and all past security and non-security fixes)

Does this mean all the Security-only updates + IE11 CUs qualify OR does it mean you are required to have the latest Rollup. This should be perfectly clear from the outset.

3 users thanked author for this post.

jburk07, OscarCP, LHiggins

Reply | Quote

Yes – that is a question that definitely needs clarification. I’ll start a list with that as one of the most important so we can get a definitive answer.

1 user thanked author for this post.

jburk07

Reply | Quote

LHiggins, I hope I am not too late with this question for 0patch:

Are the patches automatically installed and only after they have been installed does the user get to know that this has happened, or, same as in Windows, can the user have the option to be, first, informed that there are patches available and what they are, and then decide whether to install them and when?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

2 users thanked author for this post.

jburk07, LHiggins

Reply | Quote

Hi OscarCP. Not too late. I thought I’d let this discussion run a day or two – and I can then gather up the questions and see if we can get some answers – or invite 0patch to the discussion as suggested by Cybertooth above.

In any case – how about we see what interest there is with questions over the weekend, and I can get an email together to send on Monday Dec. 16? That will give anyone interested time to review the manual and the 0patch site to see what we need to know.

And we can always ask additional questions if need be as well.

3 users thanked author for this post.

jburk07, OscarCP, Cybertooth

Reply | Quote

@lhiggins, here’s one question I’d like to pose to the 0patch folks:

In Figure 13 on page 33 of the 0patch Agent User Manual, four “Applied Patches” are shown. The status for the third one (#347, wab32.dll) is listed as “available.” With respect to this patch, the caption below the figure says that

…the license for patch 347 has expired and is therefore no longer being applied

My imperfect understanding of the way 0patch works is that your Free version is extremely limited in the number of micropatches that get applied–only a tiny fraction of those available in the Pro version. Therefore, if you let your 0patch Pro subscription lapse, I don’t really see how two of the four micropatches in Figure 13 would still be available to be applied, unless “license expiration” refers to the software itself that would be patched.

So here’s the question. When you say that the license “has expired,” do you mean that the 0patch customer no longer has a valid license from 0patch to use that micropatch, or do you mean that the customer no longer has a valid license to use that software to which the micropatch might be applied?

I think I know the answer but want to make sure. Thanks for helping me to understand.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

2 users thanked author for this post.

jburk07, LHiggins

Reply | Quote

I have another one on something that I saw earlier on, but now I cannot find it to quote verbatim here. It went more or less like this: “people with a  free license will get only patches to close holes through which some alarmingly bad piece of malware, recently discovered out and about and rampaging in the wild, can infiltrate the PC and do all kinds of nasty things there.” I understood this referred to patches for really scary gigaton-level malware of WannaCry-grade malignity.

Am I right here, or is this just a faulty recollection of mine?

Also, I have found no earlier mention anywhere (including the 0patch license Agreement that I have been reading) of a complete cutoff of free patches after Win 7 EOL or at any other definite time.

So, have I missed that, somehow?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

LHiggins

Reply | Quote

Thanks for the questions – I’m making a list to email 0patch.

I came across this section of 0patch that also might help to explain/answer some questions and concerns.

I’ll check back here Sunday and start to compile my email to them. Hopefully they’ll be able to give us some answers quickly, or join the discussion here.

Thanks again!

2 users thanked author for this post.

jburk07, OscarCP

Reply | Quote

Clicking on the link to the 0patch Web site provided by LHiggins a few comments above ( #2019478 ) and digging a bit around, I have found the following statements that should clear up some of the questions we have asked here, mine in particular, but also brings further questions (see mine below the quoted text):

“To receive our post-End-of-Support Windows 7 and Windows Server 2008 micropatches, you will have to:

1. Apply all official Windows updates to your Windows 7 and Windows Server 2008 computers up to the latest ones (or the latest available monthly rollup, which includes both latest security fixes and all past security and non-security fixes), and also any subsequent updates that Microsoft may issue (like they have issued EternalBlue and BlueKeep updates for Windows XP and Windows Server 2003 after their support had ended).
2. Install 0patch Agent on each Windows 7 and Windows Server 2008 computer you want to protect with 0patch, and register these agents with your 0patch account.
3. Have a suitable number of 0patch PRO or 0patch Enterprise licenses in your 0patch account.
4. Allow your 0patch-protected computers to connect to 0patch server for periodic syncing in order for them to receive new micropatches and in order for you to remotely manage them (included in the Enterprise license). “

My follow on question is about point 1 above: many of us here have not installed “all past security and non-security fixes“, in fact, on the advice of others here, we often skip some of those or hid them, etc. For my part, I do install the security fixes, unless there are known problems with them. I always install the Security Only and the IE11 Cumulative patches, most Office 10 patches, some .Net rollups, and some non-security ones that either may be useful, or are thought to be mostly harmless.

