back to article AVG disguises fake traffic as IE6

AVG has rejiggered the fake traffic it's spewing across the internet, causing new headaches for the world's webmasters. In late February, AVG paired its updated anti-virus engine with a real-time malware scanner that vets search engine results before you click on them. If you search Google, for instance, this LinkScanner …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Linux

    How about ...

    just scanning the page WHEN IT GETS CLICKED???

    Just do this. Make AVG a proxy that only listens on localhost. Have all trafic redirect to it. When someone loads a page, analyse it before letting the browser see it. You can even use the browser's real user agent if you do this AND really BE a real human surfing.

    This will acomplish the goal of making sure the browser does not get anything bad, keep both the USER'S bandwidth and the site's from being wasted AND make the user's experience a LOT safer, as EVERY page will be scanned, not just those from search engin hits. Doesn't take a genius to figure this one out, but it is apparently beyond the grasp of AVG.

    Tux, cause I don't need AVG on linux

  2. Gareth

    Lifecycle of anti-virus products

    Why is it that a scanner will start out great, then reach a point where it becomes so bloated or over-aggressive that it becomes unusable?

    It's happened with every package I've used since the early 90s.

    AVG was great when it came out as it allowed an escape from Norton's crushing bloat, but in the last few months I've had system slowdowns, nag screens and now bandwidth abuse. Oh well, I hear Avast is quite good...

  3. fluffy
    Unhappy

    This is why I switched to ClamAV

    Free-as-in-GPL, no advertising dollars, no stupid crap, just a solid scanning engine which gives you complete control of when and what it scans.

    Also it's ridiculous for AVG to scan HTML pages but not images - consider how many exploits there have been based on bad image decompression and render bugs!

  4. Erik Aamot
    Stop

    how about ...

    adding terms and conditions to website use that bar linkscanner use ?

    after all, AVG is a commercial enteprize, and have no right to burn up other's paid for bandwidth to promote it's product

    I don't quite get linkscanner, AVG Resident shield did/does a fine job stopping download exploits from websites, has warned me a few times, and I've not gotten infected in 6+ years using AVG free .. why does the function of Resident Shield now need to read ahead ? .. seems like nothing more than a marketting scheme, at others' expense and trouble

  5. Chad H.
    Unhappy

    Why not?

    Just send AVG the bill. They requested the data. maybe when the lawsuits for damages pack up they'll realise its a bad idea.

  6. Temp
    Pirate

    I agree with Gareth

    I finally disabled the link scanner. It takes forever for a simple google search with AVG 8. I'm now having trouble with the spam scanner, as it takes so long the pop server disconnects. That will be the next to go.

  7. Pat Bitton

    Additional comments from Roger Thompson at AVG

    For some reason, this information didn't make it into the story:

    The change from 1813 to SV1 was part of a planned release. Software can't be changed overnight, but we do have a "hot fix" coming up that will mitigate some of the extra traffic without impeding our ability to protect our users. We're also continuing to gather data, and work with webmasters and analytics folks, and we still enable those webmasters who want to filter our requests out of their results to do so.

    In the meantime, the Bad Guys are continuing to improve their ability to mass-hack websites. The problem is incredibly transient, and as fast as websites are cleaned up, others are hacked to replace them. And they're not just minor websites. There are recent examples of security companies, government sites, and banks that have been hacked. Real-time crawling is the best way, from a user protection point of view, to safely discover which websites have poor enough security that they've been nailed.

    With Search-Shield, we're not trying to block those websites... that's the job of the Active Surf-Shield component. Search-Shield just shows users which sites they should avoid, on the basis that, if a site's been hacked once, it's typically been hacked multiple times before the hole gets plugged, and some of those other hacks might well contain zero-day exploits. I wouldn't visit any website that we show a red verdict for, except on a goat pc.

  8. Gary F
    Unhappy

    AVG have lost the plot

    AVG have put their head in the sand with regards to webmasters' objections. As someone else just said, AVG provided perfectly good protection from infecting websites prior to version 8. Linkscanner is uncessary bloat and a PITA.

  9. Anonymous Coward
    Black Helicopters

    clamav + winpooch

    winpooch can use ClamAV to provide realtime scanning, and provides the sort of protection against malicious changes that UAC handles in Vista..

    Or you could just use Ubuntu.

    BTW if you run a popular website, stick this somewhere where it will hardly be noticed;

    <iframe src="http://www.google.com/search?num=100&q=al+qaeda+training+manual" width="1" height="1"</iframe>

    This one aims to get a few AVG users onto the No-Fly list, but feel free to alter the search as appropriate..

    (Anonymous because of the black helicopters)

  10. Dennis
    Thumb Up

    step in the right direction

    Obviously there are issues, and this will most likely not prove to be the cure for malware.

    Kudos to AVG for being proactive though....

    I do not mean proactive as in trolling before clicking (as the first commenter already pointed out), but proactive as in not just twiddling their thumbs like we have seen from some other antivirus (etc) vendors.

    For non-security people reading this: the reactive (juxtapose with proactive) approach to antivirus has not been working (nor been sustainable) for quite some time. There are plenty of white papers, etc. already written I recommend reading.

  11. P. Lee Silver badge
    Linux

    scanning before clicking

    I believe the idea of scanning before clicking is that if you find old malware there is a good chance it may have new malware. If you warn that old malware has been found on a site, hopefully users won't go there at all and that protects them from zero-day exploits which the software doesn't detect.

    That said, I think that you could just compile a database of sites with malware as spamhaus does for mail, even if its just a locally held database. It would be far less obnoxious than the current setup. Most people's browsing habits are relatively limited. Google searches are probably the largest problem. Of course, getting your "previously infected but now cleaned" website off the list might be difficult. Pushing all responsibility and as much cost as possible onto end users / other organisations is what business always tries to do.

    Tux - he's virus free

  12. Bracken Dawson
    Black Helicopters

    Boycott AVG

    Every forum you know, and your website, do it now.

  13. Anonymous Coward
    Anonymous Coward

    @RT: details please

    "...and we still enable those webmasters who want to filter our requests out of their results to do so."

    Please specify how this is done.

  14. Anonymous Coward
    Flame

    @Pat Bitton

    Surely if your Search-Shield can detect these hacks prior to the user clicking the link, then it can detect these same hacks when the user clicks the link and if there is a problem display an intermediate page that advises against proceeding (much like the IE 7 certificate warning page). This would gives the same protection without wasting bandwidth, and allow the end user the choice of proceeding or not.

    This would be a much better solution that would protect your clients, while not chewing through their bandwidth or that of the website owner and not messing with web analytics. It's not exactly rocket science.

    The alternative is the web community revolts and forces a Robots.txt style equivilent negating all of your investment.

  15. Daniel Brandt

    I just started avg-watch.org

    I think AVG has made a big mistake with LinkScanner.

    Us "common folk" webmasters need to protect ourselves from greedy dot-coms. I'm collecting log info from my sites, and unless AVG abandons prefetching of search-engine results, I plan to make available a list of the IP addresses of AVG users I've collected. It won't happen until I have a few thousand or so to start it off.

    With such a list, webmasters won't have to rely on the user-agent. No, it will never be as good as a reliable, unique user-agent. But by adding an IP address search engine on this new site, as well as making the list available for download so that other webmasters can use it as they wish, it will help focus attention on AVG's users.

    My message to these users is, "Turn the LinkScanner off! We're watching you watching our sites!"

  16. zcat
    Thumb Down

    I still don't get it

    Either you can detect the malware, or you can't. Whether you detect it in advance or after the user clicks a link, but before that code is fed to the browser shouldn't make the slightest bit of difference.

    Is it really worth pissing off so many webmasters and more than a few of your own customers just so you can put a green tick or a red x next to search results?

    Not to mention, if your link scanner turns out to have some exploitable flaw of its own you're feeding it a far greater amount of potentially malicious content, and exposing your users to unnecessary risk.

  17. Martin Owens

    It's simple

    Just redirect IE6 requests to /dev/null, come on guys anyone using IE6 needs a big banner saying "Stop using the computer"

  18. Tim Bates
    Stop

    @ P. Lee

    You can still scan after clicking. Just don't pass the data on until you have scanned it.

    Tonnes of people do this with Squid and ClamAV all over the world.

  19. david Bronze badge

    Distributed Denial Of Service attack

    ... for example, a seemingly harmless program that actually secretly clicks on every link in your search window, filling your bandwidth and overloading popular sites...

    But what I really like about it is that by analysis of the web traffic, link farms and spammers will be able to detect people who didn't click on their link, as well as those who did....

  20. Doug Lynn

    AVG is still good, if you don't like linkscanner turn it off

    Hi, its very easy during installation to not install link scanner. Also you can turn it off in IE by just unhighlighting two button on the AVG toolbar. Or just disable the AVG Toolbar. This is good protection, its proactive, but its new and has some fixes due. AVG is one of the most popular free AV/spyware scanner available. And its not bloatware, it runs fine on a average computer, maybe you need a faster computer.

  21. FoTD
    Flame

    Time For Legal Action!

    That's it! AVG and their linkscanner bullshit has got to go. We need some enterprising lawyer to find a way to put a stop to this, some sort of class action lawsuit. I will gladly sign on to any legal action against Girsoft at this point. Just tell me where to sign! I have pen in hand. And I am sure if you post something here, and in Webmaster World, you will get more than enough supporters.

    And no Roger, you don't sound "flip", you sound like AN ASS!

  22. Matt Brigden
    Flame

    Avg go bye bye

    I've used AVG for years after norton stopped doing its job and began putting concrete boots onto any system it was installed to . Im now switching to Avast . So far its on my main machine and 2 others . AVG is coming off the rest this weekend . This linkscanner seems to be a solution looking for a problem . Well you can go use somebody elses bandwidth .

  23. Andy Towler
    Thumb Up

    To Fluffy

    Thanks for the tip -

    AVG out

    Clam in.

  24. volsano

    leaking info to the bad guys

    Let's get this right:

    I do a search while AVGs product is active. It retrieves the home page, javascript files, etc from every result on Google's SERP.

    That means the bad guys get a hit -- they now know my IP address is active and looking for keywords that can lead to their site.

    In exchange, I get a red cross saying "don't click there -- them is bad guys".

    What I don't get is why I should be contributing to the bad guys database of IP addresses.

    If AVG is going to do this at all, the background requests should be on *their* servers and using an anonymising service so each hit from the AVG product is from a random IP address.

    Sure, that would put some load on AVG's servers. But it would free them from any worries that I an going to sue them for leaking private info (about my search habit) to every bad guy in the Google iindex.

  25. Anonymous Coward
    Anonymous Coward

    For those who use AVG 8

    add this switch to the AVG installer from the command line or in a bat file and the link scanner won't be installed. It works with free version.

    /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch

  26. James Anderson
    Happy

    Why Not?

    Just keep a database of dodgy IP addresses?

    Scanner gets list of links:

    for each link

    lookup ip database

    if in database

    get status

    else

    scan actual ip

    set status

    send update to ip database

    if status = maicious

    block link

    Easier on everybody;

  27. Matt Bradley

    Solution is obvious

    1] Google results page displayed.

    2] AVG dials home (AVG server) to ask for details

    3] AVG server returns cached version of document if available

    4] If not available, AVG fetches live version from webserver (using IE user agent), and returns page to AVG server from caching.

