back to article AVG scanner blasts internet with fake traffic

Early last month, webmasters here at The Reg noticed an unexpected spike in our site traffic. Suddenly, we had far more readers than ever before, and they were reading at a record clip. Visits actually doubled on certain landing pages, and more than a few ho-hum stories attracted an audience worthy of a Pulitzer Prize winner. Or …

COMMENTS

This topic is closed for new posts.
  1. Aditya Krishnan

    Listings?

    Why can't the people at AVG just maintain some sort of list of malware infected sites and push it out to customers along with the daily updates? FireFox often informs me of such sites long before my AV scanner notices. And is this built into AVG's free version?

  2. foof
    Thumb Down

    Traffic

    This obviously sucks bandwidth from the host but doesn't it also impact the computer running AVG?

    For the few poor shmucks still on dial-up or with metered connections, visiting a minimum of ten sites every time you do a search is ludicrous.

    Time for a boycott AVG campaign.

  3. Adrian Jones
    Unhappy

    I did wonder...

    Having installed the latest AVG I was impressed that it was now managing to scan my email as it came in. (Using Pegasus with SpamPal usually meant that nothing was able to manage this.) I also spotted the little tick marks (or not) appearing in Google.

    I presumed that AVG was looking up data that Grisoft had compiled in advance, rather than scanning each search result as it was found.

    There's also an issue that this is eating up the users' bandwith which, although I'm not affected could be a problem with some contracts.

    LinkScanner has now been disabled on my machines, until the situation changes.

  4. Daniel

    DDoS attack on the budget?

    Perhaps a case could be made for smaller websites that this is a DDoS attack on a large timescale against their budget. In that case, perhaps a cease and desist letter to AVG would be in order. Should that fail to work, then asking a court for an injunction followed by a class action suit for damages may be more effective.

    -Daniel

  5. Phil the Geek

    No need for an AVG boycott

    It's easy to disable this feature - just click on Link Scanner and uncheck AVG Search-Shield.

    Us Opera users can retain our smug self-satisfied demeanour content in the knowledge that not only are we running the Saab of browsers but also that Link Scanner only works with IE and FF.

    I wonder what the carbon footprint of Link Scanner is?

  6. Anonymous Coward
    Anonymous Coward

    They will just escalate an arms race

    People will write stuff to detect this, AVG will than have to rewrite theirs, etc etc.

    Really badly thought out idea, if you go mainstream with it.

    Ideas like this work well for a few organizations, who get a bit of extra protection, but once the release is wide, the battle begins.

    Ads need to be checked at source, not checked live it is daft at that point. And really just stop flash ads. The JavaScript model would be simpler, but really ads should be fairly static, and only if the site wants to jazz it up should it happen.

    So, charge a premium if the person wishes to include code with the Ad as it should be checked, but run most of the ads as text input only. JavaScript could still be used as the medium to serve the Ad, but just not arbitrary JavaScript on input.

  7. Joe K
    Alert

    Hmm, interesting stuff

    I *love* AVG, its a small, unobtrusive scanner thats saved my bacon a number of times. It doesn't dig resource sapping hooks into the system like other scanners, and its free!

    That said, i clicked on "Don't upgrade yet" when it gave me details about Linkscanner, as it seemed like unrequired bloat to me as i only use Opera which has built in protection and is immune to 99% of attacks.

    Of course, i have to upgrade soon, and i will, but i hope this "feature" can be turned off. Much like the system-twatting "Scriptscan" java scanning function in McAfee, its obviously more trouble than its worth.

  8. Anonymous Coward
    Anonymous Coward

    Defected

    I tried AVG8 after being informed that version 7.5's database wasn't compatible and experienced a major problem with the link scanner in Firefox 2. At one point it was causing so much hassle, I had to not only disable the plug-in but totally remove it and seek a new virus killer.

    Anti-Vir might not be fast but it's just as good as AVG and no pesky plug-ins!

  9. Anonymous Coward
    Stop

    AVG 8 bloatware

    This new release from AVG is a resource hog. Its combined memory usage is ten times that of its predecessor, AVG 7.5. Adding unnecessary bloat to increase a product's "value" seems to be a common trend these days. Fortunately AVG are continuing to support 7.5 until 31st December so it gives me plenty of time to find a lightweight alternative.

  10. Anonymous Coward
    Anonymous Coward

    And getting rid of it is hard...

    I accidentally installed this while installing AVG8. It was hard to get rid of (as a Firefox addon on Windows) since unlike normal Firefox addons, it came without an Uninstall function. The only way was to delete the Firefox folder in C:\Program Files\AVG\AVG8

    But apart from that, AVG8 is just fine, so thanks AVG once again.

  11. ImaGnuber

    Translation

    "I don't want to sound flip about this, but if you want to make omelettes, you have to break some eggs."

    Translation: We don't give a shit. No, really, we don't.

  12. Shabble

    Slower browsing experience

    Yes, it does severely impact on computer speeds as it puts a big drag on web searching and so inhibits browsing. Occasionally it crashes the browser completely. The really annoying thing is that you can only stop it by disabling the AVG module, which leaves you with a grayed out AVG taskbar icon that prevents you being able to easily spot if AVG is not functioning properly. You can't unselect this function at the install stage and you can't change its parameters to lessen its grasp on your browser.

    I used to be a die-hard supporter of AVG and have used it as my only AV at home for about many years. After half a day of swearing at this stupid idea (which should never have got past the initial testing stage) I switched to Avast!. I doubt I'll change back.

  13. John A Thomson
    Thumb Up

    Linkscanner works better than blacklists!

    First off, I've recently switched over to using and recommending AVG 8 as the Linkscanner technology and low resource utilisation make it stand out from the crowd.

    @Aditya

    AVG's Linkscanner works a treat and is a better solution than blacklisting. It does realtime inspection, looking for known exploits and other nasties. Blacklisting relies on someone or some systems detecting a nasty and reporting it so the website can be added to the blacklist. There is usually a delay in blackilisting whereas Linkscanner protects in real time.

    No other AV / security suite that I know about has the same level of protection as Linkscanner! Most AVs rely on blacklisting or watching out for the infection to be downloaded onto your system before reacting. Linkscanner uses many other techniques to ensure the malware stays on the server in most cases!

    The realtime inspection feature of Linkscanner isn't included in the free version of AVG AV. You only get the search result inspection. Previous versions of AVG also restricted some features to be in the paid for version. AVG is, after all, a commercial company that needs to sell products to stay in business. The fact they provide a free edition with good and solid free protection is a great service to those who either can't afford or are too cheap to buy a license.

    @foof

    The new AVG 8 is VERY light on the host computer.

    Users can do a custom install or switch off Linkscanner within AVG.

    Agreed, it may not be for everyone, but anyone with even a half decent broadband connection shouldn't notice any difference when browsing the web. However, dial-up and big boy broadband users that provide poor service to their customers may well find it causes a lag in loading webpages.

    Here's an example of where Linkscanner worked where other security solutions failed:

    http://www.roundtripsolutions.com/blog/2008/02/06/317/forth-road-bridge-website-hacked/

    It even made The Register at the time:

    http://www.theregister.co.uk/2008/02/07/forth_bridge_hack/

    It appears that nearly every day there is a story of another big website, that should be trustworthy, being hacked to serve malware. Technologies such as Linkscanner will provide the real time security that is needed to protect web users.

    Bandwidth is cheap these days anyway. If smaller websites can't afford to pay for it then maybe they need to find alternate suppliers or reconsider their web presence.

    As for webstats, most of the time they are a flaky indication for most businesses! Much better to measure the real business impact of your web presence i.e. visitors that convert to sales, number of user registrations, etc.

    Keep up the good work Roger and AVG. Some of us appreciate your fabulous technology and what it can do to protect the end users from the ever increasing threats on the Internet.

  14. Anonymous Coward
    Anonymous Coward

    Phorm killed?

    There is an obvious possible side effect to this however, unless I read it wrong. Won't this completely destroy phorm, or any targetted advertising service?

  15. Anonymous Coward
    Unhappy

    its AVG not spyware

    Ah maybee this explains why ive been having so many problems getting goole to work in the last few days!

    Ive been getting this from google:

    We're sorry...

    ... but your query looks similar to automated requests from a computer virus or spy ware application. To protect our users, we can't process your request right now.

    We'll restore your access as quickly as possible, so try again soon. In the meantime, if you suspect that your computer or network has been infected, you might want to run a virus checker or spy ware remover to make sure that your systems are free of viruses and other spurious software.

    And ive run a whole slew of Anti Spyware apps... all clean.

  16. Test_subj
    Alert

    pay per click?

    Does AVG scan all pay per click links as well? some ad clicks cost well over $20 per click. Does Google filter that out of their billing? What incentive do they have to filter out bogus clicks.

  17. Jeremy
    Stop

    Annoying for users too.

    If you try and disable it through the AVG app, it triggers the "you're at risk of..." crap. Only disabling it's add-on component in Firefox let me get rid of it's annoying nannying ticks without being constantly nagged to turn it back on.

  18. Trevor Watt

    AVG 8 Linkscanner made my PC sloooooooooow

    Slower than molasses on a February morning.....

    I turned it off and normality was restored.

  19. Anonymous Coward
    Anonymous Coward

    Perhaps I'm just being dense here...

    ...but if this is scanning every link on a page, does that include CPC ads on search engines? Being someone who runs sponsored ads on Google, as much as I like AVG, I'm not sure I like the idea of paying money to advertise to a robot.

  20. Vlad

    Anti-Phorm??

    Isn't this a good way of fooling phorm-like tools?

  21. D
    Boffin

    AVG without Linkscanner

    You can still use AVG without the Linkscanner component.

    Starting from afresh, run the installer with the command

    c:\avg_free_stf_*.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch

    My reasons for doing this were due to privacy concerns, more related to the use of search engines against every site I visit than AVG.

  22. Anonymous Coward
    Joke

    So has it helped

    I mean, to drive up your ad price with all those hits.

  23. Dave Bell

    The Stupid, it hurts.

    I upgraded to AVG8 in the belief that anti-virus updates for AVG7.5 were about to end.

    Luckily I run Opera.

    I anticipate changing my AV software in the very near future.

  24. Mark Powell
    IT Angle

    Just remove the component

    There's an option during the install to get AVG without the linkscanner:

    Run the installation with the parameters :

    /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch.

  25. Wolf
    Go

    I can't find it in my heart...

    ...to really care.

    Let it destroy web analytics. They're pretty much fairy dust anyway. The whole pay per click issue is what made spammers target the web in the first place. I'm still on AVG 7.5 so I'm not contributing to the problem, but there's a part of me that views web marketeers with the same warm fuzziness I extend to RIAA and other wastes of skin.

    Then maybe advertisers will begin to wake up from their daydreams about sticky eyballs and sneaky pop unders and all the rest of the pain they've inflicted on us.

    The biter got bit. Boo hoo.

  26. Jordan

    On the AVG site

    there's instructions to install AVG without the linkscanner component although they're a challenge to find... Even if you've already installed it, running the installer again from the Run prompt with the arguements /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch will remove it/not install it in the first place

  27. William Bronze badge

    Wow!

    John A Thompson, what a player you are -

    "Bandwidth is cheap these days" - Erm, no its not.

    "but anyone with even a half decent broadband connection shouldn't notice any difference when browsing the web" - LOL! Really. Maxing out the TCP/IP stack by clicking on 10 links all at once isn't going to have any effect because you have "fast" broabdnad... Yeah, right.

    "If smaller websites can't afford to pay for it then maybe they need to find alternate suppliers or reconsider their web presence." - So innocent people should be forced out of business or move ISP or earn more.

    Besides, how long is before Google gets pissed off with you (as you obviously work for the company, by the way) for increasing the load on its servers and finds a way to stop you in your tracks. Or do you expect google to add a few data centres to cope with the increase workload so you can sell some shite AV software.

    After all, AV software is a lot of bollocks, it ain't stopping jack shit.

  28. Mike Row
    Unhappy

    LinkScanner SUCKS! So dn't install it.

    I have used and installed AVG since version 6. Great program. Still is! But the linkscanner is USELESS. I almost gave up on AVG because of it slowed down Google to the point it was UNUSABLE.

    Install AVG WITHOUT LinkScanner!

    (Forget where I found this)

    # Download the AVG 8.0 Free Edition installation package from their website.

    # Run the installation with the parameters /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch. One way to achieve this is to:

    save the AVG Free installation file directly to disk C:\

    open menu Start -> Run

    type

    c:\avg_free_stf_*.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch

    # The installation will be started, and AVG will be installed without the LinkScanner component.

  29. Gary F
    Unhappy

    Protect us from AVG, not malware!

    Thank you El Reg, you've just explained why we experienced an explotion of hits and at the same time the bounce rate went through the roof (which was distressing!). It's ruining our statistics which we put a lot of effort into setting up and aiming for accuracy.

    Our Google AdWords are getting lots of hits so I'm hoping they're not being counted and charged to us - unless AVG are in bed with Google to raise their revenue?

    Shame on AVG. I will be disabling this feature at once and advising all friends & colleagues to do the same - for the sake of poor website maintainers and investors. (Formally to this, AVG rocked!)

  30. Anonymous Coward
    Thumb Down

    @Wolf

    And to the guys who actually aren't advertising, but will get nailed by the bandwidth costs? To the guys who run little shareware software outfits and won't have a clue where their visitors are really coming from, or whether they're real?

    For a small company that lives and dies by traffic generated by search engines, this could be crippling.

    It's not just about the big, bad, nasty advertisers - you know, the ones paying for the site you're reading for free.

  31. Havin_it
    Flame

    How rude

    So, webmasters are guilty until proven innocent, then? Nice.

    I can't help thinking it says a lot for AVG's confidence in their, y'know, antivirus product that they feel it necessary to stop you even going near a site that might try to give you, y'know, a virus.

    I wonder if the search engines might be interested in attacking this practise from a legal angle; it can't do them any favours, either.

    Altogether a rather arrogant and inconsiderate move by AVG, of whom I expected better. When I still used antivirus, I used theirs; that certainly would have changed with this news.

  32. Andrew M
    Flame

    Break their eggs!

    These increased clickins has been driving us nuts for 2 months. I think all the hosts should send them a bill for the increased bandwidth & break a few of their eggs.

  33. This post has been deleted by its author

  34. Graham Wood

    Link Scanner

    I've had AVG 8 on my Vista laptop for a while (I couldn't download 7.5 when I got it), and Vista won't be on there much longer anyway.

    This is something that I really loathe. Not only does it take up resources (bandwidth, CPU, etc) - it means that all the links on a page are going to be scanned - as well as possibly encouraging AVG to collect stats in the same way that phorm is!

    I've got it disabled at present (with it therefore generating the associated warnings, alerts, greyed out icons, and general "We know best, TURN IT ON" attitude), but it's nearly enough to make me go elsewhere.

    I want a simple anti virus program that does exactly that - not something that tries to control everything I do to make me "safe". Having said that - it's free, and therefore I have no right to complain that it doesn't do what *I* want, if it is what their paying customers want.

  35. Henry Wertz Gold badge

    Make it just scan stuff the user clicks on.

    Yeah, this sounds kind of crap. The idea is good in theory, but set it up so when a link is clicked on, it'll scan it THEN and warn if it's a naughty link. (Since it's an add-on I imagine it could do it this way.) Then it's still providing protection, while not clicking on stuff the user didn't ask for.

  36. John A Thomson
    Happy

    Just William

    I don't work for AVG. Until recently I favoured Avast AV and AVG Antispyware for customer installs. Now it makes sense to just use AVG 8 - the paid for version. Avast has also became a bit bloated of late and does eat up resources and system cycles, which is a real shame as it is a nice product! My dream product would combine the best parts of AVG and Avast!!

    Web hosting bandwidth is cheap these days. You can get 6,000Gb for less than $8 per month and that is with a half decent provider. You can go cheaper and more expensive depending on your needs and wallet.

    So every web user should sacrifice their security through not using this new technology simply because of cheapskate businesses that cannot or will not pay a little extra to do business online! How many websites are now designed to be optimised to load quickly on dial-up! Everyone is developing websites with fancy graphics, flash and other multimedia content. Why should the visitors be paying for bandwidth so these cheapskate businesses have a flashy website. There is always an alternative way to look at these things. The web evolves and both users, providers and online businesses need to re-evaluate their online strategies.

    Like others have said on here... I do really care too much the advertising and marketing revenues. That is for others to work out a solutions that is secure and works for everyone. Once Google has developed the technology to stop serving up web results that have all manner of malware at the end of the search result then maybe there won't be the need to have Linkscanner searching through their results. I do feel for Google having to buy some more servers, after all they may not be able to afford it from all that Yahoo revenue coming their way! They wouldn't give two hoots if it was a revenue generator for them rather than an end user security measure.

    There is nothing stopping people clicking on a result link in Google even while Linkscanner is still inspecting the underlying websites. My own experience, and many of my customers, is we don't notice any significant difference in speed, but then again high quality broadband providers are being used. Google results come up instantly on my Vista SP1 / IE7 / Linkscanner protected system and then you start to see Linkscanner going to work on the result websites.

    I have seen issue when installing AVG 8 and they have so far been related to an unrelated system set-up or other application issue. Anyone who pays for AVG 8 has access to their support team to fix these problems - another advantage to pay a little money for your protection.

    Linkscanner isn't AV technology or a simple blacklisting application - that's why it is far more effective at stopping web based nasties!!! Try to learn about the technology before passing comment.

    http://www.explabs.com/products/lspro_methodology.asp

  37. John A Thomson
    Thumb Up

    As featured on El Reg

    Only a few days ago...

    http://www.theregister.co.uk/2008/06/09/drive_by_download_defences/

    The browser developers are getting into this type of technology, even Mozilla and Opera. Good on them I say.