So this is my follow on question: given my discriminatory patching ways, as described above, am I eligible for receiving 0patch micropatches?

And it maybe an idea to stress that the way I patch is not just something very unusual that only I do. I’m pretty sure of having plenty of company in this respect here.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

3 users thanked author for this post.

Steve, LHiggins, Charlie

Reply | Quote

7 is a nice simple OS for home users.  Let MS give it up and let it become an open source  as the various Linux OS’s are.

2 users thanked author for this post.

Pierre77, Cybertooth

Reply | Quote

OscarCP wrote:

My follow on question is about point 1 above

It is understandable to require a fully patched Windows 7 in order to get support and patches that may rely/fix previous Microsoft patches.
This looks like Opatch safe guard when their patch crashes W7 due to missing original patch…

1 user thanked author for this post.

LHiggins

Reply | Quote

I send off the email to 0patch with a compilation of questions from this discussion. Will post back replies when I get them. I also gave 0patch the link to this discussion and invited them to answer here directly, too.

2 users thanked author for this post.

jburk07, Cybertooth

Reply | Quote

Hi everyone!

OK – I sent the questions that had been posed and below are the answers. Mitja is a Plus member at AW, so he was familiar everything. He felt that one post with answers all in one place would be best – so I’ll copy his email below.

If I missed a question, or if you find that you have further follow-ups – I would suggest that you email Mitja at 0patch directly. He and 0patch are very responsive, and I’m sure Mitja would be happy to follow up with anyone who asks. And if you do get some updated info, I know we’d all appreciate you sharing it here as well.

So – here are the questions I posed and Mitjak’s answers. He included some links for additional info, which I’ll try to recreate as well.

1. Can you clarify what needs to be done to a Win 7 computer to enable it to be ready to use 0patch Pro come January? Many of the users at Ask Woody apply Win 7 updates judiciously, so the question was posed as follows: “Does this also include the July and September SO patches (that contained the telemetry)?Does this mean all the Security-only updates + IE11 CUs qualify OR does it mean you are required to have the latest Rollup.”

A1: To clarify this, I must explain how our micropatches work: each micropatch we issue is applicable to a specific executable module (usually EXE or DLL), based on that module’s cryptographic hash. If we want to micropatch the same vulnerability on two versions of svchost.dll, for example, we need to make two micropatches (i.e., port the micropatch from the one that we patch first, to the other). While such porting is often trivial (but not always), each executable module on any Windows system comes in *many* versions, with every update changing from one to potentially hundreds of executable modules. To cut down on porting, and more importantly, to minimize the risk of our users not having the correct version of modules we’re patching, we want them to have (ideally) identical copies of Windows 7 computers – at least as far as OS files go. That is why we decided on our requirement to “Apply all official Windows updates to your Windows 7 and Windows Server 2008 computers up to the latest ones (or the latest available monthly rollup, which includes both latest security fixes and all past security and non-security fixes), and also any subsequent updates that Microsoft may issue (like they have issued EternalBlue and BlueKeep updates for Windows XP and Windows Server 2003 after their support had ended).” (see https://0patch.zendesk.com/hc/en-us/articles/360009446600). We think this gives us the best chance of unifying all users’ computers on a common baseline. Not installing some updates (such as the July and September SO patches) might result in some executable modules not being of the same version as those with the latest rollup, and micropatches for such modules would then not get applied. (Moreover, users would not even know they could have been applied but weren’t due to improper version.) We’re discussing ideas internally on how to at least detect on our end that some micropatches aren’t getting applied when they should have been, but this would mean pulling more telemetry from computers and that’s generally not something people are happy with.

