Feeds

back to article AVG fake traffic spares Google AdWords

Yes, AVG's LinkScanner is spewing fake traffic across the internet, messing with the log files and bandwidth budgets of web sites large and small. But there's one thing it doesn't mess with: search engine paid clicks. Used by roughly 20 million people worldwide - and counting - AVG's new security tool scans search engine results …

COMMENTS

This topic is closed for new posts.

Page:

Thumb Down

Why?

I may be being dumb here, but what's wrong with scanning content *when it loads*?

I'd reckon malware could detect if the page is being invoked through adwords and fire, and hide itself otherwise. Which defeats the point of the AVG product.

I've turned this off, and now get a pling in my toolbar. More of this and I might even pay for a non-AVG virus scanner.

Security theatre, I reckon.

0
0
Paris Hilton

Why not scan "onClick"?

I assume im missing something.

But why not scan on the Click instead of when the link loads?

Sure, you would have to detect any false Clicks (incase some sort of malware is spoofing them and loading things through the backdoor etc etc).

But essentially what I am saying is that is there something so harmful about some links, that merely looking at their existence will somehow render your computer virus ridden?

If not then there has to be a more intelligent, less intensive way of filtering.

Even if a link says "Cheap cameras. 100% REAL" and it leads to a malware site, then surely you can intercept it later on IF the user tries to click it. Or even wait until a mouseover event. or something.

I assume there is a genuine sensible reason, so can someone please inform me.

Paris, because, as usual, Id like to pollinate her.

0
0
Gates Horns

Solution

Simply find out the lowest level vuln AVG picks up, put it into the webpage, such as a link to a bad site , javascript approach, anything that just about pulls the trigger for AVG.

Webmasters on a few major & minor sites put it in, AVG correctly scans and reports the risk, pissed off user, good result for owners. Plus they can constantly update by checking with AVG what triggers it, and implementing that as a dummy false positive.

0
0
Anonymous Coward

Work around

What about....

Im assuming Linkscanner doesnt go to the trouble of loading things like images too.

So. A work around would be to exclude all html visitors that dont also load the images on a page, or things like that.

Yeah you might lose a few (developers who insist on turning their image loading off or whatever) but otherwise, wouldnt something like that work? ish.

0
0
Silver badge
Boffin

Freedom vs. Security

The problem with this is essentially the same problem that plagues proponents of freedom-preserving workarounds such as anonymisation services. That is, if a site protects you from the prying eyes of Big Brother, it also by default protects paedophiles and scammers. For example, if an image hosting site provides total anonymity for posters of images who might be unjustly victimised by their government (eg a Chinese dissenter posting a picture of Tiananmen Square), that site will invariably be abused by kiddy fiddlers, spammers and scammers for their own nefarious ends. Compromise the site's anonymity to catch the scumbags, and you make it possible to catch justified dissenters as well.

This AVG Linkscanner faces a similar problem. If it makes itself identifiable in any way by a legitimate webmaster to save bandwidth costs, that means of identification will invariably be exploited by scammers and malware purveyors as well.

This holds true regardless of whatever technique one can come up with, simply because it is impossible for any technological system to ascertain intent in this context. Certainly, organisations like DARPA might try to come up with ways of "reading intent" by scanning peoples' faces at an airport, but in reality, this technology is unreliable at best and dangerous at worst. And such technology is unlikely to become widely available any time soon.

So it will be interesting, in the face of this dilemma, to see what "solution" AVG comes up with. If they do, they will also have solved one of society's greatest and currently unsolvable issues - that of Freedom vs. Security!

0
0

So what about...

...McAfee SiteAdvisor, doesn't that perform a similar function?

0
0
Anonymous Coward

Hmm, how many

users are on the internet on average, twenty million link scan install-base now, but how many hits per day does that average for the millions of pages Google indexes. How much bandwidth is this actually going to be eating up. It's annoying to be sure, but some frame of reference would be nice.

