Feeds

back to article AVG scanner blasts internet with fake traffic

Early last month, webmasters here at The Reg noticed an unexpected spike in our site traffic. Suddenly, we had far more readers than ever before, and they were reading at a record clip. Visits actually doubled on certain landing pages, and more than a few ho-hum stories attracted an audience worthy of a Pulitzer Prize winner. Or …

COMMENTS

This topic is closed for new posts.

Page:

Listings?

Why can't the people at AVG just maintain some sort of list of malware infected sites and push it out to customers along with the daily updates? FireFox often informs me of such sites long before my AV scanner notices. And is this built into AVG's free version?

0
0
Thumb Down

Traffic

This obviously sucks bandwidth from the host but doesn't it also impact the computer running AVG?

For the few poor shmucks still on dial-up or with metered connections, visiting a minimum of ten sites every time you do a search is ludicrous.

Time for a boycott AVG campaign.

0
0
Unhappy

I did wonder...

Having installed the latest AVG I was impressed that it was now managing to scan my email as it came in. (Using Pegasus with SpamPal usually meant that nothing was able to manage this.) I also spotted the little tick marks (or not) appearing in Google.

I presumed that AVG was looking up data that Grisoft had compiled in advance, rather than scanning each search result as it was found.

There's also an issue that this is eating up the users' bandwith which, although I'm not affected could be a problem with some contracts.

LinkScanner has now been disabled on my machines, until the situation changes.

0
0

DDoS attack on the budget?

Perhaps a case could be made for smaller websites that this is a DDoS attack on a large timescale against their budget. In that case, perhaps a cease and desist letter to AVG would be in order. Should that fail to work, then asking a court for an injunction followed by a class action suit for damages may be more effective.

-Daniel

0
0

No need for an AVG boycott

It's easy to disable this feature - just click on Link Scanner and uncheck AVG Search-Shield.

Us Opera users can retain our smug self-satisfied demeanour content in the knowledge that not only are we running the Saab of browsers but also that Link Scanner only works with IE and FF.

I wonder what the carbon footprint of Link Scanner is?

0
0
Anonymous Coward

They will just escalate an arms race

People will write stuff to detect this, AVG will than have to rewrite theirs, etc etc.

Really badly thought out idea, if you go mainstream with it.

Ideas like this work well for a few organizations, who get a bit of extra protection, but once the release is wide, the battle begins.

Ads need to be checked at source, not checked live it is daft at that point. And really just stop flash ads. The JavaScript model would be simpler, but really ads should be fairly static, and only if the site wants to jazz it up should it happen.

So, charge a premium if the person wishes to include code with the Ad as it should be checked, but run most of the ads as text input only. JavaScript could still be used as the medium to serve the Ad, but just not arbitrary JavaScript on input.

0
0
Alert

Hmm, interesting stuff

I *love* AVG, its a small, unobtrusive scanner thats saved my bacon a number of times. It doesn't dig resource sapping hooks into the system like other scanners, and its free!

That said, i clicked on "Don't upgrade yet" when it gave me details about Linkscanner, as it seemed like unrequired bloat to me as i only use Opera which has built in protection and is immune to 99% of attacks.

Of course, i have to upgrade soon, and i will, but i hope this "feature" can be turned off. Much like the system-twatting "Scriptscan" java scanning function in McAfee, its obviously more trouble than its worth.

0
0
Anonymous Coward

Defected

I tried AVG8 after being informed that version 7.5's database wasn't compatible and experienced a major problem with the link scanner in Firefox 2. At one point it was causing so much hassle, I had to not only disable the plug-in but totally remove it and seek a new virus killer.

Anti-Vir might not be fast but it's just as good as AVG and no pesky plug-ins!

0
0
Stop

AVG 8 bloatware

This new release from AVG is a resource hog. Its combined memory usage is ten times that of its predecessor, AVG 7.5. Adding unnecessary bloat to increase a product's "value" seems to be a common trend these days. Fortunately AVG are continuing to support 7.5 until 31st December so it gives me plenty of time to find a lightweight alternative.

