Yes, there’s a crack to enable extended security updates on all Win7 machines. No, you shouldn’t count on it.

Topic

New Reply

Martin Binkmann on Ghacks.net has some cracking news about the Win7 Extended Security Updates — the ability to install Win7 security patches from Mic
[See the full post at: Yes, there’s a crack to enable extended security updates on all Win7 machines. No, you shouldn’t count on it.]

11 users thanked author for this post.

Carl D, FakeNinja, SueW, ve2mrx, Geo, Microfix, AJNorth, fernlady, abbodi86, Pepsiboy, WildBill

Reply | Quote

Replies

I’ll be watching this one and see if it will work for my 2 Win7 X64 SP1 machines. Waiting with fingers, toes, legs, arms, and eyes all crossed in hopes that it will WORK.

dAVE

2 users thanked author for this post.

SueW, LHiggins

Reply | Quote

KB4528069 is Extended Security Update, for testing anyway

3 users thanked author for this post.

Kranium, woody, Pepsiboy

Reply | Quote

abbodi86 wrote:

KB4528069 is Extended Security Update, for testing anyway

abbodi86,

Is this something we “Could”, “Should”, or “Should NOT” install at this time?  If not now, WHEN?? Thanks for the tip.

Dave

Reply | Quote

I would say could, but there is no point at trying it currently

Reply | Quote

So, does that then bring the possibility of utilizing “OPatch” back the fore?

2 users thanked author for this post.

OscarCP, LHiggins

Reply | Quote

0patch works, but you have to pay for extended support after a product goes out of manufacturer support.

What I see this more potentially useful for are people who are just plain users and can’t justify the expense.

EDITED html to text – may not appear as intended

Reply | Quote

Remember there is a specific product key that we will be entering.  If someone puts in a “cracked” key, they can revoke that key.

 

Susan Bradley Patch Lady/Prudent patcher

2 users thanked author for this post.

WildBill, woody

Reply | Quote

In Jan 2020 , the licensing agreement (EULA) that we all ‘agreed to’ in order to use W7 on a device, also ends. Therefore, the EULA will have no relevance after EOS.

In the W7 licensing agreement, the section on ‘Scope of the License’ states that you can not make changes to the OS that Microsoft does not agree with and you can not distribute your changes to others. So, legally you could make changes to W7 after EOS. If that is correct, there is nothing illegal about installing this crack after Jan 14, 2020. Microsoft can not use any online access it may have to W7 devices to remove the script or try to close the hole because they no longer have legal access (I am speculating).

I understand that the ESU is a separate licensing agreement, but the original W7 licensing agreement remains in effect for these clients. That means that the W7 licensing server will have to be operational until the end of 2023. It does not go away.

2 users thanked author for this post.

doriel, GreatAndPowerfulTech

Reply | Quote

NoLoki wrote:

In Jan 2020 , the licensing agreement (EULA) that we all ‘agreed to’ in order to use W7 on a device, also ends. Therefore, the EULA will have no relevance after EOS.

Why do you believe this?

(It’s certainly not stated in the EULA.)

2 users thanked author for this post.

b, Microfix

Reply | Quote

Because the contract obligations will have been met. Contracts end.

Reply | Quote

NoLoki wrote:

Because the contract obligations will have been met. Contracts end.

Open-ended licensing arrangements with no specified term don’t “end” because “the contract obligations have been met.”

From the EULA:

“By using the software, you accept these terms. If you do not accept them, do not use the software.”

There is no other “termination” clause specified in the licensing agreement that you agreed to.

3 users thanked author for this post.

b, Microfix, WildBill

Reply | Quote

[NoLoki]

The EULA merely states the terms and conditions in regards to the client’s obligations and Microsoft’s obligations under the licensing agreement (i.e. using the license). W7 has a finite life cycle where Microsoft clearly states that the service ends Jan 14,2020. Unless the client enters into an amendment with Microsoft to continue support (e.g. ESU), Microsoft (and the client) is no longer legally bound to the original contract.

