Avast disables the function to inspect HTTPS malware traffic after a Firefox 65 conflict.
Firefox 65, released last week by Mozilla, were users immediately affected by messages about’ Your connection is not secure’ when visiting popular sites.
Firefox 65 users with AVG or Avast antivirus were mostly affected by this problem. The message appeared when users visited a HTTPS website and stated that’ Certificate is not trusted because the issuer is unknown’ and that’ Inappropriate intermediate certificates may not be sent by the server.’
The problem reported on the bug report page of Mozilla and first identified by Techdows is due to the HTTPS filtering functionality in Avast and AVG antiviruses.
Avast belongs to AVG. The bug prevented users from visiting any Firefox 65 HTTPS site. Mozilla decided to temporarily stop all automatic updates on Windows in order to reduce the impact on users. Meanwhile, Avast, owned by AVG, released a new update on the virus engine that completely disabled Firefox HTTPS filtering in Avast and AVG. Filtering HTTPS in other browsers remains enabled.
HTTPS antivirus filtering is a somewhat controversial feature designed to inspect malware web content in encrypted HTTPS traffic, but undermines the security and privacy of HTTPS. Avast and other antivirus companies do so by removing the Transport Layer Security (TLS) certificate from a site and by adding their own certificate. This certificate is signed by the trusted root authority of Avast and added to the Windows and major browsers root certificate store.
The technically used method is a man-in – the-middle attack (MitM) that has been criticized by Google, Mozilla and others to create more security risks for users.
Avast argued earlier that his MitM technique is necessary and that his method differs from a malicious MITM. Further HTTPS certificate problems for antivirus products could be encountered in Firefox 66, which gains a new feature that detects and warns users when a MitM attack is carried out by a third party app.
A new error message,’ MOZILLA PKIX ERROR MITM DETECTED,’ will be displayed if Firefox detects that something intercepts the connection and injects certificates on the user’s system or network in a way that Firefox does not trust. Chrome has a similar feature already.