0
0
Anonymous Coward

And getting rid of it is hard...

I accidentally installed this while installing AVG8. It was hard to get rid of (as a Firefox addon on Windows) since unlike normal Firefox addons, it came without an Uninstall function. The only way was to delete the Firefox folder in C:\Program Files\AVG\AVG8

But apart from that, AVG8 is just fine, so thanks AVG once again.

0
0

Translation

"I don't want to sound flip about this, but if you want to make omelettes, you have to break some eggs."

Translation: We don't give a shit. No, really, we don't.

0
0

Slower browsing experience

Yes, it does severely impact on computer speeds as it puts a big drag on web searching and so inhibits browsing. Occasionally it crashes the browser completely. The really annoying thing is that you can only stop it by disabling the AVG module, which leaves you with a grayed out AVG taskbar icon that prevents you being able to easily spot if AVG is not functioning properly. You can't unselect this function at the install stage and you can't change its parameters to lessen its grasp on your browser.

I used to be a die-hard supporter of AVG and have used it as my only AV at home for about many years. After half a day of swearing at this stupid idea (which should never have got past the initial testing stage) I switched to Avast!. I doubt I'll change back.

0
0
Thumb Up

Linkscanner works better than blacklists!

First off, I've recently switched over to using and recommending AVG 8 as the Linkscanner technology and low resource utilisation make it stand out from the crowd.

@Aditya

AVG's Linkscanner works a treat and is a better solution than blacklisting. It does realtime inspection, looking for known exploits and other nasties. Blacklisting relies on someone or some systems detecting a nasty and reporting it so the website can be added to the blacklist. There is usually a delay in blackilisting whereas Linkscanner protects in real time.

No other AV / security suite that I know about has the same level of protection as Linkscanner! Most AVs rely on blacklisting or watching out for the infection to be downloaded onto your system before reacting. Linkscanner uses many other techniques to ensure the malware stays on the server in most cases!

The realtime inspection feature of Linkscanner isn't included in the free version of AVG AV. You only get the search result inspection. Previous versions of AVG also restricted some features to be in the paid for version. AVG is, after all, a commercial company that needs to sell products to stay in business. The fact they provide a free edition with good and solid free protection is a great service to those who either can't afford or are too cheap to buy a license.

@foof

The new AVG 8 is VERY light on the host computer.

Users can do a custom install or switch off Linkscanner within AVG.

Agreed, it may not be for everyone, but anyone with even a half decent broadband connection shouldn't notice any difference when browsing the web. However, dial-up and big boy broadband users that provide poor service to their customers may well find it causes a lag in loading webpages.

Here's an example of where Linkscanner worked where other security solutions failed:

http://www.roundtripsolutions.com/blog/2008/02/06/317/forth-road-bridge-website-hacked/

It even made The Register at the time:

http://www.theregister.co.uk/2008/02/07/forth_bridge_hack/

It appears that nearly every day there is a story of another big website, that should be trustworthy, being hacked to serve malware. Technologies such as Linkscanner will provide the real time security that is needed to protect web users.

Bandwidth is cheap these days anyway. If smaller websites can't afford to pay for it then maybe they need to find alternate suppliers or reconsider their web presence.

As for webstats, most of the time they are a flaky indication for most businesses! Much better to measure the real business impact of your web presence i.e. visitors that convert to sales, number of user registrations, etc.

Keep up the good work Roger and AVG. Some of us appreciate your fabulous technology and what it can do to protect the end users from the ever increasing threats on the Internet.

0
0
Anonymous Coward

Phorm killed?

There is an obvious possible side effect to this however, unless I read it wrong. Won't this completely destroy phorm, or any targetted advertising service?

0
0
Unhappy

its AVG not spyware

Ah maybee this explains why ive been having so many problems getting goole to work in the last few days!

Ive been getting this from google:

We're sorry...

... but your query looks similar to automated requests from a computer virus or spy ware application. To protect our users, we can't process your request right now.

We'll restore your access as quickly as possible, so try again soon. In the meantime, if you suspect that your computer or network has been infected, you might want to run a virus checker or spy ware remover to make sure that your systems are free of viruses and other spurious software.

