A timebomb (or time bomb) is a software mechanism that renders a computer program unusable after a set period of time. It is commonly seen in pre-release software, where it is used to discourage users from holding onto out-of-date testing versions.
Windows[edit | edit source]
Windows 9x[edit | edit source]
The timebomb is activated through
IO.SYS. Once the timebomb is triggered, Windows will display a message on boot saying the pre-evaluation period has expired, followed by an immediate shut down. The operating system will not boot unless it is reinstalled with the correct BIOS date as
IO.SYS patches itself to enter an infinite loop. Windows 95 build 216 is the first known build to include a timebomb.
Windows NT[edit | edit source]
Once a timebomb is triggered, the
END_OF_NT_EVALUATION_PERIOD bugcheck is used to reboot the system after a period of time has elapsed. The first build to feature a modern timebomb was Windows 2000 build 1627.1, although the Japanese and Korean pre-release versions of Windows NT 3.5 include a warning message box telling the user to install a retail copy of Windows after a certain date, unlike other builds from the era.
Certain builds of Windows 8 and later versions contain a milder variant of the timebomb which does not restart the computer upon reaching the expiration date. Instead, it deactivates Windows and prevents access to personalization options in PC settings. Some copies of those builds even prevent unlocking features locked by Redpill as well as disabling the ability to change the desktop wallpaper in the Control Panel unless a third-party tool is used. In addition to this, the "Microsoft Confidential" warning above the watermark will be positioned slightly higher than the original, indicating that the timebomb has been triggered.
Most Windows 10 builds from the original release to Creators Update are flight-signed (file signature checks take certificate expiry time into account). When the timebomb activates, the boot loader will be rendered non-functional as a result of signature invalidation. After build 14965, flight-signed files remain valid after certificate expiry.
However, some builds of Windows contain a non-functional or broken timebomb and can be installed on the current date. They are mostly from branches that were part of the Microsoft Ecosystem Engineering Access Program. Some other builds contained a test-signed certificate and can be installed on the current date.
macOS[edit | edit source]
The Mac OS X Public Beta is the only known version of macOS to feature a timebomb. While the timebomb prevented the user from logging into the desktop, it did not affect aspects of the Darwin kernel or any other components that are not related to the user interface.