0Patch to support Windows 7 and Server 2008 R2 with security patches after official support end
Microsoft plans to end support for the company's operating systems Windows 7 and Windows Server 2008 R2 in January 2020. Enterprise customers may purchase extensions to extend support by up to three years and some other exceptions apply that extend official support.
Most businesses and all home customers won't be able to extend support officially. Security company 0Patch announced on September 21, 2019 that it will step in and "security-adopt" Windows 7 and Windows Server 2008 R2 to create and distribute security patches for these operating system versions after January 2020.
The company has released so-called micropatches before to patch vulnerabilities in Windows and other products, and plans to use the system to provide security updates for Microsoft's operating systems once support ends officially.
Here is how the company plans on doing this:
- Security updates that Microsoft releases for supported versions of Windows are reviewed to determine which might also apply to Windows 7 or Windows Server 2008 R2. 0Patch determines if the selected issues present a high-enough risk to warrant a security patch.
- Company engineers inspect the updates then to determine if the vulnerability applies to Windows 7 or Windows Server 2008 R2 as well.
- If the vulnerabilities affect these versions of Windows, 0Patch will create a proof of concept or use an existing one if it has been published by security researchers for testing.
- The engineers will then use Microsoft's code that patches the vulnerability or code by others to port the fix to the unsupported operating system versions.
The patches are then released by the company and home and businesses administrators may install them on devices still running these versions of the Windows operating system.
The company is working on a centralized system similarly to WSUS for large organizations to help with the organization and management aspects of patching a large number of devices.
Firstly, in order for large organizations to be able to use 0patch efficiently, we're developing a central management service (think WSUS for 0patch, but nice and fast) which will allow admins to organize computers in groups and apply different policies to these groups. Admins will thus be able to set up "testing" groups where new micropatches will be applied immediately, and subsequently have them applied to the rest of their computers with a few clicks (and of course, without users ever noticing anything). Naturally they'll also be able to un-apply any micropatches just as easily and quickly should they choose to. There will be alerts, graphs, reports, and drill-downs, and the very next step will be an on-premises version of 0patch server which so many organizations are asking for.
Windows 7 and Server 2008 R2 are used on a huge number of systems and there is little doubt that the numbers won't go down significantly in the coming three months. All home and business systems running these operating system versions will remain unpatched after January 2020 which could be disastrous if malicious actors find vulnerabilities to exploit.
While it happened before that Microsoft released patches for unsupported versions of Windows, the company has done so rarely and only for high-profile security issues
Closing Words
Businesses and home owners have multiple reasons for staying on Windows 7, at least for the time being. These customers may benefit from the patches that 0Patch plans to release once support runs out officially.
Relying on a third-party company to patch an operating system requires a level of trust. It is going to be interesting to see how 0Patch will handle the gigantic task and how it plans to address bugs and issues that are caused by the patches that it puts out.
Now You: What is your take on the development?
Wonderful! I’m in!
Given all the bad news about Windows 10, and with many years of generally good experience with Windows 7, this sounds like at least a bit of a hope. I’ve subscribed to their newsletter.
Martin wrote, “Relying on a third-party company to patch an operating system requires a level of trust …”. For sure, but I think that if something goes wrong, getting a response from a “small player” will be easier than getting help from M$.
I’d say the trick is to test the patch on only one machine and see how things go before using it across the board.
Anyway, my sincere thanks to Martin for publishing this information.
Thank you very much Ghacks .. Mwahh
Nice. Can they do any worse than Microsoft has been doing of late?
Dear Ghack, you’re not talking about the price of these patches and this is the most relevant / important criteria for home users first and small enterprises. Most of them can’t afford W10 or upgrading their material, migrating from 7 to 10 have a cost, especially for small enterprises. Not to mention those who prefer to stay on 7 for various reasons, including me.
Microsoft’s “shaved earth policy” is a disgrace and justice should look at this case in order to legislate. In Europe (at least in France), there is an obligation for equipment distributors to ensure the availability of spare parts for a minimum period of time (10 years on average), one could take inspiration from it and set them a minimum number of after-sales service.
