The Register® — Biting the hand that feeds IT

Feeds

AVG chokes fake traffic spew

After howls of protest from countless web masters, AVG has promised to quit spewing fake traffic across the internet. Earlier this year, the Czech-headquartered security company paired its new anti-virus engine, AVG 8, with a real-time malware scanner that vets search engine results before you even click on them. If you search …

This topic is closed for new posts.

Page:

Jonas Taylor
Paris Hilton

OMGWTFBBQ

I'm sorry but isn't it common sense to only scan links AFTER they've been clicked on instead of trying to analyse the entire interweb? I can't believe the idea to pre-scan links even got off the drawing board. Common sense dictates that having 20m users scan dozens of links everytime a page loads is going to cause problems - it's simply unnecessary, especially as 99% of users will probably only visit just a single link.

> Paris, because it sounds like she's their lead developer.

Lloyd Borrett
Happy

AVG Responds to and Resolves LinkScanner Issues

AVG has already responded to resolve this issue. The full response can be seen here

An updated version of AVG Anti-Virus Free Edition 8.0 is already available, see http://www.avgfree.com.au. The Search-Shield component of LinkScanner has been modified to only notify users of malicious sites. The equivalent modification to the the AVG 8.0 commercial products will be rolled out on 9th July 2008.

Once the updated version has been rolled out to all AVG 8.0 users the issue will be resolved.

As of this date, Search-Shield will no longer scan each search result online for new exploits, which was causing the spikes that web masters addressed with us.

However, it is important to note that AVG still offers full protection against potential exploits through the LinkScanner Active Surf-Shield component of our product, which checks every page for malicious content as it is visited but before it is opened.

We’d like to thank the web community for bringing these challenges to our attention, as building community trust and protecting all of our users is critical to us.

Best Regards, Lloyd Borrett

Marketing Manager, AVG (AU/NZ)

Chris Savage
Go

Local Proxy

Can they not just set AVG as a local proxy service that IE/Firefox/Opera etc uses?

That way the page is only downloaded once, at the users request, but still scanned for malware etc before being given to the user/browser.

Alan W. Rateliff, II
Paris Hilton

It's real traffic now, isn't it?

"That means a small portion of the rogue traffic will continue"

How can it be considered "rogue" if it's actually a requested view?

Paris, rogue and requested.

Mark Rendle
Thumb Down

Too late

I've already switched to NOD32, because LinkScanner slowed things down too much.

Big Al
Paris Hilton

Hah!

So they finally worked out that they'll be sued over the increased bandwidth costs they will be inflicting on people... about time too!

Paris because she would certainly have worked this out faster than AVG did... no, really!

David Gosnell

Too late...

We've switched to Avast!, which is proving much slicker in every way. Even without the real-time scanning, AVG8 was bloaty and turned even a fast PC to treacle for several minutes after start-up.

Re the scanning, they could settle for an intermediate solution of checking URLs against their own list of dodgy ones (wasting only their own bandwidth) updated automatically based on the on-demand checking initiated by actual visitors to the sites in question. Of course, that would upset those who might be uneasy about Grisoft potentially collecting searching-habit data, but it's probably not as bad as actual connections being unknowingly opened to sites of dubious repute.

John Robson
Go

So - they're doing what we all said from the beginning

You know, the solution that makes sense.

Download it when clicked, scan then feed to the browser...

TeeCee
Unhappy

Tigers.

Seven pages of results from Google for "depressed tigers". I have to admit to being somewhat surprised by this.

I suppose that all those articles predicting their imminent extinction must have had a detrimental effect on the mental state of those tigers who like to keep up with current affairs.

tony trolle
Unhappy

praise the lord

praise the lord.

just trying to be American :-P

I gave on the web stats made no sense.

Had to up our hosting plan :-(

Stephen

forced titles are effin stupid

What rubbish. If AVG gave webmasters an easy way to block it then obviously anyone who produced malware/badware sites would also block it in the same way. There are many firefox addons which do similar. I think AVG should stick with it. The guy @ avg-watch.org is a real idiot. Firstly how many people are really going to do a sitewide search of a domain that often? Secondly, if someone wants to perform a DoS there are thousands of much better tools readily available than trying to use AVG. The AVG grabs the html of one page, not images, flash files etc etc so the usage is minimal. What a baby.

Anonymous Coward
Thumb Up

Finally some sanity...

There was never any reason they couldn't provide the same protection be scanning after the user clicked a link.

It's nice to see they have listened and re-architected (for all the language pedants, I know there is no such word - but it still conveys the required meaning) the solution.

Anonymous Coward
Anonymous Coward

Another ex-AVG customer (user) here

Their product doesn't work (virus updates fail) if your system partition is FAT32 rather than NTFS.

There also seems to be a problem following a recent AVG update, which has broken AVG integration with my Internerd-only (ie no Exchange) installation of Outlook (yes, I know I shouldn't, but that's another story).

By the end of the week it'll be AVG down one user, Avast plus one user (I'm already using AVG for a couple of antiques still running W98).

Dan
Stop

@John Robson

I'm afraid it's not the solution that makes sense.

You click, page gets downloaded in Link Scanner, gets scanned by link scanner, then the browser downloads the page again.

So the problem with a server detecting Link Scanner and a) serving something harmless to Link Scanner then malware to the browser or b) serving something harmful to Link Scanner remains.

The only solution that makes sense is to let the browser download the page, scan it, and then allow the browser to render the page or alert the user.

James Pickett
Thumb Down

And another...

Sorry AVG - low overhead is paramount for me and the home users I support, most of whom have oldish kit. That was one of the reasons I recommended AVG in the first place! I also didn't like the arm-twisting to switch at the end of May, which turned out to be a false alarm. If you can't trust AV suppliers.. :-(

Clam AV now has half a dozen new users.

Jason Bloomberg
Flame

Too late, the damage is done

Finally, AVG wake up, smell the coffee and abort their arrogant 'we know what's best' nonsense.

The damage has however been done, not so much by AVG's flawed security strategy but their continued insistence that there was nothing wrong with it. It wouldn't have been as bad if there was some merit to what AVG were attempting to do and problems were an unforeseen side-effect but its seems everyone except AVG could see what what was wrong with AVG's unnecessary approach.

Well done to El Reg and everyone who kept the pressure up on AVG.

AVG : shot down in flames.

Hugo

Re: It's real traffic now, isn't it?

> "That means a small portion of the rogue traffic will continue"

> How can it be considered "rogue" if it's actually a requested view?

My guess is you'll get one view for AVG doing the post-click/pre-view scan, and a second view for the real user.

A big improvement on getting an AVG view for something the user didn't even look at.

Gary F

Thank you for listening, AVG

I've had Linkscanner disabled for several weeks now and will continue to supress it, but as a webmaster it's good that Linkscanner will be altered. It's a pitty that the whole world and their monkey had to scream at AVG for them to realise what a mistake they had made.

I will continue to use AVG as it is, at the core, a very good virus detector and healer. I wish AVG will stick to what they're good at and not take their basic product into other areas.

Graham Wood

@James Pickett

Ditto, although I've jumped to Avast! rather than ClamAV. I already use ClamAV on my linux machines (mail scanning for example), so using a different scanner on the desktop seems to make sense.

It's a shame - although AVG has never actually found a virus on any of my machines (I think in my life so far I've only ever 'caught' one virus - and that was on my Atari ST) it has always (up until v8) struck me as one of the better choices - since it's quite unobtrusive and seemed to 'do what it said on the tin' (apologies to ronseal). The new version looks like it's heading the way of Norton when Symantec took over - bloated, too much attention to being pretty, and a real killer of the machine.

Anonymous Coward
Flame

Quit Whining

This whole "fake traffic" business is bogus. The Register has made a mountain out of a molehill. So now a valuable security tool has been blunted because The Register was worried its advertisers might worry that traffic is a few percent lower than The Register tells them it is.

Thanks Register, for NOT putting your reader's interests first.

Anonymous Coward
Unhappy

Better, but why do it twice ?

"My guess is you'll get one view for AVG doing the post-click/pre-view scan, and a second view for the real user."

Obviously, twice for links you follow is better than also following umpteen links that you don't follow. But doing it twice would mean that if a dishonest webmaster could identify which is the pre-click and which is the post-click they can return DIFFERENT content for the two cases.

If the solution isn't that the SAME page is used for both purposes, then it needs to be changed so that it is. And that's for safety, not JUST for traffic economy

brym
Stop

So after all that,

they're still going to scan links anyway. Regardless of their intent with the collected data, you'll still download pages twice, and your bandwidth usage will still be affected - a negative point for users with an ISP usage cap. And for webmasters too, even if the bandwidth consumed is small per person, that soon mounts up over many visitors per month. Unacceptable.

Anonymous Coward
Thumb Down

AVG8 is out...

...of my life. Does things I haven't asked it to, installs crud I haven't asked for - not done. Buh-bye, AVG...

John Latham

@AC

"So now a valuable security tool has been blunted because The Register was worried its advertisers might worry that traffic is a few percent lower than The Register tells them it is."

Firstly, the tool hasn't been blunted.

Secondly, the "few percent" is only true if hardly anyone uses AVG. If everyone on the web used this, the traffic impact will be enormous. Any product which relies on staying unpopular to be practical can't have much of a future. Maybe Cisco have shares in AVG?

Thanks AVG for doing the right thing.

JJ Mail

Grisoft mea culpa

Love the self-deluded spin on their press release. Grisoft, you need a re-shuffle in your marketing department and a new PR agency. AVG V8 programmers, hang your heads in shame. Grisoft, your new mission statement is K.I.S.S. Looking forward to the streamlined, small-footprint version 9 (ie. re-badged version 7) edition.

Why
Thumb Up

NOD32

It's not even FAT32 partitions either that AVG 8 crapped out over, we were on WIN2k with an NTFS and it still wouldn't update itself or uninstall...except in safe mode

but fairplay to AVG, they refunded us.

Nuno trancoso
Gates Halo

I wonder....

How many of these AC "Linkscanner was a GoodThingTM" comments actually come from frustrated malware writers.

Yes, because those folks whould actually welcome the 10x increased chance of getting a "link farm" cheap shot if a vulnerability was found in said Linkscanner...

On the off chance last AC was not a vxer, mind you, LS was NEVER a valuable security tool (the way it was implemented it was just a great attack vector), and El Reg is actually putting readers interests first, because for the Web at large LS was a nuisance at best and for users it was "insert something bad here" at best. Bad security model = no security at all.

Bill, because even MS can figure out their stuff is broken, faster...

Mark

Re: Quit Whining

Why the whining about users feeling unhappy about a product?

STOP WHINING.

halfcut

AVG gone from my system too

I've got rid of AVG- not just because of the linkscanning- that was silly and I turned it off.

The bit that did it for me -I'm running XP with 500MB RAM- is that when moving files, AVG checked the files and left bits of itself in the directory. This led to constant "Directory not Empty" errors and bailing out of the Move operation. Unsurprisingly, this left files all over the place and took a while to tidy up. The part of AVG responsible was an unkillable process and the only way I found to be able to move files was to uninstall completely.

isihac
Paris Hilton

Gary F - AVG a great "virus detector and healer" ?

Gary F - "virus detector and healer" ?

Detector, yes, healer? No.

So few viruses want healing these days, maybe they did back in the day of macro viruses. Virus deletion is the functionality you are looking for, one that you will find in Avast; can't delete a trojan? It will at the next reboot. Problem solved. Gone.

AVG? It doesn't like trojans. It cries "Trojan! Trojan!", but unable to, do the miracle of, converting deleterious viruses to essential system files ie. 'healing', AVG at best quarantines them, waiting for help. More commonly, the computer freezes whilst AVG screams "Trojan! Remove?" then "fail" then "Quarantine?" then "Fail" in a presumably unending cycle, akin to a toddler screaming when it cannot see its mum.

AVG is free for home non-commercial use, and free of Linkscanner too, but it is not top of its class.

Paris, 'cos like AVG she's not top of her class and she does things that make perfect sense to her whilst leaving innocent bystanders raising more than an eyebrow.

And unlike AVG, she mostly visits sites of dubious repute by invitation, while her visits are fully documented in the press, she attempts no justification of her extravagant statistics, whilst she provokes intentional clicks most everywhere she goes. Did you see Paris go?

Wize

Disabling link scanner

I had manually turned off the link scanner. However when you want something in AVG disabled, it constantly displays an error in the system tray. You don't know if you have developed a real problem as it will be hidden behind the deliberate change.

youvegot tobejoking
Black Helicopters

@Nuno trancoso

"How many of these AC "Linkscanner was a GoodThingTM" comments actually come from frustrated malware writers."

Do you look under you bed every night?

Some people (my wife and my parents included) thought it was a great addition to their computer security as they are scared shitless of having their bank/card/personal information stolen and them ending up having to pay the bill. It might have done nothing to help, but they felt it was doing something to protect them from phishers.

I know people all over were complaining that they had to pay uplift on the hosting plans etc, but how much extra bandwidth was AVG8 actually taking? As far as i know it only downloaded the page without images/crap flash ads etc. How may times would that page have to be downloaded to amount to much?

As a side note, i had to change to Avast because AVG stopped updating. Runs fine on my two other computers though.

*Black helicopters because obviously Nuno is always twitching the curtains looking for them"

Anonymous Coward
Unhappy

Malware in Ads

Surely adverts are one of the main ways that malware can get on legitimate sites? (I remember The Reg being hit by a dodgy 3rd party ad a few years ago?)

As most ads are rotated on each page load, surely if 2 requests are made for the same page, they'll most likely be serving different ads to AVG and the browser?

Dave

About Time

'Nuff said.

Steven Knox
Boffin

System Tray Error

@Wize -- Open the AVG UI, right-click on the icon for the component you've turned off, and click on "Ignore component state". The icon in the UI will change to yellow, and the system tray icon won't show an error for that anymore.

I know. It took me a while to find it.

Sarah Davis
Coat

Why Not,...

just turn link scanner off on the config page,...

coat for obv

Anonymous Coward
Thumb Down

@ youvegot tobejoking

"Some people (my wife and my parents included) thought it was a great addition to their computer security as they are scared shitless of having their bank/card/personal information stolen and them ending up having to pay the bill. It might have done nothing to help, but they felt it was doing something to protect them from phishers."

Do they also like the idea of Phorm, ID cards and locking up anyone that looks vaguely muslim without trial? -- Just three more things that will do nothing to help, but are being touted as security measures.

Matthew
Alert

lucky..

if it scanned a link to an *extreme porn* website you yould be done for visiting it even if you hadn't.

Maxx
Thumb Up

What's the fuss ? Let it improve security !

AVG has done an excellent job with Link Scanner. As an IT security expert, I think it is a great idea. Webmasters may not be too pleased - but, hay, if we want to improve user security then certain sacrifices need to be made. I am surprised that AVG is giving way to criticism. Users should be pleased with this technology, which I believe the silent majority are ! Please stop whining and let AVG produce innovative products that provide a service to normal internet users !!!

Anonymous Coward
Thumb Up

What's the fuss ? Let it improve security !

AVG has done an excellent job with Link Scanner. As an IT security expert, I think it is a great idea. Webmasters may not be too pleased - but, hay, if we want to improve user security then certain sacrifices need to be made. I am surprised that AVG is giving way to criticism. Users should be pleased with this technology, which I believe the silent majority are ! Please stop whining and let AVG have the freedom to produce innovative products that provide a service to normal internet users ! AVG you have a fan !

Campbell

@Lloyd

"for bringing these challenges to our attention"

Thanks Lloyd, but one little thing, cut the mumbo jumbo and speak your mind. A spades is a spade and a challenge is still a problem.

Here the PROBLEM was your spam traffic, it wasn't/ isn't t a challenge, it was a PROBLEM. We brought the PROBLEM to your attention.

The CHALLENGE was for you fix it.

Can we get ti right next time please, and can we bin the management speak? Oh and this has got NOTHING to do with and positive attitude mind games you guys play around the boardroom table.

It was a PROBLEM and you rose to the CHALLENGE of fixing it.

Spread the word my good man.

An-D
Paris Hilton

Doh

Does anyone else have an image of our 'IT expert' walking down a suburban street looking serious while filming a serious looking advert for home IT security then walking straight into a lampost by spelling 'hey' wrong and double posting?

Paris because even she could spell hey correctly.

Michael

Useless!

Well first of all, if LinkScanner only downloads the text of the .html (et al) page, then it's not all that useful. Case in point: spam emails that contain an image that displays the message text. So then LS will need to look at images and run them through an OCR filter to scan for content. But then how long will it be before the badPeople(tm) start using flash to do their thing, further obscuring themselves from the LinkScanner? The fundamental design of this "innovative product" is painfully flawed, rendering the product utterly useless.

