Windows Vista Tamper Detection and misbehaving apps

  • Article

We've seen reports indicating that customers are being prompted to activate Windows Vista on computers on which activation had not been previously required.   This problem can occur because a specific system setting is deleted when a program runs with administrative credentials.  The removal of this setting may cause a BIOS validation check to fail; the BIOS validation check is part of the system activation process for PCs from major manufacturers.   This behavior causes a regular genuine validation check that occurs at boot time to fail.  Therefore, the customer may be prompted to activate Windows Vista, even though the system did not previously require activation.  We've heard of a few programs that cause this problem, including nProtect GameGuard, Trend Micro Internet Security, PC-Cillin Anti-Virus and PC Tools Spyware Doctor. 

In late January, when this issue was discovered a fix was published and sent out via Windows Update. This has solved many of the issues customers were experiencing.  If you missed the WU fix, you can download it here: https://support.microsoft.com/kb/931573. This is addressing a lot of the issues customers are having, however, we realize there are a few programs that are not covered with this fix and our team is working to handle these as soon as possible. 

This issue highlights the importance of the new tamper detection technology enabled by the Software Protection Platform in Windows Vista.  When evidence of system tampering is detected the system will go into a non-genuine or tampered state depending on the tamper. Also, depending on the severity of tampering the remedies for it can range from a simple reboot all the way to a complete re-install. In this particular case, the programs in question delete a specific system setting that triggers the tamper detection. This can be fixed by visiting the KB article above and following the steps. In some cases this type of tamper could also be caused by deliberate tampering with core system components. While the current examples are unintentional and we've provided fixes, it is important to have these checks built into the system because it helps to ensure the integrity of the Windows system in turn protecting our customers and our IP.