Windows 8 and 8.1 Forums


Win 8 UAC Relies On an Expired Certificate for Assurance!?

  1. #11


    Harrisonburg, Va.
    Posts : 10,488
    Windows 8.1.1 Pro with Media Center


    Quote Originally Posted by RxDdude View Post
    Quote Originally Posted by David Bailey View Post
    Screenshots would help.
    Thanks, Mr. Bailey. I can supply screenshots [actually, JPEG photos - - haven't figured out how to get a screenshot in Windows 8 since the simple, old ALT+PRT SCRN seems to have been eliminated by our benefactors at Microsoft®], but I am kind of bushed, stayed up all night preparing these replies with carefully selected post-consumer and recycled electrons, and would like to post photo or two after I can have a couple of hours of sleep. Have to get some tasks done, too, others will be waiting. Look for me by 11 PM this evening, though.
    alt+print screen still works.
    It captures the active window.

    Print Screen key captures the whole screen.

    Paste into Paint or whatever & save as .jpg.

    A tutorial---

    Screenshots and Files - Upload and Post in Eight Forums

      My System SpecsSystem Spec

  2. #12


    When I tried to follow the steps you listed, I didn't get far.

    Click image for larger version

    When I clicked on System Protection I went straight to System Properties. Probably because I have UAC set to Never Notify.
    I'll change it to the default setting and see what happens.
      My System SpecsSystem Spec

  3. #13


    Made no difference with UAC set to it's default value. Did exactly the same as I listed above.
    I'm on Windows 8.1 Pro X64.
      My System SpecsSystem Spec

  4. #14


    Did find out how to view all certificates though:

    View or manage your certificates

    Applies to Windows Vista

    You must be logged on as an administrator to perform these steps.
    You can use Certificate Manager to see details about your certificates, modify them, delete them, or request new ones.

    • Open Certificate Manager by clicking the Start button , typing certmgr.msc into the Search box, and then pressing ENTER.* If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
    Click image for larger version

    Not sure if that helps this discussiuon or not but interesting none the less.
      My System SpecsSystem Spec

  5. #15


    Quote Originally Posted by Ztruker View Post
    Did find out how to view all certificates though:

    View or manage your certificates

    Applies to Windows Vista

    You must be logged on as an administrator to perform these steps.
    You can use Certificate Manager to see details about your certificates, modify them, delete them, or request new ones.

    • Open Certificate Manager by clicking the Start button , typing certmgr.msc into the Search box, and then pressing ENTER.* If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
    ----8<---

    Not sure if that helps this discussiuon or not but interesting none the less.


    Try this method instead, you can view more certificates this way. (Each individual user, service, as well as the local system)

    Start the program "mmc.exe" it should elevate to administrator, if it doesn't, be sure to run it as admin,

    Then go to File > Add or Remove Snap-In... > Certificate Manager > "Add >"

    Select the certificate store to show, and from there you can poke around at which certificates your computer has installed.


    The code signing certificates obviously won't show up here, only the certificates of the issuer, under certificate authorities.
      My System SpecsSystem Spec

  6. #16


    Posts : 7
    Windows 8 (x64)

    Paertial reply to hydranix, more tomorrow, perhaps ...


    1. Re your comment on UAC settings: The settings here are approved and recommended by Microsoft® as I have them set. Windows 8 gives me in System and Security\Action Center\User Account Control Settings, the following recommendation regarding the currently set level for UAC action:
    "Recommended if you frequently install new software and visit unfamiliar websites." Yes, I do install bunches of new software (mainly from Microsoft or Mozilla) every month, and I have task assignments that require me to seek information on websites all over, that I never saw before. Do you take issue with Microsoft's official policy in this area? It would be interesting to understand why.
    2.
    Quote Originally Posted by hydranix View Post
    ... The certificate was valid when it was used to sign and timestamp whatever software you are trying to run. This is all that matters, and even still, it matters very little in terms of security.
    Well, But, and However: the expired certificate is the only certificate used by UAC for the one time that User admin OK is granted, to run maybe 15 or more new patches and updates in one batch. With a number of these updates, the same certificate was used to get the User admin OK to completely replace a major program. For example, Internet Explorer m replaced by Internet Explorer n, or a .NET Framework version replacement, or a Service Pack - - all, new software packages, generated long after this certificate expired that is offered for assurance of genuineness of a new program.
    Another example: Skype for the Desktop is being pushed as an Optional install, a new program, not a replacement. Skype never before had appeared in the list of programs. These are new software; no UAC showed up with any valid certificate, to guarantee genuineness prior to the time at which the admin MUST give her or his approval. The files now have Year 2015 dates. The certificate expired in 2013.
    Windows does not offer us any UI to furnish any means of verifying that any Update for Windows 8 was certified by anything better than the expired certificate. If there is such, please refer me to well-recognized security authority that recommends relying on expired certificates for software security assurance. It seems risky, to me.
    If, as you asserted, valid dates don't matter to security, then, why would dates be carried in the certificate, to begin with?
    P.S. - - I don't pretend to have a lot of knowledge & training in the arcane inner workings of Windows, PKCS, etc. Am really looking to learn; to learn at least what I ought to & need to know for practical internetworking and for hanging onto my money and financial, etc., PII. So, seeing cert. expired, and nowhere finding gurus giving recognized expert guidance saying it doesn't matter, makes it seem risky. If you have found some Microsoft KBs or NIST or CERT or IETC or RFC documents that guarantee that such is not risky, please, share the references with me. - R.
    ==========================================================================================

