A timebomb (or time bomb) is a software mechanism that renders a computer program unusable after a set period of time. It is commonly seen in pre-release software, where it is used to discourage users from holding onto out-of-date testing versions.

Windows[edit | edit source]

Windows 9x[edit | edit source]

Error after timebomb activated in Windows 95 build 216

The timebomb is activated through IO.SYS. Once the timebomb is triggered, Windows will display a message on boot saying the pre-evaluation period has expired, followed by an immediate shut down. The operating system will not boot unless it is reinstalled with the correct BIOS date as IO.SYS patches itself to enter an infinite loop. Unlike the timebomb in Windows NT, it is not possible to locate the expiration date via winver. Windows 95 build 216 is the first known build to include a timebomb.

Since Windows 98, setup also checks for the date and will refuse to install if the date is set incorrectly.

Windows NT[edit | edit source]

Windows displaying an END_OF_NT_EVALUATION_PERIOD bugcheck

Once a timebomb is triggered, the END_OF_NT_EVALUATION_PERIOD bugcheck is used to reboot the system after a period of time has elapsed. The first build to feature a modern timebomb was Windows 2000 build 1627.1, although the Japanese and Korean pre-release versions of Windows NT 3.5 include a warning message box asking the user to install a retail copy of Windows after a certain date, unlike other builds from the era.

Certain builds of Windows 8 and later versions contain a milder variant of the timebomb which does not restart the computer if the build is installed with the date set ahead of the supposed expiration date (e.g. Windows 8 build 8250 is set to expire on 15 January 2013 (UTC), and the user's clock is ahead of this date even before installation). Instead, it deactivates Windows and prevents access to personalization options in PC settings. Some copies of those builds even prevent unlocking features locked by Redpill as well as disabling the ability to change the desktop wallpaper in the Control Panel unless a third-party tool is used. In addition to this, the "Microsoft Confidential" warning above the watermark will be positioned slightly higher than usual, indicating that the timebomb has been triggered. This is because its licensing policies isn't installed correctly.

Most Windows 10 builds from the original release to Creators Update are flight-signed (file signature checks take certificate expiry time into account). When the timebomb activates, the boot loader will be rendered non-functional as a result of signature invalidation. After build 14965, flight-signed files remain valid after certificate expiry. However, certain programs requiring administrative privileges might be blocked when the clock is ahead of the expiration date. Disabling User Account Control using the registry is mandatory to run these programs, this can be achieved by applying the registry entry below:

Windows Registry Editor Version 5.00


However, some builds of Windows contain a non-functional or broken timebomb and can be installed on the current date. They are mostly from branches that were part of the Microsoft Ecosystem Engineering Access Program. Some other builds contained a test-signed certificate and can be installed on the current date.

Mac OS X[edit | edit source]

The only known version of Mac OS X to feature a timebomb is the Public Beta. While the timebomb prevented the user from logging into the desktop, it did not affect aspects of the Darwin kernel or any other components that are not related to the user interface.

Several server builds of Mac OS X up to Snow Leopard also have an expiry date that causes the out-of-box experience to reject any serial keys past the expiration date.