back to article AVG scanner blasts internet with fake traffic

Early last month, webmasters here at The Reg noticed an unexpected spike in our site traffic. Suddenly, we had far more readers than ever before, and they were reading at a record clip. Visits actually doubled on certain landing pages, and more than a few ho-hum stories attracted an audience worthy of a Pulitzer Prize winner. Or …


This topic is closed for new posts.


  1. Aditya Krishnan


    Why can't the people at AVG just maintain some sort of list of malware infected sites and push it out to customers along with the daily updates? FireFox often informs me of such sites long before my AV scanner notices. And is this built into AVG's free version?

  2. foof
    Thumb Down


    This obviously sucks bandwidth from the host but doesn't it also impact the computer running AVG?

    For the few poor shmucks still on dial-up or with metered connections, visiting a minimum of ten sites every time you do a search is ludicrous.

    Time for a boycott AVG campaign.

  3. Adrian Jones

    I did wonder...

    Having installed the latest AVG I was impressed that it was now managing to scan my email as it came in. (Using Pegasus with SpamPal usually meant that nothing was able to manage this.) I also spotted the little tick marks (or not) appearing in Google.

    I presumed that AVG was looking up data that Grisoft had compiled in advance, rather than scanning each search result as it was found.

    There's also an issue that this is eating up the users' bandwith which, although I'm not affected could be a problem with some contracts.

    LinkScanner has now been disabled on my machines, until the situation changes.

  4. Daniel

    DDoS attack on the budget?

    Perhaps a case could be made for smaller websites that this is a DDoS attack on a large timescale against their budget. In that case, perhaps a cease and desist letter to AVG would be in order. Should that fail to work, then asking a court for an injunction followed by a class action suit for damages may be more effective.


  5. Phil the Geek

    No need for an AVG boycott

    It's easy to disable this feature - just click on Link Scanner and uncheck AVG Search-Shield.

    Us Opera users can retain our smug self-satisfied demeanour content in the knowledge that not only are we running the Saab of browsers but also that Link Scanner only works with IE and FF.

    I wonder what the carbon footprint of Link Scanner is?

  6. Anonymous Coward
    Anonymous Coward

    They will just escalate an arms race

    People will write stuff to detect this, AVG will than have to rewrite theirs, etc etc.

    Really badly thought out idea, if you go mainstream with it.

    Ideas like this work well for a few organizations, who get a bit of extra protection, but once the release is wide, the battle begins.

    Ads need to be checked at source, not checked live it is daft at that point. And really just stop flash ads. The JavaScript model would be simpler, but really ads should be fairly static, and only if the site wants to jazz it up should it happen.

    So, charge a premium if the person wishes to include code with the Ad as it should be checked, but run most of the ads as text input only. JavaScript could still be used as the medium to serve the Ad, but just not arbitrary JavaScript on input.

  7. Joe K

    Hmm, interesting stuff

    I *love* AVG, its a small, unobtrusive scanner thats saved my bacon a number of times. It doesn't dig resource sapping hooks into the system like other scanners, and its free!

    That said, i clicked on "Don't upgrade yet" when it gave me details about Linkscanner, as it seemed like unrequired bloat to me as i only use Opera which has built in protection and is immune to 99% of attacks.

    Of course, i have to upgrade soon, and i will, but i hope this "feature" can be turned off. Much like the system-twatting "Scriptscan" java scanning function in McAfee, its obviously more trouble than its worth.

  8. Anonymous Coward
    Anonymous Coward


    I tried AVG8 after being informed that version 7.5's database wasn't compatible and experienced a major problem with the link scanner in Firefox 2. At one point it was causing so much hassle, I had to not only disable the plug-in but totally remove it and seek a new virus killer.

    Anti-Vir might not be fast but it's just as good as AVG and no pesky plug-ins!

  9. Anonymous Coward

    AVG 8 bloatware

    This new release from AVG is a resource hog. Its combined memory usage is ten times that of its predecessor, AVG 7.5. Adding unnecessary bloat to increase a product's "value" seems to be a common trend these days. Fortunately AVG are continuing to support 7.5 until 31st December so it gives me plenty of time to find a lightweight alternative.

