Slashdot Mirror
AVG Fakes User Agent, Floods the Internet
Slimy anti-virus provider AVG is spamming the internet with deceptive traffic pretending to be Internet Explorer. Essentially, users of the software automatically pre-crawl search results, which is bad, but they do so with an intentionally generic user agent. This is flooding websites with meaningless traffic (on Slashdot, we're seeing them as like 6% of our page traffic now). Best of all, they change their UA to avoid being filtered by websites who are seeing massive increases in bandwidth from worthless robots.
For anyone that happens to run a site behind an F5 BigIP, here's a nice little IRule to nuke this horrible crap from orbit.
rule IRULE_block_avg-prefetch { ::avg_useragents [list \
when HTTP_REQUEST {
set
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" \
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)" \
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" \
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)" \
]
if { ![HTTP::header exists "Accept-Encoding"] } {
if { [matchclass [HTTP::header User-Agent] equals $::avg_useragents] } {
reject
}
}
}
- U
Avira.
Posts not to be taken literally. Almost everything is sarcasm.
Why don't you tell us how you really feel about AVG?
What doesn't kill you only delays the inevitable
A couple months ago, a random article on my company's site got around 20 times the number of hits that the top story of the day should be getting. I checked the logs, and saw legit-looking IE user agents, but they didnt look normal. None of them had any cookies, and none of them were downloading the CSS or image files that they should have been. The IP addresses were from all around the world. WTF?
I found out that Google was doing one of its things where it changes the google logo for some special occasion, and it links to a search. That article was on the first page of the results.
I did a search for the exact user agent and discovered it was AVG. When you go to a Google search, AVG downloads each result looking for malware. Hooray for falsified user agents.
Though, I suspect the reason they use a legit-looking IE user agent is because malware sites could sniff the AVG user agent and serve up an innocent page for them, and malware for everyone else.
This is sleazy, too bad they have a good free antivirus.
I'm not anti-social, I'm anti-idiot.
I use AVG on a couple machines. I didn't really think about the traffic tracking piece of this when I saw it working, I just thought about it slowing me down, increasing bandwidth use, etc. and I turned it off.
I know most people don't mess with defaults - and I'm not defending them as far as the agent thing and all that - but it was easy to do.
On the negative side my avg icon in the systray has a big exclamation over it like something is really wrong - when I know it's just because I turned off a piece of functionality I don't want to use.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
Hooray look at all the hits I'm getting.
I bet AVG would score higher on ACID than IE...
Everybody knows that web stats are worthless. And if people want to keep their bandwidth low they should clean up their sites. I for one welcome our... etc.
if you want the definition of Slimey see Symantec/Mcafee/MicrosoftOneCare
while this doesnt excuse their behaviour, trying to protect people (a lot of them for free) is not Slimey but insulting them on the front page of Slashdot is
pathetic> on Slashdot, we're seeing them as like 6% of our page traffic now
Come on Taco... proper English (or at least something seemingly like it) isn't that hard... is 6% exactly, around 6% or really just 'like 6%'
I honestly like, do not recall like the last time I like, saw someone use 'like' in that long standing improper way in like text, it's always like, been for me, like only something a person like, verbalizes.
Help Brendan pay off his student loans
This is not AVG doing this, it is the AVG IE toolbar. And since this is running in the IE context it is debatable if it should not use the IE user agent.
If you use Firefox or disable the toolbar it is a non issue. The issue to me is I can't figure out how to install AVG without this toolbar, or how to remove it.
So if AVG has turned to the dark side, what free/cheap non-bloatware options are out there worth trusting? I know of a few but it's a little hard to know who to trust.
Seems like every anti-malware software maker these days bloats their software into a 50+MB beast of a package that accomplishes little more than to slow your computer down. I have more trouble with their software than I do with actual mal-ware.
With the trend of consumer broadband lines becoming metered (people paying per gb), this sort of stupidity will go the way of the dodo in a hurry
Try this on Apache servers:
#Here we assume certain MSIE 6.0 agents are from linkscanner
#redirect these requests back to avg in the hope they'll see their silliness
Rewritecond %{HTTP_USER_AGENT} ".*MSIE 6.0; Windows NT 5.1; SV1.$" [OR]
Rewritecond %{HTTP_USER_AGENT} ".*MSIE 6.0; Windows NT 5.1;1813.$"
RewriteCond %{HTTP_REFERER} ^$
RewriteCond %{HTTP:Accept-Encoding} ^$
RewriteRule ^.* http://www.avg.com/?LinkScannerSucks [R=307,L]
Brought to you by These guys.
AVG has become more obnoxious recently than it used to be anyway, but I think this is the straw that broke the camels back for me. Can some nice slashdot user suggest a new (free) antivirus for me to use on my windows box?
"If you want a vision of the future, Winston, imagine a boot stamping on a human face forever." - George Orwell, 1984
....used to fake user agents all the time. As a man I thought I was always properly connecting to her internet portal. guess not.
AVG was once a good product. Then, it got bloated and started eating up kernel memory voraciously. It was impossible to play games with it running in the background, especially Crysis (skip the jokes, my system could handle it maxed once I replaced AVG with Avast!). Now, with this development, I'll be sure to replace AVG with Avast! on all of my machines, not just my gaming one.
Colin Dean Go a year without DRM
Smiley anti-virus provider? The integrity of Slashdot submissions just keeps going up and up! Nice example Taco.
Must be a slow news day...This story's been around for nearly 2 weeks. AVG will probably keep changing the useragent with every few updates to annoy Admins and stats sites...
Laters Sol "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
With all the readers of Slashdot, I think it would be safe to bet we will see a DDOS of AVG servers.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
People will stop using it once they realize it hogs their bandwidth.
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
Is many years I've never heard AVG referred to as "Slimey" I don't think the toolbar is a good idea either but... slimey? AVG is awesome.
