Dangerous root certificates and how to deal with them

Dangerous root certificates can offer ways for attackers to penetrate your PC's defenses and steal private data or even take control of your system. Up until recently, this wasn't a particularly popular topic since you needed to have lots of PC experience and know your way around in order to check for them. Fortunately, modern tools provide easy solutions that all of us can use, so here's a short guide for finding dangerous root certificates and deal with them.

Before we begin, I should tell those of you who are unfamiliar with the topic what root certificates are. In computers and cryptography, root certificates are unsigned or self-signed public key certificates that identify a specific certificate authority. In simpler terms, digital certificates tell applications such as web browsers that certain websites or files are trustworthy and can be allowed on your PC, kind of like a seal of approval. A root certificate tells you who issued that seal of approval. Some certificate authorities have been deemed dangerous, as they validated malicious content, so knowing if you have any certificates signed by one of these authorities can be very important for your PCs security.

Open command window hereOpen command window here

As I said, scanning root certificates used to be a real pain in the neck, but nowadays things are a lot simpler. Microsoft developed a tool called Sigcheck which will help you complete this task with a minimum of pain. Just so you know, the application is completely free and works on every Windows version that's still supported. So, the first step that you should take is visiting Microsoft's website and downloading the application in question. Now, extract the Sigcheck executable, right-click the file while holding the Shift key pressed and choose the "Open command window here" option. In case that button isn't available in the context menu, try holding Ctrl + Shift while right-clicking the executable.

Sigcheck -tvSigcheck -tv

In the command-prompt window that will open, type "Sigcheck -tv" (without quotes) and press Enter. This will tell the application to download a list of trusted certificates from Microsoft and then compare them with the ones on your PC. Now, you will be asked to confirm the download of the list, and once you do, the tool will quickly do its job. If you see the message "No certificates found", you can rest easy knowing that everything is OK. In case the application lists one or more untrustworthy certificates, you need to do something about them.

Removing every certificate that Microsoft doesn't trust may not be the best option, so here's what I recommend: Google the certificates that were listed and see what other people / security companies have to say about them. If the Internet confirmed that the certificates are indeed evil, then simply removing them won't help too much; you need to find out which application is using them and uninstall it. Once again, Google is your best friend for both finding out which programs installed the dangerous certificates and discovering the best ways to remove those specific applications. I can't tell you exactly what to do, because there are many situations when simply uninstalling a program might not work.

Manage computer certificatesManage computer certificates

In case everything else fails, and you want a way to manually take down a dangerous certificate, you will need to use the "Manage computer certificates" applications that Windows provides. Just open the Start Menu and type "certificates" (without quotes) until the previously mentioned name appears. When it does, click on it. Alternatively, you can open the Run menu by pressing the Win + R key combination, then type certmgr.msc and press Enter. In the window that shows up, expand the section named "Trusted Root Certification Authorities", click on "Certificates", then navigate your way through the list until you find the one(s) that bothers you and delete it with the right-click options. Just be careful about what you're doing, as mistakenly removing valid certificates could impact important applications or even your operating system's performance and stability.

Now that you know how to check for dangerous root certificates and how to deal with them, you might enjoy reading about "How to know if your PC is part of a botnet" or "How to a create a USB recovery drive for Windows 10".

Comments on Dangerous root certificates and how to deal with them