  10. Anonymous Coward
    Anonymous Coward

    And getting rid of it is hard...

    I accidentally installed this while installing AVG8. It was hard to get rid of (as a Firefox addon on Windows) since unlike normal Firefox addons, it came without an Uninstall function. The only way was to delete the Firefox folder in C:\Program Files\AVG\AVG8

    But apart from that, AVG8 is just fine, so thanks AVG once again.

  11. ImaGnuber


    "I don't want to sound flip about this, but if you want to make omelettes, you have to break some eggs."

    Translation: We don't give a shit. No, really, we don't.

  12. Shabble

    Slower browsing experience

    Yes, it does severely impact on computer speeds as it puts a big drag on web searching and so inhibits browsing. Occasionally it crashes the browser completely. The really annoying thing is that you can only stop it by disabling the AVG module, which leaves you with a grayed out AVG taskbar icon that prevents you being able to easily spot if AVG is not functioning properly. You can't unselect this function at the install stage and you can't change its parameters to lessen its grasp on your browser.

    I used to be a die-hard supporter of AVG and have used it as my only AV at home for about many years. After half a day of swearing at this stupid idea (which should never have got past the initial testing stage) I switched to Avast!. I doubt I'll change back.

  13. John A Thomson
    Thumb Up

    Linkscanner works better than blacklists!

    First off, I've recently switched over to using and recommending AVG 8 as the Linkscanner technology and low resource utilisation make it stand out from the crowd.


    AVG's Linkscanner works a treat and is a better solution than blacklisting. It does realtime inspection, looking for known exploits and other nasties. Blacklisting relies on someone or some systems detecting a nasty and reporting it so the website can be added to the blacklist. There is usually a delay in blackilisting whereas Linkscanner protects in real time.

    No other AV / security suite that I know about has the same level of protection as Linkscanner! Most AVs rely on blacklisting or watching out for the infection to be downloaded onto your system before reacting. Linkscanner uses many other techniques to ensure the malware stays on the server in most cases!

    The realtime inspection feature of Linkscanner isn't included in the free version of AVG AV. You only get the search result inspection. Previous versions of AVG also restricted some features to be in the paid for version. AVG is, after all, a commercial company that needs to sell products to stay in business. The fact they provide a free edition with good and solid free protection is a great service to those who either can't afford or are too cheap to buy a license.


    The new AVG 8 is VERY light on the host computer.

    Users can do a custom install or switch off Linkscanner within AVG.

    Agreed, it may not be for everyone, but anyone with even a half decent broadband connection shouldn't notice any difference when browsing the web. However, dial-up and big boy broadband users that provide poor service to their customers may well find it causes a lag in loading webpages.

    Here's an example of where Linkscanner worked where other security solutions failed:

    It even made The Register at the time:

    It appears that nearly every day there is a story of another big website, that should be trustworthy, being hacked to serve malware. Technologies such as Linkscanner will provide the real time security that is needed to protect web users.

    Bandwidth is cheap these days anyway. If smaller websites can't afford to pay for it then maybe they need to find alternate suppliers or reconsider their web presence.

    As for webstats, most of the time they are a flaky indication for most businesses! Much better to measure the real business impact of your web presence i.e. visitors that convert to sales, number of user registrations, etc.

    Keep up the good work Roger and AVG. Some of us appreciate your fabulous technology and what it can do to protect the end users from the ever increasing threats on the Internet.

  14. Anonymous Coward
    Anonymous Coward

    Phorm killed?

    There is an obvious possible side effect to this however, unless I read it wrong. Won't this completely destroy phorm, or any targetted advertising service?

  15. Anonymous Coward

    its AVG not spyware

    Ah maybee this explains why ive been having so many problems getting goole to work in the last few days!

    Ive been getting this from google:

    We're sorry...

    ... but your query looks similar to automated requests from a computer virus or spy ware application. To protect our users, we can't process your request right now.

    We'll restore your access as quickly as possible, so try again soon. In the meantime, if you suspect that your computer or network has been infected, you might want to run a virus checker or spy ware remover to make sure that your systems are free of viruses and other spurious software.

