A couple of weeks ago some very interesting Windows news flew by under the radars that I think deserves much more credit than it received, considering how much we rely on the web and the impact this has on making it safer.

In the September 2009 update to the Windows Root Certificate Program, Microsoft has added to the list of trusted root certificate authorities StartCom Ltd, notably its first member who issues amongst others free SSL digital certificates.

What this means in practice is that out-of-the-box in Windows 7 and if installed as an optional patch under Windows Vista and XP, free digital certificates issued by StartCom will be inherently trusted by the operating system and its applications.

Besides simple identification, one other benefit delivered by digital certificates is the ability to transparently encrypt and secure the connection to a server via HTTPS and this is what makes what Microsoft did so notable.

Up and until now the digital certificates market has been dominated by large corporations who charge quite a pretty penny for the privilege, limiting the use of HTTPS. Unfortunately at the same time due to the nature of digital certificates and the chain of trust, a limited number of root certificate authorities (CA) in operating systems such as Windows has limited the adoption of free digital certificates as offered by some companies like StartCom. Granted Firefox and Safari has supported many of the certificate authorities issuing free certificates for some time, Microsoft has not, until now.

With StartCom as a Windows root CA, web developers now have a practical free alternative for digital certificates if they wish to secure their websites or web services that by default works with Internet Explorer and other Windows applications.

Not only is this great for developers but even more so users who can look forward to more websites that encrypt the data they send to and receive from – reducing the risks of sniffing and man-in-the-middle vulnerabilities, especially when using wireless and public networks.