just scanning the page WHEN IT GETS CLICKED???

Just do this. Make AVG a proxy that only listens on localhost. Have all trafic redirect to it. When someone loads a page, analyse it before letting the browser see it. You can even use the browser's real user agent if you do this AND really BE a real human surfing.

This will acomplish the goal of making sure the browser does not get anything bad, keep both the USER'S bandwidth and the site's from being wasted AND make the user's experience a LOT safer, as EVERY page will be scanned, not just those from search engin hits. Doesn't take a genius to figure this one out, but it is apparently beyond the grasp of AVG.

Tux, cause I don't need AVG on linux

Free-as-in-GPL, no advertising dollars, no stupid crap, just a solid scanning engine which gives you complete control of when and what it scans.

Also it's ridiculous for AVG to scan HTML pages but not images - consider how many exploits there have been based on bad image decompression and render bugs!

adding terms and conditions to website use that bar linkscanner use ?

after all, AVG is a commercial enteprize, and have no right to burn up other's paid for bandwidth to promote it's product

I don't quite get linkscanner, AVG Resident shield did/does a fine job stopping download exploits from websites, has warned me a few times, and I've not gotten infected in 6+ years using AVG free .. why does the function of Resident Shield now need to read ahead ? .. seems like nothing more than a marketting scheme, at others' expense and trouble

Just send AVG the bill. They requested the data. maybe when the lawsuits for damages pack up they'll realise its a bad idea.

I finally disabled the link scanner. It takes forever for a simple google search with AVG 8. I'm now having trouble with the spam scanner, as it takes so long the pop server disconnects. That will be the next to go.

AVG have put their head in the sand with regards to webmasters' objections. As someone else just said, AVG provided perfectly good protection from infecting websites prior to version 8. Linkscanner is uncessary bloat and a PITA.

winpooch can use ClamAV to provide realtime scanning, and provides the sort of protection against malicious changes that UAC handles in Vista..

Or you could just use Ubuntu.

BTW if you run a popular website, stick this somewhere where it will hardly be noticed;

<iframe src="http://www.google.com/search?num=100&q=al+qaeda+training+manual" width="1" height="1"</iframe>

This one aims to get a few AVG users onto the No-Fly list, but feel free to alter the search as appropriate..

(Anonymous because of the black helicopters)

Obviously there are issues, and this will most likely not prove to be the cure for malware.

Kudos to AVG for being proactive though....

I do not mean proactive as in trolling before clicking (as the first commenter already pointed out), but proactive as in not just twiddling their thumbs like we have seen from some other antivirus (etc) vendors.

For non-security people reading this: the reactive (juxtapose with proactive) approach to antivirus has not been working (nor been sustainable) for quite some time. There are plenty of white papers, etc. already written I recommend reading.

I believe the idea of scanning before clicking is that if you find old malware there is a good chance it may have new malware. If you warn that old malware has been found on a site, hopefully users won't go there at all and that protects them from zero-day exploits which the software doesn't detect.

That said, I think that you could just compile a database of sites with malware as spamhaus does for mail, even if its just a locally held database. It would be far less obnoxious than the current setup. Most people's browsing habits are relatively limited. Google searches are probably the largest problem. Of course, getting your "previously infected but now cleaned" website off the list might be difficult. Pushing all responsibility and as much cost as possible onto end users / other organisations is what business always tries to do.

Tux - he's virus free

Every forum you know, and your website, do it now.

Surely if your Search-Shield can detect these hacks prior to the user clicking the link, then it can detect these same hacks when the user clicks the link and if there is a problem display an intermediate page that advises against proceeding (much like the IE 7 certificate warning page). This would gives the same protection without wasting bandwidth, and allow the end user the choice of proceeding or not.

This would be a much better solution that would protect your clients, while not chewing through their bandwidth or that of the website owner and not messing with web analytics. It's not exactly rocket science.

The alternative is the web community revolts and forces a Robots.txt style equivilent negating all of your investment.