I wish, however, they would take business needs into account before launching software that makes life even more difficult for the people trying to do the analytics
AVG is for the consumer. I want them to keep my machine free of bullshit. And we all know there's tons of bullshit out there. And with AVG, I'm becoming a little less paranoid with websites, but I'm still giving all of them bogus information because I trust no website with any of my information. Sorry webmasters and site owners, as far as this web surfer and consumer with the money that you want is concerned, you are all crooks out to plant something on my machine, grab my email address to spam me, and possibly do something I've never heard of - unless proven otherwise.
Don't like it? Tough shit! It's the cost of doing business. So suck it up and just shut up and do your jobs and work around this "problem".
I did the same thing as it was definitely running slower, and now I too have an exclamation point on my icon. Whoever thought up that part of the software is an idiot.
You need explicit permission to access a public website now? Shit! I'd better get offline and write an apology to CmdrTaco - I've been using /. without permission for the best part of a decade!
Time to post a specific statement on all websites stating that AVG does NOT have consent to access or "visit" these websites.
That's a bit like putting up a 'No Trespassing' sign inside your cellar, and expecting it to prevent people coming over your fence.
Real Daleks don't climb stairs - they level the building.
In Soviet Googlestan, agents fake YOU!
"Flyin' in just a sweet place,
Never been known to fail..."
(on Slashdot, we're seeing them as like 6% of our page traffic now).
Not so fun when it happens to you, eh?
LinkScanner, the component they're talking about, works in Firefox as well - so no, using Firefox does not 'keep you safe'.
Nor is this about the users of the thing in the first place - either they like its functionality (security theatre-advance warning blabla) and leave it on, or they don't and they switch it off.
This is about the poor, poor admins who are suddenly seeing bogus traffic and omgosh it's spoofing user agents at that! .. repeatedly*
*changes his user agent to 'cry more, Taco' in FF and hits F5
no your not a lawyer, but i'm pretty sure your not smart enough to be one either.
you didn't give them permission to access your publicly available site?
really?
are you sure?
because you know, if you make something publicly available on the public internet, I'm pretty sure by definition, you've therefore given them permission to access it.
Just like everyone else "in the public".
Did you give Google permission?
how about every other search/index site?
as to the "extra bandwidth" since it is by definition, caused by your websites being found via search providers, maybe you should be sending the bill for linking to them and thus causing the "extra bandwidth" to Google/Yahoo/MS and see how far that gets you.
This is easily the worst feature of the new AVG Version 8. Not only does it flood the net with bogus traffic, but the load on the user's PC can grind things to a halt. I deactivated that feature, and now AVG constantly alerts me that I'm in danger because not all aspects of AVG are functioning... The Horror!
Stop by my site where I write about ERP systems & more
You can actually install AVG 8 without the 'Safe Search' feature that crawls websites (it's essentially a BHO/Firefox extension). Even if you already have AVG 8, you can uninstall it and reinstall:
At a Command Prompt window, type /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch
c:\downloads\avg_free_stf_xxxxxxxxxx.exe
where c:\downloads\avg_free_stf_xxxxxxxxxx.exe is the full path of your AVG 8 installer.
Go somewhere random
Has anyone else noticed that AVG 8 is also DOG SLOW on their PC? My computer is from 2001 and ran fine with 7.5, but 8.0 is unusably slow. Every time an application is opened it takes forever for AVG to scan it and let the app open. This combined with this linkscanner bullcrap has caused me to switch. I doubt I'll ever go back.
...but it screws up the <base> tag parsing, hogging servers with garbage requests such as ...someserver.com/somepage?id=1/scripts/scripts/scripts/...(scripts/)+somejavascript.js
hate replying to myself, but didn't notice this before - it works in FF2, not in FF3.
Disabling it FF-side: Tools > Add-ons > AVG Safe Search > Disable /nokarma-anon
They're trying to do an honest service to their anti-virus users, and if they could truly masquerade as real users it might work.
So far however, it's trivial for the bad guys to work around their efforts.
If they could make it work right, it might make sense for some sort of pseudo-protocol addition where each AVG client notifies a site AFTER a series of visits that X number of visits that day were of the fake variety.
As I do agree with both of the responses the interesting part is that is how the law is written.
It works just like the IT policies at work. You are not allowed to use work IT for personal.. Everyone uses it from time to time for personal. They only pull out the policy when the want to fire someone and do not have just cause.
Even I think its a stupidly written law, but it is one. And yes as stated in the law you do need permission to access any computer or network. So when you use the internet and the FBI shows up yes they can use this law against you.
interesting isn't it??
love the taste, hate the texture
Will someone tell me why AVG is "slimy", and what I should use instead of it that is also free?
Well, I submitted this 3 days ago but I guess CmdrTaco wanted to write an original post. One of the suggestions I had: if you have AVG 8 installed on your machine, why don't you search this a few times, so AVG can taste their own medicine:
Three o'clock is always too late or too early for anything you want to do. - Jean-Paul Sartre
The Mozilla part at the beginning is the standard IE user agent. IE has been falsifying their UA as Mozilla since the beginning, originally because Netscape was the top dog, and Microsoft wanted to make sure that it worked with sites that sniffed the UA only worked with Netscape.
Seems that for a company that makes its living from the net deciding to piss off web masters, website and (in the end) users is one slightly strange business tactic. In this field people have long memories and this stink will hand around.
What if all the websites decided to post up a warning like "Hello Visitor, we detect that you are using AVG - were you aware that this program is known to cause problems like this, and this and that you can find freeware with almost all the same functionality here, here and here".
Of course AVG could simply attempt to block that kind of traffic, but they are treading on thin ice here. If the net community as a whole decided it would be better off without such crummy tactics I'd bet there are numerous ways they could hurt AVG for this.