And ive run a whole slew of Anti Spyware apps... all clean.

0
0
Alert

pay per click?

Does AVG scan all pay per click links as well? some ad clicks cost well over $20 per click. Does Google filter that out of their billing? What incentive do they have to filter out bogus clicks.

0
0
Stop

Annoying for users too.

If you try and disable it through the AVG app, it triggers the "you're at risk of..." crap. Only disabling it's add-on component in Firefox let me get rid of it's annoying nannying ticks without being constantly nagged to turn it back on.

0
0

AVG 8 Linkscanner made my PC sloooooooooow

Slower than molasses on a February morning.....

I turned it off and normality was restored.

0
0
Anonymous Coward

Perhaps I'm just being dense here...

...but if this is scanning every link on a page, does that include CPC ads on search engines? Being someone who runs sponsored ads on Google, as much as I like AVG, I'm not sure I like the idea of paying money to advertise to a robot.

0
0

Anti-Phorm??

Isn't this a good way of fooling phorm-like tools?

0
0
D
Boffin

AVG without Linkscanner

You can still use AVG without the Linkscanner component.

Starting from afresh, run the installer with the command

c:\avg_free_stf_*.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch

My reasons for doing this were due to privacy concerns, more related to the use of search engines against every site I visit than AVG.

0
0
Joke

So has it helped

I mean, to drive up your ad price with all those hits.

0
0
Bronze badge

The Stupid, it hurts.

I upgraded to AVG8 in the belief that anti-virus updates for AVG7.5 were about to end.

Luckily I run Opera.

I anticipate changing my AV software in the very near future.

0
0
IT Angle

Just remove the component

There's an option during the install to get AVG without the linkscanner:

Run the installation with the parameters :

/REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch.

0
0
Go

I can't find it in my heart...

...to really care.

Let it destroy web analytics. They're pretty much fairy dust anyway. The whole pay per click issue is what made spammers target the web in the first place. I'm still on AVG 7.5 so I'm not contributing to the problem, but there's a part of me that views web marketeers with the same warm fuzziness I extend to RIAA and other wastes of skin.

Then maybe advertisers will begin to wake up from their daydreams about sticky eyballs and sneaky pop unders and all the rest of the pain they've inflicted on us.

The biter got bit. Boo hoo.

0
0

On the AVG site

there's instructions to install AVG without the linkscanner component although they're a challenge to find... Even if you've already installed it, running the installer again from the Run prompt with the arguements /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch will remove it/not install it in the first place

0
0

Wow!

John A Thompson, what a player you are -

"Bandwidth is cheap these days" - Erm, no its not.

"but anyone with even a half decent broadband connection shouldn't notice any difference when browsing the web" - LOL! Really. Maxing out the TCP/IP stack by clicking on 10 links all at once isn't going to have any effect because you have "fast" broabdnad... Yeah, right.

"If smaller websites can't afford to pay for it then maybe they need to find alternate suppliers or reconsider their web presence." - So innocent people should be forced out of business or move ISP or earn more.

Besides, how long is before Google gets pissed off with you (as you obviously work for the company, by the way) for increasing the load on its servers and finds a way to stop you in your tracks. Or do you expect google to add a few data centres to cope with the increase workload so you can sell some shite AV software.

After all, AV software is a lot of bollocks, it ain't stopping jack shit.

0
0
Unhappy

LinkScanner SUCKS! So dn't install it.

I have used and installed AVG since version 6. Great program. Still is! But the linkscanner is USELESS. I almost gave up on AVG because of it slowed down Google to the point it was UNUSABLE.

Install AVG WITHOUT LinkScanner!

(Forget where I found this)

# Download the AVG 8.0 Free Edition installation package from their website.

# Run the installation with the parameters /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch. One way to achieve this is to:

save the AVG Free installation file directly to disk C:\

open menu Start -> Run

type

c:\avg_free_stf_*.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch

# The installation will be started, and AVG will be installed without the LinkScanner component.

0
0
Unhappy

Protect us from AVG, not malware!