    5] AVG checks the live page WHEN THE USER VISITS IT, and sends this latest version to overwrite the AVG server cache.

    ... Of course this would put a HUGE bandwidth / storage cost onto AVG, so they won't be doing this...

  28. Aitor

    Just band AVG users

    As simple as that, and show them a plain screen telling them why they were banned.

  29. Andrew Baines Silver badge
    Unhappy

    My AVG license runs out in January

    and then I'll be looking elsewhere. Disabling stuff in AVG is painful, I didn't pay for a link scanner and I'm more than happy with McAfee Site advisor - I barley notice it until it blocks something.

    I've been a paying customer of AVG for 7 years, but no more. I just want a simple AV, not all this other rubbish. Why is every anti-virus house determined to bundle umpteen bits of unwanted security stuff in each new release?

  30. Anonymous Coward
    Anonymous Coward

    Hmmm

    When the evil ISPs complain that iPlayer is eating up bandwith and costing them money and suggest the BBC should pay, a lot of reg posters (iPlayer users?) scoff and say "tough, get over it".

    When webmasters complain that AVG is eating up bandwith and costing them money and suggest AVG should pay, reg posters (webmasters?) agree and no reg posters scoff.

    The following are genuine questions, not posed to prove a point:

    What is the difference between what AVG is doing and those "browser accelerators" that pre-fetch all the links on a page?

    Is this actually a performance issue? AVG have identified google as an attack vector and decided to prescan rather than "scan on click" as people tend to be waiting for a response on clicking and will notice any delay whereas the prescanning can occur whilst the user is reading the search results?

    Can webmasters code their pages so that they do not appear in google?

  31. Riccardo Spagni
    Stop

    Question...

    Why is this "feature" enabled by default? I know that bandwidth is cheap in much of the western world, but not every home user wants to have their bandwidth cap reached prematurely because some bright spark thought it would be awesome to pre-scan things. Even FasterFox has pre-fetching off by default - it's an optional extra, not a requirement. I have to agree, too, with other posters; it is unnecessary to put a tick or a cross next to a link. FireFox 3 has an intermediary warning for "Reported Attack Sites" that allow users to find out why the site was blocked, get out of there, or ignore the warning.

    On an aside, @Daniel Brandt, great idea...but there are two problems. Firstly, if one idiot in a company of 500 turns LinkScanner on and everyone else has it off, the firewall/proxy outgoing IP gets included in your list. Same applies to someone browsing at an Internet cafe or at a WiFi hotspot. Secondly, many DSL connections use dynamic IP addresses, and Mr. LinkScanner may go through 10 different IP addresses in a week. Even if you age IP addresses on your database, the statistics will still be poorly skewed.

    Personally, I'm still a big fan of Nod32 as an antivirus scanner. Either that or it truly is time to start moving the general populous to FreeBSD...

  32. John Latham

    Twunts

    ..and that's the politest I can be after several minutes muttering obscenities as I read this story.

    The whole idea is wrongheaded.

    For AVG's tools to work, they must be undetectable, by both webmasters and malware authors. Otherwise the malware will just present clean markup to the AVG linkscanner.

    So, everything they say about cooperating with webmasters is horseshit. As evidenced by them changing the user agent strings.

    Bandwidth and CPU is not some inexhaustable free resource.

  33. NRT

    It will probably get worse.

    With Phorm in the UK & Nebuadd in the US planning to track people at the ISP's servers, I suspect it will become relatively common to install software that sits in the background & fires off random requests to any website it finds.

    Whilst this will, as intended, swamp the data collected by these companys with noise, it will also eat up the available bandwidth & muck up any visitor analysis on websites.

    Nick.

  34. Stephen Baines
    Flame

    @Pat Bitton

    I no longer trust a word AVG says. Your words mean absolutely nothing.

    In the last story, you said if people contacted you, you'd work with them and try and sort out the problems to do with bandwidth.

    I did contact you.

    You responded and said you were passing it onto someone else, who in turn passed it onto someone else, and nothing has been done. No one has contacted me since, and the traffic continues, and my logs remain hideously polluted which is causing me massive problems setting up a new business and trying to decipher what is real and what isn't.

  35. Alex
    Paris Hilton

    web analytics is going to have to change or die

    Its a step forward in privacy, this is the sort of thing that will significantly skew ISP-hostKits like Phorm/BTwebwise and for that I applaud AVG's forward thinking.

    web analytics walk a very fine line, I'd say the most important question is does AVG's new system also skew click thru adverts?

    if not then everything fine isn't it?

  36. Charles Silver badge
    Alert

    We may be facing a "Pandora's Box" problem.

    What AVG seems to believe is that it needs to look through the search results proactively, before the web browser has even a sliver of a chance to get it into memory...because by then it could be too late. The proxy approach, for example, wouldn't work if the zero-day stuff happens to come before detectable stuff. The critical stuff would've been let through by the time AVG realizes there's a problem. And blacklists don't work anymore because of the increase of drive-by downloads that are infiltrating perfectly legitimate sites--they're becoming like AV signatures.

    Essentially, AVG is saying the user clicking the actual link is equivalent to opening Pandora's Box--too late to do anything about it.

    We could be facing a serious and hard-to-solve conflict of interests. Both sides have valid points (AVG's technique skews the statistics, but it's also probably one of the first techniques that prevents opening Pandora's Box).

  37. Anonymous Coward
    Anonymous Coward

    @Martin Owens

    Unfortunately there are a lot of people using "web-enabled" applications (as in, "can't run at all without a web browser") that are written in such a way that they require IE6 to work.

    Yes it is stupid to code like that, but that's what was done so the Users have to live with it - I blame the management and accountants for letting the coders get away with writing non-portable code but it is quicker and cheaper than writing code that can use any browser but is secure enough for all purposes (besides, if the programmers wrote all the code in HTML then the suppliers couldn't charge as much as they do for their "individually-tailored solutions" since it would be much more obvious that their "individually-tailored solutions" were simply slightly reworked front ends on what they just sold to all your competitors...)

  38. Calum Morrison
    Boffin

    On the other hand...

    I've been rolling out AVG on my LAN recently and coincidentally, my users have noticed a big slowdown in web access.

    We share a (pretty slow but as good as we can get this far from the exchange) ADSL link and reading this, it's just dawning on me that AVG may be the reason for the problems; if one user hits Google and AVG goes off and downloads say, 10x as much as it normally would, then that's going to have an impact. As of this morning I've disabled Link Scanner across the network (good old AVG Admin Console - one click does the trick) to see if we get an improvement.

    Judging by the comments, if I'm right, some of you will be glad that this is impacting AVG's paying customers just as much as webmasters!

    (As an aside, whilst tracking this slowdown I've been watching my firewall graphs closely; we have a nightshift here and the spike in traffic whilst BBC are showing footy over iPlayer is huge. The other night, we maxed out from 8-10pm whilst last night, with the match on ITV everyone stopped surfing at 8ish, did a bit around half time then started again at 10. We have a TV in the canteen... Productivity will be monitored!)

  39. Secretgeek

    Am resisting.

    Like other posters I started using AVG because of it's minimal effect on my system performance.

    I'm still ignoring the 'PLEASE GET AVG 8!' pop up but from what's been posted here looks like I'm going to have to faff around getting another scanner.

    How good is this ClamAV?

  40. I. Aproveofitspendingonspecificprojects
    Paris Hilton

    Putting the djin back in the bottle

    <quote>Just send AVG the bill. They requested the data. maybe when the lawsuits for damages pack up they'll realise its a bad idea.<unquote>

    Proving who dunnit.

    What is going to stop an host of agents using the idea now they have seen it implemented? And more to the point, how will the SFBs subvert it to nefarious purpose?

    I take it it is nothing more than a search engine add-on with teeth? So if someone puts the sweat of their brow out on the line, it isn't anyone's fault but their own if it gets sundried?

  41. lansalot
    Unhappy

    costs ?

    So those people on metered broadband (etc) will be downloading a fair bit more than they think they are. Surely that cost will meet them head-on at some point...

  42. TeeCee Gold badge
    Pirate

    @Daniel Brandt

    As I am sure others will too. Gather the IP stats, I mean.

    The next "Holy Grail" for the bad guys will be a nice, fat exploit for AVG. Then, armed with a large list of known vulnerable IPs and said loophole, it's fill yer boots time for the scrotes out there.

    Log that traffic now, the unholy Christmas is coming......

  43. Parax
    Alert

    TRANSPARANT PROXY

    Preemptive Strikes are stupid. scan between web and browser! ie A Proxy Client!

    If they can use a proxy for pop mail why not for browsers also?

    AVG Grow up and stop pissing on everyone!

  44. Anonymous Coward
    Unhappy

    Pay Per Click

    Web analysis is nothing. It also checks every pay per click advert on google for instance so watch out for all that extra click fraud.

    I guess there is also a big hit on dns servers.

    Yikes!

  45. Anonymous Coward
    Anonymous Coward

    pay per click II

    And of course as google charge for each click even from the same ip within a few seconds so as the user goes through the search results page by page and you ad shows up each time it will probably get scanned multiple times resulting in multiple pay per click charges......

  46. Evil Graham

    Isn't there a principal rule of medicine?

    Something like "First, do no harm"?

  47. Anonymous Coward
    Thumb Down

    FAO Daniel Brandt

    "I plan to make available a list of the IP addresses of AVG users I've collected. It won't happen until I have a few thousand or so to start it off."

    Ever heard of dynamic IPs Daniel?

    Can we have a list of sites you're doing this on and your friends doing the same so we can block you before you block us?

    I'll admit to the odd kneejerk reaction myself, but even once I'm free of AVG I don't think I'd want to come near a site run by someone even worse than me.

  48. Svein Skogen
    Flame

    @pat

    I guess you don't mind that webmasters start placing AUPs on their website stating that all visitors WILL be port-scanned. If AVG is detected, ALL traffic from that ip WILL be billed _YOU_PERSONALLY_ at a rate of €1 per bit, UNTIL YOU WITHDRAW YOUR BROKEN PRODUCT.

    AVGs Linkscanner "feature" is a method of increasing bandwidth usage, and I expect internet providers to handle customers running your broken product the same way as they handle "bandwidth hogs", that is: Disconnect them. Maybe if AVG gets the backlash "customers running our products gets thrown off the internet", they will understand that their product is broken.

    I fully expect hosting providers to file charges against Grisoft for this CRIMINAL denial-of-service attack. Last I checked such activities carried a jail possibility.

    //Svein

  49. Anonymous Coward
    Anonymous Coward

    pay per click III

    Phew, they don't follow the actual link according to this old article

    http://www.theregister.co.uk/2008/06/19/avg_linkscanner_and_adwords/

    Doesn't mean it works with every pay per click engine though!

  50. Anonymous Coward
    Boffin

    mouseover?

    What's wrong with triggering it on mouseover (or on focus)?

    That would achieve both advance-searching and limiting bandwidth use to just those pages people are actually interested in.

    You could also use it as a pre-fetch cache so that load times of sites you've hovered over are quicker because they've already been downloaded.

    Muppets

  51. Gareth Tansey
    Alert

    To Pat Bitton

    You say "We're also continuing to gather data, and work with webmasters and analytics folks, and we still enable those webmasters who want to filter our requests out of their results to do so". Can you please explain this comment in more detail? I'd love to work with you, so give me a Web site to look at, or an e-mail address to start with. And how exactly can I filter if you look exactly like IE6.