I'm a longtime user of AVG. Version 7 was reasonably lightweight, effective and (most importantly to me) unobtrusive.
Unfortunately, version 8 is a different story. After Grisoft forced me to upgrade in May, suddenly AVG became a nagging resource hog. Nightly scan times rocketed from about an hour to over six hours - a scheduled scan that started at 2am would still be going at 8:30am. I have been able to reduce this time somewhat by changing the scan settings (e.g., don't scan inside compressed archives), but it's still slow.
Most annoyingly, their new "LinkScanner" and "SafeSurf" features slowed my browser to a crawl. I didn't want these, since I already use FireFox with the AdBlock and NoScript extensions. I tried to simply disable LinkScanner, but then AVG constantly bothered me with nagging warnings that my computer "was not fully protected". After a little digging, I found that it was possible to uninstall the feature entirely with the following command:
avg_free_stf_xxxx.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch
(Substitute "avg_free_stf_xxxx.exe" in the above command with the name of your setup file.)
This improved my browser performance, and eliminated the warnings.
I'm still (grudgingly) using AVG, but I will switch if/when I find a better alternative.
And never had any virus, privacy, stability issues...
Not a single issue in 4 years...
Hopefully, they will stop whatever shait they are doing now so I can keep them in high regard.
Stop with the amateur dramatics already, you big girl's blouse.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
When probing for sites that serve malware, wouldn't you have to make the probe look identical to a legitimate user?
Otherwise the malicious site could just serve innocuous content to the probe and malware to everyone else.
My Karma: ran over your Dogma
StrawberryFrog
Actually, I am sorry for the webmasters. They have to deal with this. OTOH it IS part of the job.
I don't know what you folks expected. The web is infested with all sorts of malicious code. Are users not supposed to protect themselves in the interests of the website? After we manage to make the browsing experience safe for "teh n00b" then this won't be a problem. So all we have to do is get all webpages standardized, sanitized, and secured. That includes all the people using IE.
Another option is that we could stop promoting the Internet as a good tool for consumer level financial transactions. Then there won't be ANY need for privacy and security. Then we might not have jobs either.
It is yellow journalism to report this story in this way. Another way to put it would be "AVG forces issue of PC Security versus bandwidth usage." Then they look like heroes instead of villains. You're just putting spin on the issue because this is affecting your cost/income ratio.
Since AVG is producing something that helps end-users do you really want to be seen as a promoter of the problem? Since the problem of malware sites is not going to go away and since AVG is effective more antivirus software will start using these techniques. Unless you have something better to suggest?
Frankly, as an end user, I don't give a damn about your costs and stats. I don't care about it for amazon, ebay, myspace, or paypal. I do care that if I follow a link to an unsavory site that I am protected.
Here is another question. Do you want a userbase that is populated by malware infected computers? Is that preferable to figuring out a way to work with AVG new technique?
Dont throw your users under the train. They have a right to their security and peace of mind.
How exactly do the websites getting slammed with this bullshit traffic "not even install this part of the program" and "if you don't like it don't use it"?
Did you miss this part: (on Slashdot, we're seeing them as like 6% of our page traffic now)
So how does Slashdot "just not use" the AVG product and recover that 6% of their page traffic again?
The complaint is that they are "spamming the internet with deceptive traffic". That's a server/hosting complaint, not a user complaint about some user who can't figure out how to disable that feature.
Kudos on getting a "4 Insightful" for a ridiculously inapplicable and nonsensical response though!
avast! antivirus Home Edition is FREE to use but it is necessary to register before the end of the initial 60 day trial period. To register, click here. Following registration you will receive by E-mail a license key valid for a period of 1 year. After you have downloaded and installed the program, the license key must be inserted into it within 60 days. The registration process is very easy, and it will take you only a couple of minutes.
Also Avira has been getting more and more annoying over the years, it's practically adware now.
So now it looks like it's either AVG with the browser plugins removed or MoonAV (which is FOSS):
http://www.moonsecure.com/
(It used to have a problem where you'd need to remove the Windows service manually after uninstalling, they might have fixed it though.)
"When information is power, privacy is freedom" - Jah-Wren Ryel
Is it time to point out the silliness that IE still claims to be Mozilla in its UA, only mentioning MSIE as a side note)?
Shouldn't it be avg_free_stfu_xxxx.exe ??
I love AVG for the free scanner it provides but ...
Safesearch: It doesn't work.
Somehow I ended up on one of those "Your computer is infected..." sites
while trying to dl their crap. So for fun I went back to the referrer page
(google) and sure enough, it was marked as safe.
here's my proposed compromise:
1. scan the users search results
2. upload data to avg database
3. next user that has those urls in a search result first check with the avg database to see if those sites have been scanned in say the last hour.
4. only scan urls that haven't been checked recently
of course, then the AVG server would take the brunt of the increased bandwidth, but hey that only seems fair.
OTOH, why people continue to struggle with keeping a windows box running when they could just wipe and install a nice Linux desktop....I'm so happy my Ubuntu desktop doesn't expose me to these kinds of issues.
"The Most Fun Possible on 4 wheels" is at SunBuggy in Las Vegas
I've used it before, it's pretty good.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Hah! Checking my addons in FF3, and on AVG Safe Search 8 it says "Not compatible with Firefox 3.0". Awesome :-)
AVG spambots got mod points!
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
And with AVG, I'm becoming a little less paranoid with websites
That is, you're reducing your security because you believe AVG is providing you valid information about the reliability of websites.
I installed AVG on my mother-in-law's machine because she had an expired trial version of some other AV software. It was great for a while, but they must've had a change in direction/managment. Because all of a sudden they started with popups to get a full paid version of the software - even uninstalling the product didn't fix it. I had to surgically extract crap from the registry and program files folder to finally get rid of it. Avast or ClamWin for me - no more AVG.
