How To: Scan your computer for malicious and untrusted root certificates

Avatar

MMC Certificates

While a tremendous amount of people uses the Internet every single day, few know exactly how it operates or what it is even structured like. Take today’s topic of conversation, for instance. Root certificates operate at the base level of the Internet so that our systems can communicate with each other, establish connections and generally work with a variety of apps and services in otherwise impossible situations.

It is worth remembering that the above is only true for legitimate certificates. For the average user, even for those with some technical expertise, knowing the difference between legitimate and malicious root certificates is not an easy task. Untrusted root certificates like Dell’s “eDellRoot” which also prompted this article can be employed for a variety of malicious uses such as executing man-in-the-middle attacks using PCs with that certificate.

Despite the fact that malicious or just unsecure root certificates can be a huge security risk, most users do not actually need to worry about them. During the last few months we have seen an unfortunately high number of major incidents, first by Lenovo and now by Dell, two companies which represent a huge part of the world’s PC market share. If you are worried that your computer may also have an untrusted root certificate then you should definitely check out RootCertificateCheck or RCC for short. This tiny app is operated entirely from the command line and the entire checking process will not take more than a few seconds.

Using RCC

The most obvious first step is to go ahead and download RCC. Sven Faw, the developer of the app, has quite a few more tools on that page which you may want to check out too.

Once you download the file, move it to a location of your choice. Then, right-click on that location while holding the Shift button and choose the option that reads “Open command window here”. We do this so that RCC can actually operate from the command line. Another method would be to open a normal CMD window and then redirect it to our desired location with the cd command but the Shift + Right-click method is far easier.

RootCertificateCheck

Now that you have a CMD window in the correct location, all you have to do is type rcc and press Enter. The application will automatically scan your computer, compare what it finds to a list of trusted root certificates and then highlight any controversial ones. But when I say controversial, I do not mean they should be deleted or even that they should not be trusted. It simply means that they may be a threat so you will have to check them manually in order to be sure.

Checking highlighted root certificates

The most obvious solution here is to search the internet for more information about the certificate, why you may want to keep or remove it from your system and what may be causing its controversial status. Additional information can also be gathered from the Microsoft Console Management utility.

The easiest way to use that is to type certificates in your Start menu and press Enter. This will open a dedicated MMC window with all the root certificates in your computer. Technically, the best way to view your certificates is to open an MMC window (mmc.exe) and add a new “Certificates” snap-in that holds information for your user account only. My method will show you every single certificate present in your PC but I doubt that is going to be a problem for you.

When you are certain that a root certificate needs to be removed from your computer, open the aforementioned platform, right-click on a certificate and choose the “Delete” option. It is as easy as that but you should always be careful not to remove trusted certificates as it may cause issues in your computer.