2. “Are the patches automatically installed and only after they have been installed does the user get to know that this has happened, or, same as in Windows, can the user have the option to be, first, informed that there are patches available and what they are, and then decide whether to install them and when?”

A2: Until recently, our micropatches got automatically installed (i.e., downloaded to a local database) and immediately started getting applied with no user intervention or approval – which we believed was a good approach for individual users who don’t want to even be bothered with patching. For organizations, which are accustomed to approving and testing patches before wide deployment, we developed “Enterprise” features, which are part of the recently launched 0patch Central (still in early, on-demand access that can be requested at sales@0patch.com after creating a 0patch account at https://central.0patch.com). With Enterprise features enabled, admins can organize computers in groups and set patching policy for each group (or have it inherited from the parent group). Using policy settings, one can set the “default state for all new patches” to disabled on the root group, and then only set it to enabled for the Test group, which will get all new micropatches automatically applied in the latter but not everywhere else. We’re still working on how to alert users that new patches have arrived that are relevant to their computers – which is an important UX challenge as in contrast to typical monthly scheduled updates, our micropatches are issued as soon as they’re ready, which can be any day of the week. (That’s also why our initial approach was to just get them applied without any approval.) Needless to say, we’ll welcome all ideas from users and potential users here in the forum on how they’d like this to work.

3. This one is kind of long – but one reader asked: “in Figure 13 on page 33 of the 0patch Agent User Manual, four “Applied Patches” are shown. The status for the third one (#347, wab32.dll) is listed as “available.” With respect to this patch, the caption below the figure says that
…the license for patch 347 has expired and is therefore no longer being applied
My imperfect understanding of the way 0patch works is that your Free version is extremely limited in the number of micropatches that get applied–only a tiny fraction of those available in the Pro version. Therefore, if you let your 0patch Pro subscription lapse, I don’t really see how two of the four micropatches in Figure 13 would still be available to be applied, unless “license expiration” refers to the software itself that would be patched.
So here’s the question. When you say that the license “has expired,” do you mean that the 0patch customer no longer has a valid license from 0patch to use that micropatch, or do you mean that the customer no longer has a valid license to use that software to which the micropatch might be applied?”

A3: Correct, the FREE plan is very limited (see https://0patch.zendesk.com/hc/en-us/articles/360020855914 for comparison between FREE and PRO). Unfortunately, by changing the way we do patching (in-memory instead of in files, proactively downloading all patches to all computers), we introduced some confusion with terminology: “available” means “available for purchase”, i.e., specifically for patch #347 in Figure 13 on page 33 of the 0patch Agent User Manual, this patch has been applied at least once in the past (or it wouldn’t have been in the “APPLIED PATCHES” list) when a PRO license was still active on the computer, but now that the license has expired it’s not getting applied anymore – hence “available for purchase”. We know, it’s not at all intuitive and we’re not proud of the confusion we sometimes cause but we’re trying to accommodate both users who want to know all the details and users who would rather not. Finally, to directly answer: When we say that the license “has expired,” we mean that the 0patch customer no longer has a valid license from 0patch to use that micropatch.

4. “I have another one on something that I saw earlier on, but now I cannot find it to quote verbatim here. It went more or less like this: “people with a free license will get only patches to close holes through which some alarmingly bad piece of malware, recently discovered out and about and rampaging in the wild, can infiltrate the PC and do all kinds of nasty things there.” I understood this referred to patches for really scary gigaton-level malware of WannaCry-grade malignity.”

A4: Correct – the FREE plan is very limited (see https://0patch.zendesk.com/hc/en-us/articles/360020855914 for comparison between FREE and PRO) and specifically as far as Windows 7 and Windows Server 2008 post-EOS micropatches go, we’ll only make individual ones free in case of a serious malware outbreak to help block it.

5. “I have found no earlier mention anywhere (including the 0patch license Agreement that I have been reading) of a complete cutoff of free patches after Win 7 EOL or at any other definite time.”

A5: 0patch FREE will continue to be available (conditions apply, see https://0patch.zendesk.com/hc/en-us/articles/360018692234) and we’ll continue to add select micropatches to the FREE plan (see https://0patch.zendesk.com/hc/en-us/articles/360020855914) but we need to emphasize that 0patch FREE is by no means a suitable tool for keeping Windows 7 and Windows Server 2008 reasonably secure after their EOS.

