Windows 10 Upgrade - OPatch

GDB2222

BFBW said:

caveman38 said:

In anticipation for the October deadline for W10 support. I am looking for my options without changing my PC and laptop.
One of the options is to use OPatch to handle security updates which MS will cease to do. 
Does anyone know how efficient this is and what it costs in comparison to MS's option to pay $30 for an extra years security updates. 

Just to reiterate. Just move to Windows 11. Bypass the compatibility check and install anyway. Likelihood is that you'll be okay until 2028....but don't quote me on that  

What you mean is that there’s a few risks involved!  

HillStreetBlues

GDB2222 said:

BFBW said:

caveman38 said:

In anticipation for the October deadline for W10 support. I am looking for my options without changing my PC and laptop.
One of the options is to use OPatch to handle security updates which MS will cease to do. 
Does anyone know how efficient this is and what it costs in comparison to MS's option to pay $30 for an extra years security updates. 

Just to reiterate. Just move to Windows 11. Bypass the compatibility check and install anyway. Likelihood is that you'll be okay until 2028....but don't quote me on that  

What you mean is that there’s a few risks involved!  

Maybe the OP will go up in a puff of smoke doing it

GDB2222

HillStreetBlues said:

GDB2222 said:

BFBW said:

caveman38 said:

In anticipation for the October deadline for W10 support. I am looking for my options without changing my PC and laptop.
One of the options is to use OPatch to handle security updates which MS will cease to do. 
Does anyone know how efficient this is and what it costs in comparison to MS's option to pay $30 for an extra years security updates. 

Just to reiterate. Just move to Windows 11. Bypass the compatibility check and install anyway. Likelihood is that you'll be okay until 2028....but don't quote me on that  

What you mean is that there’s a few risks involved!  

Maybe the OP will go up in a puff of smoke doing it

The question people fail to ask, and answer accurately, is why Microsoft imposed these hardware conditions. It seems to be assumed that there was no point at all, or that it was part of a conspiracy with hardware manufacturers to sell more hardware. 

booneruk

GDB2222 said:

The question people fail to ask, and answer accurately, is why Microsoft imposed these hardware conditions. It seems to be assumed that there was no point at all, or that it was part of a conspiracy with hardware manufacturers to sell more hardware. 

Well, there's the requirement in W11 (maybe 'soft' requirement) of the trusted platform module 2.0 - security is improved in certain cases. However, I never understood the Intel gen8 fine / Intel gen7 not - when they're pretty much identical CPUs.

However, it's always the case old hardware ends up unsupported. If this wasn't the case it would be a disaster (think of the faff of companies and developers needing to test their stuff on 30year old machines). I'm absolutely fine with there being a cut off somewhere.

HillStreetBlues

GDB2222 said:

The question people fail to ask, and answer accurately, is why Microsoft imposed these hardware conditions. It seems to be assumed that there was no point at all, or that it was part of a conspiracy with hardware manufacturers to sell more hardware. 

The question has been asked, but can only be answered by whoever made the decision at MS and even then can it be taken as totally truthful.
Article about it just this week. https://www.theregister.com/2025/05/07/microsoft_hardware_gates/

GDB2222

If you're interested in the answer, it's here:

https://www.youtube.com/watch?v=dGj0rVZGfuk


"It then looks at the TPM to make sure that the boot entry is from an accepted vendor, like MS or Ubuntu .... and of course that part must be signed and verified as well ... only run systems that are cryptographically verified..."

Or, for a while, you can bypass that.  Until, your bank account is hacked.... 

There are quite a lot of people who have loaded W11 onto systems that can't implement the security system properly. As long as they don't have email on those computers, or do shopping or online banking, it may not expose them to much loss. 

In the meantime, they'll tell you how clever they have been. 

HillStreetBlues

GDB2222 said:

If you're interested in the answer, it's here:

"It then looks at the TPM to make sure that the boot entry is from an accepted vendor, like MS or Ubuntu .... and of course that part must be signed and verified as well ... only run systems that are cryptographically verified..."

Or, for a while, you can bypass that.  Until, your bank account is hacked.... 

There are quite a lot of people who have loaded W11 onto systems that can't implement the security system properly. As long as they don't have email on those computers, or do shopping or online banking, it may not expose them to much loss. 

In the meantime, they'll tell you how clever they have been. 

