Windows Vista Tamper Detection and misbehaving apps

We've seen reports indicating that customers are being prompted to activate Windows Vista on computers on which activation had not been previously required.   This problem can occur because a specific system setting is deleted when a program runs with administrative credentials.  The removal of this setting may cause a BIOS validation check to fail; the BIOS validation check is part of the system activation process for PCs from major manufacturers.   This behavior causes a regular genuine validation check that occurs at boot time to fail.  Therefore, the customer may be prompted to activate Windows Vista, even though the system did not previously require activation.  We've heard of a few programs that cause this problem, including nProtect GameGuard, Trend Micro Internet Security, PC-Cillin Anti-Virus and PC Tools Spyware Doctor. 

In late January, when this issue was discovered a fix was published and sent out via Windows Update. This has solved many of the issues customers were experiencing.  If you missed the WU fix, you can download it here: This is addressing a lot of the issues customers are having, however, we realize there are a few programs that are not covered with this fix and our team is working to handle these as soon as possible. 

This issue highlights the importance of the new tamper detection technology enabled by the Software Protection Platform in Windows Vista.  When evidence of system tampering is detected the system will go into a non-genuine or tampered state depending on the tamper. Also, depending on the severity of tampering the remedies for it can range from a simple reboot all the way to a complete re-install. In this particular case, the programs in question delete a specific system setting that triggers the tamper detection. This can be fixed by visiting the KB article above and following the steps. In some cases this type of tamper could also be caused by deliberate tampering with core system components. While the current examples are unintentional and we've provided fixes, it is important to have these checks built into the system because it helps to ensure the integrity of the Windows system in turn protecting our customers and our IP.

Comments (2)

  1. whyJoe says:

    "This issue highlights the importance of the new tamper detection technology enabled by the Software Protection Platform in Windows Vista."

    In summary: A paying Windows customer can install a legit app. and have tamper detection downgrade the functionality of Windows so bad that a complete reinstall is required.

    Here’s a lesson in the English language: That highlights the _folly_ of tamper detection, not the _importance._

  2. rdamiani says:

    Not so much the folly of tamper protection as the poor implementation of tamper protection. Tamper protection that kept rootkits out or made them easy to find would be useful. Tamper protection that depends on third-party programmers playing by the rules and not messing with stuff, not so much.

    Alex: Market-speak about how activation protects customers is being confused with engineering that actually protects customers and the result is a muddy and confusing message.

    When I, as an engineer, hear you talk about ‘tamper protection’ I think about things like detecting rootkits and protecting the kernal. i.e. stuff that keeps things the way I want them to be. When you as a marketeer talk about ‘tamper protection’ you mean keeping me from tampering with my license, or keeping me from exercising my fair use rights. i.e. keeping me out of things you and Disney don’t want me messing with.

    About the whole activation thing: I worked as an Application Engineer for an Autodesk reseller back when Autodesk began moving to product activation in ’98 (3D Studio MAX R4 and some SKUs of R14-era stuff). Autodesk chose c-dilla to protect it’s products. Things that broke c-dilla:

    – Anything that blocked changes to the hard drive (deep freeze, centurion cards, ect.)

    – Upgrading to XP.

    – Installing some Intuit software packages.

    – Installing some games

    – Disk imaging

    – Clearing the MBR

    – Having a SATA drive

    – Deleting some files

    – Activating as a Power User or Restricted User and trying to use the software as a different user (even if the other user was an administrator)

    I could go on, but I think you see where I’m going with this. The problems you are and will encounter with WGA are not new problems without any history. It’s the same old problem of guns vs. armor updated to the digital age. WGA is armor, and armor always falls to guns.

Skip to main content