0
0
Paris Hilton

McAfee vs AVG

McAfee's SiteAdvisor relies on a database of sites and pre-existing scans. AVG's LinkScanner performs a real-time analysis of the results of a search query.

It does not load images in a page, and the only request seen is that of the actual page link returned. I have tested this on my own sites and viewed the logs.

The advantage is real-time scanning of potential threats. It also means that you do not go to a page with browser exploits which may otherwise bypass malware protection to "pwn ur b0x" unless you ignore the big red warning about the page.

Paris, because she can keep Jimmy Fallon from pwning her b0x.

0
0
Anonymous Coward

AVG Head Remains In Sand

"His chief concern is security, and he doesn't want webmasters or malware writers gaming his scanner."

World + dog already is gaming it, of course.

Clueless.

0
0

Not only annoying but soooooooo slow.....

I have used AVG anti virus for many years, until this latest release. After installing it my PC slowed to a crawl and surfing the web was a painful experience because of this new "wonder" feature (amongst others). I immediately disabled most of its functionality, then wondered why I should keep it installed in the first place. So AVG has gone to the giant bloat-ware repository in the sky - (Much like an experience with a Norton update a couple of years ago). I'm trialling Avast and think it does a good job without the bloat and system hit. So maybe the current "fake traffic" problem will only be a temporary glitch, before most people switch to a leaner more efficient solution...?

0
0
Anonymous Coward

Roger should be rogered

"...Roger Thompson - who designed the AVG LinkScanner - indicated he may do away with that unique user agent...."

Oh, good! What about MY IP address your are entering into the bad guys' server log as visited his, possibly vile, web site? Who is going to "do away with it"? AVG should do away with you!

0
0

Plausible deniability

Your Honour...I have never visited that site. It was AVG 8.

0
0

AVG is acting like Norton/Symantec

I hate AVG 8 so far. It uses up a lot more memory than 7.5 did.

Also, I think LinkScanner is stupid, annoying, and wasteful. It wastes my bandwidth and CPU resources as well as the websites'. I disabled it. Well, sort of. If you disable it, the tray icon shows that AVG has a problem. You either need to install AVG without LinkScanner or (as I have done) disable the Firefox add-on (within Firefox). That way, AVG acts normal because it doesn't know it's not working, and I don't generate tons of extra traffic (not to mention those annoying green checkmarks).

There's another issue that leaves me quite disappointed: Famatech's Remote Administrator. AVG 7.5 treated it as a normal program. AVG 8 treats it as spyware (just like Norton/Symantec), so you need to go into the PUP (Potentially Unwanted Programs) and exclude the RAdmin files (in the Program Files directories and the Windows\System32\RServer30 directory). I'll go out on a limb here and guess that neither Norton/Symantec nor AVG consider PCAnywhere a potentially unwanted program, even though it does the exact same thing (just with a lot more bloat).

0
0

What are the criminal implications of LinkScanner?

Perhaps this is a conspiracy-theory type of thought, but what are the criminal implications of using LinkScanner? For example, let's say you use Google to search for porn. LinkScanner will then automatically retrieve each of the returned results and scan those pages for malware. If one of those result pages was being monitored (or was a honeypot) for child pornography, it's quite possible (some might say likely) that your IP address would be logged, your ISP subpoenaed, and you would soon get a visit from your friendly law enforcement officials seizing your computers and anything else they like. If they're in particularly good moods, they might even spread the word that you're a suspect in a child pornography ring. And let's face it -- if you're even mentioned as a suspect in child porn, the world acts as if you're guilty, even after you've been "found" innocent (on a side note, if you are presumed innocent unless proven guilty, why do they need to "find" your innocence?).

All this in the name of "security", to keep malware off of your computer.

0
0
Paris Hilton

@Darryl

So quick to jump ship? Software vendors need feedback to correct problems with their software. Having dealt with AVG now for five years, I can confidently say that they value your feedback.