FWIW: I do not care for a ‘crack’ that is basically there to skirt paying for a legitimate service (ESU). If you want ESU and you qualify for it, then pay for it or move on.

• This reply was modified 5 years, 5 months ago by NoLoki.

Reply | Quote

NoLoki wrote:

W7 has a finite life cycle where Microsoft clearly states that the service ends Jan 14,2020. Unless the client enters into an amendment with Microsoft to continue support (e.g. ESU), Microsoft (and the client) is no longer legally bound to the original contract.

There simply is no other “original contract” other than the EULA.

Microsoft is not terminating the EULA, nor are they stating that you cannot continue to use Windows 7. They’re terminating support and technical services for Windows 7, per their one-sided, non-contractually-obligated commitment to a 10-year period of support.

1 user thanked author for this post.

b

Reply | Quote

[warrenrumak]

This is pretty fundamentally flawed reasoning, for a few different reasons.

Firstly, an EULA is a legal contract.  In a general legal sense, the terms of a contract remain in effect in perpetuity if there is no agreed-upon end date.  If you disagree with this assessment, fine, but you’d have to bring the contract before the court in order to determine otherwise.

Second, if Microsoft was actually terminating the Windows 7 EULA on January 2020, then that would actually mean that nobody would have any further right to use the software.  Expiry of a license would eman mean you can’t use it any more.  It isn’t yours.  Section 8: “The software is licensed, not sold”, remember?

Third, Microsoft isn’t ending support for Windows 7…. they’re just charging for security updates that were previously free, and free support channels are going away.  That’s it.

 

I get that you really want to believe you’re correct in your beliefs…. but you’re not.  Don’t believe me?  Consult a lawyer. He’ll get you set straight.

• This reply was modified 5 years, 5 months ago by warrenrumak.

2 users thanked author for this post.

bbearren, b

Reply | Quote

The EULA does not end just because the software has reached EOL.  Microsoft is still the sole owner of the software, and the terms of the EULA won’t expire until Microsoft releases ownership of the software.  Good luck waiting for that to happen.

EOL means only that it is no longer supported by Microsoft.  By no means does it mean or even imply that Microsoft has relinquished sole ownership of the software.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

NoLoki wrote:

Microsoft can not use any online access it may have to W7 devices to remove the script or try to close the hole because they no longer have legal access (I am speculating).

If true, Microsoft can not send updates to the same W7 PC as well.

2 users thanked author for this post.

GreatAndPowerfulTech, WildBill

Reply | Quote

My guess is that this would be true if they deactivated all W7 licenses using the licensing server but that would be unlikely. They need the licensing server for the ESU clients.

Reply | Quote

[pHROZEN gHOST]

I would not be surprised if there was a future update to seriously break Windows 7 for anyone who took advantage of this hack.

That being said, if they did not think of it yet, they certainly know now. I am sure they read the posts here.

Byte me!

• This reply was modified 5 years, 5 months ago by pHROZEN gHOST.

1 user thanked author for this post.

OscarCP

Reply | Quote

I’m not relying on a crack to keep my one Windows 7 workstation patched after January. I turned off Windows Updates and installed 0Patch last month. It’s only been one month, but so far, so good. It’s so much less annoying than MS updates since it only injects critical patches when booting. It’s fast in doing so also. Since I make images of all our machines a couple times a week, this is not a serious risk. I intend to pay for the Pro patches, at $26 per year, when free MS support for W7 ends. I’m also looking at moving to Linux Mint on a workstation. Since it reads customer Windows drives, so I can back up their files and manually delete temp files and obvious malware, this is another consideration. Since Microsoft now focuses primarily on enterprise customers, I’ll do what I need to do to minimize my small business risk while being able to clean out customer’s Windows machines that have botched updates and malware issues. These Windows problems are, in my opinion, never going away with Microsoft continuously polishing the 35 year old turd instead of rebuilding the OS kernel on up. I’ve installed Linux Mint for some customers and, where appropriate, recommend consumers move to new Chromebooks with Android app and Linux support.