  38. mh.
    Unhappy

    Upgrading

    I upgraded from AVG 7.5 to 8, but after a few days I got fed up with it. It wasn't just the linkscanner or the memory bloat but also the massive number of false positives when it did its daily scan. Switching off heuristic detection reduced the number slightly but it still caught a lot that it shouldn't. After a couple of days I removed it and then switched first to Antivir (which displays an advert when it updates; a minor inconvenience but nothing to get too worked up about), and then a month or so later I found you can get a free copy of Kaspersky internet security if you use certain banks' online banking services.

    AVG 8 might be free but it's worth every penny.

  39. Pat Bitton

    Response from AVG

    Hi, folks. Pat Bitton from AVG here. This issue has clearly raised some concerns that we had not anticipated, and we acknowledge that we need to do something. Our primary purpose with LinkScanner, as Roger Thompson has pointed out, is to protect users against web-based threats that they cannot see. These threats are also usually invisible to web site operators, who presumably also don't wish to be unwittingly passing infections on to their visitors. This kind of problem can and does affect all types of web sites, big or small, and is extremely transient - which is why we don't use the static database approach cited by some as a viable alternative. Over the next few days, we will be exploring ways in which we can continue to deliver informed protection as unobtrusively as possible without adversely impacting site analytics. Any webmaster reading this post who is interested in working with us constructively to reach this goal is welcome to contact me at pat.bitton(at)avg.com.

  40. Anonymous Coward
    Anonymous Coward

    Why don't they just...

    Why don't they just read the data being read from the site as it downloads to your computer and then halt it if there is any malware present. Then mark that page in a blacklist to stop others visiting it. The code could be read into the malware checker before being passed to the browser.

  41. PH
    Go

    Simple Sword of Truth

    On a free-to-read site dripping with advertising, I suppose it's little wonder this story is given the editorial line it has.

    And that panicky one-sentence paragraph - "That could destroy web analytics as we know it" - had me thinking I was reading one of the red tops. No irony intended.

    Let me fill you in on something for free, though. Marketers, like salesmen and politicians, frequently say one thing but mean another. Trust me, I've worked in and with Marketing for years.

    The Barry Parshall quote defends analytics: so "businesses can serve their customers properly". As any contemplative business person will confirm, the primary aim of being in business is making money. Analytics isn't about "serving" customers, it's about working out better ways of extracting money from them, and increasing their growth.

    Web analytics is up there along with Customer Loyalty Cards as one of the great intrusions on privacy that the public simply goes along with because they're ignorant of what's actually happening behind the scenes.

    If AVG helps disrupt marketing analytics then I, for one, am all for it.

    PS: 10 December 2008 – International Clear Your Cookies Day.

  42. Anonymous Coward
    Paris Hilton

    Just a thought

    How would this thing deal with 300 or so invisible but still clickable, links on a landing page (link farm). It's normally done to game Google it's frowned on but last I checked it was still widely done

  43. Nexox Enigma

    AV?

    I totally gave up on desktop AV years ago. It was all bloat, all slow, and entirely irritating. The average AV package was giving me more damned popup warnings and advisories and whatever else than actual popup generating spyware ever did. And for all of that I think I probably had one virus detected that I didn't already know about, and it was in a file that I wasn't even close to considering running.

    So I uninstalled it, been safe ever since. Then again, I do all my downloading on Linux and automatically scan all downloads with ClamAV. I use a combination of reasonably secure software and common sense, and no viruses.

    @ Marketing Tool:

    Nobody can possibly be as passionate as you about something so dull as AV software. Sure, browsers, text editors, operating systems, distros, display technologies, and loads of other boring things have had epic religious battles fought on the bloody grounds of the Internet, but nobody that hasn't anything to gain has ever written 2 extremely long (relative to other posts here) posts about an AV app.

    Your proper grammar and spelling, logical layout, sincerity, and lack of any tell-tale rant signs mark you as someone who does not belong on any sort of open-access Internet discussion forum. I don't know where my point went, but you see what I'm getting at. I hope.

  44. Anonymous Coward
    Anonymous Coward

    klean

    How do these 2 work to not do what AVG's linkscanner does then?

    http://www.callingid.com

    http://www.siteadvisor.com

    I'm an IT dunce so forgive me. AVG scans realtime whilst the other two use a static database and so is not only more up to date but capable of catching dynamically changing exploits?

  45. Kanhef

    @ John A Thomson

    How much are they paying you? Your posts are right out of the marketing office. Try testing it on an ordinary user's setup (2 year old computer, DSL line) before claiming it causes no lag and uses negligible resources.

    Your attitude is "This will significantly increase web traffic, driving up providers' costs, but we don't care because we're not paying for it. It's their problem now, so they should figure out how to deal with it, not us." That's rude and irresponsible, at best. Large companies might be able to handle it, but a lot of smaller or noncommercial sites can't. Many implement a site search by using google's 'site:' function; LinkScanner will hammer the site another ten times every time that's used.

    P.S.: Please let us know who is offering six terabytes of bandwidth for under $8 per month.

  46. Daniel Jones
    Linux

    @ Henry Wertz & all those 'so just install it without ...' and 'so turn it off then'

    @ Henry Wertz

    Totally. They wouldn't even have to have the content download twice; their email scanner already downloads stuff, scans it and then serves it to the email client.

    Why the hell not do the same with this?

    @ all those 'so just install it without ...' and 'so turn it off then'

    Riiiight. So all those non-patched systems run by numpties who take no interest in how their system works at all and never go anywhere near the register or anywhere else except big-boobies.com or whatever, who do not even realise the harm this is doing(ie most people) are going to run:

    c:\avg_free_stf_*.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch

    Are they? Yeah right, whatever. Most people would have trouble with the Tools->Add-ons trick, if they even knew about it. Which most don't.

    This stuff should come switched *OFF* by default, not on, if it even should be included at all (which it shouldn't IMHO in it's present form)

    /So/ glad I switched to ClamAV from AVG (although that was because of the annoying focus stealing getting on my nerves, but that's another story)

  47. Svein Skogen
    Flame

    Simple "response" to this would be

    The simple (and logic) response to this, would not be to use the useragent string to "disregard" the AVG hits. No way. All these hits should be counted.

    And at the end of every month, every website owner should send Grisoft the BILL for their bandwidth usage. If Grisoft wants AVG to have this "feature", they should be prepared to pay the _PRICE_ of this feature. Afterall, GRISOFT can forward this bill to their customers (in the form of increased price for the software kit).

    //Svein

  48. Dan Silver badge
    Boffin

    Linkscanner not that useful...?

    It's pretty inevitable that they're going to end up making linkscanner's user agent exactly the same as your browser's user agent...

    Why? Because now everyone knows what the user agent linkscanner uses is, something harmless can be served to linkscanner, then when the user clicks on the link to go to the page after receiving the OK from linkscanner they can get owned.

  49. Pie

    avg 8 has other problems

    My mother couldn't print from IE in proteced mode with avg 8 installed, as there appeared to be no fix, I swapped her over to Avast.

  50. kirk shoop
    Unhappy

    ResidentShield no panacea either

    Not only is AVG 8 blocking www.apple.com (in IE7 on a vista ultimate machine) it will reset the connection each time the quicktime installer is downloaded.

  51. Richard Silver badge

    Thanks for a response Pat

    But I *won't* be upgrading to AVG 8 entirely because of this feature, and will no longer suggest it as an option to my friends and family.

    There are a few reasons for this.

    1) Every computer and every NAT router has a limit to the number of concurrent connections it can support. This total varies according to the firmware and model of router.

    I use a bittorrent client a fair bit to download various pieces of open-source software. Due to the way torrents work, these clients tend to utilise a large number of concurrent connections.

    I have to limit this number to get an acceptable browsing experience on the various machines connected to my router - as I want to download as quickly as possible, I limit this to the maximum that gives me a good browsing experience.

    This function in AVG 8 grabs around 10-20 connections every time I visit Google or the other supported search engine pages.

    2) Many broadband customers have download limits, before either being charged quite a lot extra, being cut off, or having their download speeds greatly limited.

    Some of these limits are quite low.

    3) My connection is fundamentally shared with everybody else at my local exchange. If everybody suddenly starts downloading all the hits from any page of Google, my internet experience will suffer.

    4) If a webmaster sees a massive spike in traffic, that's going to cost them a fair bit extra in bandwidth charges. Given that any extra traffic produced by a 'bot' such as the AVG LinkScanner cannot possibly gain them any advertising revenue, all such extra bandwidth expenditure is wasted.

    It's doubly wasted because no human ever sees the result of that bandwidth, so even those sites which don't rely on advertising and are simply providing a totally free service will suffer.

    Many smaller sites may either hit their daily limits early and thus be unreachable for much of the day, or suffer such extra costs that they are forced to close.

    5) When travelling, I connect in many places that have terms and conditions including "You may not use download accelerator products".

    The way such products operate is to visit every link on a page and start to download them while you're reading.

    My bandwidth provider is unlikely to see any difference between such products and the AVG LinkScanner, and therefore may hold me in breach of the T&C of the connection they provide and block me.

    This feature will cost me, personally some hard-earned cash, and therefore I do not want it.

  52. Anonymous Coward
    Pirate

    heres an idea

    for all you that don't like it scanning other sites on search engines in case you click on it and webmasters

    why not install it and Keep searching AVG so it Generates load more traffic on AVG's site and see how they like it ???

  53. Anonymous Coward
    Anonymous Coward

    AVG8 free custom instal???

    I don't understand why people say it makes their browsing slow as it's only supposed to kick in for search engine sites, unless in reality it's working in the background on all sites without displaying any results. My real concern would be if it did start to do this for links on all pages visited.

    Anyway, as has been said, just turn it off. The AVG icon on the task bar gets an exclamation mark over it, probably to try to make you think you're not protected but it's easily ignored. For a custom install, the only components I can turn off are the email scanner and alternative languages so either John A Thomson has a different free version or is using the paid for one, he doesn't make it clear.

    What bugs me most is the drop down notification window, if that can be turned off for good then I'd be 100% happy with AVG8 free.

  54. FoTD
    Flame

    I suggest throwing this back in Girsoft's face!

    Well, until this problem gets bad enough that we can all ban together and start a class action law suite against Girsoft for effectively DDoSing our HTTP servers, I suggest the following. Instead of allowing them to waste our own bandwidth with their ineffective and misguided attempt at blocking malware laden sites, I recommend all of us web server admins simply redirect this traffic right back at Girsoft! Those of us running Apache can simply add this directive, either server wide or per directory:

    RewriteCond %{HTTP_USER_AGENT} ;1813\)$

    RewriteRule ^.*$ http://www.grisoft.com/ [R,L]

    This of course will redirect all hits from this rouge user agent to Girsoft's own servers. Screw em! Let THEM deal with the traffic burden! And perhaps if enough of us do this Girsoft will get the point and scrap this stupid linkscanner BS. This should work until they change the user agent string, in which case it's either back to the drawing board or time to sue their asses! I for one will be more than glad to sign up for any class action suite someone puts together. Their "product" generates malicious attcivity on the Net and should NOT be tolerated!

  55. Nebulo
    Paris Hilton

    Not only that ...

    but since I allowed 7.5 to upgrade to 8, I've found that it now takes me ages to get anywhere via my start menu (my preferred way of starting stuff). Every submenu takes tens of seconds to open, although I've got the delay set to 0 - I assume AVG is scanning every link in every submenu, every time. Still trying to turn it off, but haven't found how to yet.

    Or maybe there's a new sort of polite virus which puts itself in your start menu and waits until you specifically ask it to run? AVG, I used to love you, but I'm rapidly falling out of love right now. You're wasting my time every day.

    Paris, because I'm sure she could find something for us to do while I'm waiting.

  56. Anonymous Coward
    Anonymous Coward

    Newer installer - No need for command-line switches

    I'd been using the command-line switch for a couple weeks on new installs, as removing SafeSearch cured all the problems I was seeing with AVG 8 Free (slow computers, crashing browsers). About a week and a half ago, a newer installer (build 1310) for AVG 8 Free showed up, and the SafeSearch module was now selectable in a custom install.

    So as long as you get an installer of build 1310 or later, there's no need for the ugly command-line switches. Just do a custom install, deselect SafeSearch, and you're good to go.

  57. Simon Neill

    Sod the webmasters....

    ....what about poor little me and my 300MB download limit on VM?

    hey, does it do this for the IPLAYER too? I can't imagine trying to stream 10 iplayer videos, but when I try there are explosions.

  58. Anonymous Coward
    Alert

    It's Not About Analytics

    The story only picked on one aspect of AVG 8's problems and generating fake web analytics is just the tip of the iceberg.

    Why does Roger Thompson think his Link Scanner can protect users against web-based threats while the product plainly announces it's presence and Pat Bitton repeats the same party line?

    The important things being overlooked here are:

    a) AVG 8 is easily detectable. The user agent that AVG uses is detectable by the same malicious sites AVG is trying to block, so those sites can easily spoof AVG into thinking they're safe when they're not.

    b) AVG 8 is attacking popular sites. As many thousands of AVG users upgrade to AVG 8 the software it is literally launching attacks against popular sites that rank well in search engines.

    c) AVG 8 customers can now be tracked. Even after AVG 8 changes the user agent to use something less detectable, many web sites now have exhaustive lists of the IP's of the AVG 8 customers that have installed the product to date. Many IP addresses for many broadband customers are somewhat static and may not change for years so if they continue to use AVG they may become a target at some future date.

    d) AVG 8 doesn't need to pre-scan if it can defend against the threat. If AVG 8's Link Scanner can detect the problem then AVG 8 should be able to stop you from getting infected in the first place. If the Link Scanner can't detect the problem in the web page then you'll assume AVG 8 will still stop the infection anyway. Therefore, if the Link Scanner can't detect something unknown and AVG 8 can't stop the unknown infection then Link Scanning in advance is completely useless and a complete waste of everyone's resources since anything detectable is already being defended against without the Link Scanner.

    Bottom Line, it doesn't work and it's making both users and webmasters angry.

    AVG has completely blown a new release and the reputation management skills shown in the face of this crisis with comments about "breaking eggs" are plainly laughable.

    The solution is simple:

    Disable this BUG until you get a new solution, release an update of AVG 8 that has this disabled, and release it ASAP.

  59. teacake

    @Phil the Geek

    "Us Opera users can retain our smug self-satisfied demeanour content in the knowledge that not only are we running the Saab of browsers "

    You mean poor-handling, over-weight, trading on a reputation for reliability and individuality that is long in the past... need I go on?

  60. tony trolle
    Alert

    not too slow

    think I had it running for 3weeks now, it slows this 1.8Mhz system down less than one second on google but only had one red warning in all that time; russian site :-p

    never thought about the site analytics problem

  61. Shabble

    Security for idiots

    With a firewall on my router, with Windows Firewall, Windows Defender, normal AV, Spybot SD resident, UAC and a degree of common sense this link scanning is entirely unecessary.

    Don't allow dodgy websites to install ActivX, don't run keygens for hacked software and scan your P2P downloaded Rar and Zip files before extracting them. Anyway, a decent AV will catch a virus when it tries to install from a web page. AVG 7.5 used to do this for me when I had it installed.

    This link scanning thing is a gimmick - its the equivalent of buying an SUV to increase your safety. It doesn't really, and just blocks up the roads. Note: the only virus I've found on my computer in the last year was an old keygen for a bit of software I wanted to test out, but forgot about and never used. This was missed by AVG for many months and was only picked up when I switched to Avast!

  62. Andy
    Black Helicopters

    What about accidental paedo or terror browsing

    Presumably if you enter "children" or "al qaeda" into google then AVG will happily visit any dodgy web sites that appear in the results for you, thus ensuring that you move onto the police watch list for axis of evil members.

  63. Vostran
    Stop

    Bunch of criminals!

    "I don't want to sound flip about this, but if you want to make omelettes, you have to break some eggs."

    Sounds to me like a criminal enterprise.

  64. Ross

    Right idea, wrong solution

    Protecting users from malware located on webpages is a good idea - it's probably the biggest attack vector these days what with every one and his dog using a router with built in firewall. The AVG method is using a sledgehammer to crack a nut though.

    A better alternative would be to run a local proxy that scans your inbound traffic for malware. That way only the pages you actually visit are scanned, rather than anything Google deems fit to throw up as a search result. It would save web server bandwidth, your bandwidth, and your CPU cycles. It also still ensures that the detected malware doesn't hit your browser.

  65. Anonymous Coward
    Alert

    whining fools

    your all a bunch of crazed whining fools. this feature is actually a good bit of host protection and has been proved to work - far better than blacklists etc.

    you're all moaning for the same reason - you're all using outdated methods of checking that someone has actually visited your site. relying on a dumb apache log file or the number of times image 'lets take these advertisers to the bank.jpg' got downloaded is foolhardy and wrong. countless times its been abused purposefully but like little blind mice you've carried on regardless. use some other method

    of validating a real human has visited your site. something basic like an

    'onmouseover' event on a news story or somesuch is 100% better than 'oh look, Mozilla 4.0 blah blah from 127.0.10.40 has loaded index.html'

  66. Daniel Feenberg

    Not a deluge yet

    On our rather esoteric web site (www.nber.org) that browser string accounts for 5% of the last week's 5.04 million hits. So it isn't killing us yet, but then what fraction of their users have upgraded so far? It certainly seems tempting to serve up an error page to the user, asking that they disable the "feature", should they eventually select one of our pages.

    Why should they be scanning pages before the user clicks? Perhaps they don't have the proper hooks into the browser? Or don't know how to use them?

    Daniel Feenberg

  67. Rodney Cole

    tenuously linked to AVG thread

    I upgraded our motley collection of PC's to AVG8 recently and haven't noticed much change in speeds, apart from when the actual scheduled scan is taking place. The only Googled site that I have been warned by AVG about had "this site may damage your computer" written on it already.

    I don't really want the sole option of Yahoo! search in the AVG bar because it's soooo inferior to Google, but something happened the other day which I would be grateful for your views on.

