An open letter to Avast! Antivirus.

[theweaselking]

Dear Avast Antivirus:

Scanning things that come into my computer is cool. I'm okay with that.
This includes my email. Scanning my email, I'm okay with.
And I know you can't scan my email before delivering it to the mail client if I use SSL. I understand that. I'm also okay with that. That's why I told you to stop asking me about the IMAPS connections and just ignore them.

And after an update, suddenly, without asking, man-in-the-middle-ing my SSL connections, causing Thunderbird to start screaming about how all the mail servers have lying SSL certificates?

That's not cool. I'm not okay with that. You need to present that kind of thing as an OPTION. You can default it to "on". You can even put "(highly recommended)" next to it if you like - but that damn well needs to be something that I know about BEFORE Thunderbird reports that someone is impersonating my mail servers, because that shit is a sign of something Seriously Wrong With The Internet and I should NOT have to dig up the lying certificate to realise that you did it.

And now I've just turned the mail scanner off completely, because seriously, fuck that.

Not cool, Avast. Not cool.

Love: Me.

Comments

[andrewducker]

I hate SSL MITM systems. Our work proxy does that, but they only set up IE to automatically have the right certificates, which means that I intermittently have to import them into Firefox so it doesn't complain about impersonation attacks.

[endotoxin.livejournal.com]

I've got one MS system that I use for a media center, and I run MS Security Essentials. It's the least angry of the AV solutions.

[theweaselking.livejournal.com]

Yeah, but I've been using Avast for years, and I like most of it's quirks. This was just a new and NOT-liked one.

[maelorin]

not cool.

i had to put up with this kind of chicanery at work for a while. our sysadmins (a) couldn't understand what i was complaining about, (b) see why i had a problem once they did, and (c) told me to stop doing what i was doing so it would go away ... a winning solution, for sure. just don't read emails. even those from tech support regarding this problem. sure, why not.

[lafinjack.livejournal.com]

...and I like most of it's quirks.

Also, pirates!

[pappy-legba.livejournal.com]

What is the reason for leaving the mail scanner on in the first place? Does it do something else that isn't blocked, or do you have some nonsecure email transfers going as well? (It's your business, but for my money unsecured transfers are a risk than anything Avast could prevent).

I use avast as well, but the portions of it I leave activated are carefully picked-- two or three scanners out of the dozenfuck or whatever it offers. The email scanner isn't one of them, for the reason above. My experience is that the filesystem shield will catch anything the minute that the mail client tries to write to the disk.

[theweaselking.livejournal.com]

What is the reason for leaving the mail scanner on in the first place?

Laziness. Basically. Turning it off sets alarms, figuring out how to turn off the alarms is annoying, and it doesn't do anything and so doesn't cost any more resources than the existing client does.

My experience is that the filesystem shield will catch anything the minute that the mail client tries to write to the disk.

True, but that's too late if the email compromised your mail client. This *was* a major concern, back like 15 years ago. Now, not so much - and in theory, you turn off SSL in your mail client, and Avast does all the SSL stuff, scans your mail, then hands it off to your mail client locally.

In practice, no. SSL.

[pappy-legba.livejournal.com]

Ah. I think I sidestepped the alarms by customizing the install and never installing the mail scanner to begin with-- which might help if you ever have to re-install on a scale small enough to manipulate individual installations.