Bob3160. Thanks for your reply. What this has to do with Avast is that after the latest update from Avast, these problems started. Turning off Avast! (or at least the mail shield) worked around the email problem. I haevn’t yet had time to verify if turning off Avast! will work around these other problems, but I have never had these sorts of problems before, and Avast! is what has changed.

Eddy. Thanks for your additional reply. Sadly, it appears that your additional reply indicates that you don’t understand that certificates are the foundation of the encryption part of the SSL protocol. Turning off verification of the certificates in nPOPuk effectively means that you use the provided encryption keys from the certificates, without verifying that the certificates are actually from whom they say they are from, according to the certificate authorities. Turning off the verification opens up the SSL protocol to man-in-the-middle attacks (google that for more information about what such an attack is). The whole point of verification of certificates with a certificate authority is to prevent such attacks. But it seems that Avast is introducing a self-signed certificate that cannot be verified, and therefore email (and possibly other things) no longer work correctly, when verification is turned on.

I would, with my email clients, much rather have certificate verification in place than Avast! mail shields. However, for the web that is less appealing, as there are many scripts involved. It is not clear to me what the difference is between web shield and network shield; perhaps I should read more about that – I’m not sure what specific protections I get from each, nor it is clear that I can repeatedly access these sites I’ve had trouble with and get any further, or if, once my information has been received and treated as suspect, if it will continue to be treated as suspect because it is the same information, even if the original source of the suspicion is removed. So if I try these things with Avast! turned off, and they work, it is indicative that Avast! was the problem, but if they still don’t work, it really doesn’t prove anything, unless the company can be contacted and explain the original suspicion. Finding a support person at the company that actually understands the computer systems and implementations well enough to confirm what the source of the suspicion is might be extremely time-consuming, if even possible.

Because of the seemingly related problem with email, where my email client nPOPuk gave a good error message, and has good controls to understand what is going on, I was able to pinpoint Avast! as the source of that problem. So this makes me extremely suspicious of Avast! being the source of these other problems as well, but I’ll agree it isn’t (yet) proof. More when I get a chance to try these things again.

My mother (I’m her tech support) called yesterday having problems with her Thunderbird, which started right after her Avast! update. Since it sounded very similar, I had her disable the mail shield, and that also solved her problem.

Since I hadn’t had a problem with my Thunderbird, even with mail shield enabled, I looked at Thunderbird’s certificate list, and discovered that somewhere along the line, an Avast! self-signed certificate had been added to the trusted list. I removed it now, and enabled Avast! mail shield, and generated the same error she described on my own machine, I’ll attempt to attach it here.

This is Thunderbird’s way of saying the same thing that nPOPuk did: self-signed certificate can’t be verified.