I am using v8 with all modules enabled except AntiSpam (due to how Outlook handles IMAP accounts, messages get duplicated when captured.) On Windows XP SP2 and SP3, I see no decrease in browsing speed, whether I am using Firefox, Opera, Safari, or Internet Explorer. I am aware of an issue with Vista which is documented in AVG's support center as the first FAQ in the list.

I do hope you will take a second before dashing off.

Paris, like a sinking rat on a ship.

0
0
Go

The solution is...

to use Firefox 3, because the link-scanner extension doesn't work inside it.

Seriously though, do you need a link-scanner? Only if you are using IE or have some very dodgy browsing habits..

0
0
Anonymous Coward

They are only trying to speed up their product

At the expense of everyone else's bandwidth.

And yes it does rather increase your exposure to leaving IP numbers left, right and center. People can correlate that information a bit as well. If you know where you are on google rankings, you can start to work out how much traffic a competitor may be getting who is top or top 3.

Quite cheeky really, and borders on being malware.

But, that is the problem, most security developers are not into creating things, they are into breaking them. Too many cracker wannabes go into security, when really they should be in pen testing, or fail to flip to the paradigm of creating useful software that plays well with others.

0
0
Thumb Down

Plot? Lost!

This is why I've moved away from AVG on this version, the overpowering feeling that "Daddy knows best" - and it seems to be yet another example of a developer who's started hating its customers.

You can spot the rot when it asks you to install the Yahoo! search bar, always a sign a backhander's been given somewhere. Even more damaging is that AVG forces the installation of a browser plugin even when told not to during install.

This behavior is more like the malware it's supposed to be fighting; a crying shame when the engine and signatures are actually pretty good - but it does seem like the upper management are on some kind of crack-fuelled ideas-fest with no brakes.

The link scanner is so obviously a stupid and bad idea it's amazing it even escaped somebody's mouth, let alone left the brainstorming session and into production, past quality control and onto our plates. That shouts to the world that *somebody* powerful in that company has made the cardinal sin of pushing their own agenda regardless of the damage it does to the company - and this HAS blemished an otherwise very good reputation for Grisoft.

What about the impact this has on us without 8mbit connections? The web's getting slower and boggier for us *without* something else thinking it has a god-given right to lean over our shoulder sucking the bits away before we can even use them for ourselves. I have 512/256 adsl - it's the best I can get where I live; with link scanning on it's actually SLOWER than a 56k modem. Good job guys, really good job.

0
0
Thumb Down

this IS malware!

1) It uses about 10 times the resources it did (assuming you get about 10 links back on a search engine).

2) It tries to disguise itself as something legitimate.

3) Despite a large group of affected people (webmasters so far) the makers want to make it it more stealthy.

...... yep that sounds like any other malware that i have ever come across.

AVG - used to be recommendation for decent and free. Now i see its only free for users no-one else like us site owners.

0
0

This is dangerous tech

At the moment its easily identified which means it can be dealt with for 2 reasons:

1) the good reason: reduce bandwidth, just serve up a basic page

2) the bad reason: hide whats really there

Either way, leads to a false sense of security to the user, since they assume its scanning the actual content of the page.

If they make it more tricky to detect, then its going to have some dodgy implications, if it uses my user-agent and IP then essentially my details are stored on the webservers logs even if I didn't click the link. In all my time using google, I'm more than aware that even on basic searches for "computer memory", something messed up can sneak in.

0
0
Alert

Users?

Website owners, as far as I know, as not the main customer base. Why should avg worry about them.

What about those users who were browsing near to their bandwidth cap. They're now needing to pay more for their broadband. If (they were educated and) they got upset at this, as they rightly should, then avg may have reason to change their ways.

0
0
Alert

RE:Why not scan "onClick"?

Because they want to tell users in advanced which link is safe. It can't pose as a user if an actual user is clickig it because it will probably load faster than the Linkscanner can scan thus missing any viruses or any viruses or malware or other crap will be received by the real user first.

Yeah ... Thats where Antivirus comes in... But the idea is to prevent it being downloaded as some can easily be missed.