    I had just booked some Premier Inn rooms online as is my regular wont and then visited a favourite US blog and followed a link to the LA Times archive site. At the top of that page was, guess what, Lenny f++king Henry gazing back at me from a Premier Inn banner, complete with the standard UK hotel search.

    As it seems unlikely that Premier would be targetting all LA Times readers with banner ads, the only conclusion is that one of the many tracking cookies that AVG recognises but does nothing about is "profiling" my surfing. Cookies go regularly into the CCleaner bin.

    How valuable this is to the advertiser (advertising to an existing customer) is puzzling, or am I in possession of the wrong end of the stick? Or just uninPhormed and paranoid?

  68. Anonymous Coward
    Thumb Up

    How to disable it after installation

    You can disable it in IE if it is already installed by using the Tools->Manage Add-ons feature. This will not cause the red exclamation mark to be shown in the system tray, and will still be displayed as Active in the AVG User Interface.

  69. Anonymous Coward
    Stop

    avg?

    I couldnt find this in the repositories.

  70. Charles Silver badge

    Alternative advice to Firefox users.

    If you *really* have a problem with AVG's SafeSearch feature but insist on using Firefox, consider trying out the Firefox 3 release candidate. SafeSearch won't work on this version of Firefox, so even with AVG8 installed, SafeSearch stays disabled. In any event, the handy NoScript addon keeps the bulk of trouble (and bloat) out of my way.

    As for scanning ahead for malware, here's a possible angle: multiple payloads (so as to try as many angles as possible). AVG may be able to detect and block one or more of the payloads, but you could still be owned by the unknown or zero-day payloads. By scanning in advance, any site that has even one detectable payload can be blocked, and by blocking you also reduce the likelihood of being hit with an unknown attack.

  71. This post has been deleted by its author

  72. Timbo

    @ FoTD

    Any way in which a "robots.txt" file can do the same ??

  73. Andy

    Effort better spent on patching...

    The poster who cited LinkScanner saving the day, the article also mentioned..

    "People who’ve visited the website over the last week need only panic if they are running a version of Microsoft Windows that hasn’t been patched or a version before Windows 2000."

    Looks like users are buying all these AV products, that use resources (locally and on the Internet), but not patching their systems?

  74. Anonymous Coward
    Flame

    I hate web advertising, But...

    If the AVG8 link scanner can detect the exploits prior to the user clicking on the links then surely this means it can detect the exploits when the user clicks on the link.

    In which case Link scanner is DDOSing the web just to put a pretty green tick or a nasty red cross next to the search results so the user to feel good or bad about going to the site.

    If AVG can't detect the exploit (when the user clicks the link) and prevent it, then why are they charging people for their product?

    I have no love of web marketeers, traffic profilers etc, but a company that thinks DDOSing any website that is turned up in the search results is the way to protect people is even worse.

    An antivirus company should know better!!!!!!!

  75. Martin Maloney
    Alert

    No one has addressed this

    "...Thompson points out that AVG only scans the first page of results on sites like Google - unless the user clicks on subsequent pages...."

    I do serious research on the Web, thus I use google Advanced Search, and I select "100 results" for "Results per page."I doubt that I am alone in this.

    That kinda kicks "...only scans the first page..." in the butt, doesn't it?

    Several months ago, having tired of AVG 7.5's penchant for throwing a plethora of false positives, I switched to avast! Thanks, el reg, for quenching any temptation that I might have had for sampling AVG 8.0.

  76. Kevin Reader
    Alert

    Surely this is old tech done really badly...

    Apart from the fact that they could validate the PAGE you actually CLICK using their "new technology" before serving it to the browser, I have long noted avira'a live scanner doing the following (which is rather better):

    Even several versions ago the avira live scanner checked files as they were written to disk (probably on close) - this seems to include files in the browser cache. This appears to detect suspicious exploits. I would have thought AVG would have implemented something like this or a a similar scan in the download path of the browser. That's what a sane develop would do.

    I suspect that the scan is a) slow and b) processor intensive and they did not want to delay the response to the user's click AND SO they decided to pre-scan the search hits while you are reading them. BUT that means they scan ALL the results even if you do not visit them.

    There is a theory that many people never even press NEXT on google or other searches so the impact is LARGE but not huge. For anyone who does proper web research - or looks for obscure information - it wil be far worse. I regularly wade through pages of google results without clicking more than one link a page - this 'technology' would increase my bandwidth and visits 10-fold. Utter madness and shody development.

    El-Reg: Can we have an icon for "Mental Developers, Extra Stupid PHB", it would suit these sorts of stories more than the existing ones, and is becoming ever more common. (It used to only be Bill's gang).

  77. Stephen Hurd
    Thumb Down

    This should work grea with Firefox!

    So now, with Firefox preemptively downloading all the links on a page, and Linkscanner doing the exact same thing, now every link you don't follow will be followed twice on your behalf! Yay!

    Seriously people, if I want it, I'll click on it. I really don't understand what AVG thinks could be accomplished here that transparent proxying wouldn't... and definitely not one that makes it worth downloading everything (twice? thrice?). ISPs are rolling out the bandwidth caps and the web folks are cranking up the bandwidth any way they can.

    The thing that's even more fun is that (unless AVG is caching what it downloads and acting as a caching proxy anyways) the web site you get to when you follow the link quite likely won't be what AVG scanned anyways. The ads (a common source of malware) will rotate.

  78. Jonathan Richards

    Serves you all right...

    ... for trying to make money with the Internet. Bring back ARPANET, sez I.

    Mine's the moth-eaten Afghan. Ta.

  79. John A Thomson
    Paris Hilton

    Response to the flamers!

    @ Nexox Enigma

    Good grammar and breeding clearly shows out. You may be shocked to find I have founded, run and participated in many community projects both online and offline. I also can't stand texting because of the lack of proper English... it just feels plain wrong, wrong I say!

    @Phil the Geek

    But Phil this type of technolog is coming to Opera and Mozilla products. The Register wrote of it only days ago.

    @ Kanhef

    Sorry to disappoint you, but AVG isn't paying me nor am I doing their dirty work as you are suggesting. Admittedly, I do resell their products, but that's not a new thing and I was a bigger fan of Avast Pro until AVG 8 appeared on the scene. Our old layered security solution was a far more lucrative solution in terms of revenue, but it has been found that AVG 8 is a good and cheap solution for end customers that don't have years of experience of using the web - those very customers that wish to have the additional protection it offers in a single solution and don't mind paying a small amount of money to achieve it.

    I see mainstream web users being better protected through using this technology. We have a good sized customer base here in the UK and even have a customer in Nigeria (anyone tried 196kps down, 64kps up???) using this technology and none of them are complaining about it turning their system into treacle. I wouldn't be recommending it to my end customers if I thought it was a bad product for them. Sure there are situations where it may not be recommending - namely, when the ISP is one of the many big boys that sucks during peak hours... and we all know who they are!

    My attitude is this...

    It is alright for websites to add all kinds of additional marketing and advertising streams, to add multimedia content, to use all manner of high bandwidth items to increase their buzz and marketability, but most webmasters haven't thought too much about the people on slow connections and those end users that eat through their ISP allocated bandwidth to gain the unnecessary parts of the user experience. I realise that these technologies eat up the same ISP bandwidth, but that is the customer's choice when they install / enable Linkscanner. Now the worm has turned and web vendors are complaining. It is unfortunate that some very small business may well not be able to adapt to this changing landscape, but the bad guys have moved on and so must the security vendors to better protect the masses - there are always some casualties in war!

    There are many US based suppliers offering these types of bandwidth allocations. Have a look through websites like http://www.webhostingstuff.com/.

    @ tony trolle

    Try Googling for things like warez, cracks, etc. You'll see a good many more red crossed results. Many web users still believe obtaining illegal software is a good way to save money and don't worry about the consequencies. Perhaps they will take more note of the warnings to stay away from these types of websites when they see security software reporting bad things.

    In this day of legitimate websites being hacked to serve drive by downloads, and all manner of other malware, having Linkscanner and technologies of its ilk is going to be a good tool in protecting us all from end user being infected.

    Q. Is AVG 8 perfect?

    A. No. I can think of quite a few improvements I'd like to see. I've also seen some compatibility issues with a few other security products that disappear when those other products are removed.

    Q. Could Linkscanner work better in other ways?

    A. Certainly, but it cannot be changed overnight into a security product that is going to please the webmasters voicing their concerns.

    Q. Will we see similar products / features from other security vendors?

    A. Very likely.

    Q. Why are you so passionate about this technology?

    A. Because I've seen it working to protect web users that wouldn't know any better and would have their systems infected with all manner of malware. I even seen it detecting trustworthy websites that have been hacked to serve malware. The website vendors involved (3 different companies in one case) had let this website serve malware for weeks to visitors without having a clue that something was amiss. Thousands of website visitors could have been affected during those few weeks. Linkscanner detected the exploit code without even breaking a sweat.

    Okay, I'm stopping now as my position is quite clear and the flamers must be queuing up to get into the comment box :-P.

    Paris, cause she knows good breeding!!!

  80. Adrian Jones
    Pirate

    Another AVG problem

    A few weeks ago, I discovered that several of my mailboxes in Pegasus had disappeared. Very annoying as one of them was my main box, with hundreds of emails.

    I've just realised that it was AVG which deleted them. It's scanned them as an archive, identified a virus (or so it thinks, I'm somewhat doubtful, since I've always deleted anything with a dodgy looking attachment, and one was a simple word document from about 10 years ago!) and moved the whole file to the Virus Vault.

    Which then filled up past its default maximum size, so it's deleted several of them.

    All without bothering to tell me about it. I only spotted it because I happened to be in front of the screen when a scan finished, saw the pop-up appear and disappear and wondered why it had 40+ warnings. (Cookies, it would appear.) I then discovered that there were several "viruses" found in May and that they'd already been deleted from the vault.

    Not very impressed with AVG after all.

  81. George Forth

    Turning it off isn't especially fun

    I don't like it as it slows down my creaky old machine when I search on Google (the creakiness is why I use AVG and not something resource-hungry like Norton). But if you turn it off, it records this as an error rather than a choice. Most annoying.

  82. Matt Bryant Silver badge
    Pirate

    RE: Kanhef

    I have AVG 8.0 running just fine on a seven year-old desktop for my kids. It has an Athlon 1100MHz CPU and only 768MB of RAM, yet runs WinXP a treat and I haven't noticed any drop off in performance in any way at all since upgrading her PC to AVG 8.0. I have long appreciated AVG, especially after several years of McAfee and Symantec screwing up other systems (including those at work), and I would not hesitate in the slightest to recommend AVG 8.0 to friends and family. Seeing as kids are often the ones that get suckered into visiting dodgey sites, the search preview offered by Linkscanner is a brilliant tool.

    Strangely, everyone is up in arms about personal users using AVG's Linkscanner, but I don't hear a peep about the commercial spiders and bots that regularly try and read EVERY page in our work website. So, it's OK for Google and co to trash our work bandwidth, just not personal users? Puh-lease!

    IMHO, thanks to Grisoft for another excellent product!

  83. Bambi
    Black Helicopters

    No worries on AVG 8 ...

    I think just like Norton, McAfee and other 'hoggy' security systems (which is what they have become), folks will be migrating to other things that are less resource intensive. AVG 8 slows down even brand new Vista computers with 4GB RAM and Core 2 Duos!

    AVG 8 could very easily be a thing of the past very soon.

  84. Hate2Register
    Unhappy

    Off with their heads!

    I agree with Aditya Krishnan that AVG should not be pinging sites with gay abandon, skewing traffic (and making it look like I'm visiting sites that I'm not). George Forth points out that if you go into AVG options and turn off the Linkscanner, AVG puts a permanent error message in the system tray.

    Aditya's suggestion that AVG compare search results with a database of bad sites is a sound one.

    This revelation could sink AVG's reputation if they don't fix it soon...

    [an otherwise loyal (ha) AVG user]

  85. Steve

    alternatives

    If you employ the use of a hosts file (mvps for eg), tighten up your o/s internet security settings (the defaults are poor), forgo the use of IE, use an add-on lightweight firewall, use Opera as your broswer, and install avast as your virus scanner, this issue is a moot point.

    And most of the above is also easily accomplished using a distro like openSUSE as an alternative to windoze.

  86. Chuck
    Alert

    Get a clue people

    I am amazed at the supreme level ignorance among so many of the LinkScanner critics here, many of whom probably consider themselves security experts. What a sorry group. I guess that's the crowd you attract with inflammatory statements intended to stir the irrational fears of people (Joseph Goebbels and Karl Rove would be proud, El Reg).

    Get a clue people. I've been using the paid version of LinkScanner since shortly after the company introduced it. Too many times to mention I've been protected from exploitive web sites listed in Google's search results, or contained on trusted sites. Yes, I'm patched, so maybe 80% of these wouldn't have affected me, yet I still don't want to visit a poisoned web page for obvious reasons. And what about the 95%+ of users out there who don't maintain regular patches, or what about all of us who need protection against (albeit rare) zero days before a patch is available?

    Someday, once the masses get more properly educated than some of the ignoramuses on this thread, they will refuse to click on any hyperlink until it has been properly scanned by LinkScanner or a similar real time scanner (Note most of Linkscanner's competitors including McAfee's are NOT real time so they're essentially useless), just as my 65 year old mum knows not to click on file attachments from unknown senders (and even trusted senders) in her email, or how more enlightened novices have learned not to click on malicious ecard greetings.

    If you're a web site operator, don't your visitors deserve to receive some verification of the real time safety of your site? What are you trying to hide? Your ignorance? Your ostrich beak?

    If people here truly studied LinkScanner, how it operates and the thinking behind its (IMHO) clever low impact approach to stopping web exploits, you might arrive at a different conclusion.

  87. Anonymous Coward
    Stop

    Not only advertising

    A major problem with LinkScanner is not only the one-time traffic it generates by accessing pages, but by the fact that LinkScanner's parser just plain doesnt work properly, and can with certain content cause endless loops with user's computers unwittingly registering tens of thousands of hits against a site, as LinkScanner sits there reloading it endlessly.

    How shocked I was when I saw this, on one user's account statistics... (a 6 day traffic period)

    1 2202660 81.92% Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)

    2 453439 16.86% Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

    3 7634 0.28% Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1

    Thats 82% of traffic, several million hits, on what is normally a fairly quiet shared website, coming solely from a user agent I later discovered was submitted by LinkScanner. In numeric terms, thats around 70GB of traffic in a week to a single fairly small website.

    @Pat Bitton, all traffic hitting our networks from LinkScanner's user-agent is now being redirected to grisoft.com, I fail to see why we or our customers should be paying for your product's traffic when the damn thing doesnt even work properly.

  88. Anonymous Coward
    Anonymous Coward

    Flawed Logic @ John A Thomson

    How can Link Scanner protect users that would otherwise be infected UNLESS the sick truth is that AVG 8 can't stop those particular infections in the first place?

    Either AVG 8 can or cannot protect you without Link Scanner, which is it?

    If AVG 8 can protect you, then Link Scanner is a complete waste and something used purely for marketing purposes.

    If AVG 8 can't protect you and uses Link Scanning to attempt to stop things it can't protect against, I'd be looking for new AV software ASAP.

  89. Anonymous Coward
    Anonymous Coward

    Get A Clue Chuck

    Please explain, just how did the Link Scanner save you?

    Did it detect something AVG couldn't detect or stop from infecting your machine?

    If AVG could stop it, then the Link Scanner was superfluous, no?

    Total hysterical hype.

  90. Phil Endecott Silver badge

    No referrer set on these requests?

    A quick check of my logs shows about 5% of page requests (and a smaller proportion of bytes) are from this ";1813" user-agent. Interestingly, none of them had a referrer set. Is that also a characteristic to check for? Does anyone know if the ";1813" is ever present in a real request?

    I've encountered two similar issues in the past. One is MySpace users putting images from my site - and it's always the largest files - on their pages. That was using >80% of my bandwidth for a while. Then there was "fasterfox", a firefox extension that would prefetch all of the links on a page. I got a link on the front page of Digg once and the fasterfox users (the vaast majority of the requests) brought the server down. I have these Apache rules to avoid these happening again:

    RewriteCond %{HTTP_REFERER} profile\.myspace\.com [NC]

    RewriteRule .*\.jpe?g - [F]

    SetEnvIfNoCase X-moz prefetch prefetch

    deny from env=prefetch

    My message to AVG: please check for a robots.txt rule, and tell me what robot name I have to check for. If you want to tell your users that "This site refuses to let us check it for viruses and we suggest that you don't visit it", then that is just FINE with me. Or if you'd like to wait until they've actually clicked on the link and then test the content, please go ahead.

    Just to answer one of the posts above: Chuck says

    > don't your visitors deserve to receive some verification of the

    > real time safety of your site?

    Absolutely, my _visitors_ are welcome to do all the verification they like. It's the 90% of verifications that come from people who won't ever click on my link, but just happened to get a page of search results that included it, that I object to.

  91. Oliver Beresford
    Thumb Down

    "it doesn't mask the user's IP address"

    If the reg article is correct in that "it doesn't mask the user's IP address" then I will stop recommending AVG to people and point them all at Eset NOD32 Antivirus!

    I would be very unhappy if I descovered that my IP was being logged as having visited every site that came up in google when I did a search, and I think most people would be against this 'feature' if they understood that this was what LincScanner would do...

  92. Steve

    performance

    Obviously anything that impacts the performance of my computing experience, particularly when a properly configured system protects just fine, is completely unwarranted. Propoganda can come from many directions, particularly say, lobbists with financial interests in the matter.

    The configuration I described previuosly worked just fine on MANY machines and for MANY years, sans exploits and sans LinkScanner.

    I'm just sayin...

  93. Nigel Brown

    Giving it the NOD

    Call me an old Luddite, but as I still have no desire or need to install SP2 for XP then the delights of AVG 8.0 are now denied me. I am currently halfway through the trial periond for NOD32 and am more than happy.