The patches are free for personal and non-profit educational use.
Windows 10 can still be downloaded and installled free of charge.
Ed Bott wrote about that yesterday (9/20)…
> OldNavyGuy: “The patches are free for personal and non-profit educational use.”
According to 0patch’s FAQ, security patches for Win 7 after EOL is categorized as Pro (ie. not free). Non-paying home users & educational institutions won’t be receiving these Win 7-related patches — unless they pay for a Pro licence ($25.95 annually per physical or virtual PC).
https://0patch.zendesk.com/hc/en-us/articles/360020855914-What-are-PRO-patches-and-how-are-they-different-from-FREE-patches-
07 May 2019: {{{ Patches for end-of-life products (e.g., old Java runtime versions, Windows Server 2003, or Windows 7 after January 14, 2020) shall be PRO patches. }}}
Pro Licences required for Physical vs. Virtual PCs:
https://0patch.zendesk.com/hc/en-us/articles/360020552934-How-many-PRO-licenses-do-I-need-for-my-computers-
In addition, 0patch security patches for third-party programs are free for home & educational institutional users just for a limited time period. Such patches become Pro 1 month after release, or after the vendors themselves release a fix — whichever is earlier.
Telemetry Data that Will be Sent to 0patch’s Server:
https://0patch.zendesk.com/hc/en-us/articles/360018739694-What-data-are-agents-sending-to-0patch-server-and-why-
>Cigologic Thanks for presenting the facts. I don’t like assuming even though I did so in this case.
Why wouldn’t someone jump in to take over the data collection and advertising opportunities EOL presents.
> Dave: “Why wouldn’t someone jump in to take over the data collection”
The telemetry collection & upload to remote servers might explain why some users who installed the 0patch “agent” experienced system slow-down, eg:
https://www.askwoody.com/forums/topic/worth-considering-0patch-for-win7-after-january-2020/#post-1960984
22 Sep 2019: {{{ I’m a paying 0patch user. I recently removed it because since I paid for it, I’ve not seen a single new patch applicable to my system (W7 x64 Pro) and it slows system startup considerably while it scans everything which is loaded. YMMV. }}}
Another possible reason is that 0patch’s patches intercept (via the system’s memory) all processes loaded by the targeted modules, instead of modifying the vulnerable files themselves.
https://0patch.zendesk.com/hc/en-us/articles/360018719754-Does-0patch-modify-executable-files-
https://0patch.zendesk.com/hc/en-us/articles/360018882733-What-happens-to-the-system-after-a-micropatch-is-installed-
So I just had to reinstall Windows 7. Is there still a way to block the telemetry now that the updates come as Monthly Quality Rollups? And what is a good article to follow? All the articles on the subject are 2-4 years old. Thank you.
Use Windows Privacy Dashboard (WPD) to block Windows 7 telemetry
https://www.ghacks.net/2018/10/10/wpd-privacy-app-for-windows-updated/
@Skippy
Another option here: https://www.askwoody.com/forums/topic/2000012-neutralize-telemetry-sustain-win-7-8-1-monthly-rollup-model/
It doesn’t require any additional software. There’s either a script option to disable telemetry tasks and services or a manual option that outlines the steps to do it yourself.
“Businesses and home owners have multiple reasons for staying on Windows 7, at least for the time being.”
For instance?
There really isn’t any reason for Windows 7 other than sheer inanity and torpidity. Windows 10 far surpasses Windows 10 in every security and performance benchmark. Software and hardware makers have had ample time to upgrade to Windows 10 requirements [just as any add-on developer could have ported over to Firefox long ago]. Lethargy disguised makes for easy prey.
Rather than remain with nostalgic memories of the Windows 7 “peak experience,” and the “dopamine high,” users have had nearly infinitude to move on with OS life, accept the fact that Windows 10 exists, and work with “what is” instead of attempting to work with “what was” and never-will-be-again. [It almost sounds like a pathetic “teenage love story” when I hear users talk about Windows 7–she’s gone, honey, you best move on.]
2019 – 2007: Over a decade ago. “May as well go back to living in a cave and eating dried chickweed.”