;)

0
0
Happy

AVGsucks site

so who is going to put up the avgsucks site and ask for money to slander grisoft until they kill prescan spamming and just scan the links users actually click on?

0
0
Coat

Put AVG up on the idiot-list

What's the point of visiting all links on a page except for creating extra traffic and utilizing more bandwidth. If every other net-service company out there get the same idea, but fortunately most are not idiots.

We needs ways of more effective use of network-bandwidth with more compact data and protocols.

No more AVG for me. I need to find something new when they force you to update from v7. They tried the same with v6 to v7 by obfuscating the v7 information, so many people accidentally bought the new version.

0
0

scan before load

my admuncher program i use to remove adverts grabs the page before the browser displays it. It then removes all code about banners, ads, popups, etc etc before it passes it to the browser to display.

Surely an antivirus program could be made to work the same way, and remove any virus / malicious code before passing it to the browser?

0
0
Thumb Down

4 days left before I stop using AVG 7.5

I like the comment about AVG needing feedback and being good at listening. Unfortunately they're not, I sent an e-mail to their sales e-mail address telling them that I'm not renewing our current 25-user commercial license which is due to expire shortly, unless they can stop this rubbish. So far, only an autoresponder has replied with "we're a bit busy right now".

Well I'm busy too, AVG, but you're the one losing customers. Sort it out - disable this crap.

0
0
Happy

How move away from AVG

P.S. Anyone got any good recommendations for a decent commercial anti-virus product to replace AVG? Thanks for the pointer to Avast, I'll check it out. It needs to run under Windows Server 2003 in Terminal Server mode as well as the normal XP/Vista stuff...

0
0
Anonymous Coward

Re: Why not scan "onClick"?

Scan "onclick" is not included in the free AVG - only if you purchase the Pro version...

0
0
Unhappy

Ah, so that's where my bandwidth has gone.

I host a small club website on my home server on the end of an ADSL line. I had wondered why my ADSL line suddenly appeared to be slowing, now I know.

The scanner was systematically downloading all the branch newsletter PDFs for the last 5 years. All 150 Mbytes of them. Thanks AVG.

0
0
Unhappy

DoS'd by AVG

I work for a large magazine publisher in the UK. Two of our servers was DoS'd by AVG clients with that string a couple of days ago during an adwords campaign for one of our publications. We had 20 times our normal traffic just with AVG.

Something really needs to be done about this. I don't get paid overtime to sort out their mess!

0
0
Stop

How long until...

we have a captcha for every page?

0
0

Fake clicks are good

I want a version of adblock that not only hides the advertisements, but clicks on them as well, to cost the advertisers as much money as possible.

0
0
Bronze badge

I decided not to upgrade all my systems.

AVG 8 is bloated, slow, seems to generate false positives for quite old virus types, and behaves in ways which threaten the integrity of my data. The scanning process is also far more resource hungry--it doesn't seem to play nice in the way AVG 7.5 does.

I can't work easily while the scan continues in the background, yet I can't trust the scanner to work while I'm not watching for blink-and-miss virus reports.

Luckily I have backups.

0
0
Linux

ClamWin

Back when I still owned a PC with windows on it, I used to use ClamWin. Free, Open Source, reliable, never suffered an infection during the several years I had it installed.

0
0

surely it is obvious

Surely it is obvious that this is a really inefficient way of doing this. AVG should just have a central indexing server that does this, that all the clients running AVG then connect to in order to check if the search result URLs are flagged as problematic on the central server? That way a site only gets hit once in a while.

Maybe there is some flaw with this I haven't thought of, but if it isn't practical AVG should just scrap the whole thing as it really is irresponsible.

0
0

The computer done it...

At the moment, webmasters, the deluded web analytics bofflets and the Law all assume that web access is driven by humans, who are there to be { counted | exploited | prosecuted } as required.

