Author Topic: Fraudulent certificates in certmgr.msc  (Read 18408 times)

0 Members and 1 Guest are viewing this topic.

Offline ehmen

  • Poster
  • *
  • Posts: 449
Fraudulent certificates in certmgr.msc
« on: February 19, 2015, 07:14:00 PM »
Hi, I discovered a bunch of untrusted and fraudulent certificates in my certmgr.msc, see attachment.
Is this indicative of any threats on my computer, or is it normal to have such certificates? And should I delete all of them (especially those that haven't expired yet)?

Thank you.
« Last Edit: February 19, 2015, 07:24:42 PM by ehmen »

Offline ehmen

  • Poster
  • *
  • Posts: 449
Re: Fraudulent certificates in certmgr.msc
« Reply #1 on: February 23, 2015, 02:32:55 AM »
Is anyone familiar with the Certificate Manager and can help me out here?
Thanks in advance!

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31366
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Fraudulent certificates in certmgr.msc
« Reply #2 on: February 23, 2015, 03:00:33 AM »
How many times is it that you need to be told you are trying to do things that are way over you head before you understand it?

Offline ehmen

  • Poster
  • *
  • Posts: 449
Re: Fraudulent certificates in certmgr.msc
« Reply #3 on: February 23, 2015, 05:20:56 AM »
How many times is it that you need to be told you are trying to do things that are way over you head before you understand it?
None Eddy, since I'm asking for advice and not for constant insults (knee-jerk at that).

And what am I "trying to do" as you put it, that's over my head? I'm just asking if it's okay that there's fraudulent certificates on my computer, and if other people have them as well (which would tell me that it's quite a normal occurrence for whatever reason).

« Last Edit: February 23, 2015, 05:24:37 AM by ehmen »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: Fraudulent certificates in certmgr.msc
« Reply #4 on: February 23, 2015, 11:33:16 AM »
Hey, I have a lot of certificates there too. Maybe Polonus could help us how to scan/remove most of them... Or Pondus, or any other who knows how to manage the certificates...
The best things in life are free.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Fraudulent certificates in certmgr.msc
« Reply #5 on: February 23, 2015, 02:36:29 PM »
Hi ehmen and Lisandro,

We are glad to be of help and now with Superfish and PrivDog scandal unfolding, it is mighty important to manage root certificates to avoid MIM attacks and I mean that this is important for everyone.
Read here: https://support.quovadisglobal.com/KB/a41/how-do-i-check-my-certificates-on-firefox.aspx?KBSearchID=27234
On Chrome devices: https://support.google.com/chrome/a/answer/6080885?hl=en
For the Chrome Browser: https://support.google.com/chrome/answer/95572?hl=en

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81786
  • No support PMs thanks
Re: Fraudulent certificates in certmgr.msc
« Reply #6 on: February 23, 2015, 04:37:16 PM »
Isn't the whole point of the untrusted certificates is to act as a reference blacklist so as not to allow these certificates if you come across them during browsing, etc.

I can't recall who updates these untrusted certificates - windows updates or other source.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.7.2388 (build: 19.7.4674.494)/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: Fraudulent certificates in certmgr.msc
« Reply #7 on: February 23, 2015, 07:58:52 PM »
Not to allow these certificates if you come across them during browsing, etc.
But I never allow anything and there are tons of certificates there...
Thanks Polonus. Can you help me writing a blog article about these two incidents? (Superfish and PrivDog).
Better than everything else:
1. What should we do?
2. What are the limits of the suggested protection?
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81786
  • No support PMs thanks
Re: Fraudulent certificates in certmgr.msc
« Reply #8 on: February 23, 2015, 08:13:06 PM »
That's the point, you don't have to allow Trusted Certificates, it is why they are issued so you can prove who you are as such - so without something like the Untrusted Certificates they too would be classed as trusted and would sail through.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.7.2388 (build: 19.7.4674.494)/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: Fraudulent certificates in certmgr.msc
« Reply #9 on: February 23, 2015, 10:22:48 PM »
How can I check the list of my certificates?
The best things in life are free.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: Fraudulent certificates in certmgr.msc
« Reply #10 on: February 23, 2015, 10:28:15 PM »
The untrusted are a checklist aka a blacklist, windows will treat any so marked as bad

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31366
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Fraudulent certificates in certmgr.msc
« Reply #11 on: February 23, 2015, 10:36:22 PM »
Expired certificates from DigiNotar should be removed.
They where hacked in 2011
The company has be gone since 20 september 2011 (bankrupt).

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: Fraudulent certificates in certmgr.msc
« Reply #12 on: February 23, 2015, 10:53:58 PM »
Expired certificates from DigiNotar should be removed.
They where hacked in 2011
The company has be gone since 20 september 2011 (bankrupt).
Can't find any expired or DigiNotar certificate in my list...
The best things in life are free.

Offline ehmen

  • Poster
  • *
  • Posts: 449
Re: Fraudulent certificates in certmgr.msc
« Reply #13 on: February 24, 2015, 01:58:47 AM »
Thanks everyone for your input.

Bottom line: should I delete all of the untrusted and fraudulent certificates or only specific ones?

Thank you.

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5351
  • Spartan Warrior
Re: Fraudulent certificates in certmgr.msc
« Reply #14 on: February 24, 2015, 03:55:32 AM »
Thanks everyone for your input.

Bottom line: should I delete all of the untrusted and fraudulent certificates or only specific ones?

Thank you.
Hi ehmen,

Tho you may not care for Eddy's advice, be mindful of what you do.  The certificate listing is a list Windows uses to prevent potential harm to your computer.  This list is sometimes updated by Microsoft in one of their periodic Windows Updates called 'root certificates'.

https://en.wikipedia.org/wiki/Root_certificate 

The difference between any user that knows what they are doing and the ones that don't, basically is the difference between fixing something that needs to be fixed and not fixing things that don't.   

So the fine line between fixing things one wants to fix must be tempered with an acute and accurate assessment over what, if anything, needs to be fixed at all.  Just because one has control over a system does not mean that one should fix things just because they can. 

Not without first imaging their system disk in case disaster strikes.  If an image is created first, one can do whatever they want and recover.  If one wants to experiment, then imaging is a must do.

Again, "if it ain't broke, don't fix it".

Learning something new is a good thing, but it must be tempered with research and caution and restraint.

If one always follows these three conditions, one can come to the best and correct decisions, and one does not have to then fix a system they broke unnecessarily.  Nothing wrong with learning new stuff, it is when to apply that new knowledge, and to what degree, that will make the difference long-term for all users, not just you. 
« Last Edit: February 24, 2015, 04:09:39 AM by mchain »
Windows 10 Home 64-bit 1809 Avast Internet Security version 19.7.2388 (build 19.7.4674.520)   Also called Avast Premier Security