  94. Robert Day
    Dead Vulture

    Another twist of fate

    I have to say I am so very happy I am not ranked #11 on Google's results for, say "shopping". I mean.. with millions using this Link Scanner thing, and hundreds of thousands of them searching for "Shopping" on google, the top 10 results, are getting hundred of thousand clicks / day more than #11, who suddenly pales immensely compared to the top 10. Popular sites are suddenly so very much more popular than they once were..... Wonder how they will deal with THAT angle....

    Dead vulture, for my soon to be dead site, ranked #11 in search results.

  95. John A Thomson
    Stop

    No AV is perfect

    Okay it has been asked multiple times by those who don't understand the principle and thinking of Linkscanner, so let me try to explain.

    Let's take a website like Spy Sheriff by way of an example, AVG AV will detect it the malware being pushed down by the parasites. However, when you use Linkscanner it warns you not to go near it in the search engine results and if using the paid for version it will stop you going there either directly or by clicking on a search result.

    However, take a zero day virus that can avoid detection by any AV initially. It can take AV vendors anywhere from hours to months to devise detection and protection into their products. Linkscanner is looking for the exploits, techniques and typical methods that the malware writers use to actually push the zero day virus out onto unsuspecting computers. Bottomline, AVG and most other AV products probably won't detect the virus, but Linkscanner will detect if the bad guys are using known exploits to push the malware packages down onto victim computers. Users running only AV may become infected depending on their OS and set-up.

    So please can we stop comparing Linkscanner to the protection offered by typical antivirus products. Apples and oranges my friends.

    @Chuck

    I've suggested a similar scheme already to Pat to help with the website owners that don't want to be scanned. Either a robots.txt file (as you've suggested) or some additional meta information could make Linkscanner, and other such products, ignore the scanning and give it a classification of "Scanning refused by website... Use at your own risk! The link will be scanned if you decide to follow it". Having a nice warning, such as we see IE7 doing when there is a certificate problem, could make it nice and easy for people to click through or not. The weblink would be scanned at this point if the user selects to click through.

    Webmasters may find it more palatable to only be scanned if the web visitor is actually going to visit the website. Cautious website visitors may not click through onto perfectly healthy websites and that is a cost to be considered when implementing the "NO LINKSCAN" tag.

    Unfortunately, social engineering techniqies will ensure the bad guys manage to trick some users into visiting malware websites if this type of scheme is adopted. That is why it is important that the pre-scan is done at some point before the browser actually lands on the webpage.

    Please don't ask me to comment again!!! I had enough explaining to people who don't even have the courteousy to understand how the technology works.

    I'm sure Pat and AVG would rather hear your suggestions on possible ways to fix this than your whinging. How about some constructive criticism to help AVG to help you?

  96. FoTD
    Linux

    @Timbo

    "Any way in which a "robots.txt" file can do the same ??"

    No, probably not, and I highly doubt linkscanner bothers to parse robots.txt any way. I assume you pay somone else for hosting and don't have direct control over the web server? You can still use my suggestion if you are hosted on Apache and your ISP allows you to adjust your site settings through the use of a .htaccess file. Add this to your .htaccess file for the site:

    RewriteEngine on

    RewriteCond %{HTTP_USER_AGENT} ;1813\)$

    RewriteRule ^.*$ http://www.grisoft.com/ [R,L]

    This turns URL rewrite module on (if they allow this and have it installed) and redirects all requests from the rouge user agent to Girsoft. If you are hosted on IIS server you will probably have to do something in the way of an ASP script instead, and it would need to check the user agent and issue a redirect before serving up the pages content.

  97. John A Thomson
    Happy

    NOD32

    NOD32 is an excellent security product. I've trialed it a few times, the last of which turned into such a disaster that it was off the computer within one hour! The latest version had some very bad press when it was first released and most business customers stayed with the previous release. They also occasionally have a big issue:

    http://www.sheffieldforum.co.uk/showthread.php?p=3566976

    However, in general it is one of the better security products out there.

    No security product is perfect... no security vendor is perfect... but some are far superior to some others... you know the ones that seem to be bundled in with new systems :-).

    One thing is for sure... the bad guys only need to get something right once, whilst the security vendors need to do it right every time! An impossible mission if you ask me. Layered protection is the best means to preventing the bad guys from succeeding.

    p.s. Have a look at the Linkscanner videos over on YouTube to see some real world incidents and why those using Linkscanner were better protected. They are short and show off some clever techniques used by the hackers.

  98. Anonymous Coward
    Anonymous Coward

    so long AVG, NOD32 rules

    "...Thompson points out that AVG only scans the first page of results on sites like Google - unless the user clicks on subsequent pages...."

    Thank fuck for that. They could have been scanning all of the results returned! Software makers, developers have to stop feeling "they" have to protect us from ourselves. If I want a software to scan links before I visit them I will use Google. Marketing hype, nothing else.

    Got a massage "updates will not be available soon, update to v8". Installed v8, first scan it found over 200 viruses, trojants etc. yeah right! So lemme see. AVG 7 was nor detecting these, nor any other AV for that matter. How much can you trust an AV which turns up with dozens of fps?

    And dont even mention new duplo interface. Removed it, installed NOD32, 10 days into trial, works like a charm. Thanks to AVG for free use of v 7 series that was an excellent "install and go" AV which I recommened at every opportunity to friends and family. However they jumped on the band wagon, messed up a good product that was working perfectly well.

    @Chuck

    "Too many times to mention I've been protected from exploitive web sites listed in Google's search results"

    If you can be owned bu visting a posion site, then you deserve to be. No LinkScanner will save your ass

  99. anarchic-teapot

    Bugger

    So that's why hits to my site have apparently doubled over the past ten days or so, and here was me thinking that trying to put quality stuff online was at last paying dividends.

    What bothers me - apart from all the bandwidth burning, which apart from being unecological is just plain rude - is that the information being provided to (mostly) individuals paying the odd cent to advertise on my site is now seriously distorted.

    Moreover, there are hosting services who are perfectly capable of taking a site offline once it reaches a set bandwidth limit, and do. Not good for small businesses.

    @ Phil Endecott : my sentiments entirely

    @ AVG Look you do a nice antivirus suite, what on earth possessed you to do this shielding in such a damn silly way?

  100. Nuno trancoso
    Dead Vulture

    Blunder...

    If i ever seen something utterly and totally f..... messed up, this is it.

    What amount of REAL protection will anyone gain from scanning pages they WONT visit? Answer, none. Score one to pointlessness.

    IF the AV is doing its proper job, the page/contents will be checked somewhere between the TCP/IP stack and the browser. So, if protection works, it will work on proper time, no need to check in advance.

    Some ppl are on a limited traffic plan. How happy do you think they will be when your AV gets them a nice ISP bill for overshooting the limit "while just browsing"?

    Website owners put up (mostly) w/ search engines and the like because its in their best interest to get listed. Your product offers them nothing but annoyance and increase bills (bandwidth/etc). So they might not take lightly to having to serve content in a pointless way. You can actually see it right here, site admins are looking for ways to shut off YOUR USERS.

    Seriously AVG ppl, if you really need a new "cool feature" to sell you (IMHO braindead) product, by all means, do so. Just dont add one that is bluntly on its way to turn into a PR disaster...

    the bird.... cause its a braindead "feature" too....

  101. Hayden Clark
    Go

    Suggestion for optimisation

    Grisoft, why not host a cache of evil/not evil sites on your servers?

    So the verification process runs as:

    1) Query link with grisoft.

    2) If the link is not in the database, either as "safe" or "not safe", go fetch it and scan it.

    3) Any new site found is added to database

    4) Database records are aged, and ones older than, say, a week get purged.

    This way, any one site gets scanned weekly, not once every time it crops up in a search result.

    Downside- Grisoft need a fairly vast link database server, and a secure way of ensuring that nobody can poison the database with fake "good" ratings. Note that the scan must take place from the client PC, not Grisoft, as you won't be served the malware.

  102. Anonymous Coward
    Dead Vulture

    This is cool and scary at the same time...

    here you have a piece of software that not only scans sites pre-load for you, but also masks your actual click history at the same time. Take that, Phorm - see how much click-usage data you can consume when it's rammed down your server's throats in fist-sized chunks.

    On the other hand, the over-burdening on servers may cause a backlash that starts this argument:

    Web companies: AVG, you need to stop this - it's killing us, and we can't log our user's tracks.

    AVG: then you guys need to virus/spyware/malware-scan your own content prior to the user seeing it.

    **shiver** The thought of Google scanning web sites makes me scared. Google is already a pre-AI...now you're asking them to give it an indexing mechanism. That is to say, MEMORY.

    Okay, a little over the rainbow for some of you, but think about this then...in order to say the site is "clean", Google (and everyone else involved) would have to re-scan your site **every time you make a change to it**. Now, this kills everybody else's computer(s) instead of their own - you couldn't get anything done on the computer when it slows to a crawl from so many sets of eyes looking at it. Not to mention the non-governmental Eye-of-Sauron factor of them looking at all web content and deciding what is malware, and what isn't. No one controlling authority makes the decision then...everybody decides differently, and there is no standard. Absolute chaos.

    So then they decide on a malware spec and build a program to filter it. Programs judging good and bad for the human race, with the capacity to see everything in the world. AI again. **shiver**

  103. n00b
    Thumb Up

    Fine by me

    Wow, I never knew that Reg visitors were so concerned for the angst of web marketers and analysts who try to track our every move on the web. Touching, really!

    I'm about to upgrade to AVG 8, and while I won't be using the linkscanner or real-time protection (I'm fine with my security practices and don't feel the need to use the CPU cycles), I'll definitely be enabling both the next time on the parent's computer the next time I visit. I think the small cost in bandwidth for the extra protection will be worth it for them.

    For the people asking, "Well why don't they just scan when you click on the link?": This is a free product, my understanding is that such a feature is available, but in the paid version. I would think that this would lead to a much slower browsing experience than LinkScanner anyway -- it sounds like LinkScanner is just scanning your search results, as opposed to running a scan on every link you click while surfing the web. Maybe it will be a drag if all you do is run searches all day instead of actually spending any time at the web sites, but, well, if that's the case it sounds like you're not using your "precious" time very well anyway.

    One valuable question that *was* brought up was the issue of how LinkScanner handles it when you have your search results pages set to show more than 10 or so results. Especially if you have it set at 100 or more, then that *would* be an excessive resource drain if all these were scanned, so it would be nice to see Grisoft address whether or not they account for this.

  104. Glyph

    Possible attack vector?

    I saw this when I reinstalled windows on the other partition a while back. I thought it was super neat! It never occurred to me that this might cause a problem for web hosting. Does it cause the same sorts of problems when I keep google-analytics no-scripted? At the basic level if it came down to my security or someone else's business model I'd pick my security every time. However, if linkscanner has an exploit, I don't have to click the link to get infected, I just have to search something that brings up an infected link. I think an all around a better solution is to scan at click time, perhaps ctrl-click to skip the scan for trusted sites.

  105. Anonymous Coward
    Thumb Down

    f***ed either way

    Graham Wood I'm glad someone else has pointed out the similarities to Phorm.

    When I first read about Phorm I was concerned/outraged and then I realized a few minutes later that the built in 'phishing protection' on my browser and anti virus software was essentially doing the very thing we are concerned about Phorm doing.

    If we have Phishing Protection turned on, they are scanning and logging every single page we visit. And sending information back.

    Put it this way- we are f***ed either way.

    Also worth mentioning is the annoying (and convenient- to them) fact that most if not all of the virus software firms seem to be based in America, meaning (privacy policies, data protection) you're throwing your data into the wind...

  106. Chuck
    Alert

    @ my anonymous coward friends

    @ anonymous coward: It has flagged many sites in my Google search results and several others i've clicked on from other sites. When I click on a bad hyperlink, Linkscanner prevents me from connecting to it. Try it for 30 days free and see what you've been missing. Or, better yet, don't try it, and when the day comes you've been owned by a botnet, you might want to scan for a rootkit, and if you find one, it probably got there via a drivebydownloaded exploit that you could have prevented if only you weren't so full of yourself. Why is it that some security professionals think they know everything?

    @ second anonymous coward: You wrote, "If you can be owned by visting a poisoned site, then you deserve to be. No LinkScanner will save your ass" That dumb statement only demonstrates your ignorance. I'm not visiting warez sites or any other sites where one might deserve to get hit by malware. These are ordinary sites on the web. If you'd prefer not to know a malicious site is trying to nail you (even if you are patched), then by all means, bury your head deeper in the sand.

    @ everyone: inform yourselves. The misinformation on this thread is truly laughable. As John Thompson pointed out, exploits are different from viruses. You need AV software AND anti-exploit software. It's all about layering. If someone truly evaluates the product and takes the time to learn what it does, what it doesn't do, and how it's different from AV and AS and firewalls and intrusion detection systems, and they still decide they don't like it or don't need it, or they like a competitive product better, I can at least respect you for arriving at an informed opinion. But so many of the commenters here don't know the difference between an exploit or a virus, don't understand how the things spread, and haven't evaled the product.

  107. Svein Skogen
    Boffin

    Another approach to this,

    Is to create the file /usr/local/etc/apache22/Includes/grisoft.conf,

    and add the following to it:

    <IfModule rewrite_module>

    RewriteCond %{HTTP_USER_AGENT} ;1813\)$

    RewriteRule ^.*$ http://www.grisoft.com/ [R,L]

    </IfModule>

    a little like performing bypass surgery with a katana, but it does the job.

    Although I wonder if the correct place to point the rewrite rule is nsa.gov

    //Svein

  108. Michael Kean
    Happy

    Isn't it easy to turn off in the browser?

    Hmm..

    I just turned off AVG Safe Search in IE7 using Tools - Manage Add-Ons, with no problem. I then did the same in Firefox 2.0.0.14 again with no problem. So why not just do that? It doesn't cause the red exclamation mark to show in the system tray :)

    Now to email all my dialup customers and advise them to do the same...

  109. I. Aproveofitspendingonspecificprojects
    Paris Hilton

    Spam

    I seem to be getting more spam lately. I can't say it is a better class of spam either:

    "AVG 8 scans search results on Google, Yahoo!, and Microsoft's Live Search. And unlike similar technology from ScanSafe, it doesn't mask the user's IP address."

  110. Anonymous Coward
    Coat

    Adds some possibilities

    I'm half-seriously considering changing my user agent to the ...1813 string. I would look like AVG and not a real user (since AVG is supposed to look human, after all) and I might escape profiling.

    Also, wouldn't LinkScanner actually "protect" against some exploits by throwing away the first downloaded page from that IP address? According to the article some web exploit toolkits won't serve the exploit to the same IP address twice. You, too, could appear to be a virus researcher and too dangerous to mess with - just use LinkScanner!

  111. Anonymous Coward
    Anonymous Coward

    Honeypot traps

    I have little doubt that in these days of paranoia and mistrust some agency will have set up honeypot web sites in order to try to detect those who may have extremist views or pedophile tendancies . So all you people out there who have searched for "jailbreak", "afghan", "taliban" or perhaps "childrens clothes" over last couple of days might have ended up on their watchlist simply because your AVG Link Scanner visited the honeypot web site on your behalf.

    A prescan does not add any extra security because the scan could be performed after you click on the link, but before the browser actually gets the page. In fact a prescan may significantly reduce your security because you are now visiting pages that you otherwise wouldn't. If it turns out that the Link Scanner code has an exploit then all you have to do is perform a search and you will be infected.

  112. JJ Mail

    Grisoft/AVG knows best....

    Regardless of the performance impact on the day-to-day use of the net, this seems very dodgy business practice at best. I would be very suprised if Google does not have something to say about this since it directly affects their business of serving up search result pages and which in turn affects their paying customers, AdWords, AdSense, etc. What happens if LinkScanner generates a false positive for a site? This may impact on the revenue of said site. Surely strong grounds for all manner of lawsuits? Possibly a reason why Grisoft are keen to remove the identifying string from the log files.

  113. Adam Beale
    Unhappy

    @Michael Kean

    I'm pretty sure this only disables the display part Michael. The LinkScanner service still runs in the background, you just don't get to see the results.

    To disable the LinkScanner service you need to -

    Double click the AVG icon in the tray, double click the LinkScanner icon and untick the Enable AVG Search-Shield, save the changes.

  114. Sampler
    Pirate

    Simple Solution

    DDOS AVG's site - see how they like it :D

  115. D
    Paris Hilton

    "wasting disk space with large amounts of unnecessary lines in log files"

    this may have been a concern 15 years ago. When did El Reg start hiring reporters from the Daily Fail?

    Paris, because even she would know that it would take decades to fill a present day disk drive with server logs.

  116. Gordon Pryra
    IT Angle

    Most of the responses on this page

    Show exactly why its so hard to get trusted in this industry.

    90% of the workers in it have no idea what they are talking about and tend to follow whomever posted first like sheep.

    Can we get one REAL reason why this is bad?

    no, because there ISNT one.

    If your machine/bandwith cant support this, then you would probaly have problems with browsing anyway, sort your own house out first.

    Blacklists? OMFG!! do you actually know what a blacklist/whitelist is? Or how it is updated? (well done for cutting a pasting a cool looking word though!!)

    DA INTERWEB ANALYTICS IS BROKEN!!!, yawn, show me a websense report that makes real accurate sense and I will accuse you of feeding false test data into it to make it look good to your boss for the weekly report

    It will drive smaller sites into bankruptcy!!! If they are that close to the wall, then they shouldnt be online in the first place. If an increase in hits to their first page is going to cause problems, they why the hell do they HAVE a page?

    All this will mean is that MAYBE coders will actually reduce the shit on entrance pages for thier sites, speeding things up in general for everyone else.

    I use AVG8, I have noticed zero performance isssues, but I HAVE seen bad sites shown. (not that that stoped me clicking on them, but thats a different matter)

    IT angle? where is it? most people posting here only come into contact with computers in dixons

  117. Peter Fairbrother

    What's the point of pre-scanning?