90% of everything is crap. Also, crap is relative.
Ok, sure I understand all of the issues at hand here. It is obviously flooding the internet with fake results which must be stopped. So maybe it shouldn't be a default option. But I have to say, that for searching for skeevy websites on Google (not that any of us would be searching for cracks, hacks, warez, or skeevy porn) it sure is useful to know which websites will try to hi-jack my computer before I click the links to them.
I think I missed the memo - why is AVG a "Slimy anti-virus provider"? That portion of the summary BEGS for supporting links...
Be careful of your thoughts; they could become words at any minute...
No, that is not the complaint, and you are being disingenuous. The complaint is that users of their software are "spamming the internet with deceptive traffic" which is easily correctable with a change in the default install.
The company should be on the hook for providing a default install that is problematic, but your questions are kind of silly and inapplicable. For example
This question makes no sense, clearly they already don't use it. I have to ask though, aren't there professionals who administrate these websites? Why aren't they dealing with this problem, as it is their job?
Again, they're already not using it, I see what you're trying to do, but it's not working. The websites involved are responsible for managing their traffic, they need to do it.
Honestly, your post was kind of stupid and reactionary, and wasn't really worth replying to, but since it was also hyperbolic and wrong I decided I'd tell you.
Check your apache config, i imagine the sites in question are not set to
Order Deny,Allow
and until it is, you're giving permission. I recommend you become a lawyer because this tech thing isn't for you.
I've been a happy AVG Free user on my Windows machines at home for a few years. I noticed the same problems as others have noted when the 8.0 upgrade was enforced, but I have mostly gotten used to it.
/. community (Linux is not what I'm looking for, as my wife sees no reason to relearn how to use her computer, and I still want to play COD4).
What I'd like to know is if there's a comperable free antivirus that doesn't piss off the
Take off every 'sig' for great justice.
I don't use that linkscanner crap. I use AVG cause its free, but I don't use the email scanner or the linkscanner...which is probaby what's causing this. If you do a custom install you can uncheck that linkscanner crap.
AVG's botnet is currently 20 million strong and growing. If AVG can do this type of DDoS against websites, what is to stop any other malicious entity from doing the same?
And if that causes problems for webmasters, Thompson says, so be it. "I don't want to sound flip about this, but if you want to make omelets, you have to break some eggs."
Sounds like a "fuck off" to me.
I guess slimy is in the eye of the beholder, but the attitude reminds me of Claria.
Never attribute to malice that which can be adequately explained by stupidity.
I never spellcheck and I freely admit it. Save your karma for more worthwhile "lol erorrs" replies
Yes, we would do well to recall Hanlon's razor
"Never attribute to malice that which can be adequately explained by stupidity."
my insights may be modded Funny, but at least some of my jokes are modded Insightful
which would stop the browser getting the page if link scanner thinks its got malware on it.
Why they don't I have no fucking idea. The spokesman for them on El Reg is an arrogant twat, so maybe that's the reason.
Perhaps, someone could elaborate on how they are slimey. This appears to be an attempt to protect people.
Might it be proper to call this "The Patriot Act Principle"?
Political ideology aside, if you don't consider some of the things this country has done since 9/11 to be slimy, you probably won't get how this is.
While I agree that this spoofing is potentially problematic, I do think there is a reason they're doing it. Obviously their intention is to increase their users' security, by including the LinkScanner option, and perhaps spoofing IE is just a means to that end. Assuming this to be true, ultimately the aim of this extra measure is with good intent (better security = good). Besides, as many people have pointed out (including me, in another reply), you can omit these features during installation by some command line usage. Additionally, I might point out that the TweakGuides Tweaking Companion http://www.tweakguides.com/TGTC.html offers additional hints at backing down some of AVG 8.0's resource hogging aspects that other commenters have complained about.
These guys rock! Free life-time license, etc... Small footprint and easy to use. http://www.comodo.com/
When it comes to search engines, there's at least a method available to opt out. It may not be as good as opt-in in many ways, but robots.txt is pretty well respected by most reputable firms.
For what AVG is trying to do, wouldn't inserting a proxy between the internet and the user make more sense?
AV programs already seem to believe themselves free to shove whatever weird stuff deep into the system they deem best, so that wouldn't be new, and it would lighten the load considerably for both user connections and website admins. Rather than inspecting every link on every page the viewer visits, the AV app could just pass HTTP traffic through a local proxy, thus getting a first look at everything, without modifying the behavior or bandwidth demands of the client in the slightest.
I freely confess fairly limited understanding of this area, so I could well be wrong; but surely there is a more efficient way to do what AVG is trying to do(never mind whether or not what they are doing is OK)?
I wonder if this AVG behaviour of doing prefetch on linked sites is driving up advertising clicks at all?
Could AVG be unintentionally committing massive click fraud?
AVG lets you turn off the Link Scanner. It's under Tools>Advanced Settings>Link Scanner. I just turned it off and browsing is definitely faster, especially when I hit the back button. This is especially noticeable with Flickr. They obviously didn't consider the consequences. It's a nice idea, being able to scan links and see if they are safe, but it has its serious downside. I trust that AVG will either turn the link scanner off by default or completely disable it very soon.
Might this feature be helpful in finding websites that have been compromised with Malware like we've been having recently? Instead of waiting on one giant web spider program done by the antivirus company, it distributes the load and scans are done in real time.
The Bad: increased traffic on common websites with data that will skew your numbers. The more popular AVG becomes, the worse this gets.
The good: more real time scanning of websites for known infections and up to date blacklist updating if that is part of the Linkscanner.
I won't defend the actions, but I won't call them slimy either. Talk about your yellow journalism.
