back to article AVG scanner blasts internet with fake traffic

Early last month, webmasters here at The Reg noticed an unexpected spike in our site traffic. Suddenly, we had far more readers than ever before, and they were reading at a record clip. Visits actually doubled on certain landing pages, and more than a few ho-hum stories attracted an audience worthy of a Pulitzer Prize winner. Or …

COMMENTS

This topic is closed for new posts.

Page:

  1. Satchmo

    AVG 8 and The Hinkey Tool Bar

    After downloading AVG 8. something, I disabled the link scanner right away. Something was really wrong there. Turns out that Firefox 3 won't even work with the AVG tool bar that was foisted upon us. So I uninstalled AVG all together. Guess what, my machine runs better.

    So much for AVG 8

  2. Anonymous Coward
    Go

    My thoughts on this

    Well as a systems admin who is also responsible for generating web traffic stats for our marketing dept, I find this linkscaner to be nothing more than GRISOFTS own botnet army creating lots of unsolicited web connections via PCs running linkscanner, and I mean “unsolicited” in the contect that the user probably had no intention on clicking ALL of the links in the search engines results.

    As I see it, to alleviate most (if not all) of the complaints relating to this, all GRISOFT have to do is change Linkscaner to only do it's scan once the user has actually clicked the link themselves. Yes there will be short delay whilst it does it thing, however

    a) It won't load down the users PC with potentially unnecessary web connections

    b) Won't eat through the dialup/broadband quote as fast

    c) Won't flood web servers with unsolicited traffic.

    If GRSOFT were to do this then I think most people’s complaints would go away as would the problem.

    Just my 2c worth

    Craig

  3. Anonymous Coward
    Thumb Down

    Bandwidth

    I have an ADSL line at home, access at the office and pay to host a few websites. My ADLS is metered - when the allocation is up it is up and I can't access the web. My office web is metered with a fixed allocation; when it is up it is up. My websites has a fixed amount of bandwidth allocated to it. When it is up it is up and my sites disappear from view. Not everyone has unlimited access. Until recently I only had dialup - and waited three months for an ADSL line to be installed. That is the reality some of us have to live with. The comments by AVG and others show their total ignorance of the audience they serve which makes you wonder what else they don't know and if their product is doing what it says it does.

    (Suspected something wrong after installation of AVG 8, now I know and just removed it)

  4. Jolyon Ralph
    Thumb Down

    Another bad side effect - helping to prolong the IE6 nightmare

    Thanks AVG, you're helping to boost artificially the number of IE6 referers in logs - making it a lot harder for us to justify stopping support for that piece of junk.

    What I don't understand is why they can't just scan the page that is requested when clicked, not all the pages that someone MIGHT want to click on.

    And I do hope that it doesn't go bezerk like that Google desktop cache thing did a few years back and simulate clicking the 'Delete' button inside Content Management Systems, etc.

    Bad AVG. No.

    Jolyon

  5. Sam

    AVG gone...

    Avast running instead.

  6. TimB

    @pctechxp

    Actually, my company requires all home users to have a static IP so that they can access our network. If they're not accessing from their home connection, they're denied access to the VPN. I'm sure we're not alone in this.

  7. NoSpamPlease
    Boffin

    Computer Forensics?

    Aside from the interminable slowdown this has caused on my computer, I wonder if not disabling its automagically scanning every link is a good idea. Wouldn't want to get the three letter agency guys excited that they got a hit on one of their KP honeypots just because it shows up in an innocent Google search.

    Or am I being too paranoid?

  8. Belxjander Serechai
    IT Angle

    pre-scanning by pre-loading?

    Where is the cache options?

    anything like this would need to store and forward, and mention of "no-cache" usage,

    *ouch* on the slowdown for anyone stuck with any kind of transparent proxy,

    I know of at least 2(more?) NZ ISP's that run transparent proxies for DialUp AND DSL,

    they are configured for DSL to be ignored but they still run a few things through it,

    THAT is a problem since I have walked into those proxy systems throwing hissy fits on

    occasion,

    and not everyone is given "generous" data-limits for downloading each month

    I know of several ISPs that allow 1GB or less, (cellphone data plans anyone?)

    and they also provide the same plan for DSL,

    Thanks but no thanks, where is the option for selecting HOW the pre-scanner works?

    can it be set for "selected only" or "pre-scan page advanced" ?

    this ones to pat also, it would be useful to be able to enable/restrict "how much"

    the pre-scanner hits a site, can this be set for being a transparent "localhost" proxy for scanning anything before the browser reads it and only fetched items?

