Why does Windows 8 User Access Control (UAC) provide an invalid security certificate to verify OS changes? Why has Microsoft® refused to update this certificate and give it valid dates? This undercuts Microsoft®'s software assurance scheme. Nowhere in the Security Certificate article in Windows® Help did I find any recommendation to trust a certificate past its "Vaid to" date.
My PC with Windows® 8 OS was bought from a local Staples office supply store off-the-shelf in factory-sealed carton on November 21, 2013. The PC was un-boxed by this end-user; Windows® 8 was activated online with Microsoft®; and the product was registered online with the OEM, h-p, on Nov. 22, 2013. After activation, all patches and other software pushed by Windows® Update were installed in November and December 2013.
Microsoft® Windows® UAC always required the end-user as administrator to accept responsibility for approving the installing of any patch or update or other change to the system software. In January, 2014, and ever since then, it was noticed that UAC provided a Security Certificate for assurance of the software quality, but the Certificate was no longer within its valid dates. The certificate provided in UAC specified that it was Valid from: 4/12/2012, and Valid to: 7/9/2013. The system was sold as new on November 21, 2013, more than four months after the validity expired, for this Certificate issued to Microsoft® Windows® by the Microsoft® Windows Production PCA 2011.
. Although some others of Windows'® Security Certificates were updated for some other changes made from time to time, this cert. was never updated. This expired cert. continues to be in use by Windows® 8 and UAC to this day, with the same dates, the same cert. that expired years ago!
Windows® Help on-line, when searched for information on security certificates, gave little specific description. The write-up did not advise relying upon certificates outside their valid dates, and it seemed to be tending toward distrust of certificates with expired validity dates. Thus, there is no assurance that all of the software items that Windows® Update has installed, have been entirely free of malware.
(Windows Update itself seems defective in the past six months, as it repeatedly calls for downloading patches with KB numbers that were already installed, some of them even last Fall, and that are already shown as Installed in the Installed Updates list window. Perhaps this trouble resulted from a software change that was certified by the same cert.; the invalid, expired certificate. Perhaps Windows Update itself was altered and is now recommending replacing a specific security patch with a piece of new software that will remove some of the protection measures or create a specific "backdoor" for the FBI, NSA, ChiComms, or other malefactors. With the software security assurance basing itself on a presumably ineffective, outdated certificate, any such scheme seems to be possible.)