Understanding 0patch

mitja.kolsek -

This article provides a short description of the basic concepts you need to be familiar with in order to understand how 0patch works and how you can use it.

Software products often contain vulnerabilities - flaws that allow attackers to take control of one's computer.

A patch is a small package with a few code instructions that replace a vulnerable section of code in a running application. A patch therefore fixes a vulnerability.

A patch is considered installed as soon as it is downloaded from the server and stored in a local database. This does not automatically mean that it is applicable to your computer, only that it is there waiting to be used in case it is needed.

An installed patch can get applied to a running process in order to eliminate a vulnerability in that process. This means that the vulnerable code section in the process is replaced with corrected code form the patch. While normally, a patch always gets applied to the vulnerable process it was designed for, but this can be prevented by either disabling the patch, excluding an application from patching, or disabling the 0patch Agent.

When a patch is removed from a running process, the corrected code from the patch is removed, and the original (vulnerable) code is restored in the process. Consequently, the process again becomes vulnerable to the attack previously blocked by the patch.

0patch does not change executable files on the file system. It only modifies running processes, which makes it really easy and quick to apply and remove patches without even relaunching applications, much less restarting your computer. Patching is done instantly and (if you want) silently, and so is un-patching.

Normally, all applications are being patched, which allows 0patch to provide maximal protection. However, for troubleshooting purposes, any application can be manualy excluded from patching. Such application does not get any patches applied until it gets un-excluded.

Each patch, when downloaded from the server, is initially enabled, which means it is getting applied to processes it was designed for.

For troubleshooting purposes, any patch can be manually disabled, which causes its immediate removal from all processes in which it is applied, and prevents its application to newly launched processes. Naturally, a disabled patch can be manually re-enabled.

The 0patch Server can mark an installed patch revoked, which permanently disables the patch without an option to manually enable it. This usually happens because a better patch was issued for the vulnerability fixed by the revoked patch.

Patches are being applied to processes by the 0patch Agent running on the computer. 0patch Agent must be registered on the 0patch server in order to receive patches. To register 0patch Agent, one needs a 0patch account on the 0patch Server.

Once registered, 0patch Agent periodically contacts 0patch Server to see if any new patches are available - and downloads them if they are. We call this process syncing (i.e., synchronizing with server).

0patch Agent also periodically sends telemetry data to 0patch server, allowing us to monitor for problems and usage in order to be able to provide a better service. Telemetry data consists of computer name and platform, local IP addresses, data on executable modules being loaded on the computer, data on applied and disabled patches, data on excluded applications and whether Agent is enabled or not.

Have more questions? Submit a request

2 Comments

  • 0
    Avatar
    dejan

    Where is the uninstaller?

  • 0
    Avatar
    mitja.kolsek

    You can uninstall 0patch Agent by either double-clicking the installation package (*.msi) that you used for installing it and selecting "Remove", or via Control Panel, as for any other installed application. Note that you will not be able to do the former in case you have updated the Agent at least once, as that effectively brings a new installation package on your computer which you can no longer uninstall with the original installation package. In such case you should be able to find the current installation package in %systemroot%\temp folder.

Please sign in to leave a comment.
Powered by Zendesk