AVG changes its stance on LinkScanner

AVG changes its stance on LinkScanner

Summary: A few days ago I wrote a story about AVG's LinkScanner causing a massive amount of additional traffic on the net in the name of protecting customers... yeah.

SHARE:

A few days ago I wrote a story about AVG's LinkScanner causing a massive amount of additional traffic on the net in the name of protecting customers... yeah.  Well, here's a quote from the original article to give some background:

Apparently AVG is spamming the Internet with traffic that looks to be coming from Internet Explorer.  AVG software pre-crawls search results to try to protect users, but uses a user agent that makes the software appear to be Internet Explorer.  This pre-crawling is flooding websites with meaningless traffic (Slashdot claims it is up to 6% of their traffic, which given Slashdot’s load is CONSIDERABLE).  More importantly, they’re apparently aware of this bad behavior and are changing their user agent to avoid filters.

From that story, I posted a poll that asked, "Do you think that AVG's LinkScanner should be added to the badware list?"  A respectable 1,065 people voted on this, and a resounding 77% of people believed that AVG's LinkScanner should be added to the badware list.

Well, it would seem that we here at ZDNet and our loyal readers were not the only community out their banging the drum to call for action (but I'd like to think we played some part in the change), but AVG seems to be reversing their position on LinkScanner.  Slashdot has a recent story that states that, "a website that is featured heavily in many Google Australia search results, Whirlpool (Australia's largest technology forum), has been particularly affected by AVG's LinkScanner."  Apparently Whirlpool's website has seen as many as  "12 hits per second from these bots" referring to traffic seen from the AVG LinkScanner tool.  Whirlpool has been active in their call for action by AVG, see a posting on it's forum hereThe Slashdot article states that AVG is now backing down, see hereFrom that URL, AVG's position is stated:

"'As promised, I am letting you know that the latest update for AVG Free edition has addressed and rectified the issue that [Whirlpool] have brought to our attention. This update has now been released to users and has also been built into the latest installation package for AVG Free.' — Peter Cameron, Managing Director, AVG Australia."

Further digging on AVG's site shows that this is apparently going the process going forward is to scan links after the user has clicked them, rather than scanning each individual site that comes back in search results.  This from the AVG website:

In working with the web master community, AVG has responded immediately and on Tuesday, July 8th, AVG will issue a product modification to address the spikes that a few individuals have seen with their web traffic.

We have modified the Search-Shield component of the product to only notify users of malicious sites. Search-Shield no longer scans each search result online for new exploits, which was causing the spikes that web masters addressed with us. However, it is important to note that AVG still offers full protection against potential exploits through the Active Surf-Shield component of our product, which checks every page for malicious content as it is visited, but before it is opened.

We’d like to thank our web community for bringing these challenges to our attention, as building community trust and protecting all of our users is critical to us.

For now I'd say I'm pretty satisfied with AVG's response to this problem; however, I'd say that anti-virus technology may have bigger problems, as our own Dancho Danchev just pointed out and as I have mentioned in my coverage of Sowhat's research from Black Hat Europe and Microsoft Blue Hat v7.0.  We're also going to see some interesting stuff at DEFCON this year.  We'll have to see how AV stands up to the future.

-Nate

Topics: Software Development, Browser

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments
Log in or register to join the discussion
  • Time to lock down Windows

    In the days of Windows XP, the need for an active virus scanner was a no brainer. With Vista, a user can now easily lock down the system by using a limited user account and turning on DEP for all programs. Then all a user has to do is practice safe surfing habits to stop the vast majority of malware from infecting their system. In fact, UAC has been proven to be very effective at preventing rootkit infections.

    http://www.pcworld.com/businesscenter/article/146256/vistas_despised_uac_nails_rootkits_tests_find.html

    There is just no need to have all that horse power from your CPU and memory being wasted with bloated anti-virus and anti-malware tools. I finally quit running AV software and turned off Defender and now this computer runs really fast. If I feel the need to do a virus scan, there are some good online scans that can detect infections as well as the stand alone apps, without the wasting of resources.