GreatAndPowerfulTech

7 users thanked author for this post.

warrenrumak, MrChaz, LHiggins, Geo, johnf, Microfix, AJNorth

Reply | Quote

@GreatAndPowerfulTech
Hey, You could start your own thread on using 0patch..
for the benefit of the curious/interested

Windows - commercial by definition and now function...

3 users thanked author for this post.

LHiggins, Geo, woody

Reply | Quote

Woody already has one at https://www.askwoody.com/forums/topic/worth-considering-0patch-for-win7-after-january-2020/

Woody’s post was one of the reasons I’m using 0patch now.

Go to 0patch.com. Download the “free agent”. You will need to set up an account. Disable Windows updates in Services and you’re good to go.

Windows 10 is terrible for manually checking drives pulled from other machines, to look for malware and delete hidden junk files. W10 runs much slower than Windows 7 when using it in this manner, on equivalent machines.

GreatAndPowerfulTech

1 user thanked author for this post.

LHiggins

Reply | Quote

GreatAndPowerfulTech wrote:

Disable Windows updates in Services and you’re good to go.

What is the benefit/purpose of disabling Windows updates when using 0patch?

Just curious, as I’m considering going this route when Windows 7 goes EOS.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

0patch replaces Windows Updates, but it probably disables it for you.
Anybody tested this?

cheers, Paul

1 user thanked author for this post.

Cybertooth

Reply | Quote

I disabled Windows updates to see what 0patch actually did. It did what it was supposed to do. After January 20th, this will be a moot point anyway.

GreatAndPowerfulTech

1 user thanked author for this post.

Cybertooth

Reply | Quote

That’s weird, because I’ve used 0patch for free (on Windows 7 Home) and held back on updating until Woody says it’s okay, and I’ve never seen a single update other than for the 0patch application itself. The only patches available require me to pay. And I thought the whole idea of 0patch was that they get the patches out faster, before Windows Update would patch them.

My main plans remain to simply sandbox (using Sandboxie) the ways that any exploits could get in. That’s probably not good enough for a business, but it seems good enough for home usage. I ran Windows 7 without updates at all during that period where checking for updates would lag the computer to a standstill. (Microsoft eventually patched this) I compare everything I do to that level of risk.

I’m unlikely to ever be directly targeted, so good Internet hygiene with a little extra protection (AV and sandboxing) is likely enough.

Reply | Quote

I frankly expected that some trick like this would have been discovered, but I also knew that it would have been announced way too early, thus making it absolutely useless -_-‘

1 user thanked author for this post.

Microfix

Reply | Quote

I expect a slew of newly discovered (or held back) exploits post Jan 2020 from all the invaluable resources affecting Win7 (unless up-to-date) from a source called..
de-ja-vu all over again

Windows - commercial by definition and now function...

Reply | Quote

Yeah, MS will close this loophole like they did with a certain windows 7 loader (which still works). Meaning, they’ll be forever chasing their tail. It’s never-ending leapfrog. As is tradition.

At any rate, the number of people choosing this route will essentially be negligible, in relation to MS’s bottom line.

Group B for WIN7 w/ ESU, plus trying out Linux builds in dual boot.

Reply | Quote

I doubt they’ll close this loophole. They’ll leave it open, but detect who is illegitimately getting the patches. If they detect a large enough business doing this, they’ll go after them for support fees.

Like with piracy, I don’t think they’ll care if a regular user bypasses it. Hacks like this will only be used by a small proportion of power users and probably won’t affect the Windows 10 adoption rate too much.

Reply | Quote

[Carl D]

Interesting. I knew someone would find a way to enable this.

Let’s see what happens after January.

My Digital Life – I gave up trying to read threads on that forum a long time ago. All I ever saw was “You need to login to view this posts content” every second or third post. And, no… I don’t want to register.

I suspect that’s the ‘default’ setting for posting there, i.e. the members needs to turn it off every post for non members to be able to see their messages. I assumed this because a lot of the posts (especially from ‘newbies’) are not really the sort of posts that the Admins/Mods there should think needed to be hidden from non members.