    I can't see the point of pre-scanning. As far as I can tell it achieves nothing security-wise, and maybe creates a security hole.

    There are three operational possibilities, and I don't know which AVG uses: either the site is pre-scanned and scanned again when it is loaded, or it is just pre-scanned and the "cleared" site is loaded, or the version which was pre-scanned is stored and displayed.

    Suppose a site with some malware on. In the first case either it gets detected in the pre-scan or it gets detected when the site is loaded. In either case it's detected and the pre-scan achieves nothing.

    In the second case there is a big security hole, the site can easily provide clean content for the prescan version and dirty content for the "cleared" version.

    In the third case, again there is no security benefit, the other sites are discarded .

    The only possible benefit I can see is if the scanning is slow, in which case having preloaded and pre-scanned versions may save user time in some situations - but the cost of this in terms of slow response times and increased bandwidth is disproportionate, and likely to get AVG sued.

    I think it might be infringement of copyright for a robot to load a file for which a disallow entry in a robots.txt file exists - and it very likely would be if this had been previously pointed out to AVG.

    There may be other grounds for suing AVG too, the extra cost of bandwidth and possible DDoS are clearly detrimental to web hosts.

  118. Anonymous Coward
    Unhappy

    Google will block you.

    Google have a function where should you go through too many searches in too short a time then they will block you for being a bot.

    How long until they know you've clicked on links too quick and know you're a bot -so block you for that.

    May be a bit harder as they're on 3rd party sites by then but with so many sites using Google Analytics now it's certainly do-able.

    Then simply block Google access until the user turns the feature off!

  119. Anonymous Coward
    Thumb Down

    Hyena Offal

    AVG 8 was a complete pig to run, to setup and to uninstall too. Upon install it refused to update itself. Just wouldn't. I am running an old Cyrix 686 CPU on under 200 mb ram, even so. It would not uninstall either when I asked it to eventually. The only way to get rid of it was to boot into Safe mode. As for linkscanner, load of crap. As 8 comes with a firewall, I was admittedly a little anxious about the whole thing - when security software reports greyed out errors I tend to get nervous. All we want is a firewall, decent AV protection and an email scanner not this quatsch. Soon it will be like zzzymantec Snoreton. I downloaded the.bin files from the AVG site, still no joy in a local update. The e-mail scanner slowed my Outlook to a snail and as for running a VIrus check, that took (and I kid you not) 16 hours. With Avg 7.5 that was usually 3 to 4 hours. Unbelievable.

    I emailed tech support about these woes and 8 days later I get an automated reply saying that my computer was probably running FAT32. I did not respond having lost patience. This is though an NTFS 2k. I had sent them a copy of the config file initially so they could analyse it but I think it bounced back! In the end I just gave up utterly with AVG 8.

    My experience with AVG 8 was a gigantic frustrating pain in the bum. It's a great shame because a company that supplies free AV softs should be getting the thumbs up. Welcome to the Wonderful World of Computers.

    Now it's too late, I've switched to NOD32. (45 mins to scan) with Zone Alarm. This is a great shame for AVG because we were very happy with 7.5 for 2 years. It may work fine on fast new machines but if your machine is weird in anyway, forget it.

    Forget it in fact like tech support forgot about us for 8 days.

    So AVG 8 on this box gets a bit thumbs down. And I want my money back...

    /rant off

  120. Anonymous Coward
    Go

    A taste of their own medicine...

    1. Google preferences -> Number of Results = 100

    2. Google search: "site:grisoft.com ANYWORDHERE"

    3. Search

    4. Control/shift-click the 2 3 4 5 6 7 8 9 10 Google pages in new tabs/windows

    5. Repeat until bored

  121. rob
    Stop

    Computer sssssllllloooww dddooooowwwwnnnnn

    I had to kill the new scanner as simple browsing became too damn slow! Now I just have to live with the new AVG interface constantly indicating it is in an error state instead but it is a small price to pay for normal browsing speeds.

  122. Anonymous Coward
    Stop

    Ridiculous - why check what the user isn't interested in?

    This is a ridiculous methodology. I run Kaspersky and it, like other antivirus programs intercepts the download as they are requested by the user, scanning them before passing them on to the browser and has never failed to catch and block a problem site yet (although I tend to browser sensibily whch is easily the best defence). If a user visits a page with hundreds of links to large pages who is to say AVG will have scanned the relevant link before the user requests it? This is just wasting bandwidth for both site owners and the end users who are downloading far more than they need. This amounts to nothing more than a denial of service attack against heavily linked sites. Hopefully someone will figure out a legal case to that end and get AVG to stop this madness.

  123. William Bronze badge

    What makes me laugh

    Is that if this ever takes off in a big way, I bet you all a dollar each that their will be an exploit for it.

    And to the chap who claims it has stopped him countless times from getting infected - If you going to go searching for dubious material, do it on a VM machine you nitwit, and for the love of god - DONT use google to search for it.

    Some prize idiots out there.

  124. David Simpson
    Flame

    The Saab of Browsers

    @Phil the Geek

    Opera is the Saab of browsers ?

    You do know that Saabs are just Vauxhall/Opels with a Saab style body on top don't you ?

    It would seem by that analogy that Opera would be based on IE and not Firefox ;)

    As for AVG, who cares if it makes the web safer.....

  125. Anonymous Coward
    Pirate

    Link Scanner is superfluous

    @ John and his circular logic "Linkscanner is looking for the exploits, techniques and typical methods that the malware writers use to actually push the zero day virus out onto unsuspecting computers."

    It's not apples and oranges, it's apples and lemons, the Link Scanner is the lemon.

    That same code to detect those exploits and techniques can be done in real-time by evaluating the data stream, which other AV products do, instead of advanced link scanning.

    You can defend the practice all you want but whether the link scanner is checking the page in advance or on demand, the result is the same of the process detects something potentially hazardous, making pre-scanning a complete waste.

    Besides, link scanner is VISIBLE to the malicious sites because of the ";1813" in the user agent and a few other factors I won't mention. Code is already available on the internet that can redirect all link scanner requests to a fake clean page, so if AVG can't detect the problem in real-time, they are screwed.

    OK, how many words can you come up with the accurately describe the Link Scanner in AVG 8?

    I've got a few: useless, impracticable, ineffective, superfluous, ineffectual, inefficient, pointless, unworkable, futile and incompetent.

    I think that pretty much covers it.

  126. Steve

    Chuck - do you work for Linkscanner?

    ...because I don't care what software you run or what scanner you use - a really crack team can put a rootkit in place right now that's not detectable by ANY off-the-shelf stuff at the present time.

  127. Anonymous Coward
    Anonymous Coward

    To Be Fair

    I'm sure the Link Scanner worked well for a very short period until it was discovered so people that saw it work in the beginning did see a very short lived benefit.

    However, now that the cat's out of the bag and everyone knows how to defeat it, it's about as effective as bringing a knife in a gun fight.

  128. Anonymous Coward
    Anonymous Coward

    Exploit vs. Virus

    It would appear there might be a couple of AVG employees on this thread that will defend this link scanner to the death and assume other security experts know less than they do.

    Anyone with half a brain can see this is just a malformed response to McAfee SiteAdvisor and several posters miss the point that those drive-by-downloads can be detected without pre-scanning the link.

    Besides, the Link Scanner only checks the first page of the site so if the second page (or third) on the site you visit is the one infected, the link scan is still completely useless.

    When will someone just admit it's a complete marketing hype with no technological benefits whatsoever?

  129. Brian Scott
    Thumb Down

    Not only does it hurt websites and dialup users

    I was hurriedly removing this from a friends dialup computer and took the opportunity to trace the network traffic while connected to my broadband connection.

    First thing I noticed was a lot of failed POSTs as it tried to tell explabs.net about browsing history. Nice one - people would pay very good money to AVG for this information. Hopefully they have a privacy policy (haven't checked) but it does go over the internet in clear text so it cause save your ISP some trouble. This can be turned off during installation.

    What worries me is that it uses 'Cache-Control: no-cache' on its requests. This means they are also causing proxy servers to do more work downloading content. OK, not everyone has a proxy on their home network but I notice that my ISP has a transparent proxy and it must be wrecking their links.

  130. Anonymous Coward
    Anonymous Coward

    Effects on Google

    To those who have commented on how this will cause more traffic for Google and the other search engines, you clearly have no idea how web pages work! How exactly do you suppose Google will be hit by this (excluding paid for clicks which I've yet to see a definite response saying that this issue includes them).

    When you search in Google it returns a list of links in the webpage for you to click on. At that point Google's involvement in your browsing ends until you click for the next page of results. When you click on a link your browser talks directly to the target website, it doesn't go through Google to get a result! So from Googles point of view they'll only see one visit to their search page, they won't be aware of the multiple connections. The only way Google would be aware of anything would be if AVG went and scanned the results of every page of Google results, which isn't the case.

  131. John A Thomson
    Stop

    Please, last time

    Since I've been asked yet again, even although I did ask to be left after my position had been made quite clear.

    The only AVG employee on this thread declared their interest ... Pat has asked for your help, feedback and assistance to come up with a workable solution to the concerns voiced here. How many Anonymous Cowards have actually done that? It is the people who don't declare their identity that seem to be voicing lyrical about other vendor solutions... draw your own conclusions from why they feel the need for anonymity.

    The paid for version of Linkscanner will check ever link that you click upon in the paid version. Just like AVG and all the other freebie security products, the vendor doesn't include all parts of the technology unless you pay for it. Avast, Avira, etc do the same kind of feature cutting from their free offerings. Again, this is nothing new. It worked the same way when it was a standalone product available from Exploit Labs before AVG bought the company in a Victor Kiam moment. Once again a lack of research shows through.

    Exploit code can be found to do all kinds of things on the web, including a long list of code to do all manner of bad things to security software i.e. disable protection of some very well know software. The challenge to all software vendors is to fix bugs and adapt their software so these exploits don't work. It is an arms race and most vendors will quickly develop their product to fix such issues. I've just checked for myself and AVG has already fixed one of the ways this exploit code was detecting Linkscanner (one of the easy, one keystroke fixes), but I do agree that it can still be detected too easily. The doubters are now challenging AVG to make the product totally undetectable... you won't get any arguments from me to making it use the exact same user agent as the locally installed browser, thereby rendering another whack of detection code useless.

    Apple or oranges! You can't beat a slice of lemon to give your food or drink a little zing. Lemon and honey are always good to deal with a cold.

    Because I respect Kapersky as another industry leader, but haven't taken the time to understand how their technology works or even run a demo, then I'm not able to comment on its ability to stop exploit code pushing down nasties onto website visitors computer. People who don't understand Linkscanner may wish to apply the same courtesy from this point forward.

    Most AVs have to wait until the nasty has been downloaded before they can then detect and deal with it. In the modern threat landscape, that's like saying we wait until the burgulars are in the house before trying to throw them out and close the door behind them. Linkscanner, and the other technologies available from other vendors, are the security guard patrolling the garden looking to stop the bad guy before they get into the home.

    Now please, let me get on with my own business as I'm obviously on the side of AVG and their technology. I can sympathise with the opposing views being voiced, but I empathise with the customers who are better protected today by using AVG 8 and other security products that use this next generation protection technologies.

    Please accept that AVG will be looking at this issue seriously to come up with a solution that works and is acceptable to the vast majority of the company/people involved. If you've got sensible solutions then Pat from AVG is waiting to hear from you. You may also wish to keep an eye on Roger's blog over at http://blogs.avg.com/ to see his response in due course... he's probably busy working to address many of the concerns and issues that people have been voicing here (and elsewhere) on either side of the debate.

  132. John A Thomson
    Unhappy

    Oops! Missed this point.

    I'm going to make an assumption here as I've not done the research around the workings of SiteAdvisor, so be warned! There probably isn't much detail available from McAfee, rightly so, on the technical nature of its inner workings as that info could be used for evil.

    I suspect SiteAdvisor isn't going to flag one of the websites that is flagged "HackerSafe by McAfee". But alas, a little while back HackerSafe was shown to be flawed. The conclusion, rightly or wrongly, is that SiteAdvisor doesn't offer 100% protection and you are vulnerable between the time a website first serves malware and the McAfee test system come roaming past and flag it as dangerous... then you've got to wait for the update to be pulled down from their servers and installed into your computer.

    http://www.theregister.co.uk/2008/04/29/mcafee_hacker_safe_sites_vulnerable/

    The point I'm making here is every security vendor has challenges and areas that can be exploited. Their challenge is to fix these issues when they occur and move onto the next fight with the bad guys. The task for us is to assist AVG to fix this challenge!

  133. Andy Worth

    Is there any way they can fix it?

    Other than removing the feature, how can they fix the impact that it has on web statistics? To fix it, surely they'd have to leave a visible trace so that the sites can filter their logs, in which case it'll be about a week before a new bit of malicious code is released that hides itself from the scanner.

    @Chuck

    Ever heard the saying that "love is blind"? Because your evident man-love for AVG seems to have blinded you to reality. I guarantee you that as fast as they change linkscanner, people will develop new ways to hide malicious code from it. So all that it will leave you with is a false sense of security, and a blissfully unaware smile on your face as malware ravages your PC.

    Simple fact is that it eats up both your bandwidth and the bandwidth of the websites featured in the search engine links. If it continues, how long will it be before sites just arbitrarily block it, or someone (website owner) takes grisoft to court over the cost of extra bandwidth?

    As stated in the "Exploit vs Virus" post a few before this one, this looks like a load of marketing tripe, or just a really poorly thought out "advancement".

  134. Anonymous Coward
    Anonymous Coward

    <no title>

    Every now and again someone implies something about folk wanting anonymity, which is somewhat insulting. As everyone knows, the reason folk want anonymity is that it is normal to not want to be identified, and difficult to understand why folk would want to be identified. Public acclaim is it? In any case, what sort of identification is some fabricated label anyway?

  135. Peter Gordon

    This is clearly the wrong approach.

    Why not do the following:

    1) Place a link next to search results saying "Scan for malware", and the user can then optionally scan the links he is actually likely to visit.

    2) If malware is found, make it possible for the client to send a report back to AVG to add that URL to a known malware database, which is sent out with the updates.

  136. Graham Wood

    @Gordon Pryra

    Dunno about the rest of the people posting in this thread, but I've been in the industry for years, have quite a bit of experience of computer security, and am paid to be aware of the issues - so I'm certainly not being "sheep" like. I, like most people that are posting having used it, had a pretty strong opinion before reading the article let alone the comments.

    So lets go through your individual points shall we, I'll just attack the low fruit to match the fact that you seem to be a complete fruit case.

    "Can we get one REAL reason why this is bad?" - sure have 2.

    1) Data will be downloaded to my PC that otherwise wouldn't. This introduces a new attack vector. All that needs to happen is someone to find a bug in the AVG parser and my system is FUBAR.

    2) I go to sites that when I click on links give me one chance to download the file (sun patches are a perfect example). Each time I want to download I need to agree to various things - so this will never work with the link scanner enabled.

    "sort your own house out first." - A lot of people are using limited bandwidth accounts - this is not a problem for them, since that matches what they want. Another example would be browsing on the go. I use the internet via 3G on my mobile phone, sometimes it falls back to GPRS. This is fine for what I'm doing, since I change my habits to match it - does linkscanner stop scanning big pages when I'm on a dialup equivalent?

    "I have noticed zero performance issues" - Good for you, I've not noticed any either - but I got that result by turning off the linkscanner.

    "only come into contact with computers in dixons" - I'd suggest you ask for a job there - your complete inability to understand that there are a wide variety of computer users out there seems perfect for their helpdesk. I should know, I worked for one of their phone centres years ago.

    I think I can summarise your points: "It works for me, and gives me a warm glow of feeling safe".

    I can summarise mine equally quickly: "You are not the world, also I do NOT want this".

  137. Anonymous Coward
    Anonymous Coward

    Suggestion

    There are differences between free and paid for versions of software, mainly that the paid for versions have value added components.

    If Linkscanner is considered to be such a component then surely AVG can have this as a paid for only option, highlight this in the comparison chart and let the users decide. However, if the competition have similar technology in their free versions then AVG really have no choice but to do so as well.

    Personally I never noticed any difference in browsing speed with or without it, I just don't like the concept of pre-scanning. If you're of the same ilk then just disable it.

  138. sack

    Link scanner vs acceptable use policies

    I never thought of that particular angle - I just uninstalled it because it made my machine crawl to a halt and crashing firefox.

    The thought which occurred to me at the time was what happens to the person who types the seemingly innocent search that a long-time internet user knows is a bad idea? It reminded me of the time I had a support caller who claimed her child was researching whitewater rafting and sailing so decided to google for 'water sports' and was clearly unamused at the result set* that came back. That's bad enough - but the link scanner is going forth and pulling these pages down, through your ISP and through a firewall, creating logs that could look like an acceptable use policy breach or maybe even a criminal act. Even if the user has already thought better of clicking on any of the results its too late.

    Where do people stand with this I wonder?

    *After subsequently repeating what she claimed happened me and my collegues only got pictures of aquatic-based sports persuits and no filth, so we've ruled 'husband looking at filth and blaming child' on this one.

  139. Anonymous Coward
    Anonymous Coward

    Reciprocation okay?

    I just need to clarify something: will AVG be happy to receive a reciprocal volume of traffic for the volume they are generating?

    For instance, webmasters can check their access logs and for each Linkscanner request identified make a like for like request from AVG's web servers. Presumably AVG will be treated as a fair arrangement, right?

  140. Eric Cartman
    Pirate

    LinkScanner F'd You In The A

    "According to Thompson, nearly all web exploit toolkits track IP addresses"

    Listen up retards, you need to know this.

    If you have a static IP and have used AVG LinkScanner at any time since it was launched you have been identified as an AVG user in the logs of every site that showed up in your search results.

