In his blog at NetworkWorld, Paul McNamara discusses another problem that is in the Windows operating systems, XP and Vista. The root certificates that get issued by Microsoft, which is essentially declaring that the sites are without question, above reproach.

Mr. McNamara states that if, in Windows XP, you manually kill off any of the (apparently) 230 root certificates available in Windows XP Service Pack 2, Windows will, without your knowledge or warning, put the certificate back into service. Only by defeating the update feature in XP can this behavior be stopped. This once again means that Microsoft is playing the role of Big Brother, and asserting their judgement to always be superior to yours. These results are part of a report by security expert Paul Hoffman.

In the same paper, Mr. Hoffman reports that the behavior in Vista is much different, as here, there is no way whatsoever to turn off any of the root certificates presented by the Microsoft update program, nor can the update program be turned off. The only way to defeat this system is a ‘baby getting thrown out with the bath water’ method, which is disconnecting the computer from the internet.

Elsewhere on the site, Ellen Messmer writes about the progress of the Black Hat Security conference, and how Joanna Rutkowska, famous for her ‘Blue Pill’ rootkit unveiled last year, has asserted that the effort to subvert the Microsoft root certificate process is not trivial, but far from impossible. Part of the blame seems to come from the process of assigning the certificates, which has become automated. The major hurdle here is coming up with the $250 for the certificate.

Ms. Rutkowska stated she would finally be revealing the source code for the ‘Blue Pill’ rootkit within a few days of the conference.

Tags: microsoft, root certificates, windows xp, windows vista, big brother, rootkit, joanna rutkowska, blue pill, black hat  security conference