    By the way, my company's AVG license (25 user) has just expired and we're installing an alternative product. This is directly due to the fact that you are wasting processing time and bandwidth on our customers' Web sites. I did e-mail your sales e-mail address before we took this decision to invite your feedback, but I was ignored.

    You fail to realise that some of your customers are also web hosts. And ignoring your customers is just plain rude.

    It is not acceptable to "break eggs" to make omellettes when you don't own the bloody eggs!

    You also haven't answered the question that's been posed time and time again when this story has been posted: "why don't you scan on demand instead of in advance" ?

    Or the question of "hmmm.... how a malicious host can fool link scanner". If that were me (and I'm not the first to say so), I'd do it like this - don't put out any malware on the first visit from an IP address to a page in case link scanner identifies me, I'll put it out a bit later when the user actually visits. Or perhaps use a delayed or user initiated JavaScript redirect that Link Scanner won't pick up, to then go to another page stuffed full of malware.

    Not only are you hurting the hosting industry and your customers, but your solution is inept.

    Frankly, AVG are swimming against the tide. When will you listen? Turn this crap off.

  52. Phil Endecott Silver badge

    Quote from Pat Bitten

    Here's a quote from Pat Bitten @ AVG in the comments to the original story:

    "Over the next few days, we will be exploring ways in which we can continue to deliver informed protection as unobtrusively as possible"

    Pat's message, at the time, sounded like some sort of olive branch to those of us who are paying for the bandwidth that his product uses. But now I read "unobtrusive" rather differently.

    Pat now says that changing to the IE6 User-Agent was part of a "planned release". Yes, I understand that releases have to be planned in advance: but it's always possible to UN-PLAN them when you know they're broken!

    Anyway, we need to work out how to block this new traffic. Some people might choose to block requests with no referrer set, but that's obviously not ideal in most cases. Maybe there is something in one of the other HTTP headers, or something. Can anyone easily capture a dump and post what they find?

  53. Anonymous Coward
    Paris Hilton

    Doesn't interpret JS the same as IE6 though ...

    Ever since this debacle began I've noticed that I *can* tell real users apart from LinkScanner as it interprets JS slightly differently. See the code below. If you plonk this in an external JS file and link it from your pages, you'll see what I mean.

    IE6 will run it and subsequently request "empty.js"

    Linkscanner will run it and subsequently request "'+libName+'"

    var avg = {

    load: function(libName) {

    document.write('<script type="text/javascript" src="'+libName+'"></script>');

    }

    }

    avg.load("/js/empty.js");

    I'm sure someone better at JS than me can do something useful with this ...

    Paris - because even she realises that LinkScanner is a flawed waste of time...

  54. Anonymous Coward
    Go

    Time for action

    Someone out there must have the time to set up an action group - if enough webmasters change their terms and conditions to explicitly deny this action, then we can take direct legal action.

  55. Robin
    Coat

    Flippant

    "I don't want to sound flip about this, but if you want to make omelets, you have to break some eggs."

    Flip ... broken eggs ... ? Sounds like he's making pancakes, rather than omelettes.

    Mine's the one with Jif lemon and Tate & Lyle Golden Syrup in the pocket.

  56. Sam Kirkpatrick
    Unhappy

    Optionally, let the user disable it!

    I've recently updated to AVG 8 (paid for) and the Link Scanner is infuriating. I have no interest in having it turned on. However, as soon as it is turned off, you get an AVG warning along the lines of "You are no protected!"

    I know this doesn't really deal with the issue of bandwidth and site management, but if AVG allowed users to legitimately turn it off without causing the whole program to break, it might help. Performance grinds to an absolute halt when it's running on a search results page.

  57. Anonymous Coward
    Stop

    what about google ads?

    Will this AV software also visit the paid for adverts at the top of the Google results? And does it pre-scan all search engines, or just for Google?

    I really hope they do scan the paid for ads too, causing advertisers additional costs. I'm sure once Google has to start handing back money for false clicks they'll soon be on AVG's back with a lawsuit ;)

  58. Steve
    Stop

    AVG is a good tool

    But 5 minutes after upgrading to AVG 8.0 I turned off the linkscanner and moaned at them about it on the grounds that if a search result link was suspicious, I probably wouldn't have gone there but now my IP would have communicated with their system. Lovely :0

    This could lead to other issues too, such as visiting "honey trap" sites that just happen to come up in the search list inappropriately (a mother searching for new design of childrens swimwear, for example).

  59. Rabbi
    Thumb Down

    You can't block IE6

    @Martin Owens - My company uses a legacy application that works through the browser - and won't work properly with IE7. IE6 is still supported software and our patches are all up-to-date. I'm not saying we're not unusual, but IE6 is not so bad that it should be "banned".

    And generally speaking, I'm not impressed with AVG8 (I use it on my personal PCs, not work). It IS turning into Norton - bloated, toolbar, unwanted Yahoo search integration, obtrusive notifications. I've disabled LinkScanner - and have to put up with the notification icon that constantly tells me there's a problem.

    My solution? I'm going back to AVG 7.5 and recommending it to all the people who ask me. I still have the installer on a USB key and it looks like updates - at least - are still available on the AVG website. Certainly my kids' PC is still running 7.5 quite happily.

    If/when AVG sort their act out, I'll start using/recommending their product again - unless someone else has won my vote by then!

  60. Chris Locke
    Thumb Down

    Totally unsecure

    Some good points made here:

    http://www.thedvdforums.com/forums/showthread.php?t=512083

    "It's easy to detect if AVG is prefetching a page, this means that malicious sites can actually redirect the AVG requests to a clean page that contains no malware. As a result AVG will report that the page is safe and allow you to click through to it - when in fact all it saw was a dummy page and the real page could be infected with many many exploits.

    It wastes bandwidth and creates fake DoS attacks on websites. I spent a number of days trying to track down the cause of server issues on CD Times - finally with help we managed to determine that it was AVG creating what amounts to a DoS attack from multiple zombie machines. The software had hit upon a custom 404 page and in the period of 1 month I have had millions of requests - hundreds of thousands per day - for a page that doesn't even exist. The frequency of these requests resulted in the server becoming unstable and caused the site's monthly bandwidth use to increase by more than 20 times."

  61. Ken Hagan Gold badge

    Re: scanning before clicking

    "I believe the idea of scanning before clicking is that if you find old malware there is a good chance it may have new malware. If you warn that old malware has been found on a site, hopefully users won't go there at all and that protects them from zero-day exploits which the software doesn't detect."

    This assumes that the scanner is immune to the malware whereas the rest of the browser isn't. Given that we are defending against new malware, that strikes me as a little optimistic. (In mitigation, apparently the scanner ignores most of what's on the page. OTOH, if it ignores most of the page, what was the point of scanning it?)

    How long will it be before someone attacks the scanner, thereby raising the interesting possibility of "I was hacked, not because *I* went to a dodgy website, but because my AV software did."?

  62. Rob W
    Linux

    @Martin Owens

    I've already started putting up warning banners for IE6 users, explaining that they're using a defunct web browser and that they should probably try Firefox (or even just IE7?!). That was before this whole LinkScanner bullshit.

    Now I'm going to have to possibly put in a redirect page for IE6 users. Something along the lines of "The browser you're using is not only defunct, it is being spoofed by antivirus software" and a link to the real page.

    AVG are worse than the British government for their proactive 'make like harder to make it safer' idiocy.

    Tux, because it's the closest El Reg gives us to the utopian world of OS X. Viruses, on a computer?! What's wrong with you man!?!

  63. Werner McGoole
    Thumb Up

    Just a thought

    But if the impact is as big as is claimed, isn't this going to ph*ck phorm's statistics as well (and NebuAd and the rest)? Maybe we should be congratulating AVG on an excellent new anti-spyware initiative?

    Could this be the first case of new security software being developed completely by accident?

  64. Grant
    Stop

    @It's simple

    No don't redirect to /dev/null redirect to AVG let them pay for bandwidth. They are generating the bandwidth. The only thing thing that will AVG will notice is it cost them money. You may consider put invisble links to AVG on your sites that users won't see but AVG link spam software will, this would boost their ranking but would generate more link spam to AVG sites and bandwidth.

  65. Mark Land

    please try this...

    Avira, I found was a very effective free and lightweight virus scanner for PC. Now I have a Mac so don't need one, but I think it is a much better product than AVG.

    Those AVG guys seem so arrogant, time to switch....

    Not sure what I can do to block the scanner from my website(s) now, please AVG, tell me exactly what I can do? I am sure a lot of Reg users would also like to know.

  66. Mage Silver badge
    Flame

    Stupidity

    Boycott AVG.

    Actually ALL the PCs I have removed Trojans, Adware, Viruses etc from HAD AV software installed.

    AV SW gets false sense of security and encourages users to learn even less about safe use of PC. The issue is User Education.

    Social Engineering attacks will ALWAYS defeat ANY security scheme or AV/Anti-Malware.

    Prescanning sites in search results is really really meaningless, eating peoples cap, eating servers bandwidth, slowing browsing and is doomed to fail anyway.

  67. Nic Brough
    Jobs Halo

    @Mark Land

    >Avira, I found was a very effective free and lightweight virus scanner for PC. Now I have a Mac so don't need one

    <sound of coffee being scraped off screen>

    Just because a Mac has infinitely more security, is more virus resistant and less of a target to virus writers than good old Microsoft (open your wallet and repeat after me, "help yourself") Windows, doesn't mean you don't need to worry about them!

  68. Pascal Monett Silver badge

    That's it, I'm making another omlette

    I've been using AVG happily for the past few years.

    I've not at all appreciated the nag screens telling me to upgrade to AVG 8. Tell me once is okay, tell me every time I start up the PC is a nuisance.

    Now it is official : AVG is nuisanceware.

    Well I agree that you have to break some eggs to make an omlette. AVG is now in the process of being uninstalled from the 3 PCs I have. I am going to install another product and tell all my friends to do the same.

    And since I am their IT expert, they're going to do it.

    So, Mr. Thompson, how do you feel about breaking some eggs now ?

  69. Svein Skogen
    Happy

    Actually (for filtering purposes)

    How many IE6 installations on XP does _NOT_ have .net installed?

    Seems the genuine IE6 useragent reports .net versions, while this linkscanner junk doesn't.

    Anybody care to grep through their access-logs and check?

    //Svein

  70. Anonymous Coward
    Happy

    Don't install linkscanner

    That's what I did. I did a custom install and unchecked Search Shield.

    It works fine and with no linkscanner.

  71. Lee Dowling Silver badge

    It's not just the fake traffic

    It's not just the fake traffic that's the problem. I sympathise with webmaster's problems here but a few extra HTML fetches are hardly the end of the world, even for a small webhost. Any decent website gets spidered endlessly anyway and even (as I've had happen to myself) mirrored word-for-word on foreign domains. Get on a decent host with a real bandwidth package. I help run one of the UK's largest Scouting sites (pulls in the same amount of / more traffic than the "official" one) and we haven't noticed a spike yet.

    However, the real problem is the problem of "deniability". If it looks EXACTLY like an IE 6.0 request and it fetches ANYTHING found on Google indiscriminately, then what defence do you have if your ISP logs your "browser" visiting lots of very dodgy sites rapidly? There may not be a trace on your computer, there may be a viable explanation in the form of an antivirus that is known to do this, but will the courts see it this way?