    And ive run a whole slew of Anti Spyware apps... all clean.

  16. Test_subj

    pay per click?

    Does AVG scan all pay per click links as well? some ad clicks cost well over $20 per click. Does Google filter that out of their billing? What incentive do they have to filter out bogus clicks.

  17. Jeremy

    Annoying for users too.

    If you try and disable it through the AVG app, it triggers the "you're at risk of..." crap. Only disabling it's add-on component in Firefox let me get rid of it's annoying nannying ticks without being constantly nagged to turn it back on.

  18. Trevor Watt

    AVG 8 Linkscanner made my PC sloooooooooow

    Slower than molasses on a February morning.....

    I turned it off and normality was restored.

  19. Anonymous Coward
    Anonymous Coward

    Perhaps I'm just being dense here...

    ...but if this is scanning every link on a page, does that include CPC ads on search engines? Being someone who runs sponsored ads on Google, as much as I like AVG, I'm not sure I like the idea of paying money to advertise to a robot.

  20. Vlad


    Isn't this a good way of fooling phorm-like tools?

  21. D

    AVG without Linkscanner

    You can still use AVG without the Linkscanner component.

    Starting from afresh, run the installer with the command

    c:\avg_free_stf_*.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch

    My reasons for doing this were due to privacy concerns, more related to the use of search engines against every site I visit than AVG.

  22. Anonymous Coward

    So has it helped

    I mean, to drive up your ad price with all those hits.

  23. Dave Bell

    The Stupid, it hurts.

    I upgraded to AVG8 in the belief that anti-virus updates for AVG7.5 were about to end.

    Luckily I run Opera.

    I anticipate changing my AV software in the very near future.

  24. Mark Powell
    IT Angle

    Just remove the component

    There's an option during the install to get AVG without the linkscanner:

    Run the installation with the parameters :

    /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch.

  25. Wolf

    I can't find it in my heart... really care.

    Let it destroy web analytics. They're pretty much fairy dust anyway. The whole pay per click issue is what made spammers target the web in the first place. I'm still on AVG 7.5 so I'm not contributing to the problem, but there's a part of me that views web marketeers with the same warm fuzziness I extend to RIAA and other wastes of skin.

    Then maybe advertisers will begin to wake up from their daydreams about sticky eyballs and sneaky pop unders and all the rest of the pain they've inflicted on us.

    The biter got bit. Boo hoo.

  26. Jordan

    On the AVG site

    there's instructions to install AVG without the linkscanner component although they're a challenge to find... Even if you've already installed it, running the installer again from the Run prompt with the arguements /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch will remove it/not install it in the first place

  27. William Bronze badge


    John A Thompson, what a player you are -

    "Bandwidth is cheap these days" - Erm, no its not.

    "but anyone with even a half decent broadband connection shouldn't notice any difference when browsing the web" - LOL! Really. Maxing out the TCP/IP stack by clicking on 10 links all at once isn't going to have any effect because you have "fast" broabdnad... Yeah, right.

    "If smaller websites can't afford to pay for it then maybe they need to find alternate suppliers or reconsider their web presence." - So innocent people should be forced out of business or move ISP or earn more.

    Besides, how long is before Google gets pissed off with you (as you obviously work for the company, by the way) for increasing the load on its servers and finds a way to stop you in your tracks. Or do you expect google to add a few data centres to cope with the increase workload so you can sell some shite AV software.

    After all, AV software is a lot of bollocks, it ain't stopping jack shit.

  28. Mike Row

    LinkScanner SUCKS! So dn't install it.

    I have used and installed AVG since version 6. Great program. Still is! But the linkscanner is USELESS. I almost gave up on AVG because of it slowed down Google to the point it was UNUSABLE.

    Install AVG WITHOUT LinkScanner!

    (Forget where I found this)

    # Download the AVG 8.0 Free Edition installation package from their website.

    # Run the installation with the parameters /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch. One way to achieve this is to:

    save the AVG Free installation file directly to disk C:\

    open menu Start -> Run


    c:\avg_free_stf_*.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch

    # The installation will be started, and AVG will be installed without the LinkScanner component.

  29. Gary F

    Protect us from AVG, not malware!