TMP 1.2 is so unsafe everyone is currently inundated with all these nasties already, or maybe it's a MS plot as all these nasties will be suddenly released when support for Win 10 ends to get those who used unsupported hardware to get Win 11

BFBW

GDB2222 said:

HillStreetBlues said:

GDB2222 said:

BFBW said:

caveman38 said:

In anticipation for the October deadline for W10 support. I am looking for my options without changing my PC and laptop.
One of the options is to use OPatch to handle security updates which MS will cease to do. 
Does anyone know how efficient this is and what it costs in comparison to MS's option to pay $30 for an extra years security updates. 

Just to reiterate. Just move to Windows 11. Bypass the compatibility check and install anyway. Likelihood is that you'll be okay until 2028....but don't quote me on that  

What you mean is that there’s a few risks involved!  

Maybe the OP will go up in a puff of smoke doing it

The question people fail to ask, and answer accurately, is why Microsoft imposed these hardware conditions. It seems to be assumed that there was no point at all, or that it was part of a conspiracy with hardware manufacturers to sell more hardware. 

Asked and answered a long time ago. They do not want to be supporting millions of old devices. No different from you not being able to install the latest iOS on an old Apple phone.
Then there are also changes of leadership and changes of policy with regard to the new leadership.


Now, can you present me of a case study of an individual who had their bank account hacked due to not enabling TPM on their PC?
I haven't enabled it on the old laptop that I am using. Can you quote any bank or email provider that suggests or recommends that you should?
TPM 2.0 in Windows 11 is useful for Windows Hello and BitLocker. I use neither.
No individual is at risk for not enabling TPM.  Please demonstrate otherwise or desist from your persistent attempts to muddy the waters.

Windows 10 had similar function, but there was no push to integrate TPM with the OS then. Reason being? Because it's aimed at businesses, not individuals.

OP doesn't have TPM 2.0 in use with Windows 10 and seems to have gotten away with using the banking and email. Why would that suddenly change with Windows 11? 

If you are going to reply, then please do so with actual proof of bank accounts and emails being hacked due to TPM 1.2 & 2.0 not being enabled.

There is no more risk to Windows 11, than there is with Windows 10. Prove otherwise.

BFBW

HillStreetBlues said:

GDB2222 said:

If you're interested in the answer, it's here:

"It then looks at the TPM to make sure that the boot entry is from an accepted vendor, like MS or Ubuntu .... and of course that part must be signed and verified as well ... only run systems that are cryptographically verified..."

Or, for a while, you can bypass that.  Until, your bank account is hacked.... 

There are quite a lot of people who have loaded W11 onto systems that can't implement the security system properly. As long as they don't have email on those computers, or do shopping or online banking, it may not expose them to much loss. 

In the meantime, they'll tell you how clever they have been. 

TMP 1.2 is so unsafe everyone is currently inundated with all these nasties already, or maybe it's a MS plot as all these nasties will be suddenly released when support for Win 10 ends to get those who used unsupported hardware to get Win 11

You have to wonder about their motivation here....
Even if you enabled it, it wouldn't stop people from clicking on dodgy links. Cryptography isn't going to save you from that.

BFBW

GDB2222 said:

If you're interested in the answer, it's here:

https://www.youtube.com/watch?v=dGj0rVZGfuk


"It then looks at the TPM to make sure that the boot entry is from an accepted vendor, like MS or Ubuntu .... and of course that part must be signed and verified as well ... only run systems that are cryptographically verified..."

Or, for a while, you can bypass that.  Until, your bank account is hacked.... 

There are quite a lot of people who have loaded W11 onto systems that can't implement the security system properly. As long as they don't have email on those computers, or do shopping or online banking, it may not expose them to much loss. 

In the meantime, they'll tell you how clever they have been. 

You have totally misrepresented the content of that video. He expressly states that it would be difficult to hack a UEFI device with Secure Boot, especially due to the huge amount of different configurations of PCs out there.
TPM 2.0 is just another layer of security. Enterprises will be more likely to use it to stop anyone, included staff from running code not expressly permitted.

There is zero chance of Microsoft not providing updates to any unsupported device that has Windows 11 installed. Zero.
In addition to this, perhaps you did not understand my reference to receiving updates until late 2028. That has something to do with the way the feature update is distributed.