Why is 'avast! Web/Mail Shield Root' listed as CA for google.com?

889    Asked by Ankesh Kumar in SQL Server , Asked on Jul 12, 2021

I just noticed something weird in my browser: the certificate for www.google.com has been issued by avast! Web/Mail Shield Root. Is it okay or should i be worried? I am using avast! Antivirus so it's probably a built-in feature, but I don't know why this is happening? Are there any benefits or risk involved

Answered by Aashna Saito

The objective of HTTPS is to prevent eavesdropping so that anyone monitoring your web traffic can't see what you're sending. As useful as it is, HTTPS presents a bit of a problem to antivirus software because when you visit sites over an encrypted connection, your antivirus software cannot see what sites you're visiting or what files you're downloading, at least until the download finishes. This presents a risk because if you download a virus, the antivirus software won't know about it until the download is finished and the virus is already saved to your hard drive, allowing criminals to bypass the "live defense" features of AV by simply hosting the malware on an HTTPS site.

The solution that many antivirus programs use is to install its own SSL certificate as a root certificate so that it can essentially man-in-the-middle all HTTPS traffic to scan for malware. I'm guessing this is what avast! is doing by listing Avast! web/mail shield root as CA for Google.

Whether this behavior presents additional security issues is debatable but I don't think it's something you need to be deeply concerned about - after all, your own antivirus software is doing the man-in-the-middling, not a malicious party. If it worries, you, you can disable this behavior - go to Settings>Active Protection>Web Shield>click on "customize" and tick the box next to "Disable HTTPS scanning." If you do this, avast! won't be able to proactively block malware on HTTPS sites.




Your Answer

Interviews

Parent Categories