Thank you El Reg, you've just explained why we experienced an explotion of hits and at the same time the bounce rate went through the roof (which was distressing!). It's ruining our statistics which we put a lot of effort into setting up and aiming for accuracy.

Our Google AdWords are getting lots of hits so I'm hoping they're not being counted and charged to us - unless AVG are in bed with Google to raise their revenue?

Shame on AVG. I will be disabling this feature at once and advising all friends & colleagues to do the same - for the sake of poor website maintainers and investors. (Formally to this, AVG rocked!)

0
0
Thumb Down

@Wolf

And to the guys who actually aren't advertising, but will get nailed by the bandwidth costs? To the guys who run little shareware software outfits and won't have a clue where their visitors are really coming from, or whether they're real?

For a small company that lives and dies by traffic generated by search engines, this could be crippling.

It's not just about the big, bad, nasty advertisers - you know, the ones paying for the site you're reading for free.

0
0
Bronze badge
Flame

How rude

So, webmasters are guilty until proven innocent, then? Nice.

I can't help thinking it says a lot for AVG's confidence in their, y'know, antivirus product that they feel it necessary to stop you even going near a site that might try to give you, y'know, a virus.

I wonder if the search engines might be interested in attacking this practise from a legal angle; it can't do them any favours, either.

Altogether a rather arrogant and inconsiderate move by AVG, of whom I expected better. When I still used antivirus, I used theirs; that certainly would have changed with this news.

0
0
Flame

Break their eggs!

These increased clickins has been driving us nuts for 2 months. I think all the hosts should send them a bill for the increased bandwidth & break a few of their eggs.

0
0

This post has been deleted by its author

Link Scanner

I've had AVG 8 on my Vista laptop for a while (I couldn't download 7.5 when I got it), and Vista won't be on there much longer anyway.

This is something that I really loathe. Not only does it take up resources (bandwidth, CPU, etc) - it means that all the links on a page are going to be scanned - as well as possibly encouraging AVG to collect stats in the same way that phorm is!

I've got it disabled at present (with it therefore generating the associated warnings, alerts, greyed out icons, and general "We know best, TURN IT ON" attitude), but it's nearly enough to make me go elsewhere.

I want a simple anti virus program that does exactly that - not something that tries to control everything I do to make me "safe". Having said that - it's free, and therefore I have no right to complain that it doesn't do what *I* want, if it is what their paying customers want.

0
0
Gold badge

Make it just scan stuff the user clicks on.

Yeah, this sounds kind of crap. The idea is good in theory, but set it up so when a link is clicked on, it'll scan it THEN and warn if it's a naughty link. (Since it's an add-on I imagine it could do it this way.) Then it's still providing protection, while not clicking on stuff the user didn't ask for.

0
0
Happy

Just William

I don't work for AVG. Until recently I favoured Avast AV and AVG Antispyware for customer installs. Now it makes sense to just use AVG 8 - the paid for version. Avast has also became a bit bloated of late and does eat up resources and system cycles, which is a real shame as it is a nice product! My dream product would combine the best parts of AVG and Avast!!

Web hosting bandwidth is cheap these days. You can get 6,000Gb for less than $8 per month and that is with a half decent provider. You can go cheaper and more expensive depending on your needs and wallet.

So every web user should sacrifice their security through not using this new technology simply because of cheapskate businesses that cannot or will not pay a little extra to do business online! How many websites are now designed to be optimised to load quickly on dial-up! Everyone is developing websites with fancy graphics, flash and other multimedia content. Why should the visitors be paying for bandwidth so these cheapskate businesses have a flashy website. There is always an alternative way to look at these things. The web evolves and both users, providers and online businesses need to re-evaluate their online strategies.

Like others have said on here... I do really care too much the advertising and marketing revenues. That is for others to work out a solutions that is secure and works for everyone. Once Google has developed the technology to stop serving up web results that have all manner of malware at the end of the search result then maybe there won't be the need to have Linkscanner searching through their results. I do feel for Google having to buy some more servers, after all they may not be able to afford it from all that Yahoo revenue coming their way! They wouldn't give two hoots if it was a revenue generator for them rather than an end user security measure.