{Old man in “The Lottery” by Shirley Jackson. Should watch the show this weekend; 30 minutes max. Funny as all get out because “it wasn’t fair; you didn’t give him time enough,” is like Windows 7 whining. Even the small child agrees.}
So you have no idea why many people dislike Windows 10? Maybe you believe the complaints are silly and amount to nitpicking? I do not believe you are as stupid as you pretend to be. Nice trolling though.
Actually there isn’t much of a reason for win10. Win 10 has better performance, sometimes. On older hardware that came out with win7 it often has the same performance.
People are familiar with win 7. Win 10 has no compelling improvements to functionality. Security is always secondary to functionality and further win 10 has its own problems in that regard. As win 10 continues forward it becomes the target for more specific attacks while win 7 will fade away as a specific target.
win 10 is mainly there for the upgrade fetishists and those that don’t know any better.
Me! Me and me you’re pathetic.
There are a few use cases where Win 10 is not an option. I use Win 10 on most of my systems and generally like it. However, I have a 27″ iMac where I run Win 7 using Boot Camp. The system is old enough to not be able to run a version of iOS new enough to be compatible with Win 10 (Apple is not big on backward compatibility). I cannot upgrade this unit to Win 10, and replacing it with one that will is going to cost anywhere from about $1000 to $5000. The screen is still great and the speed is OK for how I use that system. I plan to keep it on a separate subnet, use a good antivirus and firewall, and pray very, very fast.
Actually, there are reasons to stay with Windows 7. For instance, you don’t want to pay for an upgrade to Win 10. Or maybe there is an application that doesn’t run well in Win 10 (this applies mostly for enterprises, but some home users might find themselves in this situation). Or maybe you simply like Win 7 more.
As for performance and security… I did some benchmarks myself a while ago, and I didn’t find any visible differences between Win 7, Win 8.1 and Win 10 performance wise. And I am perfectly capable to secure almost any OS in a way that makes an attack pretty hard, and I am pretty sure that I am not alone in this. So your affirmation that “Windows 10 far surpasses Windows 10 in every security and performance benchmark” is simply not true.
Of course, using one OS or the other has a personal preference aspect to it, but the fact that you like something an you try to use it as much as you can make you nostalgic, but not insane.
>There really isn’t any reason for Windows 7 other than sheer inanity and torpidity.
That’s a bold, inane statement. 10 forces a certain type of behaviour that is on my opinion, and not mine alone apparently, frustrating and at times cannot be tolerated by an user with above average capabilities and requirements from an operating system. Many things are unnecessarily complicated for the sake of simplicity, both in the UIs (very inconsistent!) and settings. That is, if they’re even kept, and this is merely the tip of the iceberg, isn’t it?
7 POSReady still has a long way to go, too. Those who don’t use Windows primarily have little to no advantage in using a more bloated, at times malware-ous OS when 7 will do just fine with much less troubles.
I’m glad work is being done to keep base 7 updated, kind of in the same spirits of patched kernels for the oldie Windows (kernelEx, etc..) and ports from enterprises versions to base XP, but it shouldn’t be relied upon for anything of any importance.
@VioletMoon I guess you missed the many, many headlines over the past five years about Windows 10’s issues with security, privacy, and stability? Some of us have real work to do on real computers, and an unstable, user-hostile environment like Windows 10 only gets in the way of that.
Well, Win 10 use did finally overtake Win 7. For die hards, extended support is a nice thing; sort of the Pale Moon philosophy.
I don’t have any reason to stay on the the latest and greatest (Hah!) Win 10 version but don’t either have a reason to go back three OS’s to Win 7. It takes a lot of effort but almost all of the bad stuff existing in Windows and browsers can be defeated or removed, what a PIA though!
Win 8.1 eventually worked OK, no 3rd party support for that?
The best version of Windows was NT 3.51; after the Dr. Seuss interface showed up in Win 2000(?), things got weirder and weirder.
It appears that patching would not be limited to Windows 7; Windows XP and Windows Server 2003 also appear to be intended for patching.