    Intelligent Technology doesnt always happen on the first attempt...

  9. Parax
    Alert

    Whats wrong with a Local Transparent Proxy Client?

    Has AVG never heard of a transparent Proxy?? jeeze its Fking simple. no extra requests no extra bandwidth and all content can be scanned!

    Probably protected by some IP/Patent Troll...

  10. A J Stiles
    Flame

    Broken

    And there's me thinking that an operating system where privilege separation was just bolted on like a bad afterthought was as broken as it could get.

    Then I discovered pay-per-click advertising. People actually pay money for the mere fact that someone has downloaded some content?!

    I used to be content with just blocking adverts and actively trying to avoid any product or service for which I have seen even a single advertisement; but now, I think I'll write me some code that, in the background, will follow the links in advertisements and download the linked content straight to /dev/null (as if I saw the advertisement but never went on to buy the product).

    I'll feel strangely better knowing that someone stupid lost money on that.

  11. David
    Boffin

    You're not getting it

    @AC W/ 'thoughts'

    the whole point of the feature is to provide me information BEFORE I click, to save me wasting my clicks. While scaning again WHEN I click is fine, it missis the point entirely. Computers are good because they do things faster than people. If this saves me (users) time, it WILL become commonplace because folks who want my money know I like to save time.

    Whichever webmaster is looking forward to trying to leverage the data to determine when their page did well in a search is on the right track.

    @AC 'Bandwith' - So don't run it. What's your issue? Your expectation is that all software will work flawlessly over ADSL? And if it doesn't, it's not good software because it needs more resources than you can provide? So we should all be running 32mhz 386's W 8k ram & 36k dial-up, and the first time a piece of software needed more, we label it 'bad'? Where does that get us?

  12. Dave
    Go

    Legal Action

    Seems to me that the best thing to do is ensure that the Terms & Conditions of all of our websites are updated to disallow visits by tools similar to LinkScanner (always helps to name it explicitly) and since we now have the email of someone at GriSoft that knows all about this, we back that up by informing them directly.

    After that, any mis-use of our sites should surely be actionable?

  13. kain preacher

    @TrishaD

    in that case she is suing the wrong person. If a drunk driver hits you, you dont sue Ford. The only way I could see this if the was a size 16 trying to fit into a size 10.

  14. Anonymous Coward
    Anonymous Coward

    It's You Who's Not Getting It

    "the whole point of the feature is to provide me information BEFORE I click"

    True, but world + dog knows how to fool it - and how to fool you.

    What this "feature" actually does is to warn the website before you click.

    So the site serves a nice clean file to LinkScanner to get a green star.

    And a nasty drive-by download to you.

    Enjoy!

  15. Stephen Baines
    Thumb Down

    Pat did ask for help....

    ... And I offered straight away. But so far he passed the offer on to someone, who passed it onto someone else, who has chosen to do nothing.

    So that was a waste of time, wasn't it? It's getting on for a whole working week later, and it's no further on. Pathetic.

  16. Anonymous Coward
    Anonymous Coward

    no problem

    I'm just going to add a small 1x1 frame to every page on my website that embeds a google search for site:grisoft.com with 100 results.. Google's text-based pages (even with 100 results) is smaller than most web images, so I suspect 99% of web surfers won't even notice it.

    Grisoft and all of their avg8 users sure will though..

  17. TimB

    Not just search results...

    From their blurb: AVG scans every Web link you come across, whether in e-mails, documents or instant messages, no matter the source, before you open them to ensure you are protected in advance 100% of the time.

    So it seems like it's more than just your search results that get scanned. You just only get told about it when it's search results.

  18. Anonymous Coward
    Anonymous Coward

    Hope This Helps...

    Pat from AVG wanted constructive help so here it is:

    1. Stop all downloads of AVG 8 immediately.

    2. Put all your people on overtime to produce a version that does not include the security nightmare known as LinkScanner as soon as possible and make that available instead.

    3. Hire the best lawyers and PR people you can afford.

    4. Install a different AV on your personal computer.

    5. Keep an eye out for "situations vacant".

    Hope this helps.

  19. Craig
    Thumb Down

    Not just the search results...