    Thank you El Reg, you've just explained why we experienced an explotion of hits and at the same time the bounce rate went through the roof (which was distressing!). It's ruining our statistics which we put a lot of effort into setting up and aiming for accuracy.

    Our Google AdWords are getting lots of hits so I'm hoping they're not being counted and charged to us - unless AVG are in bed with Google to raise their revenue?

    Shame on AVG. I will be disabling this feature at once and advising all friends & colleagues to do the same - for the sake of poor website maintainers and investors. (Formally to this, AVG rocked!)

  30. Anonymous Coward
    Thumb Down


    And to the guys who actually aren't advertising, but will get nailed by the bandwidth costs? To the guys who run little shareware software outfits and won't have a clue where their visitors are really coming from, or whether they're real?

    For a small company that lives and dies by traffic generated by search engines, this could be crippling.

    It's not just about the big, bad, nasty advertisers - you know, the ones paying for the site you're reading for free.

  31. Havin_it

    How rude

    So, webmasters are guilty until proven innocent, then? Nice.

    I can't help thinking it says a lot for AVG's confidence in their, y'know, antivirus product that they feel it necessary to stop you even going near a site that might try to give you, y'know, a virus.

    I wonder if the search engines might be interested in attacking this practise from a legal angle; it can't do them any favours, either.

    Altogether a rather arrogant and inconsiderate move by AVG, of whom I expected better. When I still used antivirus, I used theirs; that certainly would have changed with this news.

  32. Andrew M

    Break their eggs!

    These increased clickins has been driving us nuts for 2 months. I think all the hosts should send them a bill for the increased bandwidth & break a few of their eggs.

  33. This post has been deleted by its author

  34. Graham Wood

    Link Scanner

    I've had AVG 8 on my Vista laptop for a while (I couldn't download 7.5 when I got it), and Vista won't be on there much longer anyway.

    This is something that I really loathe. Not only does it take up resources (bandwidth, CPU, etc) - it means that all the links on a page are going to be scanned - as well as possibly encouraging AVG to collect stats in the same way that phorm is!

    I've got it disabled at present (with it therefore generating the associated warnings, alerts, greyed out icons, and general "We know best, TURN IT ON" attitude), but it's nearly enough to make me go elsewhere.

    I want a simple anti virus program that does exactly that - not something that tries to control everything I do to make me "safe". Having said that - it's free, and therefore I have no right to complain that it doesn't do what *I* want, if it is what their paying customers want.

  35. Henry Wertz Gold badge

    Make it just scan stuff the user clicks on.

    Yeah, this sounds kind of crap. The idea is good in theory, but set it up so when a link is clicked on, it'll scan it THEN and warn if it's a naughty link. (Since it's an add-on I imagine it could do it this way.) Then it's still providing protection, while not clicking on stuff the user didn't ask for.

  36. John A Thomson

    Just William

    I don't work for AVG. Until recently I favoured Avast AV and AVG Antispyware for customer installs. Now it makes sense to just use AVG 8 - the paid for version. Avast has also became a bit bloated of late and does eat up resources and system cycles, which is a real shame as it is a nice product! My dream product would combine the best parts of AVG and Avast!!

    Web hosting bandwidth is cheap these days. You can get 6,000Gb for less than $8 per month and that is with a half decent provider. You can go cheaper and more expensive depending on your needs and wallet.

    So every web user should sacrifice their security through not using this new technology simply because of cheapskate businesses that cannot or will not pay a little extra to do business online! How many websites are now designed to be optimised to load quickly on dial-up! Everyone is developing websites with fancy graphics, flash and other multimedia content. Why should the visitors be paying for bandwidth so these cheapskate businesses have a flashy website. There is always an alternative way to look at these things. The web evolves and both users, providers and online businesses need to re-evaluate their online strategies.