There is nothing stopping people clicking on a result link in Google even while Linkscanner is still inspecting the underlying websites. My own experience, and many of my customers, is we don't notice any significant difference in speed, but then again high quality broadband providers are being used. Google results come up instantly on my Vista SP1 / IE7 / Linkscanner protected system and then you start to see Linkscanner going to work on the result websites.

I have seen issue when installing AVG 8 and they have so far been related to an unrelated system set-up or other application issue. Anyone who pays for AVG 8 has access to their support team to fix these problems - another advantage to pay a little money for your protection.

Linkscanner isn't AV technology or a simple blacklisting application - that's why it is far more effective at stopping web based nasties!!! Try to learn about the technology before passing comment.

http://www.explabs.com/products/lspro_methodology.asp

0
0
Thumb Up

As featured on El Reg

Only a few days ago...

http://www.theregister.co.uk/2008/06/09/drive_by_download_defences/

The browser developers are getting into this type of technology, even Mozilla and Opera. Good on them I say.

0
0
mh.
Unhappy

Upgrading

I upgraded from AVG 7.5 to 8, but after a few days I got fed up with it. It wasn't just the linkscanner or the memory bloat but also the massive number of false positives when it did its daily scan. Switching off heuristic detection reduced the number slightly but it still caught a lot that it shouldn't. After a couple of days I removed it and then switched first to Antivir (which displays an advert when it updates; a minor inconvenience but nothing to get too worked up about), and then a month or so later I found you can get a free copy of Kaspersky internet security if you use certain banks' online banking services.

AVG 8 might be free but it's worth every penny.

0
0

Response from AVG

Hi, folks. Pat Bitton from AVG here. This issue has clearly raised some concerns that we had not anticipated, and we acknowledge that we need to do something. Our primary purpose with LinkScanner, as Roger Thompson has pointed out, is to protect users against web-based threats that they cannot see. These threats are also usually invisible to web site operators, who presumably also don't wish to be unwittingly passing infections on to their visitors. This kind of problem can and does affect all types of web sites, big or small, and is extremely transient - which is why we don't use the static database approach cited by some as a viable alternative. Over the next few days, we will be exploring ways in which we can continue to deliver informed protection as unobtrusively as possible without adversely impacting site analytics. Any webmaster reading this post who is interested in working with us constructively to reach this goal is welcome to contact me at pat.bitton(at)avg.com.

0
0
Anonymous Coward

Why don't they just...

Why don't they just read the data being read from the site as it downloads to your computer and then halt it if there is any malware present. Then mark that page in a blacklist to stop others visiting it. The code could be read into the malware checker before being passed to the browser.

0
0
PH
Go

Simple Sword of Truth

On a free-to-read site dripping with advertising, I suppose it's little wonder this story is given the editorial line it has.

And that panicky one-sentence paragraph - "That could destroy web analytics as we know it" - had me thinking I was reading one of the red tops. No irony intended.

Let me fill you in on something for free, though. Marketers, like salesmen and politicians, frequently say one thing but mean another. Trust me, I've worked in and with Marketing for years.

The Barry Parshall quote defends analytics: so "businesses can serve their customers properly". As any contemplative business person will confirm, the primary aim of being in business is making money. Analytics isn't about "serving" customers, it's about working out better ways of extracting money from them, and increasing their growth.

Web analytics is up there along with Customer Loyalty Cards as one of the great intrusions on privacy that the public simply goes along with because they're ignorant of what's actually happening behind the scenes.

If AVG helps disrupt marketing analytics then I, for one, am all for it.

PS: 10 December 2008 – International Clear Your Cookies Day.

0
0
Paris Hilton

Just a thought

How would this thing deal with 300 or so invisible but still clickable, links on a landing page (link farm). It's normally done to game Google it's frowned on but last I checked it was still widely done

0
0

AV?

I totally gave up on desktop AV years ago. It was all bloat, all slow, and entirely irritating. The average AV package was giving me more damned popup warnings and advisories and whatever else than actual popup generating spyware ever did. And for all of that I think I probably had one virus detected that I didn't already know about, and it was in a file that I wasn't even close to considering running.