6. Can/should I start an 0Patch PRO license now – or soon in January – to prepare for getting the Win 7 EOS patches when they do become available.

A6: We recommend testing 0patch for compatibility and suitability in your environment before January 2020 so that any technical problems can be resolved in time. Anyone interested in running a trial can contact us at sales@0patch.com for access to Enterprise features such as central management, and some trial PRO licenses (so do try before you buy). We’ll be happy to help you set things up.

I hope this helps to clarify things about using 0patch. I am going to give it a try – I may ask Mitja for the trial PRO license after Christmas when things are a bit less hectic. When I do, I’ll let you all know how it goes!

4 users thanked author for this post.

Charlie, jburk07, SueW, Cybertooth

Reply | Quote

LHiggins: Thank you so much for going to all the trouble of conveying our questions to 0patch, and to Mitja for giving them those clear and fully spelled out answers.

Still I think there is a problem that, as I read it, the answer to the first question in the list could mean that very few, or none of us, Woody’s regulars, shall be able to benefit from 0patches:

“…we want them to have (ideally) identical copies of Windows 7 computers – at least as far as OS files go. That is why we decided on our requirement to “Apply all official Windows updates to your Windows 7 and Windows Server 2008 computers up to the latest ones (or the latest available monthly rollup, which includes both latest security fixes and all past security and non-security fixes), and also any subsequent updates that Microsoft may issue (like they have issued EternalBlue and BlueKeep updates for Windows XP and Windows Server 2003 after their support had ended)”

In other words, if we have not applied some patches in the past — for a variety of good reasons often discussed and then recommended not to apply in the various forums here — are we eligible for any 0patch support? I read the reply from Mitja with a sinking feeling, as it seems to mean: “negative, “no”, “out of the question” and “forget it.”

Of course, there is always a very small chance I might be wrong. It has happened very, very rarely but, truth to be told, it is still possible (in theory, at least) that I might be actually wrong about anything. Hope such is the case about this, now.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

2 users thanked author for this post.

Charlie, LHiggins

Reply | Quote

I read it as meaning you basically need to be in Group A and fully patched to the last CU released by MS, as the Cumulative Rollup represents “all patches” (security, non-security, and IE11).
I realize you would like it to be otherwise, but I don’t think that is reality.

2 users thanked author for this post.

SueW, LHiggins

Reply | Quote

If memory serves, over time, people that follow the best advice provided here have not applied certain patches for a variety of excellent reasons, and this goes for all groups, regardless of their choice of the group by capital letter.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

LHiggins

Reply | Quote

But, if you skip a Rollup and install the next Rollup, you have not skipped a patch because they are CUMULATIVE.
AND, the SOs do not contain non-security fixes.

1 user thanked author for this post.

LHiggins

Reply | Quote

In other words, PK, you are saying that anyone that is going to be a Windows 7 holdout and is not a Group A member here, is doomed to a bleak patchless future?

I await other opinions that might or might not agree well with yours. In the meantime, I feel oddly satisfied, possibly even smug, having already installed Mint in dual boot with Windows 7 and also being the proud owner of a 2 1/2 years old Mac laptop. Any port in a storm.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

LHiggins

Reply | Quote

Yeah, it’s sounding like 0patch wouldn’t work (or at least, not optimally) for Group B.

Perhaps things will become more and more clear over time.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

4 users thanked author for this post.

Steve, jburk07, LHiggins, SueW

Reply | Quote

PKCano, could any GroupB aficionado who desires to use 0patch bring themselves to immediate compliance by following GroupA directions just once? (and then maintaining current with 0patch.)

As a separate question for we GroupA’s who use the fabulous win10Tel executable provided by abbodi86, a) should it be disabled, and b) once disabled no other action is necessary?

I think these questions are more appropriate to AskWoody than to 0patch.

1 user thanked author for this post.

LHiggins

Reply | Quote

Group A requires more than installing the Rollups. Other requirements are “check the boxes marked “Give me recommended updates the same way I receive important updates” and “Give me updates for Microsoft products.” So basically unhide everything and install everything. Recall that the functionality of KB2952664, the telemetry patch that everyone hid for so long, was incorporated into the Rollups in Sept 2018, so even that is installed. The Rollups each month contain/cover the contents of the unchecked Preview patches, so those don’t count.
Whether there is an exception for the recent EOL nag patches KB4493132 and 4524752 is a question for 0patch to answer.