Oh, and in case anyone’s wondering how I’ve seen a lot of the ‘hidden’ posts – if someone quotes a ‘hidden’ post, non members can see the original post in the quote regardless of whether the quoted post was hidden or not.

 

• This reply was modified 5 years, 5 months ago by Carl D.

1 user thanked author for this post.

Cybertooth

Reply | Quote

They’re doing things of questionable legality at best. They don’t want that information easily searchable by having it open to the public. Registering is no big deal–you can use a unique name and a throwaway email address so you can’t be tracked.

They’ve actually received DMCA take-downs before, and they have to comply at that point.  They have to be careful.

Plus basically every forum I’ve seen requires you to register to download attachments, as part of keeping away bots.

1 user thanked author for this post.

Carl D

Reply | Quote

On the usefulness of 0Patch, back in September, DrBonzo asked here: #1960729  what I think is an excellent question that still has not been answered:

“Either I’m inferring or 0patch is implying (or a combination of those two) that bugs, holes, vulnerabilities – whatever you want to call them – that are found in the Windows 7 operating system can be effectively patched with a “few lines” of code. If that’s true, why would Microsoft not also patch in this manner instead of the massive 400MB (roughly) Rollup and 80MB (roughly) Security Only patches?”

Perhaps now would be a good time for someone to give it an equally excellent answer?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

[warrenrumak]

The answer to your question is implied in the name: “Rollup”.

All of the thousands of individual fixes made to Windows 7 since April 2016 (i.e. the so-called “Service Pack 2” convenience rollup) are rolled up into a single package.

But as each month goes by, more files across Windows 7 have needed fixes, so more files were included.  Certain files (like the kernel and IE core DLLs, etc.) receive updates every month, but others might remain untouched for years until a problem is found.

It’s also worth noting that in many cases, all of the files for a particular component of Windows will get updated, even if the vulnerability exists in a single file within that component.  This is because the “version number” embedded in each file gets updated at the same time.

I’ll give you an example.  CVE-2019-0785 describes a DHCP vulnerability in Windows, which Microsoft patched in the July 2019 roll-up for Windows 7.  There are a number of files in Windows related to DHCP (IPv4 implementation, IPv6 implementation, plug-in for Perfmon, the Windows Service host, language-specific translation files, MMC GUI, etc.etc.) All of those files got a version bump to 6.1.7601.24498 at the same time.  And if the kernel, or some other component of Windows needed a fix at the same time, it would’ve gotten that same build number, too.

Each component of Windows is maintained by different groups of people, and that they have their own independent build processes.  Every time a set of changes to a component is completed, the changes are pushed into the master Windows build branch, and the build number (e.g. “24498”) is increased by 1.  Windows 7 RTM was build 16385, so yes, there have been 8,000 builds of Windows 7 in the last decade….

….

You can observe all this for yourself by downloading the CSV files they include with each monthly release’s patch notes.  The recent CSV files list more than 11,000 files changed with a total file size of 2.8 GB.  That’s not all of Windows 7, but it’s awfully close.

The updates are compressed, of course, and there is a “delta” mechanism that only includes the portions of files that have changed.  (Each delta is applied one after the other, based on what patch level your system was at beforehand.)

But it’s still 11,000 files worth of changes over 4 years.  That’s how you end up with a 300++ MB file.

• This reply was modified 5 years, 5 months ago by warrenrumak.

4 users thanked author for this post.

Kranium, anita.yk, AJNorth, OscarCP

Reply | Quote

And most of that ” file size of 2.8 GB” is just recompiled DLLs/EXEs and various other metadata/etc files that are relatively unchanged except for the small refactored bits to fix the vulnerability/CVE. So that’s a very small amount on new code as each DLL/EXE/other gets patched and re-patched over the years.  And that’s nowhere near any complete refactoring of the OS Kernel and the APIs/Assemblies and other parts that comprise the Windows 7 and 8/8.1 OSs.

Windows 10 has more new code but that’s still a work in progress with so many feature updates that previous Windows OS version never experienced across their supported life-cycles.