    This data is easy to extract and every scammer in existence should already have your IP address on their target list - thanks entirely to Roger "The Eggbreaker" Thompson of AVG.

    The code that sites can use to fool LinkScanner and hit you with a drive-by download has been openly available on the web for a month and is so simple that even Clyde Frog can use it.

    AVG will be forced to change the user-agent very soon but if your IP address has already been logged you are a target and you should change to another anti-virus package immediately (unless you are a total choad and don't respect authoritah).

    LinkScanner F'd you in the A.

  141. Anonymous Coward
    Anonymous Coward

    Ahahahaha! Har har har.

    "...some ad clicks cost well over $20 per click..."

    More fool whoever signed up for that then.

  142. Anonymous Coward
    Unhappy

    We're a web host and this sucks; PS we're not renewing AVG

    This is totally irresponsible behaviour. To explain: our company provides content managed web sites for our customers and we've been trying to analyse the increase in traffic that's occurred very noticably recently.

    Now how about this AVG - why not scan the page WHEN THE USER CLICKS TO VISIT IT - not "just in case". The current behaviour is is what "Fasterfox" (a Firefox extension) started off by doing, and they soon learned the lesson that it was irresponsible and stopped it being quite so stupid by default.

    AVG: This "link checker" solution is absolutely the wrong thing to do. Given your installed user base and the damage and very real cost you have caused to the web hosting industry and their clients, and if this is just 2/7ths of the predicted traffic increase, you are totally irresponsible.

    Bandwidth and CPU usage are certainly not free, especially CPU usage when you're generating page content on demand from a complex database system.

    AVG: Perhaps you'd like to buy us some more servers so we can split our sites out some more to account for the load? Perhaps you'd like to subsidise the cost of our developers who have been sidelined in trying to work out the traffic patterns and writing new tools to do so?

    If we have to increase our servers, our profits will suffer and/or our customers will end up paying. We're already paying more than £1.5K a month for our servers - so don't tell me this doesn't cost us money! We're a small business and AVG are stomping on us.

    I dread to think of the environmental cost of this madness.

    Our customers are also going to be suffering from the analytics skew that this will cause.

    What happens if other AV vendors follow suit?

    The really sad thing about this is that AVG have had, until now, a good reputation with "IT nerds" - and they've done great things - like letting people at home have a free AV solution. That is to be applauded. However, reading through the comments here, it seems that this reputation is teetering on the brink of falling in to a very large industrial shredder.

    I agree with calls to boycott AVG. And that will start with us. We have a fully legal commercial 25-device AVG network license that we use on our systems internally. There's no way I'm renewing with AVG on 24th June when our current license is up for renewal unless this rubbish is disabled - both by default on all AVG installations but also they need to repair the damage they've already done and update existing installations to disable it too.

    P.S. Any words about expecting individual users to disable the feature is not a practical solution given the overall scale of the problem.

    I really hope AVG are listening. I will be copying this post to their technical support (since we pay for it). El reg - if you want another voice if you make a campaign, add mine!

  143. Jamie Kitson
    Paris Hilton

    Oh Boo-Hoo!

    We all know that web stats are totally unreliable, and if webmasters want to lessen their bandwidth they should clean up their sites.

    My hearts bleeds. Not.

    Paris, because in this photo she's wiping away a tear for all the webmasters and statisticians out there who might have to do a bit of a better job. Either that or she's got a stray eye lash.

  144. Anonymous Coward
    Thumb Up

    lol

    "More fool whoever signed up for that then."

    Not really, cause one of them clicks can generate $10k+ revenue - so while the clicks may cost $2k, that leaves $8k profit - thats an 80% ROI, now whos laughing?!

  145. Tim Williams

    No need for an AVG boycott

    "It's easy to disable this feature - just click on Link Scanner and uncheck AVG Search-Shield."

    I tried that and it caused the AVG icon on the task bar to constantly show an error state warning me that vital components had been disabled and that my system was no longer protected. Unfortunately this warning masked more important warnings, eg virus database out of date, since you get used to the icon always showing an error. In the end I had to de-install and the re-install AVG without the link scanner.

  146. Adrian
    Stop

    My take on it

    AVG - run Linkscanner on the page I click on not ones I won't even look at (Google is rubbish at not giving me what I search on)

    and

    Everyone who is running AVG 8 - Google AVG every time you have spare time. Their paid for placements will soon bankrupt them - hoisted by their petard methinks.

  147. Anonymous Coward
    Anonymous Coward

    Re: We're a web host and this sucks

    Quite frankly, that is a load of bollocks. Linkscanner kicks in for the links on the first page of a search, to be on the first page you need to be a rather popular site. Therefore, for your comments to make sense not only do you need to be a popular site but once there your visitors don't go anywhere else within it. In other words you have a popular kick ass front page but no content of any real interest, hardly the recipe to get on the first page of results returned from a search engine.

    Why not come out from behind the cloak of anonimity, tell us one of the web sites you host and let's see if we've even heard of it.

  148. Anonymous Coward
    Anonymous Coward

    Windows 2k v AVG8

    Anybody else had probs upgrading AVG from 7.X to 8 under Windows 2000? It gets so far then reports "fails to update configuration" and wants a super-super-super administrator to log in to do something that even running as administrator doesn't seem to allow?

    Is this why they have extended AVG7 beyond the original end of May cutoff?

  149. Anonymous Coward
    Anonymous Coward

    Free AVG does not scan ALL pages...

    I think I've just spotted the main confusion... read the extract below from the AVG version comparason web page :

    > AVG Free only includes the Safe Search protection which provides you with advice on search results. It does not protect against infected pages. Only AVG paid versions contain the Safe Surf technology.

    So.... If you use the free version, it will not scan each and every web page that you click on. That is the "Safe Surf" feature which you have to pay for. For everyone saying "but won't it scan when you click on the link anyway" - the answer is NOT UNLESS YOU PAY FOR IT.

  150. JK
    Thumb Down

    Just a thought...

    ...if one of the sites on your Google search results page happens to be a Police-run "honey trap" for terrrrsts or kiddy fiddlers, is this software going to get you in a LOT of trouble?

  151. Anonymous Coward
    Flame

    Congratulations AVG!

    On creating an antivirus solution that is actually worse for web traffic than most of the malware it protects against! And now all the really repugnant sites that may come up in a search have your IP logged too, as a side benefit of AVG's "clicking on everything"!

    This is the same mentality that thinks using depleted uranium projectiles is a good idea.

    Can't someone figure out that the end doesn't always justify the means?

  152. Anonymous Coward
    Thumb Up

    @ Chuck et al.

    The thing is I have never been hit with anything drive by or otherwise that has affected my computer in any detrimental way. I use AV but no link scanner stuff. I may have been rootkited, or other malwared but as far as I am concerned if I see nothing wrong, nothing is wrong. I tend to do security audits etc. quite a lot so I am well aware of what traffic is being generated by my computer.

    However when I upgraded from AVG7.5 to 8 I found that lots of things slowed down. The daily scan jumped from 45 minutes to 5 hours (with quite heavy CPU usage) and web browsing was severely affected. Not just on search sites either. I can only assume that link scanner either scans everything to see if it needs full scanning or just generally slows FF and IE down big time.

    So I have removed it. I have no problem with Grisoft, the free product is very reasonably priced (and it is up to users to understand what they are installing. If you don't agree I have some excellent value magic beans for sale), but I'd rather I was able to riskily browse the web when the alternative is not being able to browse anything at any reasonable speed.

    Computer is 1.8GHz mobile Sempron with 1gig RAM running XP Pro; so, whilst not exactly a speed daemon, it's not obsolete either.

  153. Anonymous Coward
    Thumb Down

    Resource hog

    I've had to remove AVG from my system since the forced upgrade to version 8. Why oh why don't these customers learn from the mistakes of others.

    Anyone remember when Norton was useful and popular? Now I dont know anyone personally who'd recommend or use it.

    I'm now using ClamAV which is lightweight and does what I want. I think AVGs best bet is to remove the link scanning software from the free version or auto-disable it and advise users they can choose to enable it or not.

  154. TeeCee Gold badge
    Unhappy

    @mh

    "AVG 8 might be free but it's worth every penny."

    I dunno, when I add in the time I spent ripping off what I had before and installing it, the time I spent trying to work out what was causing it to insist my machine was a malware infested cesspool (false positives to a man) and the time I spent ripping it off and reverting to my old setup, I think it's a tad overpriced.

  155. Anonymous Coward
    Thumb Down

    Re: Re: We're a web host and this sucks

    We host 400 web sites and yes, a lot of them do have page 1 rankings. In fact I can't think of one (of our serious customers) that doesn't.

    The reason I'm posting anonymously is for client protection, so if you think I'm spilling my client list think again.

    For your info, it's not "bollocks" (by the way, how old are you, 7? 8?) - I've analysed the logs on two of our web servers and in the current month the AVG "utility" is accounting for 7% on one and 8% of the traffic on the other. If that's 2/7ths of what's to come, then it will be very significant indeed.

    Don't single me out you silly boy - you may have noticed there's rather a lot of other people posting along these lines... Still you probably have some need to prove yourself as terribly clever. Get a life.

  156. Anonymous Coward
    Pirate

    I stopped using AVG

    I already stopped using AVG the minute the Link scanner appeared. I dont want a phorm like analysis of my web browsing, even worse I dont want stupid load everything ten times delays. And what is the point when google does this anyay?

    Disabling the link scanner consistantly report a fault condition, hence uninstall..

    What know?

    Avast me harties!

  157. Xander
    Boffin

    Speaking from experience?

    I don't understand where half these user "problems" are coming from. Search results are no slower than using facebook (which uses AJAX to load a different page for every frame) and as there is no time spent rendering the pages, which for most "Wiz Bang Look-at-me-look-at-me sites is where half your loading time goes, then there really is very little difference.

    I have AVG 8 and upgraded not long after it came out. I'm on AOL so if you would expect slow down, you'd expect it there but I haven't noticed any. The linkscanner is bloody useful, although it does flag up sites I would have guessed were bad anyway.

    The real bit I don't get is why you're all being so upset. If you really used AVG prior to this story breaking you'd know at least how to switch on/off modules and all linkscanner is, is another module. And don't give me all this "it's bloated resource hogging" crap because, frankly, it isn't. My behemoth of a PC (4GHz dual core + 4GB ram + WinXP) came to a crawl when norton just started up with windows. Hell, even the old AVG 7 took forever to start a scan compared to the new scanner in 8. So anyone who says avg 8 is slow has either upgraded to vista or is talking out their proverbial.

    Science, because this could be the new "Mike or Joel"

  158. conan

    No Sympathy

    If you're a webmaster, then you're making some content freely available on the internet to anyone who asks for it. That's up to you. if somebody wants to make loads of requests to your site for security reasons and you serve the results back, that's your call. You've got the option of only sending responses to people who post credentials to your site, but you choose not to. Just because AVG make software that's useful doesn't require people to run it. I use it, I don't really care if it scans search results or not because I don't expose myself much to malware risks on the internet and I don't notice any slowdown in browsing experience. So as far as I'm concerned, this is just part of life for webmasters and they should deal with it.

  159. Anonymous Coward
    Anonymous Coward

    Re: Re: Re: We're a web host and this sucks

    I'm old enough to have a thick enough skin to pay no attention to your insults.

    If two of your hosts are recieving 7% and 8% of hits from AVG it simply means that you aren't getting any real visitors. Just do the maths, let's keep it simple and say AVG accounts for only 5% of your traffic. In this case one hit from AVG and nineteen hits from elsewhere. Now in an extreme worst case scenario for AVG let's assume that AVG is the only AV product available, everybody uses it and you don't have any dediciated followers that return frequently then nineteen hits from a new visitor is pretty bad, no wonder you want to remain anonymous.

  160. Anonymous Coward
    Boffin

    Not a new 'feature'

    Maybe its just me, but I can't see how this is significantly different to features we are seeing more and more of in modern browsers which pre-emptively cache pages from links on the current page in a effort to speed up the browsing 'experience'.

    (I will personally garrotte the next marketing person who uses the term 'enhancing the user experience')

  161. ian
    Jobs Horns

    Re: ResidentShield no panacea either

    Blocking Quicktime? So it's not all bad then!

  162. Rune Moberg

    They do not need our help

    Quote: "The only AVG employee on this thread declared their interest ... Pat has asked for your help, feedback and assistance to come up with a workable solution to the concerns voiced here. How many Anonymous Cowards have actually done that?"

    Oh come on. The average AV business model is bloody brilliant from the owner's point of view. From the customer's POV, it quickly takes on the appearance of a scam.

    Those AV solutions that do not rely on heuristics, are solely dependant on fresh updates. When your AV subscription runs out, you're left with old definition files and you quickly become vulnerable. Not to say that you weren't involnurable while running the AV crap in the mean time, because if you're touched by a new threat, you may think you're safe, but in reality your one hour old definition file might not be fresh enough to fully protect you.

    In short: AV gives most users a false sense of security.

    Then you can factor in the wasted CPU cycles, the huge memory footprint and the smell of burnt aluminium as the hard disk head touches the platter 100x more than necessary because of some stupid AV product. Oh, and now you can also factor in the wasted network bandwidth.

    Lovely.

    Not to forget all those BSODs caused by dodgy device drivers installed by certain AV vendors...

    And at the end of the day... This question remains open: What causes the most pain and grief? Malware or the products that "protect" against them?

    I disable javascript/activex/java by default on my computer at home. I only trust sites that are useful (and trustworthy). In the end none of IE's exploits have ever been any issue for me. I run an AV scan annually, and it never turns up anything. I've done this for the past 20+ years. I have occasionally tried some AV products, and they OTOH have caused problems for me. (I remember vividly NAV triggering a BSOD under NT4 when inserting a floppy -- lovely)

    In short: The AVG guys don't need our help. Their product that scan links is broken and needs to be removed. That's all.

  163. Steve Mann

    @ John A Thompson

    Well, Link Scanner may indeed be the best thing since sliced bread but ever since, well, forever really, the idea of getting a computer program to take the lazy way out and do things the worst possible way has been seen to be bad practice. Entire carreers have been built on not doing it the "Link Scanner Way", and a library of books have been written along the lines of "never do anything the Link Scanner way".

    Testing every link on a search engine page is simply a waste of resources at every level. I can't speak for anyone else, but often when I'm using Google for work purposes I need to make a couple of attempts at a query before I see *anything* worth clicking on. Why in Azathoth's name anyone would think it a "good" idea for software to go swanning after the links I have no intention of using is beyond me. No doubt I am being intensely thick, even less doubt you will explain it, at length (this now being the John A Thompson Opinion Page).

    Point of information: Since any "scanning" actually takes place in the user's machine anyway, what exactly are the different semantics of doing this *after* a click rather than before? Other than the real speed costs of the software becoming all-too apparent to the user in an unambiguous way of course.

    Reality time. The thinking of this clearly never went beyond the "let's hide the cycles needed under the user's reading time" stage. The idea is causing real damage at every level. It should be consigned to the stupid box and everyone concerned given a light touch of the cattle prod for being immensely thick and another to remind them to think it through *first* next time.

    One rarely comes across a situation so worthy of the Gordon Bennet Award For Not Getting It.

  164. Daniel B.
    Thumb Down

    I love the smell of burning comments in the morning...

    Ok. Seems like a lot of people don't get it. Linkscanner shouldn't load sites *before* I actually click on 'em! Doing so isn't "live" scanning at all. Its eating away my bandwidth, and the site(s) bandwidth as well. I do understand the need for this kind of scan, but you could have this as well done at *load* time, by setting up a local proxy that checks the site, then serves it to the browser if its OK.

    I do see some webmasters that would be happy for this, though. I remember some of those "warez" site groups like t100.com or something like that getting paid for clicked-in users (that is, site visitors.) They'd be very happy to get a zillion extra "visitors" thanks to this.

    The rest of us, however, really don't want this kind of stuff.

  165. Jason DePriest
    Unhappy

    Re: not a new feature

    The spidering behavior of "modern browsers" you are talking about is outside of the RFC specifications.

    Between Firefox 2.x, IE 6.x and 7.x and Opera, none of them do this sort of prefetching by default (as far as I know, in the installations I have).

    You have to configure it or add a plug-in that does it.

    AVG does it by default without asking you if you want to increase the load on target servers you aren't even planning on visiting.

  166. TimB

    On the plus side

    I run a small site, and this could be useful to give me an idea of what search strings my site is making the front page for, without getting clicks. OK, it might change my web analytics as I use it now, but I can adapt.

  167. Kevin Reader
    Pirate

    Some more thoughts....

    The extra traffic would make things unusable for anyone on DIALUP. Such people still exist - often the poorest or those a long way from the exchange.

    If I had a malware site I'd change it to deliver the malware on the 2nd (or nth) request which neatly sidesteps the check. OR linkbanger (sic) must check when you click ASWELL making the first check redundant (!).

    Yes use html and javascript detection BUT do it on fetch before display. This whole mechanism is about having something "marketable" that you can show the user. A check behind the scenes is too invisible for marketting suits to sell.

    I worked in software for many years and the suits could only sell "one idea" at a time. Which was awkard as we had multiple products. One the "big new thing" ever got sold. Oh and they had to have a "new feature" to sell each product on. They had no ability to sell "improved" or "faster" just new feature (or gimick). Linkbanger is about "having something sexy to sell" and maybe they were losing sales or its original owner. After all is my links are all safe why would I need an AV. Clearly a broken argument but I suspect they worried about losing customers to it.

    To the guys saying how well it works - are you sure? Were those events false positives or actual problems? How would you know?

    The idea of validating is good the implementation mental.

    Also reminds me of symantec dealing with sygate. It was recognised as one of the best firewalls and so they bought it, chewed it up and EVENTUALLY used bits of its technology. The first steps they took were to 1) take it off the market, 2) remove the support forum, 3) stop official downloads - so no easy reinstalls, etc...

