Avast and DigiCert Collaboration

Could somebody please point me to documentation regarding the collaboration between Avast and DigiCert?

Thank you.

Hi, not sure what you mean, DigiCert is a CA.

Yes, and there is a file, data_3, located here:

. . . AppData\Roaming\AVAST Software\Avast\Cache\Cache

And that file contains a lot of frequently updated information about these 5 certificates:

DigiCert Assured ID Root CA - - - DigiCert Assured ID Root CA
DigiCert Global Root CA - - - DigiCert Global Root CA
DigiCert Global Root G2 - - - DigiCert Global Root G2
DigiCert Global Root G3 - - - DigiCert Global Root G3
DigiCert High Assurance EV Root CA - - - DigiCert High Assurance EV Root CA

Other information caused me to think there was some sort of collaboration between the two companies, but if I am wrong I would certainly adjust my direction of thought on the matter.

Oh yes, and thank you for your attention to my line of enquiry.

You’re welcome. (https://en.wikipedia.org/wiki/Certificate_authority)

Thank you for the link, but what is Avast’s purpose in maintaining updates on those 5 certificates?

All Avast files are signed by DigiCert, nothing to worry about.

So my use of the vocabulary “collaboration” is correct, yes?

And I didn’t mean to come across as worried.

I am just wondering how this could be after what I thought were some problems between Avast and DigiCert. And then the DigiCert purchase of Symantec in 2017.

Do you know when the collaboration started between DigiCert and Avast?

Nope, it’s a paid piece of service.

Please just take that question of mine as an aside. That definition is not an important point.

But I would like to know where I can find any information about when Avast started using the DigiCert products?

After a number of hours searching the Net I was not able to find anything.

In fact, the information that Avast is using DigiCert products also did not turn up on the Net.

If anyone can point me to any documentation on any of this I would be very appreciative.

I’m not aware of any such info, but definitely as long as I can remember…

I have about three hours of research notes and the information that Avast is using DigiCert products did not show up in any of the many, many leads I checked.

But it is now out there, because I suspect the bots have picked up on this thread, and my own team on my site now knows about this, so this information isn’t going away. But our online meetings on my site are strictly confidential, so nothing gets leaked from there.

Also, during my research I found that there have been some folks in this business that have doubts about DigiCert products. There have been such discussions on this site, too.

For that reason the Avast customers probably should have already been informed of what we now have in this thread.

And that is just for starters.

By the way, now I am worried. I wasn’t before.

By the way, this all started because of that other thread and that signature code showing up in a regular Gmail account. If any of the employees had gone to the trouble to address that issue in that thread I might never have started down this DigiCert road I have gotten on. I waited for a fair number of business days for an answer to arrive in that thread, so it isn’t like I was pushing really hard. And I still haven’t gone into that at Google, except informally. Also in confidence.

Did you know the following, Asyn?

August 2017 was relatively slow on the M&A front. Symantec sold its website security business to DigiCert for $1 billion, plus a stake in the larger entity.

A lot of money at stake if somebody slips up.

Yep.

First of all let me thank CraigB for recommending in your recent correspondence that I continue my research and on that note I have a question for Asyn which is stepping away for the moment from the questions thus far answered that related to the Avast use of DigiCert products:

Is Avast inserting a security certificate of its own when I see the Avast Web/Mail Shield Shield Self-signed Root?

Yes, it’s needed for HTTPS scanning. (https://support.avast.com/en-ww/article/190/)

Thank you.

You’re welcome.

Please excuse me, because I wasn’t intending to carry that last line of questioning any further, but the following on that page you sent me is having me wondering what I am missing.

In answer to: “What is HTTPS scanning in Avast Antivirus?”

HTTPS scanning decrypts and scans encrypted traffic to detect potential mawlare (malware) contained on sites using HTTPS connections.

But in answer to: “Is the HTTPS connection still secure when Avast scans it?”

When the Web Shield in Avast Antivirus scans the HTTPS connection, the data being scanned remains encrypted and secure.

I am obviously missing something because I see a contradiction. Can you please help me?

And you better ask the company to fix that spelling on that page.

It’s quite complicated to explain in detail and I’ve no time for a tutorial, sorry.

Excuse me, but you placed that page before all reading this thread and that page is for all customers and so this …

decrypts and scans encrypted traffic / remains encrypted

… seems like it should be explained. Maybe we are to assume that “data” and “traffic” are two different things?

Anyway, if you have no time for explaining that, then please tell us where we go to receive the explanation we need.

“We” represents the company’s customers.

I believe serving the company’s customers is a part of your group’s purpose for being, yes?

Wait for one of the devs and/or submit a ticket: https://support.avast.com/contact (paid versions)