Reply | Quote

You’re underselling the potential effect of changing “small refactored bits”.  If all you’re doing is changing a number from 1 to 0, great, no problem.  That’s easy to patch.  But if a compiled function gets larger or smaller — which is almost always the case when fixing security vulnerabilities — then every function that comes after it in the binary will shift around, thus requiring that any CALL statement that references it will change.

Because of this, adding just one line of code can have a cascading effect across thousands of function calls.

The Google Chrome people wrote about this problem here:
https://www.chromium.org/developers/design-documents/software-updates-courgette

 

Reply | Quote

Lawrence Abrams wrote an article about it on Bleeping Computer, and said it is illegal. I expect Microsoft to close that hole shortly.

If upgrading to Windows 10 is not an option, move to Linux.

MODERATOR’S NOTE:
Bleeping Computer post mentioned is titled, “Tool Illegally Enables Windows 7 Extended Security Updates”.

Reply | Quote

Lawrence Abrams: “While it may be tempting to use this bypass in order to continue to receive Windows 7 security updates after EoS, it is important to remember that using the bypass is illegal.“

“By using this tool, users are circumventing license restrictions placed by Microsoft in order to get a paid-for product for free.”

Clear enough for me.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

That’s a good indicator that maybe MS should sell the extended security updates to the general consumer population and not only the Enterprise/Volume licensing customers or there will probably be a very robust black market for post Jan 2020 Windows 7 Security patches and MS losing out on even more potential revenues.

1 user thanked author for this post.

Kranium

Reply | Quote

I’d like to throw in a distinction between unlicensed and illegal. Yes American football has illegal motion, but generally illegal suggests breaking a law, statute or criminal code; that is to say your activity is an action against society as governed by law.

The activity being discussed here certainly breaks the faith of the contracted license terms. But Microsoft is not equivalent to an authority with jurisdiction. They can withhold all service that was previously given, as a reaction to the broken terms, but cannot pass a criminal sentence. I would prefer to read this as “unlicensed”.

1 user thanked author for this post.

Kranium

Reply | Quote

In most of the world, fraudulently dodging lawful service charges tends to be illegal.

And that’s not getting into actual copyright-based licensing at all.

Microsoft is clearly selling this as a service for those who already have previously acquired a license.

3 users thanked author for this post.

bbearren, b, jabeattyauditor

Reply | Quote

And fraud is a criminally chargeable offense, even in the US. It would be adjudicated and when proven will result in jail, fines, or other consequences. That’s called due process.

This activity clearly violates contract terms and should result in the immediate revocation of license, including all service benefits to the point of a non-functioning operating system. Such a severance of former contract obligations would not require litigation.

I side with Microsoft in defending their interest. I just do not view a multinational corporation the same as legitimate government. Void the contract over the broken terms, and walk away. But don’t go impersonating authority. Breach of contract is civil law. Fraud and Theft are criminal. I highlight the difference.

If Microsoft wishes to file complaint over each instance, that is also their privilege. They should not be allowed to just jump over that part of the process, declaring themselves lawmakers by virtue of their EULA.

Reply | Quote

Actually using the crack is not, or not just, a break of terms of service, or fraud: it is stealing. (Also, in this case, pirating) And stealing is a crime in any country and it has been so throughout the ages.

And in answer to Anonymous #2017356 : MS has extended the continuing delivery of Win 7 patching to home and small business users for one year and (I seem to remember) $50. But they need to have their PCs ready now by, among other things, having the November S&Q Rollup installed.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Indeed. It’s called copyright infringement, and (here, at least) it is a matter for civil courts only. As opposed to stealing, which is a criminal court matter. 2 totally different things, in law. Your jurisdiction may vary in that, however.

Group B for WIN7 w/ ESU, plus trying out Linux builds in dual boot.

Reply | Quote

Cracks are what happens when MS refuses to offer consumers the chance to purchase Extended Windows 7 security updates like the Enterprise/Volume licensing customers have the option to purchase. So maybe MS should re-consider that as some folks will continue to run Windows 7 and get security patches any way they can.