I've been using the Fasterfox add-in to Firefox (2.0, doesn't work with 3.0 yet) which pre-fetches pages, and for years before that, when I was on dialup and Windows (I'm cured now) I used a little proxy tool, the name of which escapes me, which did much the same thing.

My conclusion is that I have been miscounted considerably, misexploited much less (because of Ad Block and Privoxy) and luckily not prosecuted at all. Many of my html GET requests are generated by my computer without my intervention. Am I a bad person?

0
0
Anonymous Coward

Marketing Data and Landing Pages

When a marketing department uses AdWords to handle their campaign they usually have a landing page for the product or service they are selling :

www.blablabla.com?page=ourgoogleadcampaign

If Linkscanner is filtering out the google side of tracking the click - they are not and cannot filter out the other side - the client side.

Most marketing execs use page counters and time on page and click through data to determine how successful their campaign is. If they launch a big campaign and linkscanner is hammering the page but not clicking any further, nor staying on the site for longer than a few seconds - it could look like things are going REALLY badly.

What utter crap.

0
0

How to install AVG without LinkScanner...

http://free.grisoft.com/ww.faq.num-1338

0
0
Go

Just a thought...

Wouldn't the best way to implement this system be to use a whitelist system of websites that were scanned regularly to ensure they've not been infected, say once a day at a set time.

These sites would then not be scanned by the scanning tech everytime someone visits them. Then the scanning system need only be employed for sites not included on the whitelist like when checking out obscure Japanese porn sites.

This way AVG users get the same level of protection and webmasters don't get bandwidth-raped.

The only catch is AVG will need to fund the system for scanning the whitelist sites.

Just a thought...

0
0

Referral URL?

In terms of web analytics, there are several factors to take into account.

1. If the request has no referral URL, then it's going to appear as a direct hit on the site.

2. Presumably all cookies are ignored so no Visitor matching can be done.

This leads to an increase of bounces of unknown Visitors. Given a decent web analytics package (e.g. VBIS from Site Intelligence), this would be easy to discount by segmenting the data appropriately.

0
0
Anonymous Coward

The reason it does this...

...is nothing whatsoever to do with security.

[As many have pointed out, if it can spot a dodgy link before you click on it, it can also spot one when you DO click on it.]

It's about marketing.

Antivirus products are just too invisible to get brand loyalty. Avast/McAfee/Norton/Avira/AVG? No-one cares. They're all equally (in)effective.

The "beauty" of Linkscanner is that - every time you search - it reminds you of the protection in action. Looking at it from a marketing POV, that's a pretty damn fine advert, right there in your browser window. It clearly works - witness the number of "I've lost count of the number of times Linkscanner has saved me from teh 3v1L Internets!!" comments on the previous article.

Disclaimer: I am not a marketeer. If someone can point out a valid engineering reason why this thing benefits the end user, I'd love to hear it.

0
0
Pirate

Local Transparant Proxy FFS

AVG WAKE UP YOU ARE POISONING THE NET WITH MORE BLOAT THAN MS.

What the customer wants is a Local Transparant prioxy client!

WAKEY WAKEY!

Bones far AVG!

0
0
Stop

Could get you in trouble

First of all you can turn off the link scanner if you want to.

Secondly, if you leave it on and one of the results returned by a search on google happens to be a child porn site, then your IP address and what looks like a genuine user initiated web server page load are in the logs on that server. You will appear when the FBI or whoever catches the purveyors of purve and examines their log files.

0
0

Remedy if you used to like AVG

If you disable Linkscanner via the AVG interface it will show a constant warning icon in your tool tray. You can remedy this by keeping it enabled but disable the plugin via IE and Firefox.

IE > Tools > Manage Add-ons > Enable or disable

Firefox > Tools > Add-ons > Extensions

If AVG thought this through properly the solution is for THEIR servers to do the scanning using both an on-demand and a cached method...

Your urls are sent to AVG's server and if it has run a check on the url from its own server within the last 10 minutes it returns a cached result. If not then it hits the url afresh and returns that result. That way webmasters will only see a hit every 10 minutes, not every few seconds. The down sides are it will take slightly longer to do and your urls will be logged by AVG. Do you want AVG to know what you've been searching for?

