> Why are keystore components written by Microsoft peculiarly unworthy of > trust? There was a flaw in IE, although it has been fixed, the flaw allows the attackers to delete certificates from the keystore without any user notification. How can trust IE, it there is some very serious flaws like this one? You cannot. Also, have heard about Microsoft's Anti-Trust.