    Like others have said on here... I do really care too much the advertising and marketing revenues. That is for others to work out a solutions that is secure and works for everyone. Once Google has developed the technology to stop serving up web results that have all manner of malware at the end of the search result then maybe there won't be the need to have Linkscanner searching through their results. I do feel for Google having to buy some more servers, after all they may not be able to afford it from all that Yahoo revenue coming their way! They wouldn't give two hoots if it was a revenue generator for them rather than an end user security measure.

    There is nothing stopping people clicking on a result link in Google even while Linkscanner is still inspecting the underlying websites. My own experience, and many of my customers, is we don't notice any significant difference in speed, but then again high quality broadband providers are being used. Google results come up instantly on my Vista SP1 / IE7 / Linkscanner protected system and then you start to see Linkscanner going to work on the result websites.

    I have seen issue when installing AVG 8 and they have so far been related to an unrelated system set-up or other application issue. Anyone who pays for AVG 8 has access to their support team to fix these problems - another advantage to pay a little money for your protection.

    Linkscanner isn't AV technology or a simple blacklisting application - that's why it is far more effective at stopping web based nasties!!! Try to learn about the technology before passing comment.

  37. John A Thomson
    Thumb Up

    As featured on El Reg

    Only a few days ago...

    The browser developers are getting into this type of technology, even Mozilla and Opera. Good on them I say.

  38. mh.


    I upgraded from AVG 7.5 to 8, but after a few days I got fed up with it. It wasn't just the linkscanner or the memory bloat but also the massive number of false positives when it did its daily scan. Switching off heuristic detection reduced the number slightly but it still caught a lot that it shouldn't. After a couple of days I removed it and then switched first to Antivir (which displays an advert when it updates; a minor inconvenience but nothing to get too worked up about), and then a month or so later I found you can get a free copy of Kaspersky internet security if you use certain banks' online banking services.

    AVG 8 might be free but it's worth every penny.

  39. Pat Bitton

    Response from AVG

    Hi, folks. Pat Bitton from AVG here. This issue has clearly raised some concerns that we had not anticipated, and we acknowledge that we need to do something. Our primary purpose with LinkScanner, as Roger Thompson has pointed out, is to protect users against web-based threats that they cannot see. These threats are also usually invisible to web site operators, who presumably also don't wish to be unwittingly passing infections on to their visitors. This kind of problem can and does affect all types of web sites, big or small, and is extremely transient - which is why we don't use the static database approach cited by some as a viable alternative. Over the next few days, we will be exploring ways in which we can continue to deliver informed protection as unobtrusively as possible without adversely impacting site analytics. Any webmaster reading this post who is interested in working with us constructively to reach this goal is welcome to contact me at pat.bitton(at)

  40. Anonymous Coward
    Anonymous Coward

    Why don't they just...

    Why don't they just read the data being read from the site as it downloads to your computer and then halt it if there is any malware present. Then mark that page in a blacklist to stop others visiting it. The code could be read into the malware checker before being passed to the browser.

  41. PH

    Simple Sword of Truth

    On a free-to-read site dripping with advertising, I suppose it's little wonder this story is given the editorial line it has.

    And that panicky one-sentence paragraph - "That could destroy web analytics as we know it" - had me thinking I was reading one of the red tops. No irony intended.

    Let me fill you in on something for free, though. Marketers, like salesmen and politicians, frequently say one thing but mean another. Trust me, I've worked in and with Marketing for years.

    The Barry Parshall quote defends analytics: so "businesses can serve their customers properly". As any contemplative business person will confirm, the primary aim of being in business is making money. Analytics isn't about "serving" customers, it's about working out better ways of extracting money from them, and increasing their growth.

    Web analytics is up there along with Customer Loyalty Cards as one of the great intrusions on privacy that the public simply goes along with because they're ignorant of what's actually happening behind the scenes.

    If AVG helps disrupt marketing analytics then I, for one, am all for it.

    PS: 10 December 2008 – International Clear Your Cookies Day.

  42. Anonymous Coward
    Paris Hilton

    Just a thought

    How would this thing deal with 300 or so invisible but still clickable, links on a landing page (link farm). It's normally done to game Google it's frowned on but last I checked it was still widely done

  43. Nexox Enigma


    I totally gave up on desktop AV years ago. It was all bloat, all slow, and entirely irritating. The average AV package was giving me more damned popup warnings and advisories and whatever else than actual popup generating spyware ever did. And for all of that I think I probably had one virus detected that I didn't already know about, and it was in a file that I wasn't even close to considering running.

