I have serious concerns about the HTTPS security of Web Shield in Avast Mac Security, because of its blindness to TLS certificate revocations.
This issue has been under public discussion since at least 2015:
http://www.thesafemac.com/avasts-man-in-the-middle/Avast for Windows is, apparently, capable of checking for certificate revocations:
"The only issue mentioned in their study is a lack of revoked certificates checking by Avast, which has been in the market since November 2015 and is fixed in 2016 products."
https://blog.avast.com/independent-test-shows-avast-offers-best-https-protection-in-the-marketBut in 2017, Avast Mac Security Web Shield retains this vulnerability. To check for yourself, navigate to
https://revoked.grc.com . With Web Shield turned off, my browser blocks access to this site due to its revoked certificate. With Web Shield enabled, I can visit the page without issue.
Will Avast Mac Security ever respect certificate revocation? It's concerning that Web Shield's HTTPS protection
undermines a critical security guarantee of the HTTPS protocol.