Thanks for examining and testing the beta specimen9999.
After reading the technical info, I'm a bit concerned about the security implications. Thru the installation of the SSL CA Certificate in the Keychain the user is giving Avast! and any other program that manages to reverse engineer/hack this process complete control over the encryption trust chain, since technically Avast e resigning the connections with this certificate, if this process is somewhat hacked it could validate any otherwise untrusted connection.
I'm also giving quite a lot of trust to Avast!. The process detailed would be a quite perfect trojan horse and a smart way to circumvent the trust chain of SSL certificates.
We do not deny, that the process we are now using is a significant intervention into the SSL handling on the machine, but if done correct, it should not bring any security issues. After all, it is the mechanism that all antivirus software capable of scanning secured connections is using.
Also note, that to hack the process, you would need root rights. And a malware, that has managed it to run with root rights on your machine has already won and can use a plenty of other ways to affect SSL handling (e.g. install its own certificate into the system keychain).
...there are other ways to control viruses (File scan).
The problem is, that a "traditional" file scan will not protect you from a big group of malware attacking the web browsers/web content. That's why the web shield is there.
Another question is: Is the certificate that is inserted into System Root generated locally and different for every installation or it's the same cert for everyone?
As described in the technical info, the certificate is generated on install/update and is "uniq" for every installation.