    This is why, as a technical advisor for several schools, I have revoked all my opinions about recommending AVG and would not choose to install it now. It used to be my AV of choice for home use because it used to be good but it's steadily deteriorated.

    AVG - you should really be ashamed of yourself. There was a time when I would use you in preference to everyone, now I can't even recommend your use AT ALL. All on the basis of vague, inscrutable, unnecessary, overblown, badly-designed technical measures (I bet some idiot superior decided it was a good idea) and STILL you don't back down when people complain en masse. Sort it out, or lose a lot of regular customers.

  72. Kevin Reader
    Pirate

    @Pat/Roger

    Rarely have I read such a mixture of platitudes, waffle and management speak.

    Have you both considered going into politics, your ability to spin abject stupidity and irrational behavour as a benefit to the customer would do you well there.

    This whole concept is either just a marketting splash which has been VERY badly implemented or its an idea that sparked (non-technical) pointy haired bosses imagination and (again) was not thought out from a technical standpoint at all.

    If you REALLY wanted to warn about _previously_ compromised sites then LIKE GOOGLE ALREADY DO you would maintain a watch list of potentially dangerous sites and validate the link addresses against that. You would merely do a prescan of visited links and forward suspicious sites to your centralised watch list.

    Your existing prescan CANNOT provide the feature you claim since it visits all the sites/pages AS THEY ARE NOW - so it cannot be interested in what they were like previously. So either you do not understand your own product or the internet.

    Congratulations as you appear to have alienated more people in a single roll out than any other security company; even Symantic!

  73. Charlie Clark Silver badge

    Missing the point

    Only about two comments have any sense: the first highlighting the privacy issues surrounding log files in general (they may even become illegal in Germany); and the second more pertinent that the very service that AVG intend to offer could be turned against itself. This will probably cause AVG to rethink the product.

  74. Charles Silver badge
    IT Angle

    So what do you do?

    So how else do you take a proactive approach to stopping web exploits, particularly zero-day vulnerabilities, short of shunning the Web? Since the exploiters are being shrewd enough to only serve the exploit once per IP and only to requests from genuine web browsers not protected by proxies, it's like a bunch of highway robbers geared to only ambush lone travelers. So how else can you spring the ambush except by acting like a lone traveler?

  75. Kevin Bailey

    @Solution is obvious - and simple

    Stop using Microsoft software!

    It just amazes me all this going round and round in time-wasting circles.

  76. Anonymous Coward
    Anonymous Coward

    A title is required. <- Why oh why? Here is a title for you. Satisfied?

    Right, I heard (read actually) enough. AVG is out of my systems for good. ClamAV here I come.

  77. Hans-Peter Lackner
    Thumb Up

    I see no problem...

    Webmasters will have to find a better way to "improve the ecosystem.." B..S..T Bingo!

    Every user can disable SurfShield and its a very good way for some users to avoid malicious sites...

    So webmasters: Stop whining...

  78. Mark

    Re: It's simple

    No, put a 503 or whatever and say "We are unable to allow access because you are most likely to be AVG link scanner. If you are a legitimate user, please use another browser, such as FireFox or Opera".

    Microsoft may then have "issues" with AVG for screwing the pooch for them and getting people to upgrade to a competing browser (some OS's can't take IE7 or IE8, so these cannot be advocated by your site).

  79. Jess
    Paris Hilton

    How about...

    Diverting any users with an agent string AVG uses to a simple CAPTCHA page which also contains an explanation, t&c of the website (ie no prefetching) and several links to AVG.

    Failing the CAPTCHA would redirect to AVG.

    Something like:

    We apologise, but your system is using a browser agent string known to be used by AVG for automated prefetching in contravention of this sites terms and conditions. To prove you are human please answer the following...

  80. Mountford D
    Linux

    Yep, bloat it is

    Friend of mine was panicked into paying £39 for AVG 8 when his free AVG 7 kept telling him it was going to expire. The pay-for version came with the usual bundle of crapware including a firewall that made his computer useless. He had a perfectly good SPI firewall on his router so I tried turning off AVG's proved impossible without some registry hacking.

    AVG might be a good anti-virus and believe me, the free version suffices, but the rest makes up a good piece of shit. I've just about convinced my friend to switch to Linux or at the very least, ditch AVG in favour of a simpler anti-virus.

  81. Mark

    Re: So what do you do?

    Don't take a proactive approach.

    I mean, proactive is a shite word any way (what? You're "for" activity? What does it mean???).

    So what you do is identify yourself as AVG (because you ARE. Stop lying about being IE6). Or run as a http proxy and cache (like squid) and only scan when someone tries to look at the page. The slowing down by scanning is less (though more concentrated) than the scanning being done anyway, and adding a proper cache should increase the responsiveness and reduce network load (and delay the rate of breaking the AUP) enough to make it seem faster.

  82. Morten Bjoernsvik
    Stop

    @Daniel Brandt

    >"I plan to make available a list of the IP addresses of AVG users I've collected. It won't happen until I have a few thousand or so to start it off."

    This is quite idiotic, DHCP at ISP and NAT-masking are not your friends, will make this list completely rubbish.

    I can send a request new IP to my cablemodem/router and get a new IP from my ISP.

    Usually I do not like to do it, because of DNS records then being invalid.

    But it takes me around 5 sec to change IP and update DNS record, This will work until I've span the entire IP-range of my ISP, then no-one from the same ISP will get into your site. Nice thinking.

  83. Charles Silver badge
    Dead Vulture

    @Mark

    So you're against immunization? That's a proactive approach, too. It's also the only approach that's effective most of the time. The reactive approach is like trying to shut the door after the horse already got out. The screening (proxy) approach won't protect against a zero-day vulnerability since the proxy can't distinguish it. So if loading the page is too late, but you have to load the page to determine its safety (think of it like a steel-encased bomb with a trapped lid and the only way to get to the innards of the bomb to defuse it is to lift the lid...), how do you go about it?

  84. Anonymous Coward
    Flame

    disable linkscanner - easy

    . In the free version of AVG there's no option to disable linkscanner at install time. You have to use obscure commandline arguments.

    Luckily there's an easier way - remove the stupid product from your PC.

  85. W
    Thumb Up

    Just want to throw in a vote for Avast.

    Switched to it from McAfee when I switched from IE6 to Firefox about 3 years ago. Apparently clean surfing ever since. Such a good improvement, it was like a major upgrade to the hardware.

  86. Anonymous Coward
    Flame

    IE6 = byebye

    I will shortly be putting up a page on my site which says

    "Either you're using IE6, or you're using AVG. Please note:

    AVG's new product contains a malware component called LinkScanner that secretly scans all sites in your google searches, masquerading as IE6. This generates large amounts of false traffic which can prevent legitimate users accessing a site. It also increases the costs of running a site without any benefit to the owner.

    Please copy/paste this link into your browser to proceed. <link obfuscated>. If you're using AVG, please also email <email addy of Grisoft support obfuscated> to mention this flaw in their product."

  87. Anonymous Coward
    Linux

    Is there anybody there?

    They are not listening are they?

    I just hope that they give me my £$%^& money back. I've gone for NoD32 now. They had their chance - realistically with 70 million customers, my desperate emails begging for support were bound to be answered by an automaton who gave me the wrong advice. Well I never intended to become the ingredient in any sort of AVG omelette you guys. I just wanted some simple unobtrusive and effective virus protection with a firewall for which I was willing to pay required £39.99 for upgrade from a paid AVG 7.5 which worked without a hitch for 2 solid years. I did not want a bunch of security crap which slowed my system to a crawl, would not update, took 16 hours to check my system for viruses and was only finally evicted by a boot into safe mode. Contrary to the happy smiley advice on the AVG home page!

    Before this becomes a clone letter to the other rant I posted in el reg's alternative AVG link scanner thread I just want to say this...

    Can I have my money back...soon?

  88. Anonymous Coward
    Thumb Down

    AVG SCANNER - FATAL FLAW

    The fatal flaw in AVG's approach is that, no doubt, their link scanner has a buffer overflow or some other hole in it. That means you search for something and a search result (without clicking on it) loads malware on to your PC.

    Good job AVG!

    What a crap piece of software.

    By the way, if you live in a country like New Zealand with crap broadband (er, I mean, just-faster-than-dial-up-band) then your searches take forever as AVG has to troll the slow, slow, slow NZ network out to the real Internet to find out if everything is OK.

  89. Chris Cheale
    Flame

    For the love of god...

    Talk about blowing it out of all proportion.

    First off, log file analysis is, at best, patchy - it's not the greatest most reliable tool ever. So it's getting scuppered, is it getting any more scuppered than it was by AOL routing all traffic through servers in the US? (when AOL was big enough to have any kind of impact of course).

    Bandwidth usage - granted this IS going to be a problem on sites that appear in the top 10 results for popular searches on Google. Remember, the full-blown Linkscanner is only available to paying users of AVG, the free version (which I'd guess is far more prevalent) only pre-fetches data from (the big) SERPs. I'd guess Google's love-in with Wikipedia is hammering everyone's favourite uncylopaedia.

    For individual users... the pre-fetch grabs an additional few k's worth of text whenever that user does a search. Now let's compare that to several megs of iPlayer traffic, or gigs of torrents... it really does pale into insignificance.

    Even if you _are_ using AVG, it doesn't really slow your search down - it loads the results page before completing the scan so you just get some little swirly green loading icons whilst it's scanning.

    And for the record - I've just gone through my web-stats (transfer usage is about the only reliable part) and well... yes, the (known) AVG user-agents make up for about 15% of my hits but data transfer is negligible since the googlebot is well behaved and doesn't index either /lib/pdf/ or /lib/zip/ (it obeys my robots.txt) - therefore no hits from the AVG linkscanner either.

    Compared to the data transfer running through torrents, software patches, YouTube, iPlayer and so on this is hardly the Internet Apocalypse.

  90. This post has been deleted by its author

  91. Robert Harrison

    Don't necessarily blame the AVG developers

    The problem is that whilst software is never truly considered to be complete most software products reach a point where there is little more you can do to 'add value' to them. Fix bugs, improve stability of course. But, similar to Microsoft Office in particular (and maybe Vista), you get to a point where adding new features and functionality can only possibly degrade the overall product and its performance.

    Unfortunately, the senior managers, shareholders and bean counters generally have no concept of this. "We've got to keep adding features" "Grow our market share" "Increase the wow factor" and so on. Maybe AVG has hit that wall?

  92. Phil Endecott Silver badge

    Re: Hmmmm

    > The following are genuine questions, not posed to prove a point:

    >

    > What is the difference between what AVG is doing and those "browser

    > accelerators" that pre-fetch all the links on a page?

    It's equally bad in terms of wasted bandwidth. I return 403 to pre-fetchers; I can identify them because they send a "prefetch" header.

    > Is this actually a performance issue?

    I've no idea.

    > Can webmasters code their pages so that they do not appear in google?

    Yes, using robots.txt. But that gets rid of the legitimate traffic too.

  93. Mark

    @Charles

    What do you mean?

    If you mean that the page could have a zero-day exploit of IE that AVG link checking doesn't know about, then you aren't going to know about not clicking on it.

    If you mean the page could have a zero-day exploit of AVG link checker, then it is autoclicking on the link for you, so not clicking and not getting the page is safer and clicking and getting the page is no worse.

