Security & Legal

Does this make old versions of Windows secure enough for daily use?

No. Legacy Update is intended to help you install security patches Microsoft previously released for your operating system, in addition to enabling access to functionality that has become inaccessible thanks modern internet security requirements. It’s not a replacement for a modern operating system, which includes fixes for recently discovered flaws that are currently of concern.

Current operating systems you should consider switching to for daily use would include Windows 11, Windows 10, or a current Linux distribution. Upgrading from Windows XP to Windows 7, or from Windows 7, 8, or 8.1 to Windows 10, brings you a decade of system-level security improvements, which would not be possible to apply on top of a legacy version of Windows.

Does this let me activate Windows XP with a non-genuine product key?

No, a product key you legitimately own is still required. Legacy Update doesn’t modify the Windows Product Activation or Windows Genuine Advantage features in any way. Rather, it updates Windows’s SSL security settings to enable connections to modern web servers to succeed. This corrects a connection issue with the Windows XP activation server, so you can activate Windows exactly as you would have done in 2014 or prior.

My antivirus tells me LegacyUpdate.exe is infected! What are you trying to do to my PC?

Because Legacy Update is a more niche project, antivirus software and Microsoft SmartScreen will be more vigilant, and use more generic detections. The idea is to err on the side of caution, because the AV vendor doesn’t have enough information crowdsourced from its users to decide whether it’s safe or not.

Some reasons Legacy Update might wrongly flag as malware could be:

You can confirm you’ve downloaded a legitimate version of Legacy Update by checking the digital signature:

If your antivirus reports malware, please consider finding and filling out their false-positive report form. For instance, do a Google search for “Microsoft Defender false positive report”. Their engineers will investigate, and should be able to confirm that Legacy Update is safe to use.

You can refer to VirusTotal results for more detailed info on how AVs detect Legacy Update. If you have the time to set up a build environment, you can always build from source.

Can you add a feature to enable Extended Security Updates for Windows Vista, 7, 8, and 8.1?

While Windows XP (whose support ended in 2014) received extended updates through to 2019 by spoofing the computer as being Windows Embedded 2009 (a specialised variant of Windows XP SP3), this is a very simple registry edit that has no effect on the system beyond the list of updates offered by the Windows Update server. With Windows Vista/Server 2008 and later, an installation of Windows becomes enabled to receive Extended Security Updates (ESUs) by changing its product key to one indicating that an ESU license has been paid for. To me, bypassing this comes down to being a crack for the Windows licensing system, which is hard to justify the downsides of. The following would need to happen to change my mind:

What do you store when I use this?

Refer to the privacy policy. Please don’t hesitate to reach out to me if you have any concerns with it.