If not, then rig your pages to include an IMG tag with a randomly generated file name prefaced by a constant prefix. The random portion should thwart browser caching, and the constant prefix should allow you easily grep through a log file to count the number of times these were loaded. Configure your server to rewrite all requests for images with that prefix to a 1-pixel transparent image so that "real" clients don't see a "broken image" icon.
I'll admit this isn't my area of expertise. Is there something I'm missing?
used to be a good tool, but you can't even surf with a 500 MHz box with that evil bitslapper installed.
if this is supposed to be a new economy, how come they still want my old fashioned money?
We'd considered doing something like this for ad links. We offer the AdRater plug-in, which checks the legitimacy of advertised sites and puts a rating icon atop each ad. For some ad URLs, we can decode the URL and see what site is being advertised, so we don't have to follow the link. But there are cases where that's not enough. Sometimes the advertised site is just a redirector, and we'd like to follow the redirection chain and rate the ultimate target. Sometimes, the ad links are obfusicated. (Google doesn't do that; DoubleClick does.) For those cases, we'd have to pre-read the ad site from the plug-in in the user's browser, but not render the ad into a window.
If we do that, every advertiser sees a false click-through for every ad displayed. The AdWords advertiser community would not be happy.
This is the same problem AVG hit.
They need to send the "is this a bad web page" request to their OWN server that has daily or hourly cached results instead of checking over and over. Sure there would be a delay, but it would be mainly using THEIR and their CUSTOMERS bandwidth and not chewing up my sites bandwidth.
I guess you've never used Avira then?
free-av.com
Free antivirus for Windows, Linux, BSD, and others.
I'm starting to think GNU is the problem with "GNU/Linux" these days.
Seems like the Open AV project needs step up it's progress (or become active again?).
Of course I didn't RTFA... why would I do that? You really are new here aren't you? Don't let my UID fool you.
Some readers (and AVG) don't get why this is "slimey". It's worse than slimey -- it's outrageous.
We provide a web service for serious scientists, and each query to our system requires a LOT of computational and database resources. We're not talking about delivering up static results or a simple database query here, we're talking about launching jobs that run for several seconds to several minutes. A given page might have dozens of these links. So a scientist who asks an reasonable question would spend a few seconds of our server's resources. But then AVS comes along, and could launch dozens of searches that might potentially use an HOUR of CPU time.
Most of these links would never be clicked, because they're not what the scientist is interested in. But AVS, being blind and dumb, hits every one of them.
If this goes on unchecked, we're going to have to install some elaborate traps, at great cost to us, to try to detect AVS's scans based on behavioral patters. For example, no scientist would ever click on links in quick succession, because she/he wouldn't have time to read the results. But this will cost us tens of thousands of dollars in programmer resources.
AVS, you suck. Your holier-than-thou attitude is disgusting. What you're really doing is sucking off the resources of other companies in order to improve your own profits. You're throwing the cost of the criminals onto the shoulders of innocents.
IINALBICTIBL (I am not a lawyer, but I covered this in business lessons).
Under British law, you can sue for anything which damages you, even if the act itself is normally legal. To give a rough example, to the best of my knowledge, there is no law preventing me from shining a 25 KW floodlight onto my next door neighbour's house, but a court would still order me to stop very quickly if I did that.
I suspect the same applies to this situation: there may not be any law preventing a program from pre-fetching data from a website, but if it lead to bandwidth costs going up ten-fold, they would still have a case.
Also, as a point of reference, about a year ago, the company I work for had problems with a third-party tool that was regularly and frequently accessing one page on our site, resulting in an (approximately) 300Mbit/sec drain on our bandwidth for a month. In addition to technological solutions to prevent further abuse, we also sued for the costs incurred.
> Did you give Google permission?
For robots.txt, yes. For anything else, no.
> how about every other search/index site?
Same thing for any other robot. That would include this avg thing.
I've used all sorts of personal and enterprise anti-virus. AVG is the least slimy of all of the Antivirus companies I have dealt with in 13 years of working in IT.
After reading rave reviews I tried a switch to ESET NOD32 once, but it used more system resources than AVG.
I have used AVG pro; free, and network edition (I am IT Director for a mid sized medical technology co) which I switched our company to from Symantec and everyone has been happy ever since.
I think the feature they are discussing is one of the newer features in AVG 8, which I disable anyway.
I wouldn;t be surprised if other AV companies are behind this sort of article, because AVG has never bee known as "Slimy."
No, you're just an idiot.
Get the fuck off slashdot. Get the fuck off the tech world. Get the fuck off the earth, because we don't need idiotic scum like you here.
While all other /.ers are complaining that ClamWin is useless I want to bring some points :
- ClamWin has a built-in plug-in to scan incoming mail in outlook.
- ClamWin is easy to call from scripts and is a nice thing to add to the commands that are launched by your favourite bit-torrent client once a file is completed (I use this on my linux based torrent downloading/file server machine)
- ClamWin has plug-ins for FireFox : SafeDownload, Download Scan, Download Statusbar all let you launch the scanner of your choosing once a download finishes. ClamWin Antivirus Glue is another solution, but one has to manually update the minimal supported version (the plugin is set to support up to 1.5 although it works with more modern versions).
So, although ClamWin isn't continuously scanning in background, it can cover most of the usual entry points. (Although I don't know about plugins for Thunderbird and Microsoft file server).
For those who like to test newer bleeding edge software : WinPooch software can launch a scan when ever an executable is opened - it's almost as good as an on demand scanner.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
... say Firefox's "network.prefetch-next = true" by default setting? If a browser prefetches all the pages in the users current web page (i.e. a Google search) even when the user does not click on a single link then the web site would get just as much false statistics about what the users were viewing. There is no 'bot' involved like the article seems to imply of AVG, but producing traffic to unvisited pages is still 'fake traffic'. There is a reason for each activity, one is speed and the other safety. Is one really more wrong than the other?
Everyone that is having "problems" with AVG8 is using the wrong platform. You should be using a Mac since you are all obviously idiots that can't figure out a simple options page.
