(2) Unsecure website certificates (maliciously exchanged, cracked or shared with third-parties) will be accepted by your browser and the whole concept of secure, encrypted and authenticated connections is ignored. (1) Man-In-The-Middle attacks by any person exchanging the website's keys to their own so that they may tap in on your connection will go unnoticed by your browser. This completely compromises internet privacy. There is no other way for Avast to decrypt the connection than to generate its own certificate with a known derived decryption key, then signing them with a custom Root Certificate from Avast installed on your system. Scanning encrypted SSL/TLS sockets requires that Avast can decrypt the connection. This is happening because as others described, the Mail/Web shield needs to be able to scan your web traffic before it is saved on your system / does any harm. If it worries, you, you can disable this behavior - go to Settings>Active Protection>Web Shield>click on "customize" and tick the box next to "Disable HTTPS scanning." If you do this, avast! won't be able to proactively block malware on HTTPS sites. Whether this behavior presents additional security issues is debatable but I don't think it's something you need to be deeply concerned about - after all, your own antivirus software is doing the man-in-the-middling, not a malicious party. I'm guessing this is what avast! is doing.
#HOW TO DISABLE AVAST WEBSHIELD INSTALL#
The solution that many antivirus programs use is to install its own SSL certificate as a root certificate so that it can essentially man-in-the-middle all HTTPS traffic to scan for malware.
This presents a risk because if you download a virus, the antivirus software won't know about it until the download is finished and the virus is already saved to your hard drive, allowing criminals to bypass the "live defense" features of AV by simply hosting the malware on an HTTPS site. As useful as it is, HTTPS presents a bit of a problem to antivirus software because when you visit sites over an encrypted connection, your antivirus software cannot see what sites you're visiting or what files you're downloading, at least until the download finishes. The whole goal of HTTPS is to prevent eavesdropping so that anyone monitoring your web traffic can't see what you're sending.
0 kommentar(er)
