Jump to content

Give your Windows Certificate Store a thorough scan for suspicious certs


Batu69

Recommended Posts

RCC is a free program for Windows that scans the Windows Certificate Store when it is run highlighting potentially dangerous certificates.

Two major computer manufacturers -- Lenovo and Dell -- put millions of customer computers at risk by installing certificates that included their private key.

Certificates use public and private keys, with the public key available openly, and the private key available only to the company that owns the certificate.

Anyone with access to the private key may use it to compromise HTTPS connections on the system among other things.

Windows users have access to the system's Certificate Manager, and while it is theoretically possible to go through the lists of certificates regularly to make sure that only legitimate certs are installed, it is not really practicable unless one has a deeper understanding of which certificates are required and which are not.

windows-certificate-store.jpg

To load it tap on the Windows-key, type certmgr.msc and hit enter.

One of the better options is to export the certificate list on first start, and then again at a later point in time to compare the data. This won't help obviously if the PC manufacturer adds certificates to the system directly.

This is done with a click on Action > Export list in the main menu bar.

RCC, which stands for Root Certificate Check, is a free for home and educational use program for the Windows operating system that scans the Windows root CA store and the Mozilla Firefox root CA store on the system for suspicious entries.

It uses a baseline for that to which it compares the certificates to, and highlights interesting items after the scan.

certificate-store-check.jpg

These "interesting items" are not necessarily malicious or a security risk, but they can very well be one. It is necessary then to research the certificate on the Internet.

First thing you may want to do is open the Certificate Manager to list it there, as you find its full name and other information listed there which RCC does not list.

I suggest you search for the certificate name first, e.g. "Symantec Enterprise Mobile Root for Microsoft" and see what comes up. That may be enough to determine whether the cert is legitimate or not.

The "interesting" certificate in question that you see on the screenshot above seems to be used to sign Windows Phone apps, at least that's what a quick research on the Internet suggests.

Closing Words

Root Certificate Check enables you to scan the Windows Certificate Store and the Mozilla Firefox Certificate Store for certificates that need investigation.

Depending on the required level of security and thoroughness, it should not necessarily be your only checking option though.

Root Certificate Check

Article source

Link to comment
Share on other sites


  • Replies 2
  • Views 1.4k
  • Created
  • Last Reply

Doesn't seem to support XP... just saying.

What about an app that audits and confirms validity of all certs and/or flags suspicious or unneeded certs? Anyone heard of such a thing?

Link to comment
Share on other sites


Like a stateful certificate inspection would be very nice Im going to look into this and see what I can find. I downloaded RCC and Im going to try it and see what its like. Have you tried to use RCC in windows xp compatibility mode service pack three? Give that a try. If that doesnt work run windows xp in a vm and check the certificates on your windows seven eight or ten installation that way I think that can work? I could be wrong if Im wrong then someone else know of a way?

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...