AVG need to make easier to disable Linkscanner without it flagging up a warning. The average Joe doesn't know how to disable add-ons. In fact, the default install option for Linkscanner should be "disabled", but obviously AVG wouldn't do that unless they are heavily pressured.

0
0
Anonymous Coward

Nothing for me to worry about then

Nothing for me to worry about then as I use avast antivirus.

Also free & no yahoo toolbar / linkscanner nonsense (that I'm aware of anyway).

0
0
Thumb Down

Security Risk

When I tried it, I purposely attempted to visit an infected site to see what would happen. First, the bad sites were immediately flagged as bad in Google results - the good sites took a few seconds to be checked. This would indicate that the bad sites get added to a database and then ignored for a bit, while the good sites have to suffer continuous scans.

Then, when I clicked a link to a bad site, I saw an AVG page warning me that, if I attempted to visit the site without adequate security software, "Such as AVG", then I was leaving myself at risk of infection. Umm...hang on. Clearly I *have* adequate security software - that's what's warning me, after all. So where's the benefit of pre-scanning?

Since we all accept that visiting certain websites can be a security risk, how exactly is my security helped when the very software that's supposed to be protecting me is visiting all these sites on my behalf?

If a vulnerability in the scanning engine were discovered, a user wouldn't even need to visit an affected site to be infected. From their site: "AVG scans every Web link you come across, whether in e-mails, documents or instant messages, no matter the source, before you open them to ensure you are protected in advance 100% of the time." - so it would be enough for someone to send you a link in email or IM for you to be attacked.

0
0
Dead Vulture

AVG realtime scanning

Surely if AVG 8 was any good (not saying it isn't but just suppose), then it will need a 3rd party app to help it. If I goto a compromised site and it installs a root kit or whatever, then surely AVG should pick up on that as it gets installed ? If it is so stupid as to not recognise a virus then how would the linkscanner recognise that the site is offering a virus as a free download ?

Belts and braces are only needed if one if a pile of sh!t and they can't ensure it works proper (fit for purpose springs to mind, especially for all those who pay for AVG).

AVG is going to die a death with this latest cockup (or enter UK politics).

0
0
Anonymous Coward

What I can't understand ...

is why AVG insist on installing this Linkscanner by default. Surely it would be better as an optional extra and having the user making an informed decision during the AVG installation process?

If the user says 'Yes' to the LinkScanner install question, a warning can be displayed telling the user of potential bandwidth issues, etc. Then if the user again replies 'Yes, I understand the risks' the installation of the LinkScanner goes ahead.

If the user says 'No'' then no LinkScanner is installed.

It's all pretty simple to implement isn't it Grisoft?

Also, I think the LinkScanner should check against a database of known suspect sites and not blatantly check each and every one ad hoc. I removed AVG8 for this reason as it created so much unwarranted net traffic, my VirginMedia account was capped due to excessive use.

0
0
Anonymous Coward

@ Johny Cache

"Website owners, as far as I know, as not the main customer base. Why should avg worry about them."

I can think of two rather obvious reasons:

1. Good website owners have been fooling LinkScanner ever since it came out by either telling it to check AVG's site instead of theirs (hilarious) or by feeding it a dummy file.

2. Bad website owners have been fooling LinkScanner ever since it came out in exactly the same way so they can safely deliver drive-by downloads, and have been handed a database of AVG user IP addresses so that when the user-agent changes they will still be able to fool it.

As a reader of The Register you will be smart enough to understand this.

The same cannot be said for the idiot who invented LinkScanner.

0
0
Happy

Its trivial to uninstall Linkscanner

and get rid of the ding in the icon...

SFTW for "remove Linkscanner" and read the info in the FAQ on AVG's webpile.

I agree tho that AVG ought to offer the option via the install/uninstall gui.

0
0

Page:

This topic is closed for new posts.