    Lets hope there are no exploits in Linkbanger - you've got N times the chance of getting zapped. Or sites that look for other exploits once they have your IP - you just visited N-times as many sites!

    Good point by the guy who mentioned searching with more than 10 per page. That must be mad to see.

  168. Anonymous Coward
    Anonymous Coward

    AVG Free vs. AVG Paid

    If you go to AVG's site you'll notice the FREE product appears to only do the Link Scanner as Safe Search. However, if you click on the link anyway you're screwed because it doesn't come with Safe Surf for free.

    http://free.grisoft.com/ww.download-avg-anti-virus-free-edition

    Nice, you only think you're protected for free.

  169. Anonymous Coward
    Boffin

    @Anonymity

    "draw your own conclusions from why they feel the need for anonymity."

    I feel it needs pointing out, since its probably not obvious.

    A lot of us who work in the corporate environment are careful about where our Name/Email Address/etc are left out on the 'net because they get picked up by corporate security subcontractors who do routine searches for stuff relating to their employees. At my last job, I got warned because my email address flagged up on the php bug database. Yes its shit, but its either be careful or potentially lose all 'net access altogether.

  170. Anonymous Coward
    Boffin

    @Jason DePriest

    No its not default browser behaviour, but then AVG is not a browser - its a plugin.

    Apart from browsers, how many 'internet accelerator' packages are out there? Some of those use pure compression, but how many run a local proxy with premptive caching?

    How many dodgy software vendors actually give a feck about RFCs anyhow?

  171. Jason DePriest

    free vs paid

    It seems odd that the value-added feature would be that it scans the link when you click on it and the free feature would be that it proactively scans all the links on the search page.

    Wouldn't it make more sense the other way around?

  172. Eric Cartman
    Pirate

    LinkScanner Is A Security Risk

    OK listen up retards, I'm not going to tell you again and if you don't respect my authoritah it's your own stupid fault.

    My site has been fooling AVG LinkScanner for a month by serving it a dummy file, and getting the nice green star every time. I could serve a drive-by download to anyone who uses this piece of crap (and that means you).

    My site logs are full of the IP addresses of identifiable AVG users and I can turn them into a target database in seconds. I could sell that database to a scammer if I could find one who didn't have their own already.

    You morons are lucky I am such a nice guy.

    LinkScanner is not just useless, it's a security risk.

  173. Michael

    Does it check sponsored results???

    If the LinkScanner checks all the links on the search results page, does it also check the link on paid ads? If so, then the LinkScanner will cost advertisers a significant chunk of change, and that's an actionable state of affairs.

  174. Morten Ranulf Clausen
    Thumb Down

    Out of control

    I've dropped AVG because of version 8. It's out of control. It doesn't even let me have a say in what gets installed. It's a goner. Malware in my book.

  175. Nuno trancoso
    Alien

    Oh my...

    "Most AVs have to wait until the nasty has been downloaded before they can then detect and deal with it. In the modern threat landscape, that's like saying we wait until the burgulars are in the house before trying to throw"

    What a bunch of ******. In ANY facility requiring some sort of security what you do is setup a "buffering zone" where you can stop and check whatever is trying to go through. Could be the reception desk in the entry room, could be the armed guard at the front door, could be the "double door" thing banks seem to like. And yes, the right, real world way of doing it works quite well.

    What LinkScanner is doing is picking people out on the street, dragging them into the "buffering zone", doing a forced strip search and then kicking them out again. All this just in case they had any intention of getting in... Even if common sense (wont even invoke statistics) tell you 90% have no intention of ever getting in...

    Man from mars... because he's lucky that martians dont have to put up with this kind of nonsense...

  176. Anonymous Coward
    Unhappy

    @Michael

    Yes it does check the links on paid ads. Our company has very specific and detailed tagging on ad links, and we've seen a dramatic increase in those, from just this particular user agent. Very oddly though, a lot of that traffic is from Google advertising, and clicks reported by Google have *not* been going up. So either they're in cahoots, or are filtering on the fly, which they also do for other traffic.

    Our company relies mainly on 'Net advertising, and on the metrics to analyze performance. To those of you who denigrate that, pooey! No different than other advertising & measurements for companies, in fact normally more reliable... until now.

    One RewriteRule coming right up.

  177. Paul

    10/10 for effort

    Minus several million for the thoughtless execution. A good idea, done badly.

    @john

    "Webmasters may find it more palatable to only be scanned if the web visitor is actually going to visit the website."

    No shit, Sherlock. :) This should be the default behavior.

    @Gordon

    "If your machine/bandwith cant support this, then you would probaly have problems with browsing anyway, sort your own house out first."

    Oh really, I should, should I? Are you going to personally convince Verizon to roll out DSL in my rural neck of the woods, even though most of the rednecks in a 10 mile radius of me probably don't even OWN a computer and it makes no business sense for them to do it just for little old me? Let me know how *that* goes, I'll buy you all the beer you can drink for a year if you can pull that one off. Seriously.

    Besides, I generally have no problem with browsing on my sucky dialup, as long as I don't try to visit 10 sites ALL AT ONE TIME!! The sites which overburden me with flash and needless Javascript lose my business anyway, their loss, not mine.

    "All this will mean is that MAYBE coders will actually reduce the shit on entrance pages for thier sites, speeding things up in general for everyone else."

    I'm all for this, of course. :) But it won't happen. Most web "designers" are stuck in cloud-cuckoo land and forget that most people aren't in fact connected to their server by gigabit ethernet links.

    @conan

    "If you're a webmaster, then you're making some content freely available on the internet to anyone who asks for it."

    And if I can't afford to put that content up because of rising bandwidth costs, then it goes away, or I have to splatter the site with annoying ads to try to generate more revenue. Everyone loses, assuming my content was worth visiting.

    @ Eric Cartman

    You perfectly illustrate the Cartman's-ass-sized hole in this security idea. Serve up nice, safe content to the scanner, and nasty evil shit to the actual browser. Job done, score 1 for the bad guys.

  178. TimB
    Thumb Down

    The bad guys seem to get a break...

    Not wanting to criticise without trying, I've downloaded this and done a little checking. Sure enough, on a typical google search, you get a little AJAX-looking progress circle next to each link - these gradually turn to green ticks after a few seconds, and yes, this also happens on sponsored links.

    However, do a search for the stuff that's likely to host malware - in my case, i chose the word "warez" - and only a few entries show the AJAX progress circle. All the bad ones immediately have a big red cross next to them. Combined with the fact that, during installation, AVG asks for permission to update Grisoft with information about the threat levels of sites you visit, and the logical conclusion is that Grisoft are maintaining a database of known bad sites, and is using its userbase to do the data mining for them.

    Unfortunately, it seems that while they gave the bad guys a bandwidth break by blacklisting them for some unknown period of time, the good guys get scanned every time. Which seems to me like a very poor scenario indeed.

    My approach to dealing with this is to cancel my Adwords account, and advise Google of my reasons for doing so. If enough advertisers hit Google in the pocket, I suspect they'll look at addressing this on behalf of *their* customers.

  179. Stuart Udall
    Stop

    note to AVG: its called beta-testing

    Yes, its lame, fortunately my bullshit detector kicked in when offered the option to not install Linkscanner (I always do a custom install...)

    Having inspected my logfiles after seeing this thread I can observe that Linkscanner will scan the same file 5 times, even if its the same user doing the search, eg., they search and are shown a link to my site, they ignore it but Linkscanner downloads and scans it anyway, they search again, and again are shown my link, so Linkscanner downloads and scans it again, etc etc!

    I could easily block this with my referrer spam filter, which would solve the skewed stats problem. I'm not actually worried about bandwidth, but I DO want my server to be quick... so pointless automated traffic does deserve a plonk ...

    I host several popular large files on my site, these are constantly searched and are thus being hammered.

    So the new advice to all my customers, cos I do freelance support, is to hold off on the new AVG for as long as possible. I give the same advice to Windows users...

    Poor old AVG though. Their acquisition was a lemon. And they put the ex-boss of the lemon company in charge of their technical dept. Oopsie....

  180. David
    Happy

    Whose problem is this again?

    I use 8.0 as I have the last several versions. I have modest specs, ~2 ghz AMD/1g ram, cable internet. I most definitely use google for every search. I seem to either get 0 results, or several hundred thousand. When I get a pagefull, it is likely that as far as google is concerned, any of the top 10 sites probably claims to have the content I seek. If AVG can tell me 6 of them are 'suspicious', I only have to look at 4 of them to find the one containing what I'm after (hopefully). No speed difference in my case, other than I didn't waste my time trying to go to dodgy sites on the off chance that was where I looking to go.

    But I would never (OK, maybe once) search for a site I visit often, once you're there, you poke it onto favorites and use your own link. No search engine, no linkscan, no traffic, no harm to any of your favorite sites, like the old vulture.

    If it doesn't scan until I click, it costs me my time. Which is ALWAYS more valuable to me than your goofy web pages content, your revenue stream, your bandwith, etc.

    Webmasters have proven they are not in control of their content. Furthermore, they may be diligent, and their site might indeed be a wonderful thing. However, as a user, from my viewpoint, they are 1 of thousands of hits on my search. I don't know them from Jack, and Google will spit out anything, why would I trust them BY Default? Nothing more to me at this point, unless and until I choose to give them my money. If I have a tool that saves my time & meets my needs to pre-test their site's integrity BEFORE I consider clicking, they need to adapt or close.

    If you want to block me - Rock on I don't need you. More and more AV products are going to offer this valuable service. In 6 months you'll be explaining to your 'advertisers' why you are blocking all their potential customers. I've never understood advertising anyhow. When the ads come on TV, mysteriously the volume increases 25%. So I mute for 2 minutes 6 times an hour. I might listen if they didn't go out of their way to offend. We are big (and getting bigger) users of VMware, and it has nothing to do with their advertising on this site or any other. It's all about VMware's awesomeness. When I go to the store, I already know what I want, I get it and get out. Isn't this normal behavior for 90% of males? So tell me again how advertising generates sales?

    Granted, if 8.0 has a negative impact on your system, don't load it. But don't not protect yourself or waste your time because it might cause a webmaster to have to become efficient.

    Granted, 1 AVG rep has told the webmasters the same thing I do, but Pat did come forward and request constructive assistance. Software doesn't write itself the instant a desire is discovered. Give the man a break. 70,000 computer's aren't P0wning your website with bot attacks because AVG are protecting people FOR FREE for years. Try looking at ALL sides.

    The valid concern raised is my traffic is being recorded as going somewhere I didn't go. I have a question for Pat/AVG. Since my browser didn't go there, there souldn't be any residue in my browser, cache, tempfiles, cookies etc. So any half-way decent computer forensics would indeed show that my AVG went to the site, not my browser, correct?

    Also, it's my impressions most bad stuff comes from ads, which change every view. So the pre-scan can clearly give false info in 'real time'. But something is better than nothing until someone convinces me otherwise.

    P.S. as a disclaimer giving insight on my particular thought processes. I don't have a cell phone because I refuse to pay money for a service that only works some time, until I can get money back for when it don't. And I voted for Ron Paul in the primaries. And DSL providers should all be sued for using the term 'broadband' in association with their services.

  181. Anonymous Coward
    Thumb Down

    I'm also with a big hosting company... it is real problem

    I have to post anonymously to say what I'm going to say... or lose my job. I'm with a company that hosts dozens of sites for many of the biggest companies in the world. Like others in this sort of "overview" position have reported, we saw a big spike in page views recently and at first blamed spambots.

    For the user-agents that belong to AVG, I see a thousand IP addresses, 20 million page views and 30,000 visitors over the last couple of months... nearly all bogus. That's not a double-digit percentage of our traffic, but it means something... and like it or not, our clients want to pay when *real* people using their sites, not link checkers. It appears to me that in some cases, LinkScanner is generating a new visitor cookie for each pageview. Plays havoc with the metrics that justify the very existence of the sites we operate (which, FYI, are not advertising-based).

    I'm most annoyed at the stupidity of the approach. If there's a benefit beyond slightly faster page loading (because it was pre-screened), it's invisible to me.

    As for you analytics-haters... TINSTAAFL.

  182. Stuart Udall

    rewrite rule is not silver bullet

    > RewriteCond %{HTTP_USER_AGENT} ;1813\)$

    > RewriteRule ^.*$ http://www.grisoft.com/ [R,L]

    >

    > This of course will redirect all hits from this rouge user

    > agent to Girsoft's own servers.

    Actually, on my Apache, it shows a 302 "Moved Temporarily" message. It does NOT redirect the user, they must click. Also from this I assume that the traffic will still be logged locally, thus not solving the skewed stats problem.

    What the rewrite rule does do is kill the bandwidth problem.

    Test the rewrite rule as follows:

    curl -A "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)" http://www.yourdomain.com/

  183. Anonymous Coward
    Anonymous Coward

    APACHE & CURL lessons for Stuart Udall

    When you use CURL it doesn't follow redirects by default like a browser does unless you use the -L option for location hints.

    Learn to use CURL as follows:

    curl -L -A "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)" http://www.yourdomain.com/

    Then CURL will work as expected and you can see that the rewrite works as well.

    n00bs, sheesh.

  184. Anonymous Coward
    Go

    @ A taste of their own medicine...

    you forgot

    site:free.grisoft.com

    so the revised steps would be something like:

    1. Google preferences -> Number of Results = 100

    2. Google search: "site:free.grisoft.com site:grisoft.com ANYWORDHERE"

    3. Search

    4. Control/shift-click the 2 3 4 5 6 7 8 9 10 Google pages in new tabs/windows

    5. Repeat until bored

    ---------------------------------------------------

    then again using

    site:riaa.org or site:mpaa.org

    might be funny too :-)

  185. FoTD
    Dead Vulture

    @Stuart Udall

    "Actually, on my Apache, it shows a 302 "Moved Temporarily" message. It does NOT redirect the user, they must click."

    I don't know why you have to click. 302 temporary redirect should not require this. And I did test the rule logic with an actual web browser, it auto redirected and I didn't have to click any thing. You could use a permanent redirect by changing the last line to:

    RewriteRule ^.*$ http://www.grisoft.com/ [R=301,L]

    Infact I think I am going to make that change my self, if linkscanner uses normal conventions it should cache this redirect and reduce the number of repeat requests to my server. I've notice linkscanner will scan the same page several times in a row, from the same IP, with in a short period of time (say 30 min). Which of course is extremely annoying and lame.

    "Also from this I assume that the traffic will still be logged locally, thus not solving the skewed stats problem."

    I use AWStats, and by default it doesn't count redirects as page hits. So by doing this redirect we have solved our stats skewing problem. Most other stats programs let you define new robots or ignore certain user agents, so you should be able to fix your stats that way. The fact that it is still wasting log space and stats processing time is annoying, but less critical than the wasted bandwidth and stats skewing.

    Hopefuly enough people are redirecting this crap back at Girsoft that perhaps now they will finaly pull the plug on this thing. How ever if they retaliate by changing the user agent string then they are asking for an all out arms race against us network admins. We will not tolerate our servers being abused like this. Plus there is of course the potential for legal action, ISPs and data centers do not take kindly to their networks being abused!

    Road kill, because that's what it is!

  186. Richard

    Is there a version for OS X or Linux or *BSD ? Plus a solution.

    Oh, no wait, don't bother answering that 8-)

    I would feel very sorry for people if they didn't have a useable alternative operating system that had better default user access controls and did not have junk such as Active X.

    Oh well each to his own ... good luck losing CPU and bandwidth to pointless technology.

    If I were Grisoft I would change the functionality to combine a default database of known infected sites and use that to mark the search results with a cross for bad ones and a question mark for unknown ones (no extra hits on sites required) and then only apply the linkscanner technology when the user actually clicks on the link and block it if it finds a problem and then add it back to user's copy of the database and send an update to Grisoft so it can be double checked and added to the default list that everyone downloads periodically. All automated and Grisoft could even offer webmasters an alerting function which would allow them to get an email if their site is marked as infected. Grisoft can automate the removal of sites that are now okay to visit and the user's database gets reset whenever a new database update is downloaded from Grisoft.

  187. Anonymous Coward
    Pirate

    ROTM

    "The thought of Google scanning web sites makes me scared. Google is already a pre-AI...now you're asking them to give it an indexing mechanism. That is to say, MEMORY."

    My calculator is also a pre-AI, *and* it has a memory (until I hit MC).

    Scary stuff.

    BTW Google already has an indexing mechanism ... that's how their "web search" feature works ...

  188. Stephen Usher
    Thumb Down

    Ahhhh... diddums!

    Sorry, but there has never been a guarantee that the connection logs on web servers should show what the user his/herself clicked upon. It's just that up until now that's been a (semi-)reasonable assumption.

    The latest AVG spoils the fun for advertising sellers... tough! Get over it. Things change. Find another metric if you have to.

    In the future browsers may walk web page links and pre-cache them for the user in case they need them... should this be banned as well just because the content providers find it inconvenient? After all, the person browsing the site is the customer and the service provider the vendor and the old mantra is "the customer is always right" after all.

  189. pctechxp

    Well I was about to rent a server to start my web hosting biz but

    Until this is sorted I think I'll refrain from doing so.

  190. Eric Cartman
    Pirate

    All Your LinkScanners Are Belong To Us

    OK retards I can't be bothered with you any more but my mom insisted that before I go I answer a point from one of the AVG fanboys (who is presumably one of her regular customers).

    "The task for us is to assist AVG to fix this challenge!"

    Many have tried and been met with arrogance and unbelievable ignorance.

    AVG went ahead and handed a database of their customers to the enemy.

    NOBODY can help them now.

  191. Eddie Johnson
    Thumb Down

    @Joe K

    Small? I knew AVG 8 was forked when I saw it was a 52M download, up from 12M for 7.5. They are obviously headed down the bloatware road, creating a beast the complexity of Norton which will leave the same trail of destruction.