I’m more in favor of just purchasing an available Windows 8.1 Retail OEM License key at a greatly reduced rate and run Windows 8.1 until 2023. I will be installing Linux on a few very old dual core i3 and core i5 laptops but the quad core Intel  core i7  laptops can run 8.1 until 2023.

I do not see why MS does not want to make any more extended licensing sales but MS appears to be wanting to get out of the PC/Laptop OS business as their main focus as has been exemplified by MS’s move to a cloud/services focused business model.

1 user thanked author for this post.

Kranium

Reply | Quote

Here is a thought:
W7 to W10 is still available and free.
The ‘digital license’ that W10 has can IIRC be used to activate a down grade to W7.
Could that digital license be used for an install of W8.1?

Just something that popped into my head and I do not recall reading that this would be impossible…

Just because you don't know where you are going doesn't mean any road will get you there.

1 user thanked author for this post.

OscarCP

Reply | Quote

The cat and mouse games begins!  Ms used a SSU to patch it and I read that the next bypass version is ready. Google or Duckduckgo it if you want details. I will not post links.

1 user thanked author for this post.

bassmanzam

Reply | Quote

Lost some respect for Ghacks today when they published the steps to do the “bypass”.

When you take something for sale without paying for it, it’s theft.

Ghacks promotion is disappointing.

2 users thanked author for this post.

OscarCP, jabeattyauditor

Reply | Quote

anonymous wrote:

When you take something for sale without paying for it, it’s theft.

Windows 7 home users can’t buy the ESU so there in no theft for them.

1 user thanked author for this post.

Kranium

Reply | Quote

Alex5723 wrote:

anonymous wrote:

When you take something for sale without paying for it, it’s theft.

Windows 7 home users can’t buy the ESU so there in no theft for them.

So if you have something I want, but you don’t want to sell it to me, you’re ok with me just taking it from you without compensation?

When every man is his own moral compass the results are predictable.

2 users thanked author for this post.

OscarCP, b

Reply | Quote

My opinion: Woody diminishes his own good name by allowing discussion of theft techniques to remain on his site. The moderation team very aggressively removes other content, yet allows this to stay.

2 users thanked author for this post.

bbearren, b

Reply | Quote

Isn’t this allowed, though? It is all things windows. This thread simply notes that a hack exists.

2 users thanked author for this post.

Kranium, wavy

Reply | Quote

No. Woody’s breaking his own rule here when he advertises a crack:

13. Software of dubious origin or from inappropriate distributors, key-gens, or similar, are unacceptable

1 user thanked author for this post.

bbearren

Reply | Quote

I think it’s a grey area. Not providing cracks for the software you’ve bought (Windows). Pointing out you can still get security updates for the software you’ve bought.

cheers, Paul

1 user thanked author for this post.

Kranium

Reply | Quote

Pointing out how to get a paid service without paying.

(Would Woody embrace publication of a method to sign up as a Plus member without donating?)

Reply | Quote

I don’t see it that way. The creators of the script in question aren’t dubious, and it certainly isn’t a keygen, nor is it advertised, merely noted as existing.

I’m sure a mod will have to, well, mod this thread, since this is as PaulT noted, a gray area.

1 user thanked author for this post.

Kranium

Reply | Quote

anita.yk wrote:

The creators of the script in question aren’t dubious,

Who are they?

anita.yk wrote:

… nor is it advertised, merely noted as existing.

Woody and others here refer to any hint of a program existing as an advertisement (even when it’s just a tip anyone can opt out of).

Reply | Quote

It’s also about 99.999% likely, in my opinion, that MS will plug the hole before January.

That won’t keep people from trying, of course.

It is probably worth noting that, at the time this blogpost was written over two months ago, all of this was theoretical – the EOL was still weeks away…

1 user thanked author for this post.

anita.yk

Reply | Quote

it’s definitely a gray area

though soon MS will figure out how to block these ESU hacks/cracks when newer Win7 servicing stack updates & security updates get released which will enforce more ESU license checks

Reply | Quote

Nothing grey about it.

ESU licenses, and the updates that come with that license, are purchased…they are not free.

The “bypass” (hack) to “fake” an ESU license, to get the updates for free, is theft.