The Win10Tel script does not, to my knowledge, delete any files. It disables or deletes scheduled tasks in the Task Scheduler that are involved in sending telemetry. I don’t see a problem there. But again, that point is a question for 0patch.

2 users thanked author for this post.

LHiggins, Pierre77

Reply | Quote

I am also wondering if programs that dig deep into MS system files (ie AntiVirus) would be a problem.

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

One question has been at he back of mind since yesterday: Group A users install rollups, etc. but how about the patches that were NOT installed by them before there were such things as S&Q rollups? Rollups have been around only relatively recently; before that people had to choose what to install, patch by patch, without having rollups as an alternative. So even if they installed all the rollups since the very first one, their OSs still won’t be, roughly speaking, as equal to each other as, if I understood this correctly, seems to be required by 0patch. And even after the 0patch micropatches start to roll in, if people decided to eliminate some micropatches that are creating problems for them, something that may  depend on what applications they have installed in their machines and also on how they use them, then the following micropatches will have to be applied to machines with basically different OS configurations. Which, if the “everything must be the same in there” rule were to be applied strictly, that would be the end of 0patch patching.

I suspect that something in my reasoning here does not add up. Perhaps someone could explain what is that I have gotten wrong about this whole thing?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

LHiggins

Reply | Quote

Hi OscarCP,

I think that there are going to still be a lot of questions. Why don’t you pose this one to 0patch and post the answer back here? They are very responsive, and you can explain your thoughts to them and hopefully get an answer that is reassuring.

I, myself, have also been wondering about the .NET patches and how they figure into this.

Let us know what you find out!

Reply | Quote

LHiggins: After looking through this thread, from top to bottom, still I am not clear what is the email address or the Web Page URL to use for asking this sort of question to someone in 0patch. Because it requires the explanation of things peculiar to Woody’s such as “Group A”, Group B’, “Group W”, etc. mine is not likely to be answered already in their FAQ section. So, would you mind posting that information here? Thanks.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

LHiggins

Reply | Quote

[LHiggins]

My initial contact was at this email: sales@0patch.com though I think support@0patch.com or support@0patch.zendesk.com would also work. From there, they will route it to their support area and you should get a fairly quick reply.

If you note at the beginning that you are part of AW and mention Mitja Kolesk and this discussion, I’m sure it will help to get you to the right place.

Good luck!

• This reply was modified 3 years, 9 months ago by LHiggins.

2 users thanked author for this post.

OscarCP, Cybertooth

Reply | Quote

The ultimate authority on these questions is 0patch, of course, but I can offer some  tentative answers that seem reasonable to me:

Rollups have been around only relatively recently; before that people had to choose what to install, patch by patch, without having rollups as an alternative. So even if they installed all the rollups since the very first one, their OSs still won’t be, roughly speaking, as equal to each other as, if I understood this correctly, seems to be required by 0patch.

Isn’t it the case that Rollups contain all previous Microsoft patches? After all, that’s the reason for the existence of Group B: to apply patches selectively. If this is so, then I would hypothesize that, once you install the latest Rollup as recommended by 0patch, your Windows installation will be the same as that of anybody else who installed that Rollup. (Remember, we’re talking Windows here and not other applications.)

And even after the 0patch micropatches start to roll in, if people decided to eliminate some micropatches that are creating problems for them, something that may depend on what applications they have installed in their machines and also on how they use them, then the following micropatches will have to be applied to machines with basically different OS configurations.

My understanding of it is that 0patch micropatches for other applications are applied only if you have those other applications installed, and they are separate from Windows micropatches. Windows itself (the OS configuration, as you put it) remains unaffected by micropatches for other programs you may have.

These are educated guesses based on my reading of the 0patch documentation. The 0patch folks are invited to disabuse me of any misconceptions I may have expressed above. Others who may require further elucidation, please hold your horses until we hear from 0patch.  🙂

Now here’s a new question of my own: suppose that we do assent to installing the Rollups so that our Windows 7 PC may become eligible for 0patching, but then we disable the telemetry that comes along with them: does that constitute enough of a difference in the OS configuration to disqualify our PC from micropatching (or to render the micropatching useless)?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

2 users thanked author for this post.