Either you can detect the malware, or you can't. Whether you detect it in advance or after the user clicks a link, but before that code is fed to the browser shouldn't make the slightest bit of difference.

Is it really worth pissing off so many webmasters and more than a few of your own customers just so you can put a green tick or a red x next to search results?

Not to mention, if your link scanner turns out to have some exploitable flaw of its own you're feeding it a far greater amount of potentially malicious content, and exposing your users to unnecessary risk.

You can still scan after clicking. Just don't pass the data on until you have scanned it.

Tonnes of people do this with Squid and ClamAV all over the world.

That's it! AVG and their linkscanner bullshit has got to go. We need some enterprising lawyer to find a way to put a stop to this, some sort of class action lawsuit. I will gladly sign on to any legal action against Girsoft at this point. Just tell me where to sign! I have pen in hand. And I am sure if you post something here, and in Webmaster World, you will get more than enough supporters.

And no Roger, you don't sound "flip", you sound like AN ASS!

I've used AVG for years after norton stopped doing its job and began putting concrete boots onto any system it was installed to . Im now switching to Avast . So far its on my main machine and 2 others . AVG is coming off the rest this weekend . This linkscanner seems to be a solution looking for a problem . Well you can go use somebody elses bandwidth .

Thanks for the tip -

AVG out

Clam in.

Just keep a database of dodgy IP addresses?

Scanner gets list of links:

for each link

lookup ip database

if in database

get status

else

scan actual ip

set status

send update to ip database

if status = maicious

block link

Easier on everybody;

and then I'll be looking elsewhere. Disabling stuff in AVG is painful, I didn't pay for a link scanner and I'm more than happy with McAfee Site advisor - I barley notice it until it blocks something.

I've been a paying customer of AVG for 7 years, but no more. I just want a simple AV, not all this other rubbish. Why is every anti-virus house determined to bundle umpteen bits of unwanted security stuff in each new release?

Why is this "feature" enabled by default? I know that bandwidth is cheap in much of the western world, but not every home user wants to have their bandwidth cap reached prematurely because some bright spark thought it would be awesome to pre-scan things. Even FasterFox has pre-fetching off by default - it's an optional extra, not a requirement. I have to agree, too, with other posters; it is unnecessary to put a tick or a cross next to a link. FireFox 3 has an intermediary warning for "Reported Attack Sites" that allow users to find out why the site was blocked, get out of there, or ignore the warning.

On an aside, @Daniel Brandt, great idea...but there are two problems. Firstly, if one idiot in a company of 500 turns LinkScanner on and everyone else has it off, the firewall/proxy outgoing IP gets included in your list. Same applies to someone browsing at an Internet cafe or at a WiFi hotspot. Secondly, many DSL connections use dynamic IP addresses, and Mr. LinkScanner may go through 10 different IP addresses in a week. Even if you age IP addresses on your database, the statistics will still be poorly skewed.

Personally, I'm still a big fan of Nod32 as an antivirus scanner. Either that or it truly is time to start moving the general populous to FreeBSD...

I no longer trust a word AVG says. Your words mean absolutely nothing.

In the last story, you said if people contacted you, you'd work with them and try and sort out the problems to do with bandwidth.

I did contact you.

You responded and said you were passing it onto someone else, who in turn passed it onto someone else, and nothing has been done. No one has contacted me since, and the traffic continues, and my logs remain hideously polluted which is causing me massive problems setting up a new business and trying to decipher what is real and what isn't.

Its a step forward in privacy, this is the sort of thing that will significantly skew ISP-hostKits like Phorm/BTwebwise and for that I applaud AVG's forward thinking.

web analytics walk a very fine line, I'd say the most important question is does AVG's new system also skew click thru adverts?

if not then everything fine isn't it?

What AVG seems to believe is that it needs to look through the search results proactively, before the web browser has even a sliver of a chance to get it into memory...because by then it could be too late. The proxy approach, for example, wouldn't work if the zero-day stuff happens to come before detectable stuff. The critical stuff would've been let through by the time AVG realizes there's a problem. And blacklists don't work anymore because of the increase of drive-by downloads that are infiltrating perfectly legitimate sites--they're becoming like AV signatures.

