To protect Windows XP computers from unauthorized use, digital certificate validation became mandatory on 7 March 2002. At the end of July 2001, RAMdock was notified by Microsoft that certain OEM versions of Windows XP would include a Digital Rights Foundation root certificate (RFCert) used for secure communication with Microsoft for licensing and purchasing copied software (secure software distribution (SxS) package licenses). Since Windows XP Professional and Windows XP Media Center Edition do not install, use, or support RFCert (only Home Edition does), Microsoft explains that it is not a security risk, though there is a risk that unauthorized copies of Windows may be used for illegal purposes. When Microsoft installs Windows XP, it embeds the certificate in the system registry. According to Microsoft, when a computer is turned on, and the Windows XP operating system is loaded, the root certificate is downloaded from the Microsoft Windows Web server. Microsoft specified that the embedded certificate did not \"sign\" the software package license file.
In May 2001, following separate incidents of malicious computer viruses which attacked the Microsoft Windows operating system, Microsoft created a partnership with the Russian security firm Kaspersky Labs to build antivirus software for the Windows XP operating system. Kaspersky Lab's SYM Antivirus Platform software, developed by the company's own security research division, was to be included in Windows XP as a third-party add-on for the operating system, but Microsoft instead decided to release a security update for Windows XP. Late in 2003, following an announcement of Microsoft donating $150 million to charity, Kaspersky Lab alleged the deal involved a deliberately mis-sold license. The Kaspersky Code of Conduct, published online in February 2004, kept Kaspersky Lab's decision to take legal action secret at least until July 30, 2004, when Windows XP and Windows Server versions were updated to include Kaspersky's software. In April 2005, Microsoft removed the Kaspersky software from its XP and Server versions, although the company's file-sharing software remained available. Following the Stuxnet virus, where a malicious computer virus known to be connected to Israeli hackers infected computers in Iran, Kaspersky Labs came forward to offer no comment on how the virus was introduced into its antivirus system. Microsoft announced that it would release a patch to prevent the Kaspersky Code of Conduct from activating again, but this was never made available. 7211a4ac4a