LHiggins, OscarCP

Reply | Quote

PKCano wrote:

The Win10Tel script does not, to my knowledge, delete any files. It disables or deletes scheduled tasks in the Task Scheduler that are involved in sending telemetry. I don’t see a problem there. But again, that point is a question for 0patch.

You are still fully patched if you do not remove the patches. I do not believe the patches (parts of the OS) are removed by disabling scheduled tasks.
But again, that is for 0patch to say.

1 user thanked author for this post.

LHiggins

Reply | Quote

Just as an update – I have installed the PRO version of 0patch on my Windows 7 laptop, and I’ll report back here as it runs and see how it works. 0patch gave me a 1 month free trial of PRO so that I can try it out before buying it come the end of Win 7 support. Mitja offered to do that for others if they asked.

It was easy to install, and seems to be working quietly in the background. I need to read more in the manual, but for now, it hasn’t created any issues that I’ve noticed.

Anyone else who’s asked 0patch any questions and has additional answers for us?

4 users thanked author for this post.

jburk07, Cybertooth, Pierre77, PKCano

Reply | Quote

where do we stand regarding 0patch?

Reply | Quote

Looong time lurker, never poster, and often user of advice (firmly group B).

I installed 0Patch (and updated to Pro) based on what I had first read here and before I was aware of this thread. It’s been running faultlessly for a month. After reading that we needed the rollups to get the micropatches I sent Mitja Kolsek my own question quoted below:

“I have for many months been installing the security only versions of the Microsoft updates rather than the entire rollups, plus other necessary updates such as servicing stack, malicious software tool, and .NET updates. Will this cause problems receiving the micropatches and if so, how do I work around it?”

He quickly returned with this answer:

“mitja.kolsek@acrossecurity.com (0patch Help Center)

It is important that you have the exact version of executables (EXEs, DLLs) on your Windows 7 to have our micropatches applied. Our basic requirement is that you apply the latest Rollup (from January 2020). It doesn’t matter if you then turn certain features on/off, such as the telemetry feature from October updates, but you’ll need to apply that Rollup.”

Hopefully that is of some use to those of you considering 0Patch. I’m still on the fence, and have a second computer that will need some solution as well as the one I put this on to test.

Win 7 Professional, 64 bit, was Defiantly Group B, but installed 0Patch and needed to become group A to comply.

8 users thanked author for this post.

Kaj4strom, SueW, Charlie, jburk07, Steve, abbodi86, Cybertooth, LHiggins

Reply | Quote

I understand Mijtia’s reasons, they make sense. But I am not feeling very sensible myself, something that has been happening to me for a while now and is not likely, it seems, to change any time soon. Obviously, I am a considerably flawed human being.

So my approach is going to be this: (1) forget about getting patches from anywhere, after EOL; (2) continue to use Linux (Mint) in dual boot with Windows 7 on my PC and do most of the Internet-facing work there with Thunderbird, FF, WF or Chrome that I have running on Linux. (I say “most”, not all, because I still will like to scan for viruses, etc. with my AV, that works “from the Cloud” and has been very good to me for several years of having it both in the PC and in the Mac. I want to keep this AV healthily updated and fit to scan files I might get from the Linux side and then pass to the Windows side — and also to check for malware that might find other ways to percolate into the Windows side.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

2 users thanked author for this post.

Charlie, LHiggins

Reply | Quote

Whew!  I personally like Canadian Tech’s way of doing things.  I’ll probably have to go completely over to Linux eventually.  That for me is not a big deal, but I must admit that I like Win 7 a bit more because I know more about it.

Being 20 something in the 70's was much more fun than being 70 something in the 20's.

1 user thanked author for this post.

SueW

Reply | Quote

Maybe I’m missing something but it looks to me like you’re complaint, according to Mitja Kolsek,  with the Opatch requirements (for full protection) if you install the Windows 7 January monthly rollover.  So if somebody wants to try Opatch, then unless they are afraid of installing the January monthly rollover KB,  then I don’t see what the problem is as far as the prerequisite requirements on updates for Opatch to function fully on micro patching as it’s intent is. Now if somebody is afraid to install a monthly rollover then that’s a different story.

Reply | Quote