HP will be revoking a security certificate for its Windows-based systems on Oct. 21, and the vendor isn't sure yet how that will impact system reliability.

The bundled software on older HP PC systems has been at risk of being the front-man for malware, according to a report in the Kerbs on Security website. This code-signing is supposed to give computer users and network admins confidence about a program's security and integrity. HP's Global Chief Security Officer Brett Wahlin said the company is revoking a certificate it's been using even before 2010.

HP was recently alerted by Symantec about a curious, four-year-old trojan horse program that appeared to have been signed with one of HP’s private certificates and found on a server outside of HP’s network. Further investigation traced the problem back to a malware infection on an HP developer’s computer. 

HP investigators believe the trojan on the developer’s PC renamed itself to mimic one of the file names the company typically uses in its software testing, and that the malicious file was inadvertently included in a software package that was later signed with the company’s digital certificate. The company believes the malware got off of HP’s internal network because it contained a mechanism designed to transfer a copy of the file back to its point of origin.

The means of infection here is the junkware shipped with all PCs, including HP's, according to HP 3000 consultant and open source expert Brian Edminster. In this case, the revoked certificate will cause support issues for administrators. The certificate was used to sign a huge swath of HP software, including crucial hardware and software drivers and components that are critical to Windows.

"This is one of the reasons that I absolutely loath all the 'junkware' that is commonly delivered along with new PCs," Edminster said. "I end up spending hours removing it all before I use a new PC." Recovery partitions on Windows systems will be at unknown risk after the certificate is pulled Oct. 21, too.