Secure Socket Layer (SSL) certificates have made e-commerce more secure, according to VeriSign, but a US security researcher reckons benevolent rootkits served by the retailer might do a better job.
SSL certificates are issued to merchants by Certificate Authorities to indicate to the consumer it is a legitimate business. The rootkit which Dan Geer, VP and chief scientist at security company Verdasys, has proposed would take over the security function of a customer during a transaction by placing it within the merchant's trusted environment.
Geer proposes that merchants ask their customers whether they would like an "extra special secure connection" prior to making a transaction. If a user says "Yes", the merchant could install the rootkit on a customer's PC to make the transaction safe.