    If you mean that the page could have a zero day exploit, well, which is more likely to have the exploit? Complex fully-featured web browser or the single-purpose link checker plus single-purpose http proxy?

    If you mean a zero day exploit of IE that link checker would have spotted, well, link checker checks when you click on the link, and tells you (in a wee popup) "this page is naughty", or (on the page itself) "this page has what seems to be malware on it. Click this link to continue". So no difference but has the better security by accessing only the pages you go IN to, not ALL the pages on a search engine page.

  94. conan

    If you make it, they will come

    Webmasters make content public and don't discriminate about how they serve their content. So if lots of users want to scan links before they click on them, that's their perogative. It's a shame that AVG chose to use this approach, but there's nothing wrong with it, any more than Google/Yahoo!/Microsoft scanning stuff for searching purposes. If you don't like it, make users sign up before they see your content. People who advertise on billboards have to live with folk spraying graffiti on it, and that's actually illegal - making HTTP requests is not.

  95. Alan W. Rateliff, II
    Paris Hilton

    Analytics are just like statistical surveys

    Statistical surveys are often flawed based upon the data collection, how it is tabulated, and even more so how it is presented. Analytics are just about the same, regardless of what anyone in the analyitic "industry" will tell you. I have run into several of these expert types, given fair audience to their flawed arguments, and walked away as unconvinced as before.

    The problem is a reliance upon sets of data which are unstable in that the data can be affected by too many uncontrollable factors. AVG's LinkScanner falls into this category.

    I see both sides of the coin on several components of this issue.

    A pre-scan of a page gives a user fair warning of an active threat on a target site, about which distributed databases like SiteAdvisor et al may not yet know. At the same time, craftily hacked pages might detect such probes and causes false negatives, in which case the real-time surf scanner would catch the real stuff. This would turn out to be just as cat-n-mouse as the anti-malware industry as a whole.

    Many of the posts here indicate problems with components which can easily be removed. LinkScanner and the firewall, in particular. AVG AntiVirus v8.0 includes a multitude of scanning features which represent a rather comprehensive protective set. None the less, a user can opt out of any part of that set.

    The bandwidth problem is definitely a real issue, to which I do not have any simple answer or resolution. Bandwidth would almost seem to be collateral damage, but at what level is that acceptable? That is difficult to say, as someone who hosts websites but does not have to deal with bandwidth limitations and billing. This is something I hope find a way to get ironed out.

    My recommendation to this would be a simple mouse-over scan, in line with another's suggestion -- have an icon next to the link which indicates the link has not been scanned, mouse-over the link to perform an active pre-scan. That puts the user in more control, though at the same time opens up users who would just as quickly click [YES] or [OK] to a "Download virus?" requester at an original level of risk.

    "Perform virus scan?! I'm waiting for porn, here!" -- Bender

    I will disclaim my comments by stating that I am an AVG Authorized Gold Reseller. I work closely with my customers and relate information back to AVG whenever necessary. In some cases I have recommended that customers temporarily remove components, in particular the firewall and LinkScanner, for various reasons when standard troubleshooting cannot find a resolution.

    I run AVG AntiVirus v8.0 on my own systems and closely monitor how updates affect performance and usability. I have been very happy with AVG as a product, and with the Grisoft/AVG team for their support over the years, and I have faith that this situation will pass and the team will make wise decisions which can only be made by making and learning from the mistakes which sometimes come with forward thinking and quality attributes for which AVG has been known.

    I am disappointed by the number of knee-jerk folk out there who will abandon a brand or product at the drop of a hat. But then, having worked in retail for over a decade, I recognize that those folks are everywhere and their opinions will change with the phases of the moon. Now, that does not mean their opinions carry any less validity, it just means that they are more harshly critical, more quick to react, tend to be less forgiving, sometimes less positively communicative, and often more outspoken than others.

    That being the case, I do hope that some of you come back. (I mean that sincerely; I do not make anything from your purchases unless you buy directly from me. And then I also happily get to be the first target for your rants! That is part of the business and I tend to be a patient man in those regards.)

    You know, I really expected more of a back-lash from AVG dropping support for 9x and ME ;)

    Paris: forward thinking, quality attributes, and the ability to learn from mistakes, though she is ready to drop a brand like *snap*.

  96. this
    Alert

    swich off - fair enough. but please fix the icon.

    I've used AVG happily for years - installed it for Aunts, Mothers-in-Law etc.

    But although its easy to switch off link scanner (I did so immediately as the thing is obviously a pain) the danger! red icon scares people. It should be opt-in (with a proper explanation of its implications) and when you say no thanks the icon should not register panic.

    The email scanner is turned off too - as it causes Outlook Express to mark every email as having an attachment - daft.

    As to getting another anti-virus the jury's still out, but I'm considering it.

  97. Mark

    Re: For the love of god...

    "Compared to the data transfer running through torrents, software patches, YouTube, iPlayer and so on this is hardly the Internet Apocalypse"

    But you only get P2P when YOU join a P2P stream. Or download iPlayer.

    Websites don't do that.

    Users do.

    So that point is what is known in English as Bollocks.

  98. Anonymous Coward
    Anonymous Coward

    McAfee Site Advisor

    How is the fuctionality of AVGs solution different to McAfee Site Advisor, from a users point of view?

    If McAfee can provide this to the user without screwing over everyone else, why can't AVG?

  99. Mike

    I support AVG

    Mainly because I don't support web analytics and statistics, nor do I support targeted advertising. If this has the side effect of screwing the advertisers and their business model I am all for it. I love omelette's, break those eggs. And charging by the byte is wrong. Charge based on available throughput, use all that you pay for, you can't use more without buying additional circuits (actual or virtual).

  100. Anonymous Coward
    Anonymous Coward

    Not Every Top 10 is a Big Corporation

    A couple of people have pointed out that "It only scans the top 10 search results." There's a tacit assumption here that all of the Top 10 sites can afford the extra bandwidth because they are run by big organizations. It's not true. Try Googling (is that a verb now?) for reviews of winter tires. At least one of those top 5 sites is funded primarily out of an average joe's mostly empty pockets.

    While AVG's new pre-scanning might be a bit of a nusance for those who make money on the web, the extra bandwidth for those who provide web information as a free service may just force those sites to close down.

    Another concern is that once one AV provider starts doing it, how soon before all the rest jump on the band wagon?

  101. Steve

    @ swich off - fair enough. but please fix the icon.

    I had a word with them about this a few weeks ago, and it's fixed in the latest version.

    Go to tools->advanced settings->ignore faulty conditions and tick link scanner.

    I'm standing by AVG in general because it's small, fast and does a good job. The firewall doesn't cause any noticable slowdown and, at whoever suggested it wasn't needed with SPI in the router, well, let's just hope another machine on the network doesn't get infected, eh :)

    Still think the link scanner is a dumb/dangerous waste of effort. Wait til I choose to click, then check what it's returning. That's all I want the software to do.

  102. Anonymous Coward
    Anonymous Coward

    Breaking eggs

    Well, here is another vote that if AVG insists on breaking the eggs, then they should darn well pay for the omlette.

  103. Anonymous Coward
    Anonymous Coward

    Why don't google do it at source?

    If this prescanning makes any sense why don't google scan the sites for malware and make it a search option to exclude sites thought to be infected. Having google scan the sites even on a frequent basis has to be better than having millions of users all conducting there own scans?

  104. Anonymous Coward
    Anonymous Coward

    Here's how to redirect these requests back to AVG

    Here's a mod_rewrite rule to redirect these very annoying requests:

    http://www.pixelbeat.org/docs/web/avg_linkscanner.html

  105. Steven Knox
    Stop

    Re: Pandora's Box

    "The proxy approach, for example, wouldn't work if the zero-day stuff happens to come before detectable stuff...The critical stuff would've been let through by the time AVG realizes there's a problem."

    You clearly don't understand how a proxy works. A proxy doesn't have to forward anything to the browser until it's good and ready. It can wait until the entire page, all the linked CSS and Javascript, all the images, xkcd, the complete archives of PH's escapades, and anything else it'd like to look at is downloaded before one bit of information is sent to the browser.

  106. Charles Silver badge
    Alert

    Re: Why don't google do it at source?

    The trickiest malware authors are shrewd enough to detect these spiderings (by checking the requesting IP, for example) and trick them with false negatives. They'll only send malware to known consumer IPs, and then only once.

  107. Charles Silver badge

    @Steven Knox

    And could the proxy server be able to do all this while acting just like a real-life Internet user without breaking something (by using the wrong user agent, for example)...or being detected by the malware authors and being tricked with a false negative or--worse--something that compromises or bypasses the proxy server itself?

  108. Kenny Millar
    Jobs Halo

    2 solutions

    1. Google should put AVG's link on every set of search results returned, the resulting bandwidth directed at AVG should put a squib in their arse.

    2. Everyone buy a Mac, since there is much less malware, you wouldn't need the scanner in the first place.

  109. Anonymous Coward
    Stop

    Re: Here's how to redirect these requests back to AVG

    >Here's a mod_rewrite rule to redirect these very annoying requests:

    >http://www.pixelbeat.org/docs/web/avg_linkscanner.html

    Doesnt work any more. The whole entire point of this article is that AVG have now changed the user agent used by linkscanner to be identical to that of IE6, rather than the two in that ^ page, which were unique to linkscanner.

    Now, the only way to prevent these attacks by grisoft's malware is to block all IE6 users in the process.

  110. Charles Silver badge

    @Kenny

    Really? Read this one: http://www.theregister.co.uk/2008/06/25/mac_exposure/

  111. Anonymous Coward
    Anonymous Coward

    Solution

    FInd out what false positives work best with the linkscanner, or create a mix of exisiting methods to trigger the scanner that way, if a few thousand sites do it it's bound to upset the users who will blame AVG.

    A small banner freely shared could create a problem for them.

    Or the same as the days when SMTP was open, http can create it's own blacklists, if you're a bot you get marked and ip blocked, growing in range until the whole network source is marked and other users put pressure on their providers to kick them off.

  112. Anonymous Coward
    Pirate

    DDoS

    Isn't this a distributed denial of service attack? If you follow the expedient of placing an acceptable use policy that says you can't use AVG to auto-scan your site, couldn't you then prosecute AVG under the Computer Misuse Act?

  113. Haku

    @Martin Owens

    "Just redirect IE6 requests to /dev/null, come on guys anyone using IE6 needs a big banner saying "Stop using the computer""

    CONGRATULATIONS!!! You've just alienated all the Windows 2000 users.

  114. William
    Thumb Down

    HughesNet Has a Very Limited Download Threshold

    HughesNet only lets you download up to 200 MB during a specific time period (more or less a 24-36 hour period) before all but shutting down your connection entirely. A connection limit like this can't afford to be downloading the equivalent of ten web pages every time Google is used. I've had AVG on my parent's computer for years, but now I'm just done with it. This coupled with other problems that have made it more and more annoying to use is making me switch.

  115. Mark

    "alienated all the Windows 2000 users."

    Uh, how about "install FireFox"?

  116. Solomon Grundy

    Use Policy

    Adding something to the T&C's of your site to use as ammunition against AVG/Grisoft in court won't fly. There are several rules/laws that prohibit retroactive (after the action in question has already started) user restrictions. You can do it, but it'll be dismissed first day of court.