So I uninstalled it, been safe ever since. Then again, I do all my downloading on Linux and automatically scan all downloads with ClamAV. I use a combination of reasonably secure software and common sense, and no viruses.

@ Marketing Tool:

Nobody can possibly be as passionate as you about something so dull as AV software. Sure, browsers, text editors, operating systems, distros, display technologies, and loads of other boring things have had epic religious battles fought on the bloody grounds of the Internet, but nobody that hasn't anything to gain has ever written 2 extremely long (relative to other posts here) posts about an AV app.

Your proper grammar and spelling, logical layout, sincerity, and lack of any tell-tale rant signs mark you as someone who does not belong on any sort of open-access Internet discussion forum. I don't know where my point went, but you see what I'm getting at. I hope.

0
0
Anonymous Coward

klean

How do these 2 work to not do what AVG's linkscanner does then?

http://www.callingid.com

http://www.siteadvisor.com

I'm an IT dunce so forgive me. AVG scans realtime whilst the other two use a static database and so is not only more up to date but capable of catching dynamically changing exploits?

0
0

@ John A Thomson

How much are they paying you? Your posts are right out of the marketing office. Try testing it on an ordinary user's setup (2 year old computer, DSL line) before claiming it causes no lag and uses negligible resources.

Your attitude is "This will significantly increase web traffic, driving up providers' costs, but we don't care because we're not paying for it. It's their problem now, so they should figure out how to deal with it, not us." That's rude and irresponsible, at best. Large companies might be able to handle it, but a lot of smaller or noncommercial sites can't. Many implement a site search by using google's 'site:' function; LinkScanner will hammer the site another ten times every time that's used.

P.S.: Please let us know who is offering six terabytes of bandwidth for under $8 per month.

0
0
Linux

@ Henry Wertz & all those 'so just install it without ...' and 'so turn it off then'

@ Henry Wertz

Totally. They wouldn't even have to have the content download twice; their email scanner already downloads stuff, scans it and then serves it to the email client.

Why the hell not do the same with this?

@ all those 'so just install it without ...' and 'so turn it off then'

Riiiight. So all those non-patched systems run by numpties who take no interest in how their system works at all and never go anywhere near the register or anywhere else except big-boobies.com or whatever, who do not even realise the harm this is doing(ie most people) are going to run:

c:\avg_free_stf_*.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch

Are they? Yeah right, whatever. Most people would have trouble with the Tools->Add-ons trick, if they even knew about it. Which most don't.

This stuff should come switched *OFF* by default, not on, if it even should be included at all (which it shouldn't IMHO in it's present form)

/So/ glad I switched to ClamAV from AVG (although that was because of the annoying focus stealing getting on my nerves, but that's another story)

0
0
Flame

Simple "response" to this would be

The simple (and logic) response to this, would not be to use the useragent string to "disregard" the AVG hits. No way. All these hits should be counted.

And at the end of every month, every website owner should send Grisoft the BILL for their bandwidth usage. If Grisoft wants AVG to have this "feature", they should be prepared to pay the _PRICE_ of this feature. Afterall, GRISOFT can forward this bill to their customers (in the form of increased price for the software kit).

//Svein

0
0
Dan
Silver badge
Boffin

Linkscanner not that useful...?

It's pretty inevitable that they're going to end up making linkscanner's user agent exactly the same as your browser's user agent...

Why? Because now everyone knows what the user agent linkscanner uses is, something harmless can be served to linkscanner, then when the user clicks on the link to go to the page after receiving the OK from linkscanner they can get owned.

0
0
Pie

avg 8 has other problems

My mother couldn't print from IE in proteced mode with avg 8 installed, as there appeared to be no fix, I swapped her over to Avast.

0
0
Unhappy

ResidentShield no panacea either

Not only is AVG 8 blocking www.apple.com (in IE7 on a vista ultimate machine) it will reset the connection each time the quicktime installer is downloaded.

0
0

Page:

This topic is closed for new posts.