Windows 10 ESU or 0patch?

Hi everyone,

Microsoft will end support for windows 10 on the 15th of October 2025, they're however offering "extended security updates" (ESU).

For this you will need to log in with a microsoft account and choose from 3 options, extend security updates for a year with either microsoft points, pay 30 dollar or set up a backup and sync your settings to the microsoft cloud.

I don't trust microsoft so I kinda find it dubious that they're offering a free 1 year extension with the syncing your settings data while they also have a 30 dollar paid option.

Now I don't know what exactly they want the settings data for or what they can do with that but this being microsoft so probably nothing good.

There is however a 4th option called 0patch, this is a third party company that is not owned by microsoft. This will cost about 25 bucks per device for 1 year to receive windows 10 security patches and they will support windows 10 until at least 2030.

0patch however works with micropatching security vulnerabilities in the memory and doesn't install the patches directly in the OS unlike the microsoft windows 10 ESU.

I don't want to upgrade my main machine to windows 11 which is a machine from 2017 with tpm 2.0 and secure boot but does not have a supported CPU, a limit that was artificially set by microsoft to have everyone buy new machines so they can make a buck or have better spying on those new machines or whatever orwellian evil reason is behind it.

I can however upgrade my machine using rufus but there is not guaranty that microsoft will continue to allow updates to any windows 11 that was installed with rufus on unsupported hardware.

I want to hold off windows 11 for as long a possible with all the security and privacy issues like the copilot and recall and whatever dystopian black mirror windows 11 nightmare spying features they will unleash on us next.

So which one is best, the windows 10 ESU or 0patch? Or are they the same when it comes to security?

Find more posts tagged with

windows 10

end of support life

Accepted answers

All comments

Petersl

Anyone?

Petersl

Hi everyone,

Is 0patch compatible with bitdefender? I've read that bitdefender falsely flags 0patch as malicious, source: https://support.0patch.com/hc/en-us/articles/21965589137682-BitDefender-blocks-the-installation-of-0patch-Agent

@Alexandru_BD @camarie any info on this?

camarie

Asked my colleagues and will get back as soon as I get an answer.

camarie

I'm not sure about 0patch specifically, but since 0patch published also the solution, if that is working for the user and knows what is doing, that might be the way. I don't know specifically what 0patch does, but I think they are using memory injection techniques (I hope they do not modify Windows files, that for sure would classify as malware suspect) and I think this is why this is flagged. Our antimalware team is for sure checking 0patch, but since they release updates once a month or even more often that this interval, we cannot ensure the same speed for compatibility tests.

Also, as a personal note, two security products installed, even not 100% overlapping, are usually running in all sorts of troubles (maybe each will detect the other, or only one, as in this case; might overlap in subtle ways, or even be incompatible in regard to running processes, drivers etc). This is something that requires high level decision from the user.

About Windows 11 - obviously we can recommend only the official way. But if one plans to keep Windows 10 as long as possible, ESU would be the first choice (since it is supported). Maybe Windows 10 LTSC (Enterprise Long Term Service Channel) might be a solution to research as well, but I'm not sure if a customer/consumer license can be upgraded/converted to an enteprise one, if the Windows can be reinstalled with this version without losing the installed programs etc. - it's for sure an interesting avenue to research, but I never did anything else with LTSC other than several clean installs.

Petersl

Hi @camarie

0patch uses micropatching in the system memory, they inject little pieces of code directly in the memory of the vulnerable processes.

0patch does not change any file on the system, it only works in the memory.

I'm planning to go with the ESU for as long as microsoft provides it (right now only 1 year but it will probably be until 2028), however it's now 6 weeks until windows 10 EOS and I still have not gotten the ESU offer in the windows "update and security" settings on any of my windows 10 PC's.

It might be bugged and I wont get it or they're waiting until the last week or so to get more people to switch to windows 11.

Problem is for me my windows 10 PC's are flagged as incompatible with windows 11 by microsoft so I can't just upgrade.

I know I can use rufus to remove the restrictions that microsoft has set with windows 11 but there is no guarantee that microsoft will even continue to allow security updates on these unsupported systems that where upgraded with rufus.

If I do have to go with 0patch should I then best disable bitdefender completely during the install and then add the 0patch app to bitdefender exclusions?