Digital certificates are the basis of reputation-based security technologies, but if you can't trust the authenticity of the certificates, they're worse than worthless (because they give you a false sense of security). A Kaspersky Labs researcher says Windows doesn't clearly indicate when a certificate has been tampered with - and that means malware authors can alter certificates and use them to get their malicious code into your network. This was brought into the spotlight when the Stuxnet worm last month used fake Verisign certificates. That certificate was revoked by Microsoft and Verisign so new software can't be signed with it.
Read more here: