Feeds

back to article AVG chokes fake traffic spew

After howls of protest from countless web masters, AVG has promised to quit spewing fake traffic across the internet. Earlier this year, the Czech-headquartered security company paired its new anti-virus engine, AVG 8, with a real-time malware scanner that vets search engine results before you even click on them. If you search …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

What happens to a "payment" link?

If the link scanner is there, does it get "clicked" twice? Once for the scan, and once for when I really want to pay?

Maybe these guys are promoting double payments to vendors or some such?

It could happen, but does link scanner work on "secured" pages (https://)?

0
0
Anonymous Coward

Hold on

AVG was doing pre scanning to give the user a perceived faster browsing experience at the cost of everyone else, well bugger them.

They should scan as the page is loaded, and then send the results to a central database to be pulled from later.

And yes it does rather increase the liability and exposure of their clients, perhaps they should run a proxy instead, and then feel the pain of the download, that would give their users a faster experience and only cost AVG.

It is just badly produced, the idea is fine if the costs are met by the parties concerned and not everyone else.

0
0
Flame

@AC using "re-architected"

"re-architected"?

An architect is a person who designs buildings. Its use in any other context is pure crap. I believe the word you are looking for .... wait for it.... its really simple.... is *redesigned*.

Stop trying to be a dotcom market-tard by using made up words!

0
0
Why

Omelettes? Pah!

Oh Yes the omelette comment. Well that really annoyed me at the time. Never mind "Open Source." AVG released flawed software that they took my money for (at least the softs was flawed on this legacy system anyway)

- did not do what it was supposed to do

- came with things that people did not want.

- slowed machines to a slug.

- on this legacy box took 16 hours to scan the machine for viruses.

- would not update its virus signature either locally or over the Net,

- visited sites that you we did not want it to

- did not install itself correctly,

- emails that we sent with our avg.cfg to support were bounced back

- did not uninstall itself in a friendly fashion and was only evicted in safe mode. Contrary to the blether on the AVG website.

-the lifeline of 24 hour support was 1 automated e-mail days later that told us we were on a FAT32 partition when it was NTFS and that an update will be released "soon," How soon????

We bailed out and got ourselves sorted elsewhere.

I don't want maximum aggro when installing new software and I have to say that my experiece with AVG 8 was one long headache.

The only one good thing I can say for my experience with AVG 8 (bastard thing) was as I said earlier

- they gave us our money back.

0
0
Pirate

Surely malware writers could detect LinkScanner?

If LinkScanner doesn't download Google ads (and thus doesn't execute the JavaScript which loads them) then presumably its bevhaviour is distinguishable from that of a standard browser by looking at the values of JavaScript variables after the page has been loaded by the browser.

Not a useful distinction for log file analysis, but a useful exercise for the budding malware writer...

0
0
Pirate

What will you do with the cheese?

With all the whining here, who's getting all that cheese? Really, other than the articles appearing in the Reg-what other major news sites-disregard the bloggers rehashing Cade's story-covered all this alleged bandwidth being used? Uh, none. Yes, AVG is getting sued-uh, not unless it's a huge settlement for wheels of chesse to all the whiners out there. Forget about security, who needs it, so long as the web masters from check-out-my-lame-site.org are happy. Really, no one else cares, and now AVG has 100 less users, boo effin hoo!

Seriously, maybe AVG should have thought about the potential problems and planned a little better with the release of 8.0, but lets give them credit for listening to all your problems, addressing it, and still offering a good FREE product. Now I'll use another free AV, ya, that'll stick it to em! Way to go, you show em! Oh, no, I'm a clueless PC user, wah! get over it!

Using the Jolly Roger since I have a little Captin in me!

0
0
Jobs Horns

Omg.... its the p word all over again...

"It might have done nothing to help, but they felt it was doing something to protect them from phishers."

That is called the placebo effect. If i have a BIG headache i take some XL stuff. Minor headache, probably take aspirin or paracetamol. If im not sure whether or not i have an headache i DONT drink water with sugar. Main reasons its because its pointless and useless.

Let me tell you some "news breaking" stuff. Many people have been doing LS's task in a more rudimentary way. Involves a transparent proxy and a fair bit of "rewriting". Behold, it too takes away many nasty things attached to your humble webpages. Does not go on a hellbent attempt on downloading the whole Internet tough. Lacks a "dont click this link, ForMoronsTM" too. Why should it have one? It will try and catch it IF AND WHEN the user actually goes there.

I dont bash LS's attempt. Its ok in my book to catch web traffic midway and take a look at it. I bash their utterly braindead way of going at it. I bash even more the outrageous way in wich they tell you "we know better" when its obvious they dont. I totally bash their utter lack of balls (for lack of better metaphor) in not standing up and taking it like men when it all goes tits up (three words: PR wont fly).

Evil Jobs, even his zealot clonelike PR/evangelism didnt stink so bad.

0
0
Coat

*sigh* taking wrong meaning from comment

When I said "It might have done nothing to help, but they felt it was doing something to protect them from phishers" I was thinking more along the lines of "it might not stop all the phishing sites, but it should stop a lot/most of them, which will definitely help them feel safer", and when you are dealing with my Dad (80 years old) he needs all the help he can get avoiding the pitfalls of the internet.

Yes, the smart hackers will find ways of circumventing it and infecting people with firefox with adblock plus and noscript installed, but they are not all smart.

Not everyone on the internet trawls technology sites every day and keeps up with current exploits, any help is better than none at all.

/ mines the one with the steps in it for jumping on bandwagons

0
0

This post has been deleted by a moderator

Bloody AVG

If I have to reboot *one more fucking time* after its morning update, it's bloody well going.

0
0
Thumb Down

@Thanks for the comments

No, it's not a opinion, it's a fact, there are no two sides unless you're too dumb to appreciate the fact of the matter. You are NO SAFER scanning dozens of pages you don't actually visit than you are just scanning the ones that you DO visit. In fact, if anything you have slightly less privacy with linkscanner as they get your IP/Browser AND if there's any bugs in the code of linkscanner itself it lessens your security also. FACT.

Roger Heathcote.

PS: And I'm not dissing Grisoft, I have used AVG for years, I think it's very good, and indeed I think they have done the right thing by listening and fixing this - if they hadn't I might have reconsidered my choice of AV, which is no biggie itself, but I run an IT business and advise people what to use every day so by placating one person like me who IS bothered about stuff like this.they've prevented potentially hundreds of people who aren't sure what to use switching to say, avast.

0
0
Joke

Oh...are these the guys...

who keep telling me my linux machine is infected with some horrible virus?

0
0
Alert

I had to disable LinkScanner

For some reason, every time I brought up a Google search, it was causing Firefox to crash. Great fun, no?

0
0

Seems to me it should have been easy to do this 'right' anyhow..

I've given this some thought over the last few days, and this is how I think LinkScan should have operated;

Step one, client makes a single request to AVG with all the URLs to be checked, and gets a single reply listing each as "known to be bad", "known to be bad but retest anyhow" or "checked and found clean within the last hour".

Then AVG at the client's end can almost immediately apply green ticks or red crosses to most of the results and only very, very occasionally need to test sites that haven't already been checked. When it needs to test a site, the result is sent back to AVG's central database, and the site doesn't need to be retested again by anyone for the next half hour or so.

Obviously, AVG would need to put some effort into verifying that results are coming from their own software, and that they half-hourly check is not performed by the same client each time. IOW they might need to put in some effort to make this work, but I'm sure they have a few smart guys on staff that can figure out how to make this work.

Websites see perhaps one or two extra hits per half hour, checks for infected sites are still performed by random end users, most AVG customers will 'almost' never, ever see a site that AVG hasn't tested in advance. Everyone is happy, except perhaps the website hackers and distributors of malicious software. Did I miss something?

In short; if you want to make an omelette use your own eggs, or at the very least break no more eggs than absolutely necessary.

0
0
Stop

It was fundamentally broken anyway...

... because you could just arrange for the malicious page to only deliver it's malicious payload after the 2nd fetch from any IP address. AVG would scan the first request and pass it as being clean, then the user would click, fetch it again, and get hosed!

Duh.

0
0
Paris Hilton

LOL you guys missing the boat?

hmmm just read through about half the comments... then got bored... ok first off... since when is malaware hidden in the "html" of a page? isnt it hidden in a flash file or a image or some other file that the html downloads to your pc etc?

so basicaly scanning links etc will only help with pre defined rules of "this site is bad dont load". if it wants to actualy scan to find malaware on the page before it gets to your pc its gonna have to scan all images / mp3's / avi's etc in the page... which increases trafic drasticaly. sounds like marketing hype to me. i use avast pro.. it has a wep page type scanning thing... it scans the content as its being downloaded.. so basicaly what you will see gets scanned not a whole lot else.

on a side note... any pc ive ever worked on that has AVG i uninstall and load any other AV (tried it with a few other antivirus's) and they all detect trouble with the pc (malaware) even tho avg did nothing - granted all pc's i have to look have some problem with them... just makes it easier identifining a problem when avg is on the pc... uninstall it get a performance boost. install other AV remove malaware,.. pc fixed :P

it still amaizes me how AVG managed to get into the market... as im pretty sure that most people that use it are not IT proffesionals.

i asked a few people they all say the "pull" avg has is cause its "free".... come on people there are OTHER free antivirus' FFS. use something that actualy "works"

paris cause she doesnt work either... and shes probably also all full of bloat and malaware

0
0
Dan
Silver badge
Unhappy

@youvegot tobejoking

> When I said "It might have done nothing to help, but they felt it was doing something to protect them from phishers" I was thinking more along the lines of "it might not stop all the phishing sites, but it should stop a lot/most of them, which will definitely help them feel safer", and when you are dealing with my Dad (80 years old) he needs all the help he can get avoiding the pitfalls of the internet.

> Yes, the smart hackers will find ways of circumventing it and infecting people with firefox with adblock plus and noscript installed, but they are not all smart.

Putting green ticks on links so your (or anyone else's) Dad thinks he can click on it isn't the right way to go about security if the design behind the ticks is flawed.

First it'll be smart people who can get round Link Scanner, then it'll probably find its way into the usual script toolkits. The fact there are two downloads by two different programs (Link Scanner and the browser) means there are two points of attack and the two downloads can be different to take advantage of different exploits in the scanner and the browser.

AVG bought a lemon when they bought Link Scanner, they just won't admit it.

0
0

Why is the client responcible for Anti malware

A cheater solution for the customer and the AV firm would be for the websites to guarantee the data they publish to the net. If the anti virus client had a database of certified sites and only scanned content outsite of this list then it would be less intrusive and an incentive for the websites to take some responciblity for their data.

Personally I would have the AV scanner access all web data via a proxy provided by the AV firm. This would give the AV company control of the safety level of content and if they provided encrypted web traffic remove the likes of PHORM.

Where the AV company is republishing the data in encrypted form along with advisor notices and optional ad removal then snooping the stream would be an infringment on the AV company.

I owuld pay for a service like this and then the people we pay to protect us from malware could take PHORM to court for us or just remove all phorm sponsered ads untill they stop snooping.

0
0
Stop

I'm with Gilbert

All this LinkScanner arguing is so much piss and wind

An AV that requires a reboot after updating - now that is seriously fcuked.

On top of the web 2.0 floaty-bloaty interface it was the last straw for this user.

0
0

Views of a user of the original standalone LinkScanner application.

I have been using Exploit Prevention Labs LinkScanner Pro since August 2006; it was recommended in an Agnitum (Outpost Firewall) newsletter. In November 2007, AVG acquired Exploit Prevention Labs and eventually incorporated LinkScanner functionality into their own products. LinkScanner Pro currently remains available as a standalone product. As I use ESET NOD32 for AV protection I have no knowledge of how LinkScanner functions have been incorporated into AVG products but it does not seem unreasonable to assume the core LinkScanner logic in the two products is pretty similar if not identical.

Disregarding the optional search engine integration for the moment, as I understand it the standalone Linkscanner Pro utilises Layered Service Provider (LSP) logic to scan the incoming data stream. A Layered Service Provider is a DLL that uses Winsock APIs to insert itself into the TCP/IP stack. Once in the stack, a Layered Service Provider can intercept and modify inbound and outbound Internet traffic. It effectively does this 'on the fly'; in other words it does not download a requested page twice but can intercept exploits before they are processed by the browser.

While I can see how the search engine integration facility would and has been the cause of some aggravation, my guess is that the purpose behind its introduction (initial versions of LinkScanner Pro did not have the facility) may have been twofold. Firstly, there is a slight gain in efficiency i.e. any compromised sites in a page of results are flagged before you follow any of the links. Secondly, if you have agreed to participate in automatic reporting of detected treats, compromised sites will be detected sooner in that you will be reporting sites that you might otherwise not have visited.

As long as there is no unacceptable resource impact, I am a great believer in [mixed metaphor warning!] both 'belts and braces' and not 'putting all your eggs in one basket' where security is concerned. I have no connection with Exploit Prevention Labs apart from being a customer of their software and as long as the standalone version remains available I shall continue to deploy it.

0
0
Anonymous Coward

@ Chris Salter

"I have been using Exploit Prevention Labs LinkScanner Pro since August 2006"

Bad news Chris - that version of LinkScanner is just as easily fooled as the AVG version and The Register has helpfully published details of how to do it, so any malware writer who didn't know before will certainly know now.

I don't want nice folks like you to have drive-by downloads inflicted on them because of a misplaced faith in this useless product and neither does AVG - which is why they just dumped it.

0
0

Page:

This topic is closed for new posts.