    It was nice knowing you AVG, you were once small and elegant, version 7.5 showed the writing on the wall, and version 8 is full on bloatware.

  192. Eddie Johnson
    Happy

    @Stephen Usher

    "In the future browsers may walk web page links and pre-cache them for the user in case they need them"

    Yeah, I think that will be available in 2002. In XP. Check "make available offline".

  193. pctechxp

    @Eric Carman

    Right surname for a complete plank

    I do agree that this is wrong and that it needs to be stopped but I have to ask you a couple of questions:

    1) Why do you feel the need to keep using the term 'retard', by the use of this term you are obviously demonstatrating an elementary knowledge of the subject you comment upon and so feel the need to insult your fellow raaders who probably know more about the subject than you ever will.

    2) Who in their right mind has a static IP for a home connection unless you are operating a server of some sort, if you are you should be booted from your connection and forced to rent a server in a data centre and pay for the bandwidth like professionals have to in my opinion.

    Unless you have an intelligent comment to make, why don't you refrain from posting or go and post on a forum that welcomes idiotic comment and childish insults.

  194. pctechxp

    correction

    should have been cartman

  195. Anonymous Coward
    Unhappy

    pay per click

    this sort of thing will do wonders for pay per click advertising

  196. FoTD
    Dead Vulture

    @Stephen Usher

    "In the future browsers may walk web page links and pre-cache them for the user in case they need them... should this be banned as well just because the content providers find it inconvenient?"

    No, it shouldn't be done because it's a stupid idea. I'm sorry but the Internet is still limited in bandwidth in a number of ways. As an engineering community we do not need to be designing things that waste bandwidth by pre-loading content that may never get used. This is a problem for EVERYONE one, not just the content providers. Pre caching data is a waste of the end users bandwidth, and raises security and privacy concerns as pointed out by many on this forum.

    Some people on here have complained about marketing people tracking your browsing habbits. And I agree with some of you, to an extent. I do not like cookies and java stuff being used to track my browsing. How ever as a server admin there is no reason I shouldn't know who is visiting my sites. And as a end user I also find this acceptable that when I visit a web server they know my IP and can track page loads. For a long time we have had a nice arrangement were HTTP clients properly annouce them selves to HTTP servers, and by filtering out rouge agents we can get fairly reliable stats as to how often and by who our sites are being viewed. If you as an end user want to change that relationship it is simply going to result in more of the things we both don't like, tracking cookies and java silliness.

    Now, to those of you who are concerned about privacy and marketing, I say this. Using linkscanner will actually allow site owners to get even MORE marketing metrics about users! If I wanted to I could use the hits from the linkscanner user agent to track how many times my sites are being seen on search engine results, and also how many times that turns into a visit from an actual user. So now I know about your browsing habbits with out you having even visited my site! Perhaps some of you need to rethink your support of pre caching and linkscanner style activity...

    "After all, the person browsing the site is the customer and the service provider the vendor and the old mantra is "the customer is always right" after all."

    You're assuming an aweful lot here. First of all no, the customer is rarely right when it comes to the computer industry. We are talking about a group of people who the majority of them don't even know what the right mouse button is for (ok, bad example for Macs I know). And if you are the customer, I just prooved you wrong in my previous statement, so what does that say about you as a customer? Plus alot of us also run non commercial or non profit sites, where ad dollars are NOT paying for the content and the site owners are burdening the entire cost to bring content to people FOR FREE. Why should they get screwed like this just because Girsoft wants a marketing edge? That is completely unacceptable...

    The bottom line here people is that there are some unwritten rules on the Net that you just don't break. It's called common courtesy. If someone leaves a bowl of candy out that says "Take One Free", you take ONE! If you get caught taking more than one then don't be surprised when you get a swift kick in the ass!

    Still road kill.

  197. Phil Endecott Silver badge

    Re: On the plus side

    > this could be useful to give me an idea of what search strings my site

    > is making the front page for, without getting clicks.

    Unfortunately not because they don't set a referrer in the request.

  198. Anonymous Coward
    Anonymous Coward

    @pctechxp

    "Who in their right mind has a static IP for a home connection "

    Many cable broadband customers have IPs that stay the same for months or even years. I've only had 4 IPs in the last 8 years, the same with most other cable broadband customers I know.

    But it's nice to know we're not in our right mind and you're such a genius.

  199. Anonymous Coward
    Anonymous Coward

    @pctechxp

    I would advise you to respect Cartman's authoritah.

    Many home broadband packages assign a static IP whether you request one or not, and dynamic IPs are not necessarily as dynamic as they sound - it is not uncommon to keep the same one for months on end, especially if you use a router. Who in their right mind uses a USB modem these days?

    Blaming the customer for having "the wrong sort of connection" is not an option for AVG. It doesn't matter whether the number of customers put at risk is 200 or 2 million, AVG is sxupposed to be a security company and to know about these things.

    Which they clearly don't.

    You are also forgetting that LinkScanner identifies itself when it arrives at a site anyway and can be fooled on the spot - so even if you change your IP every five minutes you are screwed.

    And if you think that AVG changing the user-agent will solve that particular problem, you are wrong. The version of LinkScanner they paid Roger Thompson so much for doesn't use it and is just as easy to fool, as are all similar products.

    LinkScanner is dead in the water, and AVG may soon be joining it.

  200. Dave Bell

    Update after checks.

    AVG8, even without Linkscanner active, appears to be a resource hog. On my portable (old slow and cheap) I've gone back to AVG7.5, which I know doesn't drag the machine down to near-death. AVG 7.5 has a specific setup option which forces a slow, less resource-hungry, scan.

    I'm still looking at options for the longer term, but AVG8 is looking like the Windows Vista of anti-virus software.

  201. Satchmo

    AVG 8 and The Hinkey Tool Bar

    After downloading AVG 8. something, I disabled the link scanner right away. Something was really wrong there. Turns out that Firefox 3 won't even work with the AVG tool bar that was foisted upon us. So I uninstalled AVG all together. Guess what, my machine runs better.

    So much for AVG 8

  202. Anonymous Coward
    Go

    My thoughts on this

    Well as a systems admin who is also responsible for generating web traffic stats for our marketing dept, I find this linkscaner to be nothing more than GRISOFTS own botnet army creating lots of unsolicited web connections via PCs running linkscanner, and I mean “unsolicited” in the contect that the user probably had no intention on clicking ALL of the links in the search engines results.

    As I see it, to alleviate most (if not all) of the complaints relating to this, all GRISOFT have to do is change Linkscaner to only do it's scan once the user has actually clicked the link themselves. Yes there will be short delay whilst it does it thing, however

    a) It won't load down the users PC with potentially unnecessary web connections

    b) Won't eat through the dialup/broadband quote as fast

    c) Won't flood web servers with unsolicited traffic.

    If GRSOFT were to do this then I think most people’s complaints would go away as would the problem.

    Just my 2c worth

    Craig

  203. Anonymous Coward
    Thumb Down

    Bandwidth

    I have an ADSL line at home, access at the office and pay to host a few websites. My ADLS is metered - when the allocation is up it is up and I can't access the web. My office web is metered with a fixed allocation; when it is up it is up. My websites has a fixed amount of bandwidth allocated to it. When it is up it is up and my sites disappear from view. Not everyone has unlimited access. Until recently I only had dialup - and waited three months for an ADSL line to be installed. That is the reality some of us have to live with. The comments by AVG and others show their total ignorance of the audience they serve which makes you wonder what else they don't know and if their product is doing what it says it does.

    (Suspected something wrong after installation of AVG 8, now I know and just removed it)

  204. Jolyon Ralph
    Thumb Down

    Another bad side effect - helping to prolong the IE6 nightmare

    Thanks AVG, you're helping to boost artificially the number of IE6 referers in logs - making it a lot harder for us to justify stopping support for that piece of junk.

    What I don't understand is why they can't just scan the page that is requested when clicked, not all the pages that someone MIGHT want to click on.

    And I do hope that it doesn't go bezerk like that Google desktop cache thing did a few years back and simulate clicking the 'Delete' button inside Content Management Systems, etc.

    Bad AVG. No.

    Jolyon

  205. Sam

    AVG gone...

    Avast running instead.

  206. TimB

    @pctechxp

    Actually, my company requires all home users to have a static IP so that they can access our network. If they're not accessing from their home connection, they're denied access to the VPN. I'm sure we're not alone in this.

  207. NoSpamPlease
    Boffin

    Computer Forensics?

    Aside from the interminable slowdown this has caused on my computer, I wonder if not disabling its automagically scanning every link is a good idea. Wouldn't want to get the three letter agency guys excited that they got a hit on one of their KP honeypots just because it shows up in an innocent Google search.

    Or am I being too paranoid?

  208. Belxjander Serechai
    IT Angle

    pre-scanning by pre-loading?

    Where is the cache options?

    anything like this would need to store and forward, and mention of "no-cache" usage,

    *ouch* on the slowdown for anyone stuck with any kind of transparent proxy,

    I know of at least 2(more?) NZ ISP's that run transparent proxies for DialUp AND DSL,

    they are configured for DSL to be ignored but they still run a few things through it,

    THAT is a problem since I have walked into those proxy systems throwing hissy fits on

    occasion,

    and not everyone is given "generous" data-limits for downloading each month

    I know of several ISPs that allow 1GB or less, (cellphone data plans anyone?)

    and they also provide the same plan for DSL,

    Thanks but no thanks, where is the option for selecting HOW the pre-scanner works?

    can it be set for "selected only" or "pre-scan page advanced" ?

    this ones to pat also, it would be useful to be able to enable/restrict "how much"

    the pre-scanner hits a site, can this be set for being a transparent "localhost" proxy for scanning anything before the browser reads it and only fetched items?

    Intelligent Technology doesnt always happen on the first attempt...

  209. Parax
    Alert

    Whats wrong with a Local Transparent Proxy Client?

    Has AVG never heard of a transparent Proxy?? jeeze its Fking simple. no extra requests no extra bandwidth and all content can be scanned!

    Probably protected by some IP/Patent Troll...

  210. A J Stiles
    Flame

    Broken

    And there's me thinking that an operating system where privilege separation was just bolted on like a bad afterthought was as broken as it could get.

    Then I discovered pay-per-click advertising. People actually pay money for the mere fact that someone has downloaded some content?!

    I used to be content with just blocking adverts and actively trying to avoid any product or service for which I have seen even a single advertisement; but now, I think I'll write me some code that, in the background, will follow the links in advertisements and download the linked content straight to /dev/null (as if I saw the advertisement but never went on to buy the product).

    I'll feel strangely better knowing that someone stupid lost money on that.

  211. David
    Boffin

    You're not getting it

    @AC W/ 'thoughts'

    the whole point of the feature is to provide me information BEFORE I click, to save me wasting my clicks. While scaning again WHEN I click is fine, it missis the point entirely. Computers are good because they do things faster than people. If this saves me (users) time, it WILL become commonplace because folks who want my money know I like to save time.

    Whichever webmaster is looking forward to trying to leverage the data to determine when their page did well in a search is on the right track.

    @AC 'Bandwith' - So don't run it. What's your issue? Your expectation is that all software will work flawlessly over ADSL? And if it doesn't, it's not good software because it needs more resources than you can provide? So we should all be running 32mhz 386's W 8k ram & 36k dial-up, and the first time a piece of software needed more, we label it 'bad'? Where does that get us?

  212. Dave Silver badge
    Go

    Legal Action

    Seems to me that the best thing to do is ensure that the Terms & Conditions of all of our websites are updated to disallow visits by tools similar to LinkScanner (always helps to name it explicitly) and since we now have the email of someone at GriSoft that knows all about this, we back that up by informing them directly.

    After that, any mis-use of our sites should surely be actionable?

  213. kain preacher Silver badge

    @TrishaD

    in that case she is suing the wrong person. If a drunk driver hits you, you dont sue Ford. The only way I could see this if the was a size 16 trying to fit into a size 10.

  214. Anonymous Coward
    Anonymous Coward

    It's You Who's Not Getting It

    "the whole point of the feature is to provide me information BEFORE I click"

    True, but world + dog knows how to fool it - and how to fool you.

    What this "feature" actually does is to warn the website before you click.

    So the site serves a nice clean file to LinkScanner to get a green star.

    And a nasty drive-by download to you.

    Enjoy!

  215. Stephen Baines
    Thumb Down

    Pat did ask for help....

    ... And I offered straight away. But so far he passed the offer on to someone, who passed it onto someone else, who has chosen to do nothing.

    So that was a waste of time, wasn't it? It's getting on for a whole working week later, and it's no further on. Pathetic.

  216. Anonymous Coward
    Anonymous Coward

    no problem

    I'm just going to add a small 1x1 frame to every page on my website that embeds a google search for site:grisoft.com with 100 results.. Google's text-based pages (even with 100 results) is smaller than most web images, so I suspect 99% of web surfers won't even notice it.

    Grisoft and all of their avg8 users sure will though..

  217. TimB

    Not just search results...

    From their blurb: AVG scans every Web link you come across, whether in e-mails, documents or instant messages, no matter the source, before you open them to ensure you are protected in advance 100% of the time.

    So it seems like it's more than just your search results that get scanned. You just only get told about it when it's search results.

  218. Anonymous Coward
    Anonymous Coward

    Hope This Helps...

    Pat from AVG wanted constructive help so here it is:

    1. Stop all downloads of AVG 8 immediately.

    2. Put all your people on overtime to produce a version that does not include the security nightmare known as LinkScanner as soon as possible and make that available instead.

    3. Hire the best lawyers and PR people you can afford.

    4. Install a different AV on your personal computer.

    5. Keep an eye out for "situations vacant".

    Hope this helps.

  219. Craig
    Thumb Down

    Not just the search results...

    If it is as TimB states then this is even worse and just re-inforces the point that it should be a on-demand (when the user selects a URL) action as apposed to a "scan everything" approach.

  220. Anonymous Coward
    Flame

    As soon as...

    ...web hosts start actively scanning THEIR content for viruses, I'll continue to do this service for them, for free. I've seen WAY to many sites broken into only to have some kind of malicious code installed. Maybe we should hold the site owners accountable for this? The average use won't know diddly about what java script is, activex, etc..

    They'll go to their _usual_ website, then be prompted for something to be installed on a site they ALWAYS visit (I've seen this happen with people I know) and assume that the site has undergone some changes and this part of it... BAM! they have a squeeky new malware for which no AV detects.

    For everyone crying about bandwidth, do you actively scan your content for stuff that should not be there? Is your WWW mounted read only? If you say no to either then prepare to be link scanned.

    Quick Google on "website hacked" turns up around 113,000 results. Most are probably dupes, but these are site owners who ARE NOT proactive about making sure they aren't broken into. Broken into websites are a lot like the spam problem. Its here to stay.

  221. Anonymous Coward
    Anonymous Coward

    AVG 8 resource hog

    As soon as I installed AVG 8, my machine began running at 100% CPU utlization all the time. I tried to de-install and my machine then became corrupted. I was then somehow infected with several different viruses including one that infected my restore points. I finally was able to create a UBCD on a different machine, boot the infected machine, remove the mutliple infections including a bootloader infection. I promptly disabled and removed everything AVG related and switched to AVAST!

  222. Anonymous Coward
    Anonymous Coward

    Dummy Up

    "prepare to be link scanned"

    If you bother to read the article or the comments you will see that some webmasters are very well prepared for this idiocy - they've already been fooling LinkScanner for a month by either:

    (a) telling it to check AVG's site instead of their own (code posted above)

    (b) feeding it a dummy file (example site given in the article)

    If you want to check for yourself just spoof your user-agent to use the LinkScanner one and hit the example site given in the article (which fools LinkScanner and gets a green star every time).

    And these are just the good guys - what do you think the bad guys are doing?

  223. Pete Hunt
    Paris Hilton

    ...customer in Nigeria (anyone tried 196kps down, 64kps up???) .........

    You want to try 128kps down, 64kps up as we have out here in Honduras, C.A. Then you'll find that although AVG 7.5 ran smoothly, AVG 8.0 staggers along, its services grinding to a halt occasionally and giving XP SP2 (fully patched) a case of the BSODs at least twice a day. Web surfing with Linkscanner on is unusable here!

    So it's off with AVG and on with Avast. The Home version is free - it has anti-virus, anti-spyware AND anti-rootkit built in and it runs smoothly - it has a bigger footprint than AVG 7.5 but not as big as the footprint of AVG 8.0.

    Paris - 'cos at last we've found something that sucks harder than her!

  224. Mark

    Re: Response from AVG

    Well how about mailing back to you the report of bad sites and you can collect them and inform the website owner?

    How about scanning as you download, rather than scan-ahead?

  225. Colin Polonowski
    Thumb Down

    A 2000% increase in bandwidth use!

    Having been trying to discover the source of high server loads and spiraling bandwidth use since 24th May, I finally tracked the issue down to this AVG scanner - it has caused a 2000% increase in daily traffic from my server on a reasonably small site. The site usually accounts for just 14GB/month but so far in June we're up to 300GB.

    Even worse, the requests aren't to real pages and are all generating 404 errors - literally hundreds of thousands of them. I have had to turn off a custom 404 error page because of this to reduce what my Apache server has to do.

    Fantastic. I didn't like AVG before this, but now I am going to actively tell my clients never to use it.

  226. JC
    Unhappy

    AVG, goodbye

    I quite agree with those of you who wrote that AVG was now too bloated, had too many false detections, has been irresponsibly released with this terrible link scanning tech.

    I've used AVG AV for years but sadly these changes in version 8 are just unacceptible. I'd go without AV protection at all before I'd run AVG8.

    @ John A Thomson - We didn't need to "learn" what you had to say, it was obvious and thoroughly weighed by others who had enough sense to see the problems with linkscanner far outweigh the dubious benefits.

    The obvious answer has already been mentioned, get rid of linkscanner and use a proxy if it's really that important. The issue of infection method over file identification is not relevant, that can be detected after the link was clicked and content cached locally.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019