How Avast’s HTTPS scanning feature works (the short version)
Avast is able to detect and decrypt TLS/SSL protected traffic in our Web-content filtering component. To detect malware and threats on HTTPS sites, Avast must remove the SSL certificate and add its self-generated certificate. Our certificates are digitally signed by Avast’s trusted root authority and added into the root certificate store in Windows and in major browsers to protect against threats coming over HTTPS; traffic that otherwise could not be detected. —Avast blog (2015)
Avast whitelists websites if we learn that they don’t accept our certificate. Users can also whitelist sites manually, so that the HTTPS scanning does not slow access to the site.
In the time of malicious groups harvesting data at alarming rates, the last thing you want to do is offer up more personal data directly to companies.
Avast has the ability to:
- Scan your emails (content intelligence)
- Intercept traffic at will (even if thought to be secure (on the web))
- Gather habits (visited websites…)
- Scan general content
If you’re looking for privacy you may want to switch off your anti-virus, use an isolated machine or uninstall the anti-virus software all together.
Sadly, we’re faced with many techniques to learn in avoiding malicious content, so surfing without full malware protection is not a good idea. A scan of the system once in awhile with different types of malware hunters should keep a machine clean.
Avast is not the only anti-virus to do this. There is Kaspersky and ESET that I know of.
Have a good day!