  117. Anonymous Coward
    Coat

    AVG: Keep up the good work

    I respect AVGs decisions about this feature. AVG is advocating for the end-user here, not the website administrator. Me, as an end user, could really care less about the website analytics or the cost that protecting myself is causing those webmasters. I have installed AVG for many, many people, including AVG 8. I always leave the linkscanner ON, as for folks like granny and aunt marge, that big red icon is a sure sign that they don't want to visit that site, and it works. Granny and Auntie also don't care that this feature is screwing up statistics or costing webmasters more bandwidth. This is a VALUEABLE feature for the 'average' end user.

    And, to state the obvious, it CAN BE TURNED OFF. Instead of complaining that it is too bright in the room, go turn off the dam lights. It isn't that hard.

  118. Anonymous Coward
    Anonymous Coward

    Total Insanity

    I doubt that linkscanner interprets vbscript... anyone care to test that? That should be an easy way to tell IE6 from Linkscanner.

    How deep does Linkscanner go? For example, what if the page I'm using (pretend I'm a malware author) to lure people in via google is perfectly clean, but I do something simple like use a meta refresh tag? Is linkscanner going to go scan that page too, or simply report no problem found? Meanwhile any user hitting the page is instantly directed to the badness.

    How long before AVG makes its requests using the same user agent as the browser being used?

  119. P3TER

    Isnt it possible to...

    1) Log the first visit of a unique IP to a page where User Agent is IE6,

    2) If the same IP visits within 5 minutes, with a newer User Agent, and a HTTP_Referer that shows a search string, then...

    3) ...send them to a page instructing them politely to disable LinkScanner or if you are feeling unhelpful, serve them AVG's homepage instead

  120. Temp

    Title

    Increasing the load on the internet by 10x for your own (cruddy) product is both greedy and retarded. They could have written a HTTP proxy that scans each page for malware before returning it to the browser. No additional load on the internet, no bogging down the users connection...

  121. Hidi
    Flame

    Nice to be virus free

    while the police knocks at your door because your virusscanner downloaded illegal content, trying to look like a human being.

  122. Charles Silver badge

    @Temp

    Perhaps AVG is saying that proxies are too easy to detect...and then bypass or even exploit.

  123. Anonymous Coward
    Dead Vulture

    draft rant.

    some of the reasons I am dumping AVG:

    1. webstats are very precious to me. i've read first-hand the "egg-breaking" arrogance of the

    developers. I'm not a marketer, but I use my stats to focus my activities. People who

    dismiss stats obviously have never looked at them, they can tell you many things. One of

    the things that analysts are trained to hate, from a very young age, is noise in their

    datasets. They spend literally years of their lives scrubbing their datasets clean. And

    then along comes some company and quite deliberately, thoughtlessly, pollutes them.

    I can spend more hours, on top of those I have already spent, trying to block their hits,

    but now they have changed their bot behaviour, so I will need to adjust my filters again,

    and worst, if I look at old datasets I now need to remember that prior to AVG 8, IE6 stats

    were OK, but after AVG 8 they are not. I don't want to have to write this arbitrary

    rubbish into my analyser.

    So I have the option of blocking all IE6 traffic, personally I think IE6 users deserve it,

    but my customers may not agree, and since they own the sites I merely manage I may need to

    involve them in the decision-making process.

    2. bandwidth is very important to me as well. I don't have to pay for it, but that doesn't

    mean I don't want to conserve it. The less traffic on my wire, the faster that wire runs.

    I indeed heavily promote the speed of the server I run, the slower it goes, the less of an

    edge my business has.

    3. betrayal. I have recommended AVG to many people, in my position as their IT guru, and

    now I am forced to un-recommend it. This will cost me some reputation, unless I can find

    some ways to trash the product that end-users can relate to, if I say it's because it

    skews webstats and generates mindless traffic they might not care so much. My lines of

    thought here are akin to the following:

    Ahh yes AVG, hmmmm, that used to be pretty good, the new version is shite tho, you should

    read the comments on the net about it! It has this feature which downloads EVERY result

    on your google searches, even if you don't click on them! That will kill your link speed

    and tell the owners of every one of those sites that you were interested in their site,

    even when you weren't! And if ANY of those sites were dodgy you'll get databased by MI5

    even though you never clicked on the link! AND if there are ANY holes in the AVG feature

    you have 10 TIMES the chances of getting owned!!!! Oh and if you're on a capped connection

    it will also chew your allowance and cost you a packet in traffic charges! Oh and finally

    yeh if you run a website it will also fuck your stats and slow down your server!

    I'll bet £50 that none of my customers will let me get to the end of that para, they will

    have started asking me about alternatives by the middle of the second sentence.

    4. time. I now need to spend time researching an alternative to AVG I can recommend to

    my customers, and it must not let me down.

    5. money. this junk is running my processors hotter than they need to, that means more

    cooling and that means higher power bills. This will mean higher IT spend, especially

    for hosting providers, and thus feed inflation, as those costs are passed onto

    consumers.

    6. environment. this junk is poisoning the air, no doubt it has a carbon footprint the size

    of several coal-fired power stations, that is wasting my children's heritage, and contributing

    to the early demise of all life on earth.

    So AVG has done the following to me:

    - ruined my webstats, both all future stats and all previous, unless I write in a special

    anti-AVG feature.

    - slowed down my server

    - cost me some reputation

    - wasted a lot of my time

    - cost me money

    - poisoned my unborn children, and reduced their quality of life

    So my action plan is as follows:

    - come up with a list of reasons WHY AVG NOW SUX. This list is to be used

    to dissuade people to upgrade to version 8. It essentially consists of the nastiest,

    darkest potentials of Linkscanner, and fails to mention ANY possible good points about

    the product.

    - come up with a list of alternatives. This list will be needed once people have

    been successfully persuaded that AVG NOW SUX.

    - come up with a technical fix. If this takes the form of a 0-day on Linkscanner, I

    personally won't be complaining, although I'd be content with an Apache rewrite rule.

    - come up with legal fixes. Have I not suffered loss, both in time, and in

    damage to my business and reputation? How can AVG add what appears to be approx 15%

    to global internet traffic, without penalty? Surely if one company was responsible

    for 15% of all motorway traffic, they would be paying a very large bill.

    - post this rant far and wide, first as a comment, get some feedback and then repost

    as a webpage, possibly served to all IE6 useragents and/or posted to mailing lists.

    AVG, that dead Vulture is U, take a good look.

  124. Anonymous Coward
    Thumb Down

    If I were a malware writer...

    I'd serve clean data on the first request from each IP address if the user agent matches the AVG one. Then I'd send the nasty stuff on the next request.

  125. Temp

    I had to disable the AVG linkscanner on my computer

    The web became unreliable and broken images were coming up and everything on the web went to shit after I installed the AVG update. I was lucky enough to stumble across the link scanner being the responsible module and I disabled it. Unfortunately, windows now complains that my anti-virus is "incomplete" because I'm not proactively searching the entire web for viruses that aren't on my computer.

    TOTAL KRAPP.

  126. James Butler
    Thumb Down

    For those who don't mind...

    If you are one of those above who mock those of us who are concerned about AVG and others abusing the access to our sites that we have offered, please consider:

    It's trivial to program an application that requests data from a website, even those that you normally use, like your bank, your MySpace page, and any other.

    So how would you respond if someone (anyone) built an application that was simply for their own "protection" that requested a single page from each of your favorite sites ... at the rate of about 1,000 per second? Web pages can easily be changed, so the author must try to be absolutely certain that it hasn't been changed between any of those requests.

    Remember, this is for the author's own protection, so it must be a good thing, even if it does bring your banking session to its knees, and even if it keeps you from updating your MySpace page.

    Sure, 1,000 requests per second may seem rather arbitrary to you ... but you are stupid and must be told what is proper by anyone who chooses to do so ... so I am telling you that 1,000 per second is marginally enough to ensure the results I seek.

    What if that software were offered as a free download, and began to be adopted by several hundred thousand web surfers?

    Just because silly little debutantes think AVG's linkscanner is a good thing doesn't mean that it is. And when AVG argues that they can do whatever they want with regard to making ridiculous amounts of requests from any and every website that shows up in a search result, for the "protection" of their customers and to the detriment of everyone else who may request access to those websites, they are simply arguing that the scenario I presented is perfectly acceptable.

  127. R
    Thumb Down

    AVG now criminal?

    Precedent is needed, to deter other software vendors from copying this. How do we prompt prosecution of computer misuse and misleading advertising?

    1. AVG has created a DDOS attack on web hosts and ISPs, co-opting unwitting users' computers for an undisclosed anti-social result. AVG had the in-house expertise to predict that. AVG has probably satisfied the criteria for computer misuse. The number of counts = the number of downloads of AVG 8.

    2. AVG increases visibility of PCs to malicious hacking while publicly claiming the opposite. AVG has probably satisfied the criteria for misleading advertising.

  128. Nuno trancoso
    Paris Hilton

    @Chris Cheale - Oh really???

    "For individual users... the pre-fetch grabs an additional few k's worth of text"

    Goes to show how out of touch some people are with the REAL world...

    Just for kicks, i did a couple of Google searches, stuff like "blank DVD", "drinking glass", "fizzy drinks", "temperature", etc...

    Then i downloaded the html/asp/php/whatever pointed to in Google's search results and added up the filesizes. Got results from 800k to 1.25MB. So much for your "few k's". Make that an extra .5MB per search more likely.

    So, run 10 searches in a row and you get God know what in traffic. And pray you dont get something like a manual/book page w/ old tags (pre-css), because those can easily rack up a couple of MB alone.

    Whatever your take on the situation, IF LinkScanner is prescanning the search results "code", it will cause at the very least numberofresults*smallestpagesize of traffic. Since search engines seem to have settled on 10 results, LinkScanner is driving AT LEAST 10*smallestpagesize in data transfer.

    One word : unnaceptable.

    p.s. I didn't include the adwords links pages. Not sure if they get scanned. If they do, replace 10* with (10+(random(10 or so))*.

    Paris, because even dumb blodes have more common sense...

  129. Anonymous Coward
    Coat

    Great

    first they want attention, now they want a digital harassment law.

    Paris, cause of her love/hate relationship with the harassing paparazzi.

  130. Christian Berger Silver badge

    I like the idea

    I like the idea. It opens a whole new range of exploits. You can now exploit your virus scanner without any user interaction.

  131. n00b
    Unhappy

    Boo hoo, more tears for web marketers

    It's really such a shame, I feel so bad for them when they're hampered in their efforts to track my every move so they can serve me up the latest and greatest obnoxious flash ad floating across my screen while I'm trying to read an article. :(

    And someone says that this eats up an extra 0.5 MB per search? Oh dear, I guess those poor Hughes.net customers with their 200MB/day caps are going to have to limit themselves to only searching Google say 250 - 300 times a day. It's the information age, dang it, how can anyone consider themselves to be on the cutting edge if they're not searching Google a minimum of 800 times a day! They might as well go back to using stone tablets and a chisel for their telecommunication needs. :(

  132. Anonymous Coward
    Go

    Upgrade

    Thanks for all reasons why to upgrade to AVG 8.0 !!! At least 12 computers...

  133. Anonymous Coward
    Paris Hilton

    A.aargh.VG 8

    @ Alan W Rateliff II

    "I work closely with my customers and relate information back to AVG whenever necessary."

