The "Virus definitions version" is 151230-1." I pay for this version of Avast. My program version is, as shown in my first post.
Downloads in iTunes will also sit at 0kb a second until I disable Web Shield, this I can also reproduce 10 out of 10 times. And again, web shield affects downloads that go through iTunes, as in the actual program, which is devoid of a browser at all. I tried FireFox and Internet Explorer and it made no difference. I can reproduce this issue 10 out of 10 times.Ĭhanging the browser does not make a difference. Windows will initiate a download, like I can pick a place where to save it on my computer, but it will sit at "0kb a second" until I turn off web shield, then it will immediately start downloading. With webshield up the podcast will not play, and will not download. I recommend you to turn this off if you value internet privacy.That is indeed the podcast. There is a checkbox in “preferences” in Avast that says “scan secured connections”.
(2) Unsecure website certificates (maliciously exchanged, cracked or shared with third-parties) will be accepted by your browser and the whole concept of secure, encrypted and authenticated connections is ignored. (1) Man-In-The-Middle attacks by any person exchanging the website's keys to their own so that they may tap in on your connection will go unnoticed by your browser. This completely compromises internet privacy. There is no other way for Avast to decrypt the connection than to generate its own certificate with a known derived decryption key, then signing them with a custom Root Certificate from Avast installed on your system. Scanning encrypted SSL/TLS sockets requires that Avast can decrypt the connection.
This is happening because as others described, the Mail/Web shield needs to be able to scan your web traffic before it is saved on your system / does any harm.
If it worries, you, you can disable this behavior - go to Settings>Active Protection>Web Shield>click on "customize" and tick the box next to "Disable HTTPS scanning." If you do this, avast! won't be able to proactively block malware on HTTPS sites.
Whether this behavior presents additional security issues is debatable but I don't think it's something you need to be deeply concerned about - after all, your own antivirus software is doing the man-in-the-middling, not a malicious party. I'm guessing this is what avast! is doing.
The solution that many antivirus programs use is to install its own SSL certificate as a root certificate so that it can essentially man-in-the-middle all HTTPS traffic to scan for malware. This presents a risk because if you download a virus, the antivirus software won't know about it until the download is finished and the virus is already saved to your hard drive, allowing criminals to bypass the "live defense" features of AV by simply hosting the malware on an HTTPS site. As useful as it is, HTTPS presents a bit of a problem to antivirus software because when you visit sites over an encrypted connection, your antivirus software cannot see what sites you're visiting or what files you're downloading, at least until the download finishes. The whole goal of HTTPS is to prevent eavesdropping so that anyone monitoring your web traffic can't see what you're sending.