Look, I'm all for setting up a public water fountain and letting people drink from it. It's what I expect. But when someone brings a hose and they aren't even drinking the most of the water they suck out (i.e. the pre-crawling bit), then, yeah, I'm going to say "Quit it, and let other people have a drink", especially if I'm paying for the water.
It's inconsiderate and wasteful, and unnecessarily so. Slimey? No. But rude.
I used to use AVG (and liked it a lot at the time) but switched to Avast after a couple of failed detections. Avast also will scan content, but they skip the stupid stuff and just scan content you're accessing. And ya, sometimes it's good to know someones got your back when you're on a p0rn binge.
Quack, quack.
Also AVG are not slimly, the spyware/trojan/malware site operators are
However, I'd argue it's the equivalent of using a flamethrower to take out a wasp's nest - the amount of collateral damage to non-malware sites due to the spurious pulls is excessive, there are cleaner methods available.
I don't read AC A human right
"Did you give Google permission?
how about every other search/index site?"
Yes, I've explicitly given search robots permission to index parts of my site via robots.txt.
However, there are sections of my site I tell them that they can't search, mostly content that goes out of date very quickly.
Which AVG (of course) ignores.
I'm not using .htaccess files for speed reasons. Will the parent post code work if copied verbatim into the apache config file, or something similar with a redirect rule?
And for the AVG fanboys who think this isn't slimey, it is exactly that. AVG is putting out a product that is harming small business web sites, home business web sites, most non-profits, hobby sites and any other site that doesn't have a programmer or scripting guru or apache expert working on payroll, which is the vast majority of the internet. Log stats are the key to figuring out how to improve the site layout, info, design, seo, popularity and a whole lot more. AVG is enabling log spamming and burning sites' bandwidth in order to sell a malware scanner. They themselves are selling malware with these tactics.
How long before someone gets fired or arrested, and tries to explain that it was their anti-virus software that was viewing the child pr0n?
that *Linux* is arcane!!!
ROFLMAO!!!
Comment removed based on user account deletion
After some checking logs today - the beauty of this mess, is that linkscanner doesn't send accept-encoding and it also seems to 'support' the caching header in a quite hilarious manner.
If your homepage is 100k, browsers will see a page maybe 15k in size, linkscanner sees a page 100k in size.
If you regularly update and set a low/negative expires, then a browser will see the page once (when they visit it), whereas linkscanner seems to re-download the page every time it sees a link to it.... combined with a page that is SEO optimized, and you can see insane bandwidth usage.
*IF* page scanner avoided re-downloading pages with "don't cache" set (since it's bloody pointless), AND supported gzip encoding - then I wouldn't be quite as pissed as I am. Honestly, this is not only a bad idea, it's half-assed coding on top of that.
This reminds me of that FF link-prefetch feature that, IIRC, got removed (or did I just disable it so long ago...) because it was such a pig.
Why not just have AVG pre-scan links you actually *click* on rather than scan the entire page of search results, most of which you'll never look at beyond the summary? Is there a technical reason it can't do that?
ON DELETE CASCADE
I submitted an article to ./ on May 30 about this AVG thing. I did not read about it but discovered it for myself. I was rejected.
http://www.cre8asiteforums.com/forums/index.php?showtopic=62865&hl=
A month later it is news (for Nerds) although it is still stuff that matters.
Now I ask if you need to know someone to submit or does it have to be written by someone else?
This is borderline spyware or badware. Shame on them. Even worse. Let's say you do a search and within the results is a site that, if visited, will raise someone's flag somewhere. Guess what? You visited. You have just made the list of people to monitor. A well meaning crusader of something or other could devastate people lives with this misleading data. I'm sure we can all think of examples. I removed it then did an install without it. Geez did we need this?
Seriously, someone should clunk the marketing people at Grisoft over the head with a large wrench. The adverse publicity (here and over at vulture central (note the date) will cause them big problems). At the very least they need to set the defaults so that safesearch is *turned off* (and send this as part of their automatic updates so the problem doesn't simply keep on growing).
Andy
However, this thing only grabs URLs that show up in search engine results. So if you use robots.txt to opt out of search engines, you've opted out of this as well.
I got MS Virtual PC installed on PowerPC G5 Quad running (unfortunately, forced) XP SP3.
As you probably know even such a emulator/virtual machine can get infected by a worm/virus and can also actually run it. So, I thought about 4-5 years back and installed AVG Free edition after trying various stuff. It was the previous, simple version which did a damn well job for obvious junk and it was almost transparent to that P3 500 equivalent virtual machine.
It shows me warning that I should update to version 8, after watching that it takes 35 mins just to install, I travelled further back in time in my memories. You know the difference between AVG 7 and AVG 8? Same as the difference between legendary Netscape 3 Gold and Netscape 4 communicator.
RIP to another excellent software/formula wasted by incompetent developers and a company trying to become which they can never be, Symantec. Symantec can save themselves and survive thanks to millions of dollars in advertising, straightly bought out technical correspondents, reviewers but AVG will be a thing of past. I am actually surprised nobody started a "Save AVG 7 petition" yet.
The code they wasted actually saddens me even while I mainly use OS X. Avast guys should be careful, they are in same path too.
Seriously, AVG wasn't trying to DDoS websites around the world - they were only demonstrating that they aren't very good at predicting the consequences of their software's actions.
Never attribute to malice what can readily be explained by simple ignorance.
Comment removed based on user account deletion
Well, it's hardly easily correctable with a change in the default install. /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch
You have to install with this command line:
c:\avg_free_stf_*.exe
You couldn't give that command to someone over a beer or even on the phone. It's ridiculously complex, it should be much more simple. It's really really hard.
They stumbled in their architecture decisions on the new release. Made bad choices. Hopefully AVG is fixing all this nonsense right now.