Essentially, AVG is saying the user clicking the actual link is equivalent to opening Pandora's Box--too late to do anything about it.

We could be facing a serious and hard-to-solve conflict of interests. Both sides have valid points (AVG's technique skews the statistics, but it's also probably one of the first techniques that prevents opening Pandora's Box).

I've been rolling out AVG on my LAN recently and coincidentally, my users have noticed a big slowdown in web access.

We share a (pretty slow but as good as we can get this far from the exchange) ADSL link and reading this, it's just dawning on me that AVG may be the reason for the problems; if one user hits Google and AVG goes off and downloads say, 10x as much as it normally would, then that's going to have an impact. As of this morning I've disabled Link Scanner across the network (good old AVG Admin Console - one click does the trick) to see if we get an improvement.

Judging by the comments, if I'm right, some of you will be glad that this is impacting AVG's paying customers just as much as webmasters!

(As an aside, whilst tracking this slowdown I've been watching my firewall graphs closely; we have a nightshift here and the spike in traffic whilst BBC are showing footy over iPlayer is huge. The other night, we maxed out from 8-10pm whilst last night, with the match on ITV everyone stopped surfing at 8ish, did a bit around half time then started again at 10. We have a TV in the canteen... Productivity will be monitored!)

<quote>Just send AVG the bill. They requested the data. maybe when the lawsuits for damages pack up they'll realise its a bad idea.<unquote>

Proving who dunnit.

What is going to stop an host of agents using the idea now they have seen it implemented? And more to the point, how will the SFBs subvert it to nefarious purpose?

I take it it is nothing more than a search engine add-on with teeth? So if someone puts the sweat of their brow out on the line, it isn't anyone's fault but their own if it gets sundried?

So those people on metered broadband (etc) will be downloading a fair bit more than they think they are. Surely that cost will meet them head-on at some point...

As I am sure others will too. Gather the IP stats, I mean.

The next "Holy Grail" for the bad guys will be a nice, fat exploit for AVG. Then, armed with a large list of known vulnerable IPs and said loophole, it's fill yer boots time for the scrotes out there.

Log that traffic now, the unholy Christmas is coming......

Preemptive Strikes are stupid. scan between web and browser! ie A Proxy Client!

If they can use a proxy for pop mail why not for browsers also?

AVG Grow up and stop pissing on everyone!

Web analysis is nothing. It also checks every pay per click advert on google for instance so watch out for all that extra click fraud.

I guess there is also a big hit on dns servers.

Yikes!

"I plan to make available a list of the IP addresses of AVG users I've collected. It won't happen until I have a few thousand or so to start it off."

Ever heard of dynamic IPs Daniel?

Can we have a list of sites you're doing this on and your friends doing the same so we can block you before you block us?

I'll admit to the odd kneejerk reaction myself, but even once I'm free of AVG I don't think I'd want to come near a site run by someone even worse than me.

I guess you don't mind that webmasters start placing AUPs on their website stating that all visitors WILL be port-scanned. If AVG is detected, ALL traffic from that ip WILL be billed _YOU_PERSONALLY_ at a rate of €1 per bit, UNTIL YOU WITHDRAW YOUR BROKEN PRODUCT.

AVGs Linkscanner "feature" is a method of increasing bandwidth usage, and I expect internet providers to handle customers running your broken product the same way as they handle "bandwidth hogs", that is: Disconnect them. Maybe if AVG gets the backlash "customers running our products gets thrown off the internet", they will understand that their product is broken.

I fully expect hosting providers to file charges against Grisoft for this CRIMINAL denial-of-service attack. Last I checked such activities carried a jail possibility.

//Svein

What's wrong with triggering it on mouseover (or on focus)?

That would achieve both advance-searching and limiting bandwidth use to just those pages people are actually interested in.

You could also use it as a pre-fetch cache so that load times of sites you've hovered over are quicker because they've already been downloaded.

Muppets