For someone that is concerned with verifying file checksums, state sponsored attacks, etc...
I'm surprised you are using Avast! Good antivirus, but I had to remove it when they started snooping on users encrypted traffic.
(MITM traffic interception using pre-installed certificates)
Heres a good write-up for anyone interested:
http://www.thesafemac.com/avasts-man-in-the-middle/OT maybe, but interesting nonetheless!
I just verified my Google SSL certificates in Chrome are signed by GeoTrust Global (not Avast), and BofA by VeriSign.
And Avast is blocking
https://revoked.grc.com/ (revoked certificate test mentioned in that article).
On Firefox, it is blocking the revoked certificate, but it *is* using its own certificate on google.com! Just disabled HTTPS scanning. Bad Avast!
Thanks