RCC - check your system's trusted root certificate store

@Dzp5t

To be totally sure I would use these switches instead:

Otherwise you could miss some hits.

 

Interesting announcement from Mark Russinovich (Sysinternals / Microsoft)

"Find rogue certs: Sigcheck update coming that reports machine trusted certs not in Microsoft trusted cert list"

https://mobile.twitter.com/markrussinovich/status/678791374611677184

 

I currently get a "database not up to date" error when running RCC, is it programmed to stop working after a certain amount of time?

 

thats normal for a time limited use - each rcc has an expiration date (my experience)

 

Bad idea if you ask me, what happens when RCC development is stopped, know what I mean?

 

idd a decent tool - it makes me control my certs manually

 

A new version, with updated database is out:
RCC

 

Welcome heads up on that. Thanks.

 

Thanks, will check it out. But I still think it should not stop working after a certain amount of time.

 

RCC should either stop working, when database is outdated,
or better auto update it's database...

 

I think svenfaw has said he is looking to make it autoupdate but other things in life are taking up his time at the moment..I'd be more than happy to pay for a version that autoupdates.

 

Why should it stop working?

 

Scanning with outdated database will give false positives on legal certificates, that are newer than database.
Not good.
My opinion is, that RCC better stops working, than give false warnings.

 

RCC 1.58.259 beta is now available. Added detection of root certificates carrying private keys.

 

Hm... is it good or bad that it found a private key for "NVIDIA GameStream Server"?

Anyone else having the same?

 

Based on some quick research, it appears that this private key is randomly generated and unique per installation, which is good news.
However, if you are not OK with your graphics driver running a web server on your PC, you could try rolling back the driver, then reinstall it without the extras.

(source: http://answers.microsoft.com/en-us/...0/6de3cdd6-cb0a-478b-aca6-2f36e2eb85f6?auth=1)

 

RCC 1.59.265 beta is out

Always check here: http://trax.x10.mx/apps.html

 

A new build is out today:

Code:

RCC.exe       1.60.268 beta    48640    SHA1: f8453db0de0519dcfb00b5a67594acc67bceff19  <<

* Improved Firefox root store support
* Improved performance
* Updated signatures

 

* Google distrusts “widely trusted” Symantec root certificate
* Proactive measures in digital certificate security

Further Technical Details of Affected Root:
Friendly Name: Class 3 Public Primary Certification Authority
Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
Public Key Hash (SHA-1): E2:7F:7B8:775F:9E:0A:3F:9E:B4:CB:0E:2E:A9:EFB:69:77
Public Key Hash (SHA-256):
B1:12:41:42:A5:A1:A5:A2:88:19:C7:35:34:0E:FF:8C:9E:2F:81:68:FE:E3:BA:18:7F:25:3B:C1:A3:927:E2

MD2 Version
Fingerprint (SHA-1): 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2
Fingerprint (SHA-256): E7:68:56:34:EF:AC:F6:9A:CE:93:9A:6B:25:5B:7B:4F:AB:EF:42:93:5B:50:A2:65:AC:B5:CB:60:27:E4:4E:70

SHA1 Version
Fingerprint (SHA-1): A1B:63:93:91:6F:17:E4:18:55:09:40:04:15:C7:02:40:B0:AE:6B
Fingerprint (SHA-256): A4:B6:B3:99:6F:C2:F3:06:B3:FD:86:81:BD:63:41:3D:8C:50:09:CC:4F:A3:29:C2:CC:F0:E2:FA:1B:14:03:05


I successfully removed both certs on windows 10 without any issue. I hope Mozilla also remove these in next update.

 

I have been following this thread, and I've tried the RCC program (nothing flagged), but there is something fundamental I don't quite understand:

If Lenovo superfish and the rogue Dell root certificates were once on the Microsoft "approved" certificate list, is it correct to say that the RCC program would not necessarily have preemptively identified them?

It would seem to me there could be all manner of problematic OEM-installed certificates out there with security risks that simply haven't been discovered/publicized yet.

 

With latest build getting this:

7246E012BB46298AB964EDBAC98E13603111FB1A: ESET SSL Filter CA
Time of insertion: 2016-01-04 22:37:11 UTC

Recently installed Eset Nod32 9.0.349.0

 

Actually, RCC does detect these certs preemptively. Keep in mind that Superfish and eDellRoot certs were never on the Microsoft approved list (aka CTL). By default, RCC uses a copy of the Microsoft CTL as its trusted baseline. And I will soon add a 'paranoid' scan profile which will only include a small fraction of the CTL, since more than half of the certs in there are not used by any popular websites or applications.

 

This is because ESET performs a MITM to scan your HTTPS traffic.

http://support.eset.com/kb3126/?viewlocale=en_US

https://www.wilderssecurity.com/thre...-antivirus-software-lowers-your.375611/page-2

 

Unfortunately some OEM executables (on ASUS machines, for instance) are signed using these certificates.
Just something to keep in mind.

 

OK. Good to know. Thank you for your effort on this program.