A timebomb (or time bomb) is a software mechanism that renders a computer program unusable after a set period of time. It is commonly seen in pre-release software, where it is used to discourage users from holding onto out-of-date testing versions.
Windows[edit | edit source]
Windows 9x[edit | edit source]
The timebomb is activated through
IO.SYS. Once the timebomb is triggered, Windows will display a message on boot saying the pre-evaluation period has expired, followed by an immediate shut down. The operating system will not boot unless it is reinstalled with the correct BIOS date as
IO.SYS patches itself to enter an infinite loop. Unlike the timebomb in Windows NT, it is not possible to locate the expiration date via
winver. Windows 95 build 216 is the first known build to include a timebomb.
Windows NT[edit | edit source]
Once a timebomb is triggered, the
END_OF_NT_EVALUATION_PERIOD bugcheck is used to reboot the system after a period of time has elapsed. The first build to feature a modern timebomb was Windows 2000 build 1627.1, although the Japanese and Korean pre-release versions of Windows NT 3.5 include a warning message box asking the user to install a retail copy of Windows after a certain date, unlike other builds from the era.
Certain builds of Windows 8 and later versions contain a milder variant of the timebomb which does not restart the computer if the build is installed with the date set ahead of the supposed expiration date (e.g. Windows 8 build 8250 is set to expire on 15 January 2013 (UTC), and the user's clock is ahead of this date even before installation). Instead, it deactivates Windows and prevents access to personalization options in PC settings. Some copies of those builds even prevent unlocking features locked by Redpill as well as disabling the ability to change the desktop wallpaper in the Control Panel unless a third-party tool is used. In addition to this, the "Microsoft Confidential" warning above the watermark will be positioned slightly higher than usual, indicating that the timebomb has been triggered. This is because its licensing policies isn't installed correctly.
Most Windows 10 builds from the original release to Creators Update are flight-signed (file signature checks take certificate expiry time into account). When the timebomb activates, the boot loader will be rendered non-functional as a result of signature invalidation. After build 14965, flight-signed files remain valid after certificate expiry. However, certain programs requiring administrative privileges might be blocked when the clock is ahead of the expiration date. Disabling User Account Control using the registry is mandatory to run these programs, this can be achieved by applying the registry entry below:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=dword:00000000
However, some builds of Windows contain a non-functional or broken timebomb and can be installed on the current date. They are mostly from branches that were part of the Microsoft Ecosystem Engineering Access Program. Some other builds contained a test-signed certificate and can be installed on the current date.
macOS[edit | edit source]
The Mac OS X Public Beta is the only known version of macOS to feature a timebomb. While the timebomb prevented the user from logging into the desktop, it did not affect aspects of the Darwin kernel or any other components that are not related to the user interface.