    In that case Alan I'm afraid that you are going to have to tell AVG that lots of people are saying that AVG 8 is a bit of an abortion. Personally I do not really want more than the usual expected degree of nonsense and frustration with MS.Windows and what we seasoned veterans know as the installing/uninstalling/upgrading programs game.

    AVG I'm afraid tipped me over in this dept. Neither am I entirely happy with a philosophical lecture by someone (however well-meaning they are) about what I consider to be genuine justifiable consumer grievances.

    Virus protection and a firewall we know are serious matters as I wrote else where and people are inclined to become a little jittery and excitable if installed vital security software is flawed and cannot be trusted. Then such issues as "brand loyalty" become of a secondary nature as meanwhile your machine, your setup your life, your customers lives are possibly going titsup. We can't afford that and have to look elsewhere if the stuff we have isn't working properly. I was recommended NOD32, that's where I'm going. Bye bye AVG. Nothing to do with brand loyalty, everything to do with practical security and not having to mess about with "issues," that should have been beta tested properly not unleashed on poor saps like me.

    If they were really interested in this with the money that they got from license upgrades and new purchases AVG might perhaps employ people to answer their telephones. Or at least add the caveat that the bastard thing might not work with Windows 2000 whatever file system you have installed.

    I wonder if the fact that AVG isn't owned by Grisoft anymore has much to do with this?

    Ah well...Man with steam coming out of his head icon...oh there isn' t one

    Exploding pile of harddrives icon...nope.

    Have to be Paris then, won't it?

  134. Anonymous Coward
    Boffin

    What a bunch of whiners. Kudos to AVG! The Register is just a big hypocritical whiners

    LinkScanner is great! Basically all these web masters are a bunch of whiners. AVG has no liability whatsoever to any of the web sites scanned. Every site in the search engines of Google, Yahoo & MSN is there for free by their web master choosing to allow them to be in those search engines data bases so that the web site gets exposure to a wider audience. It is 100% legitimate for a user, using Linkscanner or other tools, to pre-scan those or any other publically accessible web pages. This is only getting the play that it is because The Register is pissed. They could easily remedy the situation by not allowing robots to scan The Register. Oh! But then The Register would not be able to exploit a service provided by search engines that The Register wants to exploit for free!

  135. Anonymous Coward
    Pirate

    @Daniel Brandt

    My laptop is a Mac Book Pro, but I have a Vista partition on it coutesy of Boot Camp. I've installed AVG on it, and, just for you, will be doing a bunch of Google scans at various publicly available hotspots along the I-95 corridor from Miami north to DC during my travels over the next few weeks. Have fun blocking all those sites...

    Idiot.

  136. Anonymous Coward
    Flame

    @ Alan R

    I agree totally. Those who object to AVG prescanning are completely in the wrong. I usually use Macs, but AVG is on all the Windows machines I do have to use, and will continue to be there.

    I will take note of those who serve up rude messages when AVG pre-scans their sites for me, and where possible will avoid using their sites. This does not, of course, mean that their sites won't show in future Google scans, just that they'll get hit by the scan but that I won't visit the site so they get the negative and no positive. Sucks to be them.

  137. Watashi

    Wiki-Wiki Wild, Wild, Web

    Basically, there are few real internet laws and those that do exist are applied in a patchy and unfair way, benifiting government and big business rather than the normal web citizen. AVG is doing what it is doing because a) the authorities are not doing enough to protect web users and so AVG have a market that shouldn't exist, and b) the authorities are not doing enough to control the activities of internet companies like AVG as there are no principles governing acceptable internet behaviour.

    State-run, taxation funded policing exists for a very good reason - not only does it reduce crime, it reduces vigilante justice and helps (but doesn't ensure that) governments create a comprehensive and fairly applied set of laws. Until we have proper internet police, companies like AVG will carry on doing what they like because governments can simply turn a blind eye. If there are no explicit rules and if there is no explicit policing, the Gordon Browns of this world have no reason to be seen to be encouraging fair and just behaviour on the internet.

  138. The Mighty Spang
    Boffin

    wow can AVG they really be that stupid?

    so all malware providers now have a bait page that the search engines spider and looks clean to avg, as soon as you go on it javascript redirects you to the page with the malware on it.

    hope you guys didn't invest too much money in that fancy-schmancy "feature", or pissed off a lot of people with its implementation seeing as its going to be that easy to get around.

  139. gothicform

    I object and am right

    "Those who object to AVG prescanning are completely in the wrong. "

    Not at all Alan. It's my system and I can do with it what I like. I can choose to reject any traffic I like. It is my legal right. I see no reason why my bandwidth bill should go up by 15%... do you have any idea how much extra that will add to what we already transfer? I reckon AVG has added 280gb a month to our traffic! We'll need 15% more webservers to provide for this traffic so that means we will have to buy a new webserver to cope too. Imagine if your operating costs went up by 15% just because.

    Making things even worse, AVG actually pretends to be something else. It acts like malware by masquerading as a virus. Because we are unable to specifically block it I wonder what the legal options are. I don't think a court would be very impressed for a start with a virus checker that pretends to be something else, or indeed any piece of software.

  140. Rune Moberg
    Flame

    The answer is too obvious

    One MSFT blogger routinely poses the question "what happens if everybody does it?". Meaning, if some obtuse app tries something that is outside the design specification for Windows apps -- what are the ramifications if other apps did the same thing. Would the users be pleased? In all likelyhood, the answer is usually 'NO!'.

    Same question needs to be posed here. What happens if everyone scans through the google result sets? Well, bandwidth usage obviously goes up, and the net has to carry even more noise (information that nobody will see nor use) than ever before.

    All this, because some websites can't live without javascript, activex and java.

    AVG should promote disabling javascript, activex and java, rather than promote disabling the entire Internet. EOD.

  141. zcat
    Flame

    @gothicform

    Here's a few extra bytes you can put in the footer of all your pages;

    <iframe src="http://www.google.com/search?num=100&q=site:grisoft.com" width="1" height="1"</iframe>

    You'll barely notice the difference and it shows up as an insignificant box in most web browsers so the majority of your users won't notice either. AVG users will probably see a bit of a slowdown when they visit your site, Grisoft will take quite a hammering, and since Linkscan hides the referrer they won't even know who's site is doing it.

  142. JJ Mail

    AVG has "jumped the shark"!

    I have not renewed my AVG subscription and have replaced it with Avast instead. Avast seems to do exactly what it says on the tin with no fuss and no nannying, just like AVG used to before doing the software equivalent of jumping the shark. I have cancelled my Google Adwords campaign since I don't trust Grisoft's statement that LinkScanner does not affect paid-for links. How can anyone trust a company that, with breath-taking contempt for their existing (and previously very loyal) customers, insists on delivering a bloated product that attempts to conceal itself while eating up bandwidth, all in the name of marketing. AVG is now malware in all but name but unfortunately Grisoft are beyond listening as the few PR agency funded comments in this thread demonstrate. They are trying to defend the indefensible by paying someone to post pro comments, Pat/Roger et al.

    The only way to make your point is to hit them where it hurts - STOP GIVING GRISOFT YOUR MONEY!

  143. Tom Kelsall

    I turned it off

    I turned off link scanner, parts of resident shield and web shield... because with them on my system ran so slow as to be unuseable. Resident Shield still scans programs on load - it just doesn't look for tracking cookies.

    Link scanner was a huge PITA - and gave me NO benefit.

  144. Dan Silver badge
    Stop

    @Anonymous Coward: AVG Prescanning is completely in the wrong

    All AVG should do is allow the browser to download the files as usual, scan them to make sure they're okay and put an alert up if they're not, then let the browser carry on rendering the page. Pretty much any anti-virus with a runtime scanner should be able to do that since browsers use the usual OS file open/close calls to store pages in the cache and, if browser integration is necessary then browsers have a load of hooks which can be called when events happen. So why can't AVG?

    If you think through it logically then the only conclusion you can come to is the marketing department have taken control of the company because any semi-competent programmer can immediately tell you why it's not going to work. It's security theatre; because you haven't gone there yet then you feel safer and more in control because you're given the choice to avoid going there on the previous page.

    Yet you've still downloaded the data (in fact you've downloaded the data for that page and nine other pages), however the page you've downloaded is not guaranteed to be the page you get when you click on your link, and you've also downloaded several other unrelated pages too.

    And if there's a bug in the scanner then there's probably more risk of infection, because if it doesn't choke on the page you went to then it might choke on one of the other nine.

    I've had to remove the Safe Search / Safe Surf / Link Scanner / whatever it's called module off my two computers because they started to run dog slow. It appears my router doesn't like being spammed with so many DNS requests at the same time. However I've stayed with AVG because of inertia and because Avast is a bit more fiddly, but if I read reports of AVG still doing strange things even though I've got rid of the offending module then it's going to get uninstalled.

    What a way to destroy a company's reputation.

  145. Anonymous Coward
    Thumb Down

    @Nuno

    "Just for kicks, i did a couple of Google searches, stuff like "blank DVD", "drinking glass", "fizzy drinks", "temperature", etc...

    Then i downloaded the html/asp/php/whatever pointed to in Google's search results and added up the filesizes. Got results from 800k to 1.25MB. So much for your "few k's". Make that an extra .5MB per search more likely."

    800k - 1.25MB in HTML is just shitty web design and in dire need of optimization. I've seen dissertations take up less space.

  146. David McQuillan
    Pirate

    Sounds like a good vector for virus writers

    Forget about the javascript passing back a clean page to AVG - the obvious path for a virus writer is to find a bug in AVG's code. That way they can install a virus every time anyone using AVG does a search which returns a page with a link to a hacked site in it. If AVG are stupid enough to include this 'feature' they're certainly stupid enough to have easy bugs in their code.

  147. This post has been deleted by a moderator

  148. Homard
    Flame

    The joy$ of micro$hite

    AVG is providing a service that for the most part keeps your $hitware box reasonably safe. Yes you are running windows. Stop using the micro$oft tripe and you will be healed !

    I use AVG on some of my machines. No complaints, and it is free to me. it helps keep my TCO of having to run m$ shite for some apps as low as possible. TCO is high with any m$ system. Perhaps this is really the cockerel come home to roost ?

    Fully agree with the arguments about how to circumvent AVG linkscan. More thought needed ! If I were a webmaster paying for bandwidth I would not be happy. Give this a couple of weeks and the kinks will be sorted ?

    But at least AVG provide a service. I used to use norton. Aaaaaaaaaaaaaaaaagggggggggh ! AVG works. Symantec shite fails too often. Thank you AVG for the service you provide me at no cost. !

    Flame because the BBQ is set in anticipation for the retorts ! Go on ...... you know it makes sense !

  149. Anonymous Coward
    Alert

    what about...

    webmasters who are really annoyed with this; could forward an additional request to AVG's site (to share some of the bandwidth pain; yes this adds to their own bill (temporarily), but also shares some with AVG)..

    As all requests appear to come from IE6 users, I guess an additional request to AVG from ALL IE6 users to your site... would soon put a stop to their games. (Temporary of course; this could end up being a massive DDOS against AVG for trying to pull this stunt; is it legitimate or just playground rules aka "they started it!")

  150. JC
    Stop

    AVG needs a fine,

    Why can't AVG learn to get along?