    I dumped AVG 8 within a few hours after installing it because it gave me over a dozen false positives related to active x and IE7. I have never used IE on this machine so there was no way I had all these active x controls installed. (I downloaded FF before I installed Vista.) I opened IE7 and double checked and sure enough, not a single one of these was installed.
    soonerproud
    • Thanks for the link

      I've always thought AV was an exercise in futility. You will, by definition, always be one step behind the bad guys. Every piece of malware caught by AV is not a sign of success, just the opposite, it is a sign that your security has [b]failed[/b].

      Again, thanks for the link. It is nice to see that not everyone has lost their heads when talking about Vista.
      NonZealot
      • An ounce of prevention

        We all heard the saying that "an ounce of prevention is worth more than a pound of cure." There is a lot of wisdom in that statement and Vista makes it much easier to practice the ounce of prevention. I know lots of people that buy expensive anti-virus solutions, yet continue to practice poor security habits. It really is an exercise in futility to scan for viruses but do nothing proactive to prevent infections to begin with.

        A good friend of mine hates using my computer because I have it locked down so tight with strong passwords and limited user accounts. He thinks I am crazy for putting up with the slight inconvenience, yet I get calls from him to fix his pc on a regular basis. He just does not get the concept that a little inconvenience now will save him a boatload of inconvenience later. I put him on Vista, which has helped alleviate some of the issues he encounters. Until he is ready to lock it down, he will continue to have issues that are easily prevented.
        soonerproud
  • RE: AVG changes its stance on LinkScanner

    I'm hoping they do get it straightened out.

    For YEARS I used Norton System Works -- it seemed to be great for Virus prevention and I liked the quick cleaner for the various cluttery parts of the computer -- a one-stop for staying trim. But with the birth of VISTA, that was a total no go! (I spent FIVE DAYS with Symantec, both on and off the phone, the last THREE DAYS they took over my computer and did nothing but uninstall/reinstall, uninstall/reinstall -- ARGH!) Needless to say, I will never buy another Symnatec product! I ended up having a friend build me a new XP system and have gone with AVG because he installed it. Another friend uses MacAfee; but as I said, I am using AVG because it was installed.

    Too bad about Norton; too bad about the LinkScanner incident on AVG.
    prosongwriter1@...
  • RE: AVG changes its stance on LinkScanner

    I kinda thought they would when they got the wake-up call you and others gave them. I like AVG Free and now I can continue usit it. Thanks for all the help we got.
    jereece@...
  • Sounds like AVG was killing search engine spammers.

    It looks to me like AVG was doing us all a service by tying up the sites of those who spammed the search engines. I think the rest of the companies should do the same thing. Soon we will again be able to get honest results from our internet searches like we did in the early days before certain commercial interests started selling priority placement on the results listings.

    It appears the unintended consequence of AVGs LinkScanner was to punish those who were the worst offenders who always show up at the top of the list for almost every search we do.
    bob@...
    • Not as such.

      I'm not too sure about just how one might spam a search engine, but this has nothing to do with search engine optimization, or inaccurate or poor search results.

      What happened is that sites listed in the results of a search were all being scanned by bots, regardless as to whether or not the site was actually visited. So, sites with heavy traffic were being scanned on every visit, as well as whenever the site was returned as a search result, taxing the site's servers.

      If you are referring to the "sponsored" results at the top of some search engine pages, yeah, I suppose that they got dumped on as well. However, they do pay for the privilege, and advertising pays for a mostly free internet experience.

      Hint (if applicable): Some browsers can make use of an add-on which removes the paid results from certain search engines. Otherwise, the generated results on the first page just happen to be the most popular. Sometimes, ya gotta dig. I know that I do.
      seanferd
  • Wrong Approach

    It seems to me that AVG could do the same thing a better way. Why not have it check a database on their server of known sites and respond back to provide the same notifications in your browser window. If there is a sight that is not in AVG's database, then it should do a single query to that sight and determine if it is save or not, then add it to the database. Each sight could be checked periodically to insure it doesn't change. Seems simple to me, no more causing issues to webmasters.
    fwoitine