Source: https://0patch.com/patches.html
Thank gosh. I do not want to install that Windows 10 trash on any of my devices. I’m hopeful someday Microsoft will come to their senses and give users choices again. I want a fresh install experience like Windows 7 had.
Looking at their blog and website, there is no mention that I could find of the price but based on the complexity of the project, it sure does not seem like it could possibly be free. Martin, it was a big oversight not to mention this issue at all in your article, as @BlackMojo pointed out. I expect that most of your readers will not be able to use this service because of what it is likely going to cost unless they give it away to home users. That would be great, of course.
https://www.0patch.com/pricing.html
It’s free for the free patches otherwise $26 per year for pro and free patches and some other support.
@Jozsef,
Taken from the FAQ: “When we issue a micropatch, we decide whether it will only be offered to users with 0patch PRO license or also to users without one (i.e., 0patch FREE users). A micropatch offered only to 0patch PRO license holders is called a PRO patch, otherwise it’s called a FREE patch.”
Pricing here: https://0patch.com/pricing.html
Looks simple enough to me.
I feel that there is something very, very wrong with the idea of Microsoft doing anyway all the necessary work to continue identifying vulnerabilities after January 2020 for three years, but denying those security patches for commercial reasons to those millions of vulnerable windows 7 users who won’t pay the premium (and often won’t even be offered the choice to do so).
I’m inclined to doubt a third-party company’s ability to do this, given the time it takes to analyze and prove that a third-party patch will work.
However, I can see the possibility that the company thinks there will be so few people – home and business – who aware of their program that they won’t be overwhelmed by offering it free to home users, and that they intend to make the bulk of their revenue from business users.
That concept is pretty much similar to Microsoft’s own – screw the home user, just make sure the business guys are happy.
I don’t trust a third party for OS patching. Also patching is but one layer of security (ex. Defense in Depth) and IMHO not the most important or even necessary. What’s more effective is a good hardware firewall (combined with a software firewall on each system) and a blocking hosts file (ex. MVPS or StevenBlack). The firewall will keep any bad actors on the Internet from even getting to your systems and the hosts file will block known malicious stuff while you browse the web. Another effective layer is to always run as a non-admin so if something were to make it through its effects are limited to that one user account and not the entire system. I’ve used such a strategy with numerous old unsupported systems (ex. Windows 2000, Win XP) without a single instance of malware on any of them.
Very good observations. And now there is Sandboxie freeware :-)
I’m a noncoder, but I suspect this will prove a difficult challenge without access to Windows 7’s source code. (Has Windows 7 been open-sourced and no one told me? No? I thought not.)
Moreover, if third-party patches really *are* safe and effective, they threaten to interfere (for a few/several years, at least) with Microsoft’s new Windows 10 strategy of forcing users into upgrades, updates, telemetry, SaaS, and the cloud. (After all, over a third of all Windows users still use Windows 7. That’s hundreds of millions of users.) I’m not going to go back and read the Windows 7 EULA, but — again, provided the patches really *do* prove to be safe and effective — it wouldn’t surprise me if Microsoft brought legal action against 0Patch and its commercial customers to put an end to the threat.
I still have Windows 7 on my laptop. I don’t like Windows 10, but I would upgrade for the sake of improved security if only Microsoft had offered an “in-place upgrade” that would preserve my installed software. If they had offered that, Windows 10 would have increased its market share more quickly in my opinion.
Lol dude, upgrading from Windows 7 to 10 *is* in-place and does preserve your applications and settings. You certainly didn’t try it yourself but chose to believe some uninformed online posts huh.
Sad part is….. Hardware manufacturers are starting to drop making drivers for Windows 7 so its gonna be tough to find like USB 3.x/4.x, Chipset, GPU, etc. drivers in the future.
You can thank M$ lawyers for that
Thank you 0Patch!
Far more likely they will just find out how to grab the already MS created patches that are restricted access after EOL, and make them work on the new setup.
Love to sign up for the service but….
just wondering if anybody else is concerned that this company is located on Slovenia. Wondering if they could dump something form of malware on my pc.