    So I uninstalled it, been safe ever since. Then again, I do all my downloading on Linux and automatically scan all downloads with ClamAV. I use a combination of reasonably secure software and common sense, and no viruses.

    @ Marketing Tool:

    Nobody can possibly be as passionate as you about something so dull as AV software. Sure, browsers, text editors, operating systems, distros, display technologies, and loads of other boring things have had epic religious battles fought on the bloody grounds of the Internet, but nobody that hasn't anything to gain has ever written 2 extremely long (relative to other posts here) posts about an AV app.

    Your proper grammar and spelling, logical layout, sincerity, and lack of any tell-tale rant signs mark you as someone who does not belong on any sort of open-access Internet discussion forum. I don't know where my point went, but you see what I'm getting at. I hope.

  44. Anonymous Coward
    Anonymous Coward


    How do these 2 work to not do what AVG's linkscanner does then?

    I'm an IT dunce so forgive me. AVG scans realtime whilst the other two use a static database and so is not only more up to date but capable of catching dynamically changing exploits?

  45. Kanhef

    @ John A Thomson

    How much are they paying you? Your posts are right out of the marketing office. Try testing it on an ordinary user's setup (2 year old computer, DSL line) before claiming it causes no lag and uses negligible resources.

    Your attitude is "This will significantly increase web traffic, driving up providers' costs, but we don't care because we're not paying for it. It's their problem now, so they should figure out how to deal with it, not us." That's rude and irresponsible, at best. Large companies might be able to handle it, but a lot of smaller or noncommercial sites can't. Many implement a site search by using google's 'site:' function; LinkScanner will hammer the site another ten times every time that's used.

    P.S.: Please let us know who is offering six terabytes of bandwidth for under $8 per month.

  46. Daniel Jones

    @ Henry Wertz & all those 'so just install it without ...' and 'so turn it off then'

    @ Henry Wertz

    Totally. They wouldn't even have to have the content download twice; their email scanner already downloads stuff, scans it and then serves it to the email client.

    Why the hell not do the same with this?

    @ all those 'so just install it without ...' and 'so turn it off then'

    Riiiight. So all those non-patched systems run by numpties who take no interest in how their system works at all and never go anywhere near the register or anywhere else except or whatever, who do not even realise the harm this is doing(ie most people) are going to run:

    c:\avg_free_stf_*.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch

    Are they? Yeah right, whatever. Most people would have trouble with the Tools->Add-ons trick, if they even knew about it. Which most don't.

    This stuff should come switched *OFF* by default, not on, if it even should be included at all (which it shouldn't IMHO in it's present form)

    /So/ glad I switched to ClamAV from AVG (although that was because of the annoying focus stealing getting on my nerves, but that's another story)

  47. Svein Skogen

    Simple "response" to this would be

    The simple (and logic) response to this, would not be to use the useragent string to "disregard" the AVG hits. No way. All these hits should be counted.

    And at the end of every month, every website owner should send Grisoft the BILL for their bandwidth usage. If Grisoft wants AVG to have this "feature", they should be prepared to pay the _PRICE_ of this feature. Afterall, GRISOFT can forward this bill to their customers (in the form of increased price for the software kit).


  48. Dan Silver badge

    Linkscanner not that useful...?

    It's pretty inevitable that they're going to end up making linkscanner's user agent exactly the same as your browser's user agent...

    Why? Because now everyone knows what the user agent linkscanner uses is, something harmless can be served to linkscanner, then when the user clicks on the link to go to the page after receiving the OK from linkscanner they can get owned.

  49. Pie

    avg 8 has other problems

    My mother couldn't print from IE in proteced mode with avg 8 installed, as there appeared to be no fix, I swapped her over to Avast.

  50. kirk shoop

    ResidentShield no panacea either

    Not only is AVG 8 blocking (in IE7 on a vista ultimate machine) it will reset the connection each time the quicktime installer is downloaded.


This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019