.
Well, the "No Trespassing" sign in this case is presumably a robots.txt file.
AVG is choosing not to follow robots.txt. If you accept that AVG's linkscanner is, in fact, a robot, then they're basically ignoring a clear warning to keep the hell out.
What's still open to debate, in my mind anyway, is whether the AVG linkscanner really qualifies as a robot. If it is, then certainly a web browser that performs pre-fetch is as well, and ought to follow the same standards.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I've seen two suggestions:
1. vigilantism - embed a miniture iframe with a google search for 100 pages from their site in your site's footer and hurt them back ( they have to pay someone else ). I find this is a rather distasteful approach, ethically.
2.create some form of RBL list of user ip's that are using AVG and bounce them to a page with instructions on why and how to disable it. Which is just silly, really.
Or just bounce them from whatever they were *trying* to view to a page that explains that they are being banned from the site due to abuse, and explain why.
If enough people suddenly can't use the internet because their Antivirus providers are a bunch of ass hats, that should hit AVG in the pocketbook much harder than the bandwidth-hogging "vigilantism" approach laid out in "1", above.
I fully expect to see someone at AVG go to jail, anyway, (DDoS is a federal offense, and this is criminal negligence, at best). This will hopefully make them more wary of distributing fantastically broken code in the future.
Sorry if I seem like a hard ass, but it's not like this was an unforeseeable consequence of their actions.
This work is licensed under a Creative Commons Attribution 3.0 Unported License.
So, if we all know how to block the AVG client from our sites, what's the purpose in the falsified AVG header? Also, I've been a long time customer of AVG. They've never done anything "slimy". This news does not indicate they are slimy. They are trying to protect their customers, but I do agree they should have found a different way to do this. Personally, I'll be turning off this feature when I get home. I was beginning to wonder why searches were taking so long.
Oblig: The following is just my $0.02 from experience with such products, and not meant to troll or start a flame-war. With that being said, any time I find a system running Symantec/McAfee AV of any kind, corporate or otherwise, I have a quick discussion with the user and proceed to uninstall it. Ditto for Microsoft One'could'Care'less'. It's no secret that those products are notorious for siphoning resources and their effectiveness is questionable at best. It's not like there's a silver bullet for anti-malware purposes, but there are much better alternatives out there. Again, just my $0.02.
I've installed AVG, Trend Micro and Bitdefender, among others, in the past several years and must say that the default settings on most anti-virus/anti-spyware apps definitely need some tweaking; IMHO of course. At the very least, a much better explanation for the average end user during the installation process; as in what each module does and if you want to activate it. It would also benefit the end user to have a much easier way to disable problematic features such as Linkscanner in AVG. As for techs and the like, the advanced/custom menus will do just fine.
From my experience, BitDefender could use a rework of the UI. Too much shit to sift through and it would also benefit the users, especially techs, to be able to easily save/restore settings in the event you're setting up several machines at a friend's or family member's house.
Regardless of which product I end up installing, I always choose a custom setup and un-check options such as LinkScanner, or any toolbar-related modules for that matter. During the installation, I explain to the user why it's being installed the way it is. I also disable any scheduled scans as they cause nothing but trouble for the average user; as in full scans scheduled by default to start at 8 or 9am. Most times when I get a call about the machine slowing down to a crawl, I ask if an AV product has been recently installed. Aside from actually being hit by a nasty virus or spyware, it usually ends up being the case. This is from those who try to install the AV app on their own and wonder why the system is running terribly slow. Experiences like that are very common across most anti-malware apps.
Another issue I have with most, if not all 'internet security' apps is their implementation of a firewall. What a monumental piece of complicated horse shit all the way around. Problems ranging from ActiveSync not working anymore because of blocked ports to file-sharing being blocked. And those that claim to be a 'smart' firewall because apps are granted access based on a approval list maintained by the vendor causes it's own set of problems. Needless to say, that I stay away from using such firewall apps from AV vendors. If it's a desktop, the crappy Windows firewall will do. If it's a laptop, I disable file-sharing and explain to the user how to turn it back on if needed, plus I suggest something like Zonealarm if it's a home user or Zonealarm Pro if it's a corporate user.
Comments and rants are more than welcome. LOL!
by loading down and scanning 10 search results you weren't going to...?
How's that work?
If your web site can't deal with the minor increase in traffic, I suggest you unplug the server and return it to Frito-Lay in the original Cracker Jack box that it was shipped in.
Mea navis aericumbens anguillis abundat
Yes, but robots.txt lets you specify not only permission to retrieve the page, but also what the robot can do with it. AVG's using the result of the permission I give to Google without having permission itself.
I'd love to see Google step up and say that the application erodes trust between Google and webmasters, and push AVG to do something... or subtly break the functionality in some manner.
In the mean time, since it's possible to detect requests from the AVG toolbar (the missing accept encoding header), web sites could launch an awareness campaign with an interstitial YOU IDIOT! page when a human visit follows AVG's "visit".
A site that started last week, AVG Watch, is collecting the IP addresses of LinkSpanner users that visit two other sites they have. After three days, they have 21,000 addresses.
I've been using AVG Free for years. Then 8 came out and they added a bunch of crap including the link scanner. The link scanner I noticed prevents some sites from loading correctly and seems to slow down others. You can disable the feature but it certainly seems to discourage this. Apparently I new have to find an alternative to AVG. Seems like this was a bad business decision on their part (I certainly won't be buying the full version now).
"UNIX is very simple, it just needs a genius to understand its simplicity." -Dennis Ritchie
The newest AVG Free is crap compared to the 7.5 version. The user interface sucks (non-intuitive, non-customizable, nag-screen-like panel at the bottom). And now this. Looks like the Grisoft must have hired some "brilliant" MBA or something to manage the product, who thinks, "If it's not broke, change it."
