AVG scanner blasts internet with fake traffic Early last month, webmasters here at The Reg noticed an unexpected spike in our site traffic. Suddenly, we had far more readers than ever before, and they were reading at a record clip. Visits actually doubled on certain landing pages, and more than a few ho-hum stories attracted an audience worthy of a Pulitzer Prize winner. Or …
Grisoft, why not host a cache of evil/not evil sites on your servers?
So the verification process runs as:
1) Query link with grisoft.
2) If the link is not in the database, either as "safe" or "not safe", go fetch it and scan it.
3) Any new site found is added to database
4) Database records are aged, and ones older than, say, a week get purged.
This way, any one site gets scanned weekly, not once every time it crops up in a search result.
Downside- Grisoft need a fairly vast link database server, and a secure way of ensuring that nobody can poison the database with fake "good" ratings. Note that the scan must take place from the client PC, not Grisoft, as you won't be served the malware.
here you have a piece of software that not only scans sites pre-load for you, but also masks your actual click history at the same time. Take that, Phorm - see how much click-usage data you can consume when it's rammed down your server's throats in fist-sized chunks.
On the other hand, the over-burdening on servers may cause a backlash that starts this argument:
Web companies: AVG, you need to stop this - it's killing us, and we can't log our user's tracks.
AVG: then you guys need to virus/spyware/malware-scan your own content prior to the user seeing it.
**shiver** The thought of Google scanning web sites makes me scared. Google is already a pre-AI...now you're asking them to give it an indexing mechanism. That is to say, MEMORY.
Okay, a little over the rainbow for some of you, but think about this then...in order to say the site is "clean", Google (and everyone else involved) would have to re-scan your site **every time you make a change to it**. Now, this kills everybody else's computer(s) instead of their own - you couldn't get anything done on the computer when it slows to a crawl from so many sets of eyes looking at it. Not to mention the non-governmental Eye-of-Sauron factor of them looking at all web content and deciding what is malware, and what isn't. No one controlling authority makes the decision then...everybody decides differently, and there is no standard. Absolute chaos.
So then they decide on a malware spec and build a program to filter it. Programs judging good and bad for the human race, with the capacity to see everything in the world. AI again. **shiver**
Wow, I never knew that Reg visitors were so concerned for the angst of web marketers and analysts who try to track our every move on the web. Touching, really!
I'm about to upgrade to AVG 8, and while I won't be using the linkscanner or real-time protection (I'm fine with my security practices and don't feel the need to use the CPU cycles), I'll definitely be enabling both the next time on the parent's computer the next time I visit. I think the small cost in bandwidth for the extra protection will be worth it for them.
For the people asking, "Well why don't they just scan when you click on the link?": This is a free product, my understanding is that such a feature is available, but in the paid version. I would think that this would lead to a much slower browsing experience than LinkScanner anyway -- it sounds like LinkScanner is just scanning your search results, as opposed to running a scan on every link you click while surfing the web. Maybe it will be a drag if all you do is run searches all day instead of actually spending any time at the web sites, but, well, if that's the case it sounds like you're not using your "precious" time very well anyway.
One valuable question that *was* brought up was the issue of how LinkScanner handles it when you have your search results pages set to show more than 10 or so results. Especially if you have it set at 100 or more, then that *would* be an excessive resource drain if all these were scanned, so it would be nice to see Grisoft address whether or not they account for this.
I saw this when I reinstalled windows on the other partition a while back. I thought it was super neat! It never occurred to me that this might cause a problem for web hosting. Does it cause the same sorts of problems when I keep google-analytics no-scripted? At the basic level if it came down to my security or someone else's business model I'd pick my security every time. However, if linkscanner has an exploit, I don't have to click the link to get infected, I just have to search something that brings up an infected link. I think an all around a better solution is to scan at click time, perhaps ctrl-click to skip the scan for trusted sites.
Graham Wood I'm glad someone else has pointed out the similarities to Phorm.
When I first read about Phorm I was concerned/outraged and then I realized a few minutes later that the built in 'phishing protection' on my browser and anti virus software was essentially doing the very thing we are concerned about Phorm doing.
If we have Phishing Protection turned on, they are scanning and logging every single page we visit. And sending information back.
Put it this way- we are f***ed either way.
