GDPR: Avira Free AV (freshly installed) - injects MITM TLS interception Root Certificate in the certificate store
I have installed Avira Free antivirus today and i was looking at my system's Root Certificate Store... Avira injected a Root CA ("Avira Security NetProtection Root 2") for MITM interception / scanning even if i do not want the TLS / Web scanning functions - (they are not even available for the Free AV edition)
Key usage parameters of the certificate are: Certificate Signing, Off-line CRL Signing, CRL Signing (06)
i have now revoked this Root CA... but why would even Avira inject such a privacy-invasive root certificate from the very first initial installation steps without explicit consent for it?
The general click-wrap EULA does not constitute such a consent because the product that i downloaded to install (Avira Free AV) is not supposed to have web browser interception / scanning functions at all. Is it trying to intercept other data?
-
Actually many famous AVs like Bitdefender, ESET, and Kaspersky also do that.
0
Please sign in to leave a comment.
Comments
1 comment