    This document contains 100% post-consumer and recycled electrons. No animals were harmed in the production and transmission of this document.
    Last edited by RxDdude; 16 Jul 2015 at 05:12. Reason: clarity through elaboration, paragraphing, and correcting typos.
      My System SpecsSystem Spec

  7. #17


    Do you take issue with Microsoft's official policy in this area? It would be interesting to understand why.
    2.
    For me, because because I find UAC annoying. I'd totally disable it if it didn't interfere with using Settings.
      My System SpecsSystem Spec

  8. #18


    Posts : 7
    Windows 8 (x64)


    Quote Originally Posted by Ztruker View Post
    Do you take issue with Microsoft's official policy in this area? It would be interesting to understand why.
    2.
    For me, because because I find UAC annoying. I'd totally disable it if it didn't interfere with using Settings.
    Z. - Understandable. Microsoft@ asserts its risky, though, and am processing sensitive info on this W8 machine, so, will want to stick with UAC.

    Bailey Quote >> - "alt+print screen still works" You are right - it worked for me, too, tonight. It didn't work, the last several times, months ago. Maybe, signs of something corrupted somewhere. This machine has had some interesting manifestations from time to time.
    I uploaded the "screenshots" from the camera yesterday- - I'll have to try to get those pix organized tomorrow and post them. Good night.
      My System SpecsSystem Spec

  9. #19


    RxDdude what are you really trying to achieve?

    just read through this and all I can think is what are you really concerned/worried/scared about- identity theft and criminal acts online like your bank passwords stolen right?

    You are worried that when you install updates from Windows, you don't "trust" them because of the way Microsoft (boy, it's not like this company hasn't had problems in the way it programs its OS.. ha..) you don't trust them because of the way Microsoft doesn't update their Certificates..

    Ok well, look I can understand your concern about all the privacy stuff.. ok fine, but here is the real low-down deal no matter what you think.

    Even if you are the most safe,secure you ever could be on your computer, when you log into your "bank" website, the problem is, even your bank website can get hacked. So no matter what, your bank could be hacked etc.. It's very unlikely but you've seen the stories before, like SONY and many various other companies that have been "hacked" and information stolen etc..

    SO my advice is this : have 2 computers. Computer A and Computer B.

    Computer A (safe computer) will never do anything but just open the safest most secure browser, which some say is Chrome, and then ONLY go to your banking website and whatever sensitive websites and information you want to keep safe and secure.. Do not install anything on this computer.. NOTHING.. just only run the Windows Updates.. (which is funny because you don't trust that..)

    Computer B will be your do anything computer and don't care about what you do or people steal and see your privacy online and what not.. this computer you can just keep reinstalling windows or whatever to rid yourself of anything you are afraid of.. Computer B will NEVER do anything SENSITIVE online or use Emails or anything that require you to type passwords etc..

    Now I can't wait for you to throwdown your comments at me telling me I don't have degrees in ....

    but i'm only trying to help man.



    **Edit -
    oh and I neglected to mention having two computers costs nothing these days.. It's sometimes less than $250 for computers and for that "safe" computer A that you won't do anything with that could harm your identity..etc - isn't that worth it? It can be a Laptop and small so it's not in the way either.. etc..
    Last edited by brooksndun; 17 Jul 2015 at 11:43.
      My System SpecsSystem Spec

Page 2 of 2 FirstFirst 12
Win 8 UAC Relies On an Expired Certificate for Assurance!?
Related Threads
Windows 8.1 Expired Problem in Windows Updates & Activation
Hi, I just bought a new laptop last month and it has windows 8.1 by default. And today there's a pop up that said I need to activate my windows. I dont know what should I do, it said that it will expire in April 28th. When I checked on properties the windows is Windows 8.1 Single Language and...
49314
8.1 preview has expired in General Support
I was never given the option to upgrade to 8.1 official from the preview. Now the preview has just told me it expired and will reboot itself every couple hours. I'm in the middle of a huge project right now. Does anyone have any ideas? I was actually planning to buy a new computer in the next...
More... See also: https://www.eightforums.com/tutorials/5757-compare-windows-8-editions.html
Eight Forums Android App Eight Forums IOS App Follow us on Facebook