Security software: possible issues with scanning of secure web pages

Says the Daily Mail (UK) newspaper: -

Normally, browsers check the certificate delivered by a website and verify it has been issued by a proper entity, called a Certification Authority (CA). Security products make the computer 'think' they are themselves a fully entitled CA, thus allowing them to fool browsers into trusting any certificate issued.

Please read this: -
http://www.dailymail.co.uk/sciencetech/article-3574724/Is-antivirus-software-putting-risk-Programs-offer-lower-levels-security-browsers.html

I believe that Avast scans secure pages and checks security certificates but does it actually do what is alleged by the Daily Mail newspaper?

If what is alleged about Avast software is correct, which Avast software is affected? Is Avast Free affected, for example?

The news media are generally months behind as far as technical security stuff.

This may have been the case at one time but this article is virtually ancient history. Just look at the program versions image in the post for avast 2015 versions of avast 10.2.2218 & 10.3.2225.

The same appears to be true of other AV versions 2015 or even some 2014.

It’s also the reason why it’s important to update the program not just the VPS database. :slight_smile:

All I did was to submit the report to the attention of the forum. It is a very plausible scenario and any such report should be given some credence. It would not surprise me that it is not a problem with Avast but until I see justified statements to that effect, I am not going to be complacent. I note that Agnitum Outpost Security Suite and Panda Security are not said to be a problem. This does not surprise me since neither checks on security certificates. I know that Avast Free does and so I seek authoritative reassurance that Avast, especially Avast Free AV, is not afflicted with the problem.

My understanding is that the issue is that some security products make themselves proxies for https certification when that apparently should be the responsibility of the browser. I note that on my Windows 7 system on which Avast Free 11.2.2262 is installed, the browsers (Google Chrome and Mozilla Firefox) do attribute the certificates to authorities that are not Avast so I guess that Avast is not culpable. It would be a relief to me to be sure that this is so since I have installed Avast Free as the malware protection of preference on a number of Windows computers used by friends and relatives. They do online transactions so the matter is of direct concern to me.

I am by no means knowledgeable on the subject of web security but am aware of its vital importance.