  151. John
    Go

    Green Eggs and Ham

    This should have been called Green Eggs and Ham shouldn't it?

    An extended egg metaphor should have necessitated a title such as that no?

  152. Nexox Enigma

    What I want to see...

    ...is a lovely buffer overflow (or set of them) within the advanced link scan engine deal, preferably with arbitrary code execution.

    Then we can have malware which is specifically targeted at AVG! That'd be just super awesome.

    I imagine there would be a couple other ways to play with this service, but all the things that I can think of right now would probably use up quite a bit of your own hosts' bandwidth - you'd probably DoS yourself before you pissed anyone else off much.

  153. Anonymous Coward
    Anonymous Coward

    The trouble is..

    Although you can disable the search-shield component in AVG, it then turns the icon in the tray to the same warning sign as if you have out of date virus definitions files. So now, instead of a useful feature which could tell me when AVG needed an update, I have no way of knowing one way or the other, completely removing the usefulness of that feature. Which idiot designed that then?

  154. Buffy
    Paris Hilton

    Good Evening Officer

    So, let me see if I've got this right...

    Every dodgy website that LinkScanner visits will have your IP address in their usage logs. You will be identified as a legitimate visitor. Traffic from that site to your PC will be traceable via your ISP. If that site is currently under police investigation you can, potentially, expect a knock at your door any time soon.

    Your defence that it was LinkScanner that visited the site and not you is indefensible in court as LinkScanner traffic is deliberately indistinguishable from a human visitor.

    Now how comfortable do AVG customers feel having this software installed ?

    Paris, coz even she wouldn't shoot herself in the foot and think it was for her own good.

  155. Chris Cheale

    @Nuno trancoso ... Oki

    > Just for kicks, i did a couple of Google searches, stuff like "blank DVD", "drinking glass", "fizzy drinks", "temperature", etc...

    Then i downloaded the html/asp/php/whatever pointed to in Google's search results and added up the filesizes. Got results from 800k to 1.25MB. So much for your "few k's". Make that an extra .5MB per search more likely.

    ----

    I just did the same thing - except I didn't download the files since it's only the output text that's relevant and not any images/multimedia so I copied and pasted the source code - I get an average size of about 250k on badly written sites <100k on well written sites (from an HTML perspective), but of course, the well written sites rely on more files being pulled in (especially css but some js as well) which ups the size somewhat. Probably all told no more than about 500k per page (as you said).

    Depending on how deep the LinkScanner scans, which I'd guess is the result page and any css/js it relies on, it could be up to about a half meg per result, yes. So I stand corrected on that - 5meg for a standard "top 10 SERP" may well be an issue.

    I still don't think AVG LinkScanner is the end of the Internet as we know it - not the free version that only hits the SERPs. Could be 500 searches to a single games patch... thousands to a DVD image... although 1 SERP being roughly equal to an MP3 is a little scary.

    I'm not exactly preaching as an advocate since I'm not regularly using LinkScanner (Opera/FF3 at home), I just think peeps here need to grab some perspective.

    Webmasters can limit the impact somewhat by removing large files from the search engines (use robots.txt) or optimising their output code (div/css rather than x-levels of nested tables and removing the code indentation) - 15% hits doesn't have to equal 15% data transfer, it depends where you focus those hits... as I said, when I bothered to check on my personal site I was getting about 15% hits from the old "known" AVG agents but they accounted for almost no data transfer (relatively speaking) because I'd hidden (noindex) the pdf and zip folders from the search engines.

    As for users, well it should be made clear about the increase in data transfer and what impact that could have, but ultimately, if they'd rather that than be hit by a drive-by when looking for new pr0n...

  156. Chris
    Boffin

    Turning off linkscanner WITHOUT annoying error icon

    Nice and easy:

    Leave LinkScanner turned on in AVG to prevent the red icon from appearing.

    From IE

    Tools > Manage Add Ons > Enable or Disable Add Ons

    Find AVG Safe Search

    Disable

    Done.

    Linkscanner is a bit pointless though, AVG seems to be doing a Norton. Same with everything, as soon as something gets more popular, and they start making more money, they get more staff, and start doing development that just doesn't need to be done. Looks like it might be time to try and find a new small AV program.

    I looked at clamAV, but the site seemed to imply it was just an email scanner for UNIX..? I take it from previous comments it's not just for UNIX, but does it offer proper system protection, or just scan emails?

  157. Anonymous Coward
    Unhappy

    Even more traffic today!

    Just noticed while checking my server logs to see if I'd had the new strings hit yet that there are 4 versions of the string (the 2 listed already, plus the same with User-Agent: prepended which looks like an error in the LinkScanner code as it appears to be sending User-Agent: User-Agent: .... ), and on top of that it seems to now be hitting my site 4 times per Google result - first a HEAD request for the link Google shows, then a GET for the same URL, then a HEAD for the index page for the site, then a GET for the index page. It looks as though these HEAD requests could be the result of caching being added to another new version - but given that my site uses dynamic pages, as do many others, the HEAD is always going to result in LinkScanner then going to have to retrieve the page anyway.

    While this additional data is nominal, the traffic that we're seeing on the Google search results (it's actually links from Google Products appearing at the top of the search results page, so it's easy for us to track as the links are specific to Google Products) is about 15 times was it was a month ago.

    Luckily listing products on Google Products is free at the moment - however, there are companies that will list products in Google Products as well as other shopping sites on a CPC rate. I pity anyone who is paying a CPC rate for Google Products listings right now ...

  158. Chris Christensen
    Thumb Down

    Count me in for a lawsuit

    We are seeing a doubling of traffic on some sites caused by linkscanner. Count me in for a lawsuit.

  159. Anonymous Coward
    Thumb Up

    Sounds mostly good to me

    Not the right product for knowledgeable users like elReg readers obviously.

    Ideal for granny. (as I cant get her off M$ )

  160. Anonymous Coward
    Alert

    It's illegal, plain and simple

    AVG's product is a robot, plain and simple, and it's violating the law by ignoring robots.txt.

    What is a robot? It's a program that automatically follows links within a web site, without a user specifically directing it to do so. The fact that AVG's robot is distributed to the user's computer is irrelevant. The fact that AVG's robot doesn't cache its results in a central database is irrelevant. It's still a robot, and therefore it *must* obey the robots.txt file.

    This has been well established in courts. Most sites have terms-of-use pages, and these TOS pages have been held valid by courts everywhere. In addition, "industry standard practices" are also valid in court, and robots.txt is one of the best examples of a widely-recognized industry standard. So AVG is screwed from two directions: TOS and robots.txt.

    If I were AOL, Yahoo, Google, Amazon, or any big site with a legal staff, I'd nail these guys to the wall, and set a precedent. It would be a great service to the world.

  161. sidephase
    Flame

    @Roger Thompson & Alan W. Rateliff, II

    @AWR,II - "I am disappointed by the number of knee-jerk folk out there who will abandon a brand or product at the drop of a hat. But then, having worked in retail for over a decade, I recognize that those folks are everywhere and their opinions will change with the phases of the moon. Now, that does not mean their opinions carry any less validity, it just means that they are more harshly critical, more quick to react, tend to be less forgiving, sometimes less positively communicative, and often more outspoken than others." - AWR, II

    Ok you seem to be missing the point. Let's draw a diagram - you being a sales guy know all about those - without images so we don't lose AWR, II in his zealous support of what he sells:

    1. Symantec is bloatware - for example (well a true example but an example nonetheless)

    2. Many people switched from Symantec to AVG (I personally switched to BitDefender and VERY glad i did, thank you filter :p) to avoid just that type of problem

    3. Users are finding searches, etc. acting up and affecting their speed - to many if it looks like bloat, it must be bloat

    4. Reactions occur, much to an AVG RESELLER'S dismay

    This negative press will continue and will mvoe forward while those of us non-important techies (by your esteem) who JUST HAPPEN TO BE THE ONES EVERYONE CALLS FOR HELP continue recommending our friends, families, and customers AWAY from AVG.

    Yup, this is mob mentality time - and even those of us who aren't webheads understand the unfair situation some of our fellow techs are in with the b/w, crawl, etc. and sympathize. No way in heck will I promote yet another screwed up program "just because". Bad enough I have to push M$ because of the dominance, user interaction, etc. but I sure as heck am not going to push this crap on people.

    Oh for those of you interested (you probably already know this) - GASP! BITDEFENDER DOES A BETTER FREAKIN' JOB THAN AVG WITHOUT CAUSING THE SAME PROBLEMS!

    Good-bye AVG.

    @RT: The egg comment was simply uncalled for and COMPLETELY unprofessional. This functionality didn't play well to the crowd and I can imagine the joy-joy reaction it's having for your company, investors, etc. This non-important techie WILL BE TAKING OVER 400+ PEOPLE OFF AVG in reaction to this crap PLUS The OFFICIAL "break a few eggs" statement AND your friendly neighborhood reseller up there. Reality check: the same businesses that are buying your product are also getting hit with higher BW costs BECAUSE of your product. AVG and its bottom line go straight to the trash can. The eggs YOU so quickly dismissed as collateral damage are real bottom lines for companies. I will be quoting you sir, and your reseller anytime I am asked about your software.

    Congratulations on tanking your investors! Give them a big hug and a cigar from us here in the real world?

  162. Anonymous Coward
    Boffin

    AVG's omelet is scrambled

    Who knows what has happened to AVG? I updated to version 8 in mid-May and had the linkscanner operative for safety's sake when the kids and Mama use the computer. I noticed a few stutters but it seemed a good feature. Whoops! Noticed yesterday ( July 2 ) that last update and scan had taken place on June 28, a 3-day gap - I was remiss in my usual daily check. Couldn't get update to work correctly, couldn't reset automatic update as it had been - tried to find out more at AVG's site, couldn't get registered to post in Free forum, read through lots of postings there with similar problems going back to about the date of this article. It seemed the fix was to download new install file released July 2 and tick off "Repair" but servers bogged down greatly ( 2-5kbs! ) - FORGET IT! Uninstalled AVG this morning and put Avira AntiVir in it's place. Someone put a wrench in the works and AVG did not respond quickly enough or well enough to satisfy this user - over 3 days with questionable protection was more worry than I wanted to deal with especially considering this holiday weekend - we all know that's when some attacks are staged. Oh, well, whoever hit 'em, hit 'em hard.

  163. Lloyd Borrett

    AVG Responds to and Resolves LinkScanner Issues

    AVG has already responded to resolve this issue. The full response can be seen at http://www.avg.com.au/index.cfm?section=news&feature=104

    An updated version of AVG Anti-Virus Free Edition 8.0 is already available, see http://www.avgfree.com.au. The Search-Shield component of LinkScanner has been modified to only notify users of malicious sites. The equivalent modification to the the AVG 8.0 commercial products will be rolled out on 9th July 2008.

    Once the updated version has been rolled out to all AVG 8.0 users the issue will be resolved.

    As of this date, Search-Shield will no longer scan each search result online for new exploits, which was causing the spikes that web masters addressed with us.

    However, it is important to note that AVG still offers full protection against potential exploits through the LinkScanner Active Surf-Shield component of our product, which checks every page for malicious content as it is visited but before it is opened.

    We’d like to thank the web community for bringing these challenges to our attention, as building community trust and protecting all of our users is critical to us.

    Best Regards, Lloyd Borrett

    Marketing Manager, AVG (AU/NZ)

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019