    If it is as TimB states then this is even worse and just re-inforces the point that it should be a on-demand (when the user selects a URL) action as apposed to a "scan everything" approach.

  20. Anonymous Coward
    Flame

    As soon as...

    ...web hosts start actively scanning THEIR content for viruses, I'll continue to do this service for them, for free. I've seen WAY to many sites broken into only to have some kind of malicious code installed. Maybe we should hold the site owners accountable for this? The average use won't know diddly about what java script is, activex, etc..

    They'll go to their _usual_ website, then be prompted for something to be installed on a site they ALWAYS visit (I've seen this happen with people I know) and assume that the site has undergone some changes and this part of it... BAM! they have a squeeky new malware for which no AV detects.

    For everyone crying about bandwidth, do you actively scan your content for stuff that should not be there? Is your WWW mounted read only? If you say no to either then prepare to be link scanned.

    Quick Google on "website hacked" turns up around 113,000 results. Most are probably dupes, but these are site owners who ARE NOT proactive about making sure they aren't broken into. Broken into websites are a lot like the spam problem. Its here to stay.

  21. Anonymous Coward
    Anonymous Coward

    AVG 8 resource hog

    As soon as I installed AVG 8, my machine began running at 100% CPU utlization all the time. I tried to de-install and my machine then became corrupted. I was then somehow infected with several different viruses including one that infected my restore points. I finally was able to create a UBCD on a different machine, boot the infected machine, remove the mutliple infections including a bootloader infection. I promptly disabled and removed everything AVG related and switched to AVAST!

  22. Anonymous Coward
    Anonymous Coward

    Dummy Up

    "prepare to be link scanned"

    If you bother to read the article or the comments you will see that some webmasters are very well prepared for this idiocy - they've already been fooling LinkScanner for a month by either:

    (a) telling it to check AVG's site instead of their own (code posted above)

    (b) feeding it a dummy file (example site given in the article)

    If you want to check for yourself just spoof your user-agent to use the LinkScanner one and hit the example site given in the article (which fools LinkScanner and gets a green star every time).

    And these are just the good guys - what do you think the bad guys are doing?

  23. Pete Hunt
    Paris Hilton

    ...customer in Nigeria (anyone tried 196kps down, 64kps up???) .........

    You want to try 128kps down, 64kps up as we have out here in Honduras, C.A. Then you'll find that although AVG 7.5 ran smoothly, AVG 8.0 staggers along, its services grinding to a halt occasionally and giving XP SP2 (fully patched) a case of the BSODs at least twice a day. Web surfing with Linkscanner on is unusable here!

    So it's off with AVG and on with Avast. The Home version is free - it has anti-virus, anti-spyware AND anti-rootkit built in and it runs smoothly - it has a bigger footprint than AVG 7.5 but not as big as the footprint of AVG 8.0.

    Paris - 'cos at last we've found something that sucks harder than her!

  24. Mark

    Re: Response from AVG

    Well how about mailing back to you the report of bad sites and you can collect them and inform the website owner?

    How about scanning as you download, rather than scan-ahead?

  25. Colin Polonowski
    Thumb Down

    A 2000% increase in bandwidth use!

    Having been trying to discover the source of high server loads and spiraling bandwidth use since 24th May, I finally tracked the issue down to this AVG scanner - it has caused a 2000% increase in daily traffic from my server on a reasonably small site. The site usually accounts for just 14GB/month but so far in June we're up to 300GB.

    Even worse, the requests aren't to real pages and are all generating 404 errors - literally hundreds of thousands of them. I have had to turn off a custom 404 error page because of this to reduce what my Apache server has to do.

    Fantastic. I didn't like AVG before this, but now I am going to actively tell my clients never to use it.

  26. JC
    Unhappy

    AVG, goodbye

    I quite agree with those of you who wrote that AVG was now too bloated, had too many false detections, has been irresponsibly released with this terrible link scanning tech.

    I've used AVG AV for years but sadly these changes in version 8 are just unacceptible. I'd go without AV protection at all before I'd run AVG8.

    @ John A Thomson - We didn't need to "learn" what you had to say, it was obvious and thoroughly weighed by others who had enough sense to see the problems with linkscanner far outweigh the dubious benefits.

    The obvious answer has already been mentioned, get rid of linkscanner and use a proxy if it's really that important. The issue of infection method over file identification is not relevant, that can be detected after the link was clicked and content cached locally.

Page:

This topic is closed for new posts.

Other stories you might like