1 user thanked author for this post.

b

Reply | Quote

Not only it’s not a very nice thing to do, but to apply some patch with this “crack” that somehow fails causing things to go very wrong, as it is known to happen even with “legit” patches, who here will come openly to help the so afflicted and, by doing so, become their accomplice after the fact? MS might take a dim view of that.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

[Kranium]

Just tried this on my test rig. No ESU license. All “needed” ESU updates successfully installed:

No reported issues or unusual outgoing/incoming traffic or suspicious processes. Looks the same as my regular rig which has gone the normal legit “Group B” route. Will leave running (do some harmless surfing & similar stuff on it) for a week before reverting to previous “clean + legit” ready-for-testing state. I find exercises / proof-of-concepts like this to be kinda fun & quite interesting.

Group B for WIN7 w/ ESU, plus trying out Linux builds in dual boot.

• This reply was modified 5 years, 3 months ago by Kranium.

1 user thanked author for this post.

Cybertooth

Reply | Quote

It seems to me that Microsoft are going to have to spend a lot of time (and devote quite a few staff who could probably be doing something else – like making sure Windows 10 updates are less problematic) over the next 3 years of Windows 7 extended support not just writing the security updates but also playing the ‘cat and mouse’ game with people who are obviously determined to get the extended security patches for free.

I’m sure someone from MS said a few years back that one of the reasons (if not the main reason) they wanted everyone on Windows 10 was so they could concentrate on the one operating system.

Since they are going to be spending just as much time supporting Windows 7 (probably even more now with the abovementioned ‘cat and mouse’ game) they should have just kept ‘extended’ Windows 7 support available for everyone for the next 3 years and even beyond.

3 users thanked author for this post.

OscarCP, AJNorth, Cybertooth

Reply | Quote

I find it interesting that Microsoft “officially” ended the “Get Windows 10” program on July 29, 2016.  After that date Windows 10 would only be available on new computers, or available for PURCHASE (for a fee of $199 for the Windows 10 Professional).

Yet, how many people are still using the “free upgrade to Windows 10” method, after it ended 3.5 years ago, knowing it has not been officially available for free since July 29, 2016.  These people see nothing wrong in using this method to get Windows 10 without having to pay the purchase price.

Yet many of these same people are probably taking the “high ground” claiming they would NEVER stoop to “steal” ESU updates after having upgraded to Windows 10 after July 2016 without paying for it

The fact that Microsoft has not shutdown the “free method to upgrade to Windows 10” for the last 3.5 years after it officially ended, means they do not care if people “steal” Windows 10, rather than pay for it.

The fact that Microsoft has not shutdown the “ESU crack” means they do not care if people “steal” the ESU updates, rather than pay for them.

This is not a question about contract law (I’m a retired Judge), but rather what Microsoft will allow to happen without endorsing/blocking the practice.

My personal opinion is that Microsoft allows the expired “free upgrade to Windows 10” program to continue because they want people to use Windows 10, instead of another OS such as Linux.

Following the same logic, I think Microsoft will allow this “hack” method of getting ESU updates in the hope that people will EVENTUALLY decide to upgrade to Windows 10, instead of another OS such as Linux.

Just my 2 cents….

PS: I’ve installed the “crack” but have not, as of yet, installed any of the ESU updates (waiting to see if it works for more than a month or 2).

4 users thanked author for this post.

anita.yk, Kranium, Cybertooth, AJNorth

Reply | Quote

[abbodi86]

To be fair, Microsoft did changed the eligibility check twice, and the current hack will stop working in March

however, new workarounds will probably made

• This reply was modified 5 years, 3 months ago by abbodi86.

2 users thanked author for this post.

anita.yk, Kranium

Reply | Quote

this just came out recently on the Deskmodder.de site:

https://www.deskmodder.de/blog/2020/02/16/windows-7-updates-ohne-bypass-online-installieren-oder-offline-integrieren-funktioniert-nun-auch/

 
MODERATOR EDIT: English translation

3 users thanked author for this post.

anita.yk, AJNorth, Alex5723

Reply | Quote