A few days ago I wrote a story about AVG's LinkScanner causing a massive amount of additional traffic on the net in the name of protecting customers... yeah. Well, here's a quote from the original article to give some background:
Apparently AVG is spamming the Internet with traffic that looks to be coming from Internet Explorer. AVG software pre-crawls search results to try to protect users, but uses a user agent that makes the software appear to be Internet Explorer. This pre-crawling is flooding websites with meaningless traffic (Slashdot claims it is up to 6% of their traffic, which given Slashdot’s load is CONSIDERABLE). More importantly, they’re apparently aware of this bad behavior and are changing their user agent to avoid filters.
From that story, I posted a poll that asked, "Do you think that AVG's LinkScanner should be added to the badware list?" A respectable 1,065 people voted on this, and a resounding 77% of people believed that AVG's LinkScanner should be added to the badware list.
Well, it would seem that we here at ZDNet and our loyal readers were not the only community out their banging the drum to call for action (but I'd like to think we played some part in the change), but AVG seems to be reversing their position on LinkScanner. Slashdot has a recent story that states that, "a website that is featured heavily in many Google Australia search results, Whirlpool (Australia's largest technology forum), has been particularly affected by AVG's LinkScanner." Apparently Whirlpool's website has seen as many as "12 hits per second from these bots" referring to traffic seen from the AVG LinkScanner tool. Whirlpool has been active in their call for action by AVG, see a posting on it's forum here. The Slashdot article states that AVG is now backing down, see here. From that URL, AVG's position is stated:
"'As promised, I am letting you know that the latest update for AVG Free edition has addressed and rectified the issue that [Whirlpool] have brought to our attention. This update has now been released to users and has also been built into the latest installation package for AVG Free.' — Peter Cameron, Managing Director, AVG Australia."
Further digging on AVG's site shows that this is apparently going the process going forward is to scan links after the user has clicked them, rather than scanning each individual site that comes back in search results. This from the AVG website:
In working with the web master community, AVG has responded immediately and on Tuesday, July 8th, AVG will issue a product modification to address the spikes that a few individuals have seen with their web traffic.
We have modified the Search-Shield component of the product to only notify users of malicious sites. Search-Shield no longer scans each search result online for new exploits, which was causing the spikes that web masters addressed with us. However, it is important to note that AVG still offers full protection against potential exploits through the Active Surf-Shield component of our product, which checks every page for malicious content as it is visited, but before it is opened.
We’d like to thank our web community for bringing these challenges to our attention, as building community trust and protecting all of our users is critical to us.
For now I'd say I'm pretty satisfied with AVG's response to this problem; however, I'd say that anti-virus technology may have bigger problems, as our own Dancho Danchev just pointed out and as I have mentioned in my coverage of Sowhat's research from Black Hat Europe and Microsoft Blue Hat v7.0. We're also going to see some interesting stuff at DEFCON this year. We'll have to see how AV stands up to the future.