Also worth mentioning is the annoying (and convenient- to them) fact that most if not all of the virus software firms seem to be based in America, meaning (privacy policies, data protection) you're throwing your data into the wind...
@ anonymous coward: It has flagged many sites in my Google search results and several others i've clicked on from other sites. When I click on a bad hyperlink, Linkscanner prevents me from connecting to it. Try it for 30 days free and see what you've been missing. Or, better yet, don't try it, and when the day comes you've been owned by a botnet, you might want to scan for a rootkit, and if you find one, it probably got there via a drivebydownloaded exploit that you could have prevented if only you weren't so full of yourself. Why is it that some security professionals think they know everything?
@ second anonymous coward: You wrote, "If you can be owned by visting a poisoned site, then you deserve to be. No LinkScanner will save your ass" That dumb statement only demonstrates your ignorance. I'm not visiting warez sites or any other sites where one might deserve to get hit by malware. These are ordinary sites on the web. If you'd prefer not to know a malicious site is trying to nail you (even if you are patched), then by all means, bury your head deeper in the sand.
@ everyone: inform yourselves. The misinformation on this thread is truly laughable. As John Thompson pointed out, exploits are different from viruses. You need AV software AND anti-exploit software. It's all about layering. If someone truly evaluates the product and takes the time to learn what it does, what it doesn't do, and how it's different from AV and AS and firewalls and intrusion detection systems, and they still decide they don't like it or don't need it, or they like a competitive product better, I can at least respect you for arriving at an informed opinion. But so many of the commenters here don't know the difference between an exploit or a virus, don't understand how the things spread, and haven't evaled the product.
Is to create the file /usr/local/etc/apache22/Includes/grisoft.conf,
and add the following to it:
<IfModule rewrite_module>
RewriteCond %{HTTP_USER_AGENT} ;1813\)$
RewriteRule ^.*$ http://www.grisoft.com/ [R,L]
</IfModule>
a little like performing bypass surgery with a katana, but it does the job.
Although I wonder if the correct place to point the rewrite rule is nsa.gov
//Svein
Hmm..
I just turned off AVG Safe Search in IE7 using Tools - Manage Add-Ons, with no problem. I then did the same in Firefox 2.0.0.14 again with no problem. So why not just do that? It doesn't cause the red exclamation mark to show in the system tray :)
Now to email all my dialup customers and advise them to do the same...
I'm half-seriously considering changing my user agent to the ...1813 string. I would look like AVG and not a real user (since AVG is supposed to look human, after all) and I might escape profiling.
Also, wouldn't LinkScanner actually "protect" against some exploits by throwing away the first downloaded page from that IP address? According to the article some web exploit toolkits won't serve the exploit to the same IP address twice. You, too, could appear to be a virus researcher and too dangerous to mess with - just use LinkScanner!
I have little doubt that in these days of paranoia and mistrust some agency will have set up honeypot web sites in order to try to detect those who may have extremist views or pedophile tendancies . So all you people out there who have searched for "jailbreak", "afghan", "taliban" or perhaps "childrens clothes" over last couple of days might have ended up on their watchlist simply because your AVG Link Scanner visited the honeypot web site on your behalf.
A prescan does not add any extra security because the scan could be performed after you click on the link, but before the browser actually gets the page. In fact a prescan may significantly reduce your security because you are now visiting pages that you otherwise wouldn't. If it turns out that the Link Scanner code has an exploit then all you have to do is perform a search and you will be infected.
Regardless of the performance impact on the day-to-day use of the net, this seems very dodgy business practice at best. I would be very suprised if Google does not have something to say about this since it directly affects their business of serving up search result pages and which in turn affects their paying customers, AdWords, AdSense, etc. What happens if LinkScanner generates a false positive for a site? This may impact on the revenue of said site. Surely strong grounds for all manner of lawsuits? Possibly a reason why Grisoft are keen to remove the identifying string from the log files.
I'm pretty sure this only disables the display part Michael. The LinkScanner service still runs in the background, you just don't get to see the results.
To disable the LinkScanner service you need to -
Double click the AVG icon in the tray, double click the LinkScanner icon and untick the Enable AVG Search-Shield, save the changes.
Show exactly why its so hard to get trusted in this industry.
90% of the workers in it have no idea what they are talking about and tend to follow whomever posted first like sheep.
Can we get one REAL reason why this is bad?
no, because there ISNT one.
If your machine/bandwith cant support this, then you would probaly have problems with browsing anyway, sort your own house out first.
Blacklists? OMFG!! do you actually know what a blacklist/whitelist is? Or how it is updated? (well done for cutting a pasting a cool looking word though!!)
DA INTERWEB ANALYTICS IS BROKEN!!!, yawn, show me a websense report that makes real accurate sense and I will accuse you of feeding false test data into it to make it look good to your boss for the weekly report
It will drive smaller sites into bankruptcy!!! If they are that close to the wall, then they shouldnt be online in the first place. If an increase in hits to their first page is going to cause problems, they why the hell do they HAVE a page?
All this will mean is that MAYBE coders will actually reduce the shit on entrance pages for thier sites, speeding things up in general for everyone else.
I use AVG8, I have noticed zero performance isssues, but I HAVE seen bad sites shown. (not that that stoped me clicking on them, but thats a different matter)
IT angle? where is it? most people posting here only come into contact with computers in dixons
I can't see the point of pre-scanning. As far as I can tell it achieves nothing security-wise, and maybe creates a security hole.
There are three operational possibilities, and I don't know which AVG uses: either the site is pre-scanned and scanned again when it is loaded, or it is just pre-scanned and the "cleared" site is loaded, or the version which was pre-scanned is stored and displayed.
Suppose a site with some malware on. In the first case either it gets detected in the pre-scan or it gets detected when the site is loaded. In either case it's detected and the pre-scan achieves nothing.
In the second case there is a big security hole, the site can easily provide clean content for the prescan version and dirty content for the "cleared" version.
In the third case, again there is no security benefit, the other sites are discarded .
The only possible benefit I can see is if the scanning is slow, in which case having preloaded and pre-scanned versions may save user time in some situations - but the cost of this in terms of slow response times and increased bandwidth is disproportionate, and likely to get AVG sued.
I think it might be infringement of copyright for a robot to load a file for which a disallow entry in a robots.txt file exists - and it very likely would be if this had been previously pointed out to AVG.
There may be other grounds for suing AVG too, the extra cost of bandwidth and possible DDoS are clearly detrimental to web hosts.
Google have a function where should you go through too many searches in too short a time then they will block you for being a bot.
How long until they know you've clicked on links too quick and know you're a bot -so block you for that.
May be a bit harder as they're on 3rd party sites by then but with so many sites using Google Analytics now it's certainly do-able.
Then simply block Google access until the user turns the feature off!
AVG 8 was a complete pig to run, to setup and to uninstall too. Upon install it refused to update itself. Just wouldn't. I am running an old Cyrix 686 CPU on under 200 mb ram, even so. It would not uninstall either when I asked it to eventually. The only way to get rid of it was to boot into Safe mode. As for linkscanner, load of crap. As 8 comes with a firewall, I was admittedly a little anxious about the whole thing - when security software reports greyed out errors I tend to get nervous. All we want is a firewall, decent AV protection and an email scanner not this quatsch. Soon it will be like zzzymantec Snoreton. I downloaded the.bin files from the AVG site, still no joy in a local update. The e-mail scanner slowed my Outlook to a snail and as for running a VIrus check, that took (and I kid you not) 16 hours. With Avg 7.5 that was usually 3 to 4 hours. Unbelievable.
I emailed tech support about these woes and 8 days later I get an automated reply saying that my computer was probably running FAT32. I did not respond having lost patience. This is though an NTFS 2k. I had sent them a copy of the config file initially so they could analyse it but I think it bounced back! In the end I just gave up utterly with AVG 8.
My experience with AVG 8 was a gigantic frustrating pain in the bum. It's a great shame because a company that supplies free AV softs should be getting the thumbs up. Welcome to the Wonderful World of Computers.
Now it's too late, I've switched to NOD32. (45 mins to scan) with Zone Alarm. This is a great shame for AVG because we were very happy with 7.5 for 2 years. It may work fine on fast new machines but if your machine is weird in anyway, forget it.
Forget it in fact like tech support forgot about us for 8 days.
So AVG 8 on this box gets a bit thumbs down. And I want my money back...
/rant off
This is a ridiculous methodology. I run Kaspersky and it, like other antivirus programs intercepts the download as they are requested by the user, scanning them before passing them on to the browser and has never failed to catch and block a problem site yet (although I tend to browser sensibily whch is easily the best defence). If a user visits a page with hundreds of links to large pages who is to say AVG will have scanned the relevant link before the user requests it? This is just wasting bandwidth for both site owners and the end users who are downloading far more than they need. This amounts to nothing more than a denial of service attack against heavily linked sites. Hopefully someone will figure out a legal case to that end and get AVG to stop this madness.
Is that if this ever takes off in a big way, I bet you all a dollar each that their will be an exploit for it.
And to the chap who claims it has stopped him countless times from getting infected - If you going to go searching for dubious material, do it on a VM machine you nitwit, and for the love of god - DONT use google to search for it.
Some prize idiots out there.
@ John and his circular logic "Linkscanner is looking for the exploits, techniques and typical methods that the malware writers use to actually push the zero day virus out onto unsuspecting computers."
It's not apples and oranges, it's apples and lemons, the Link Scanner is the lemon.
That same code to detect those exploits and techniques can be done in real-time by evaluating the data stream, which other AV products do, instead of advanced link scanning.
You can defend the practice all you want but whether the link scanner is checking the page in advance or on demand, the result is the same of the process detects something potentially hazardous, making pre-scanning a complete waste.
Besides, link scanner is VISIBLE to the malicious sites because of the ";1813" in the user agent and a few other factors I won't mention. Code is already available on the internet that can redirect all link scanner requests to a fake clean page, so if AVG can't detect the problem in real-time, they are screwed.
OK, how many words can you come up with the accurately describe the Link Scanner in AVG 8?
I've got a few: useless, impracticable, ineffective, superfluous, ineffectual, inefficient, pointless, unworkable, futile and incompetent.
I think that pretty much covers it.
I'm sure the Link Scanner worked well for a very short period until it was discovered so people that saw it work in the beginning did see a very short lived benefit.
However, now that the cat's out of the bag and everyone knows how to defeat it, it's about as effective as bringing a knife in a gun fight.
It would appear there might be a couple of AVG employees on this thread that will defend this link scanner to the death and assume other security experts know less than they do.
Anyone with half a brain can see this is just a malformed response to McAfee SiteAdvisor and several posters miss the point that those drive-by-downloads can be detected without pre-scanning the link.
Besides, the Link Scanner only checks the first page of the site so if the second page (or third) on the site you visit is the one infected, the link scan is still completely useless.
When will someone just admit it's a complete marketing hype with no technological benefits whatsoever?
I was hurriedly removing this from a friends dialup computer and took the opportunity to trace the network traffic while connected to my broadband connection.
First thing I noticed was a lot of failed POSTs as it tried to tell explabs.net about browsing history. Nice one - people would pay very good money to AVG for this information. Hopefully they have a privacy policy (haven't checked) but it does go over the internet in clear text so it cause save your ISP some trouble. This can be turned off during installation.
What worries me is that it uses 'Cache-Control: no-cache' on its requests. This means they are also causing proxy servers to do more work downloading content. OK, not everyone has a proxy on their home network but I notice that my ISP has a transparent proxy and it must be wrecking their links.
To those who have commented on how this will cause more traffic for Google and the other search engines, you clearly have no idea how web pages work! How exactly do you suppose Google will be hit by this (excluding paid for clicks which I've yet to see a definite response saying that this issue includes them).
When you search in Google it returns a list of links in the webpage for you to click on. At that point Google's involvement in your browsing ends until you click for the next page of results. When you click on a link your browser talks directly to the target website, it doesn't go through Google to get a result! So from Googles point of view they'll only see one visit to their search page, they won't be aware of the multiple connections. The only way Google would be aware of anything would be if AVG went and scanned the results of every page of Google results, which isn't the case.
Since I've been asked yet again, even although I did ask to be left after my position had been made quite clear.
The only AVG employee on this thread declared their interest ... Pat has asked for your help, feedback and assistance to come up with a workable solution to the concerns voiced here. How many Anonymous Cowards have actually done that? It is the people who don't declare their identity that seem to be voicing lyrical about other vendor solutions... draw your own conclusions from why they feel the need for anonymity.
The paid for version of Linkscanner will check ever link that you click upon in the paid version. Just like AVG and all the other freebie security products, the vendor doesn't include all parts of the technology unless you pay for it. Avast, Avira, etc do the same kind of feature cutting from their free offerings. Again, this is nothing new. It worked the same way when it was a standalone product available from Exploit Labs before AVG bought the company in a Victor Kiam moment. Once again a lack of research shows through.
Exploit code can be found to do all kinds of things on the web, including a long list of code to do all manner of bad things to security software i.e. disable protection of some very well know software. The challenge to all software vendors is to fix bugs and adapt their software so these exploits don't work. It is an arms race and most vendors will quickly develop their product to fix such issues. I've just checked for myself and AVG has already fixed one of the ways this exploit code was detecting Linkscanner (one of the easy, one keystroke fixes), but I do agree that it can still be detected too easily. The doubters are now challenging AVG to make the product totally undetectable... you won't get any arguments from me to making it use the exact same user agent as the locally installed browser, thereby rendering another whack of detection code useless.
Apple or oranges! You can't beat a slice of lemon to give your food or drink a little zing. Lemon and honey are always good to deal with a cold.
Because I respect Kapersky as another industry leader, but haven't taken the time to understand how their technology works or even run a demo, then I'm not able to comment on its ability to stop exploit code pushing down nasties onto website visitors computer. People who don't understand Linkscanner may wish to apply the same courtesy from this point forward.
Most AVs have to wait until the nasty has been downloaded before they can then detect and deal with it. In the modern threat landscape, that's like saying we wait until the burgulars are in the house before trying to throw them out and close the door behind them. Linkscanner, and the other technologies available from other vendors, are the security guard patrolling the garden looking to stop the bad guy before they get into the home.
Now please, let me get on with my own business as I'm obviously on the side of AVG and their technology. I can sympathise with the opposing views being voiced, but I empathise with the customers who are better protected today by using AVG 8 and other security products that use this next generation protection technologies.
Please accept that AVG will be looking at this issue seriously to come up with a solution that works and is acceptable to the vast majority of the company/people involved. If you've got sensible solutions then Pat from AVG is waiting to hear from you. You may also wish to keep an eye on Roger's blog over at http://blogs.avg.com/ to see his response in due course... he's probably busy working to address many of the concerns and issues that people have been voicing here (and elsewhere) on either side of the debate.
I'm going to make an assumption here as I've not done the research around the workings of SiteAdvisor, so be warned! There probably isn't much detail available from McAfee, rightly so, on the technical nature of its inner workings as that info could be used for evil.
I suspect SiteAdvisor isn't going to flag one of the websites that is flagged "HackerSafe by McAfee". But alas, a little while back HackerSafe was shown to be flawed. The conclusion, rightly or wrongly, is that SiteAdvisor doesn't offer 100% protection and you are vulnerable between the time a website first serves malware and the McAfee test system come roaming past and flag it as dangerous... then you've got to wait for the update to be pulled down from their servers and installed into your computer.
http://www.theregister.co.uk/2008/04/29/mcafee_hacker_safe_sites_vulnerable/
The point I'm making here is every security vendor has challenges and areas that can be exploited. Their challenge is to fix these issues when they occur and move onto the next fight with the bad guys. The task for us is to assist AVG to fix this challenge!
Other than removing the feature, how can they fix the impact that it has on web statistics? To fix it, surely they'd have to leave a visible trace so that the sites can filter their logs, in which case it'll be about a week before a new bit of malicious code is released that hides itself from the scanner.
@Chuck
Ever heard the saying that "love is blind"? Because your evident man-love for AVG seems to have blinded you to reality. I guarantee you that as fast as they change linkscanner, people will develop new ways to hide malicious code from it. So all that it will leave you with is a false sense of security, and a blissfully unaware smile on your face as malware ravages your PC.
Simple fact is that it eats up both your bandwidth and the bandwidth of the websites featured in the search engine links. If it continues, how long will it be before sites just arbitrarily block it, or someone (website owner) takes grisoft to court over the cost of extra bandwidth?
As stated in the "Exploit vs Virus" post a few before this one, this looks like a load of marketing tripe, or just a really poorly thought out "advancement".
Every now and again someone implies something about folk wanting anonymity, which is somewhat insulting. As everyone knows, the reason folk want anonymity is that it is normal to not want to be identified, and difficult to understand why folk would want to be identified. Public acclaim is it? In any case, what sort of identification is some fabricated label anyway?
Why not do the following:
1) Place a link next to search results saying "Scan for malware", and the user can then optionally scan the links he is actually likely to visit.
2) If malware is found, make it possible for the client to send a report back to AVG to add that URL to a known malware database, which is sent out with the updates.
Dunno about the rest of the people posting in this thread, but I've been in the industry for years, have quite a bit of experience of computer security, and am paid to be aware of the issues - so I'm certainly not being "sheep" like. I, like most people that are posting having used it, had a pretty strong opinion before reading the article let alone the comments.
So lets go through your individual points shall we, I'll just attack the low fruit to match the fact that you seem to be a complete fruit case.
"Can we get one REAL reason why this is bad?" - sure have 2.
1) Data will be downloaded to my PC that otherwise wouldn't. This introduces a new attack vector. All that needs to happen is someone to find a bug in the AVG parser and my system is FUBAR.
2) I go to sites that when I click on links give me one chance to download the file (sun patches are a perfect example). Each time I want to download I need to agree to various things - so this will never work with the link scanner enabled.
"sort your own house out first." - A lot of people are using limited bandwidth accounts - this is not a problem for them, since that matches what they want. Another example would be browsing on the go. I use the internet via 3G on my mobile phone, sometimes it falls back to GPRS. This is fine for what I'm doing, since I change my habits to match it - does linkscanner stop scanning big pages when I'm on a dialup equivalent?
"I have noticed zero performance issues" - Good for you, I've not noticed any either - but I got that result by turning off the linkscanner.
"only come into contact with computers in dixons" - I'd suggest you ask for a job there - your complete inability to understand that there are a wide variety of computer users out there seems perfect for their helpdesk. I should know, I worked for one of their phone centres years ago.
I think I can summarise your points: "It works for me, and gives me a warm glow of feeling safe".
I can summarise mine equally quickly: "You are not the world, also I do NOT want this".
There are differences between free and paid for versions of software, mainly that the paid for versions have value added components.
If Linkscanner is considered to be such a component then surely AVG can have this as a paid for only option, highlight this in the comparison chart and let the users decide. However, if the competition have similar technology in their free versions then AVG really have no choice but to do so as well.
Personally I never noticed any difference in browsing speed with or without it, I just don't like the concept of pre-scanning. If you're of the same ilk then just disable it.
I never thought of that particular angle - I just uninstalled it because it made my machine crawl to a halt and crashing firefox.
The thought which occurred to me at the time was what happens to the person who types the seemingly innocent search that a long-time internet user knows is a bad idea? It reminded me of the time I had a support caller who claimed her child was researching whitewater rafting and sailing so decided to google for 'water sports' and was clearly unamused at the result set* that came back. That's bad enough - but the link scanner is going forth and pulling these pages down, through your ISP and through a firewall, creating logs that could look like an acceptable use policy breach or maybe even a criminal act. Even if the user has already thought better of clicking on any of the results its too late.
Where do people stand with this I wonder?
*After subsequently repeating what she claimed happened me and my collegues only got pictures of aquatic-based sports persuits and no filth, so we've ruled 'husband looking at filth and blaming child' on this one.
I just need to clarify something: will AVG be happy to receive a reciprocal volume of traffic for the volume they are generating?
For instance, webmasters can check their access logs and for each Linkscanner request identified make a like for like request from AVG's web servers. Presumably AVG will be treated as a fair arrangement, right?
"According to Thompson, nearly all web exploit toolkits track IP addresses"
Listen up retards, you need to know this.
If you have a static IP and have used AVG LinkScanner at any time since it was launched you have been identified as an AVG user in the logs of every site that showed up in your search results.
This data is easy to extract and every scammer in existence should already have your IP address on their target list - thanks entirely to Roger "The Eggbreaker" Thompson of AVG.
The code that sites can use to fool LinkScanner and hit you with a drive-by download has been openly available on the web for a month and is so simple that even Clyde Frog can use it.
AVG will be forced to change the user-agent very soon but if your IP address has already been logged you are a target and you should change to another anti-virus package immediately (unless you are a total choad and don't respect authoritah).
LinkScanner F'd you in the A.
This is totally irresponsible behaviour. To explain: our company provides content managed web sites for our customers and we've been trying to analyse the increase in traffic that's occurred very noticably recently.
Now how about this AVG - why not scan the page WHEN THE USER CLICKS TO VISIT IT - not "just in case". The current behaviour is is what "Fasterfox" (a Firefox extension) started off by doing, and they soon learned the lesson that it was irresponsible and stopped it being quite so stupid by default.
AVG: This "link checker" solution is absolutely the wrong thing to do. Given your installed user base and the damage and very real cost you have caused to the web hosting industry and their clients, and if this is just 2/7ths of the predicted traffic increase, you are totally irresponsible.
Bandwidth and CPU usage are certainly not free, especially CPU usage when you're generating page content on demand from a complex database system.
AVG: Perhaps you'd like to buy us some more servers so we can split our sites out some more to account for the load? Perhaps you'd like to subsidise the cost of our developers who have been sidelined in trying to work out the traffic patterns and writing new tools to do so?
If we have to increase our servers, our profits will suffer and/or our customers will end up paying. We're already paying more than £1.5K a month for our servers - so don't tell me this doesn't cost us money! We're a small business and AVG are stomping on us.
I dread to think of the environmental cost of this madness.
Our customers are also going to be suffering from the analytics skew that this will cause.
What happens if other AV vendors follow suit?
The really sad thing about this is that AVG have had, until now, a good reputation with "IT nerds" - and they've done great things - like letting people at home have a free AV solution. That is to be applauded. However, reading through the comments here, it seems that this reputation is teetering on the brink of falling in to a very large industrial shredder.
I agree with calls to boycott AVG. And that will start with us. We have a fully legal commercial 25-device AVG network license that we use on our systems internally. There's no way I'm renewing with AVG on 24th June when our current license is up for renewal unless this rubbish is disabled - both by default on all AVG installations but also they need to repair the damage they've already done and update existing installations to disable it too.
P.S. Any words about expecting individual users to disable the feature is not a practical solution given the overall scale of the problem.
I really hope AVG are listening. I will be copying this post to their technical support (since we pay for it). El reg - if you want another voice if you make a campaign, add mine!
We all know that web stats are totally unreliable, and if webmasters want to lessen their bandwidth they should clean up their sites.
My hearts bleeds. Not.
Paris, because in this photo she's wiping away a tear for all the webmasters and statisticians out there who might have to do a bit of a better job. Either that or she's got a stray eye lash.
"It's easy to disable this feature - just click on Link Scanner and uncheck AVG Search-Shield."
I tried that and it caused the AVG icon on the task bar to constantly show an error state warning me that vital components had been disabled and that my system was no longer protected. Unfortunately this warning masked more important warnings, eg virus database out of date, since you get used to the icon always showing an error. In the end I had to de-install and the re-install AVG without the link scanner.
AVG - run Linkscanner on the page I click on not ones I won't even look at (Google is rubbish at not giving me what I search on)
and
Everyone who is running AVG 8 - Google AVG every time you have spare time. Their paid for placements will soon bankrupt them - hoisted by their petard methinks.
Quite frankly, that is a load of bollocks. Linkscanner kicks in for the links on the first page of a search, to be on the first page you need to be a rather popular site. Therefore, for your comments to make sense not only do you need to be a popular site but once there your visitors don't go anywhere else within it. In other words you have a popular kick ass front page but no content of any real interest, hardly the recipe to get on the first page of results returned from a search engine.
Why not come out from behind the cloak of anonimity, tell us one of the web sites you host and let's see if we've even heard of it.
Anybody else had probs upgrading AVG from 7.X to 8 under Windows 2000? It gets so far then reports "fails to update configuration" and wants a super-super-super administrator to log in to do something that even running as administrator doesn't seem to allow?
Is this why they have extended AVG7 beyond the original end of May cutoff?
I think I've just spotted the main confusion... read the extract below from the AVG version comparason web page :
> AVG Free only includes the Safe Search protection which provides you with advice on search results. It does not protect against infected pages. Only AVG paid versions contain the Safe Surf technology.
So.... If you use the free version, it will not scan each and every web page that you click on. That is the "Safe Surf" feature which you have to pay for. For everyone saying "but won't it scan when you click on the link anyway" - the answer is NOT UNLESS YOU PAY FOR IT.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