Now, to those who prefer to question how much bandwidth is really taken up by this...clearly none of your run websites, but I digress. In literal terms one character in the .html (et al) file is one byte, so 1024 characters is one KB. The front page of El Reg is about 32 KB of source code. The count of AVG users is some 20 million. So the potential additional bandwidth is 20,000,000 * 32 KB = OVER 600 GB, and that's all without actually visiting the site. That's just because the users went to google and ran a search query. Start including images to make the LinkScanner more useful, and the used bandwidth increases by an order of magnitude.

Lastly, there's the web analytics side to consider! If LinkScanner visits are indistinguishable from "real" visits, then an entire industry (web analytics) breaks down. And there are search engine advertisers to consider. If LinkScanner is following all links on a search results page, then it's plausible that paid advertisement links are being visited as well, causing multiple erroneous clicks on links advertisers pay to place there, which causes the charge to the advertiser to shoot through the roof! As much as people don't like ads, it's still an unfair burder on advertisers to shoulder the burden of LinkScanner's poorly thought out concept.

So to sum up, those who think LinkScanner is a GoodThing(tm) are evidently clueless.

An-D
Coat

Doh

/me slips on the banana skin of uncouched quotes

John Latham

@What's the fuss

Maxx,

Your AVG LinkScanner seems to have developed some sort of bi-polar self-awareness.

Not only is it "link scanning" the "Post comment" button, generating multiple gibberish posts in the process, it can't decide whether you should be anonymous or not.

Perhaps you should turn off AVG and compose your own posts. They might be more intelligible.

Paul

Insert witty title here

"So now a valuable security tool has been blunted"

WTF was valuable about scanning links you might never have visited anyway? Stop being so stupid.

"It might have done nothing to help, but they felt it was doing something to protect them from phishers."

Errr, so what you're saying here is that it made them feel better, but might not have actually made them any safer?

Back here on Planet Earth, we call that a "false sense of security" and it's generally considered a Bad Thing by people who *do* have a clue about security issues.

Oh, and Maxx/AC? As an IT security expert, surely you should know that posting again with "anonymous" checked won't make your first non-anonymous post go away, but will instead cause a double post and make you look like the prat you clearly are. If you're the sort of "expert" who thinks Linkscanner is a great idea, then killing it off is obviously a good move by Grisoft!

Anonymous Coward
Anonymous Coward

@Maxx

If you're an "IT security expert" then I weep for the future of the web as you've obviously missed the entire point of why the LinkScanner in it's previous incarnation was bad.

LinkScanner was going to sites you probably didn't want it to go to so all those nefarious sites already had your IP logged as a visitor. Imagine you're sitting at work, search something in Google, and the LinkScanner previewed a site that violated your office internet policy or worse.

Like the boss would believe you pleading that you didn't actually go to the Playboy site and sacked you anyway.

Anonymous Coward
Thumb Up

Thanks for the comments

Personal attacks aside - it has to be acknowledged that there is more than one side to this argument. Whether or not any individual thinks ' AVG Link Scanner is a good thing' is down to them. Personally, I do think it is good for user security on the web. However, we clearly, need to analyze the effectiveness of Link Scanner. Those who think that they know the inner workings of this product and it's deficiencies can contact AVG and explain this to them. Is it open source ? Not as far as I know, maybe the experts here can let us know. I think any product that moves a step closer to improving user security on the internet is really a good thing.

Chris
Paris Hilton

@maxx/AC

I believe the 'silent majority' you refer to are silent because they are blissfully unaware of LinkScanners' potential to do more harm than good. As an IT security 'expert' shouldn't you be doing more to ensure your users are aware of the threats they face in the course of their surfing, rather than relying on someone else to do the job for you? And while you're at it, ask your IT department if they appreciate the increased bandwidth costs involved user-side for no actual real-world benefit.

Oh, and as a webmaster, sorry, but the argument 'sacrifices need to be made' smacks of Roger Thompson's own 'omelettes and eggs' argument when originally questioned by El Reg. Is that really you, Roger?

Anonymous Coward
Anonymous Coward

Truth Can Be Painful

I applaud AVG for finally coming to their senses.

But neither they nor The Register give the real facts.

LinkScanner was so easy to fool that every webmaster worthy of the title has been doing so ever since AVG launched it - and presumably every drive-by download site has been doing the same.

AVG dumped it because it was a security risk for their users.

Page:

This topic is closed for new posts.