Roger Thompson:
"I don't want to sound flip about this, but if you want to make omelets, you have to break some eggs."
So be it. We'll have to break Roger Thompson's eggs.
Here's a version for ColdFusion that will work on any webserver. The script is also checking http_referer since I read another article stating that this parameter is empty too, but this can be easily removed if you prefer.
I also added a randomizer that uses different domains in order to spread the message and return the favor of skewing their statistics.
<CFIF NOT LEN(trim(CGI.HTTP_ACCEPT_ENCODING)) AND (findnocase("1813", CGI.Http_user_agent) OR findnocase("Mozilla/4.0 (compatible; MSIE 6.0;", CGI.Http_user_agent)) AND NOT LEN(CGI.Http_Referer)>
<CFSET URLList = "http://www.avgfree.com/,http://www.avg.com.au/,http://free.avg.com/,http://www.avg.com/,http://www.grisoft.com/,http://www.grisoft.com/ww.home-and-office-security,http://free.avg.com/ww.download-avg-anti-virus-free-edition,http://www.grisoft.com/ww.product-avg-internet-security">
<cflocation url="#ListGetAt(URLList,RandRange(1,ListLen(URLList)))#?LinkScannerSucks" addtoken="No">
</CFIF>
It's not the users' fault that AVG have gone and screwed the pooch.
I, for one, hope to see AVG go down in flames as they are sued into oblivion by the majority of websites inconvenienced by this distributed denial of service attack against the internet itself.
Sorry, but even a novice coder would know better than to have code that even pings an address, much less sends a text request for a large amount of text. Not in an application with a couple million users.
Personally, I don't see this as any different than the bot-nets that were all the rage a few years ago on irc. It seems to me that anyone inconvenienced by this attack should be calling the feds. Certainly anyone whose server was knocked down should be.
Civil court is fun (show me the money!), but this is criminal. Someone needs to have their sunlight taken away.
This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Lemme get this straight - for all intents and purposes, AVG has turned their entire customer base into one huge botnet, yes? They can't instruct it to "attack server ", or to initiate campaigns to increase the size of their botnet, but a botnet it remains. Anybody with AVG software installed will accept whatever that software does (at the behest of AVG), but since it lives under a cloak of legitimacy users won't be trying to purge it from their hosts anytime soon.
So - AVG Antivirus is a trojan, it's behavior once installed is much like a worm, it has been shown to inadvertantly cause DDoS attacks on websites (hey, what's the impact on the backbone from this?). AVG Antivirus is the BitTorrent of the botnet world!
If I wrote software like that, DOJ'd have me in jail 'til my beard reached past my kneecaps.
Sooo.... No one noticed this option at ALL?
http://img355.imageshack.us/img355/4032/avgbn7.jpg
Just right click the component in the default AVG control panel, and say "ignore component state."
BAM, no more red exclamation.
(on Slashdot, we're seeing them as like 6% of our page traffic now)
This is like 6% bonus damage on the Slashdot effect. Eat it, servers!
I just noticed something interesting, while poking around for different potential URLs to use for this redirect script here. When I enter "www.girsoft.com" directly into the location bar (Opera 9) I get a short page back that simply says "UNDER CONSTRUCTION". How ever if I enter "www.avg.com" I get redirected to "www.girsoft.com" and THAT time I get their actual web page.
I am assuming this means they are feeling the heat of all our redirects to their site? This seems to indicate their web servers are setup to server up a simple low bandwidth page to certain requests that have a blank referrer.
Gee, isn't this what the reset of us have had to do BECAUSE of them? Hehe. Glad to see they are feeling it too... perhaps now they will sit down and rethink this blunder?
Bots should adhere to the robots.txt rules. That is how webmasters "give permission" to bots such as Googlebot to crawl their website. If a bot doesn't bother reading robots.txt, then it qualifies as abusive, in my book.
I only give permission to googlebot in my robots.txt, and disallow everybody else. Thus AVG does not have permission to do this, no.
I seriously doubt that they will get away with this. If it's 6% of the traffic on ./ then it's a measurable cost. I think one can spin that as a DDoS so just sue them. Or send at least a lovely cease & desist.
This behavior can't be tolerated. Major websites should try and match the source IP fake view with real view and present users with LinkScanner with a notice of what their anti-virus is costing the company.
That ought to shame AVG into pulling the product. It's not like LinkScanner can work, anyway.
First, absolutely thanks for supplying this.
Second, here's my user agent string:
Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Debian)
So taking a look at my configuration options, I have "send language" unchecked. Never had a problem with seeing web sites in English. It would be simple to just tick the option, but I'm advertising the amount of info I want in the logs (Debian/konq/Linux) while at the same time minimizing info (X86_64, kernel version, X11, etc.) in keeping with the minimization is everything for security/privacy/identity theft/whatever else I may think I'm preventing. Even so...while I have the option of enabling language, the point is, it wasn't enabled, which contradicts your statement.
I'll leave my settings as is, and should I ever be redirected, I'll know why. And I'm not suggesting any changes in code. It's quite probable that the low percentage of people who fiddle with their user agent strings are far more technical than the average user and are still quite a low percentage among the technical users, in which case each individual webmaster can judge whether their visitors fit into the category and then whether to filter or not.
Once again, thanks for the code, I hope everyone adopts it. AVG is peddling malware.
The first time through, I read that as avg_free_stfu.exe
That is all.
This work is licensed under a Creative Commons Attribution 3.0 Unported License.
It doesn't upload, it *downloads*.
You upload to a server and download to a client. If the server *tricks* the client to download, so be it, but it is still called downloading.
Uploading means initiating a connection to a listening socket and sending data there.
Downloading means initiating connection to a listening socket and fetching some data.
Like the last time I met so many like, they took my shield away. So I set them up a bomb and made jokes about their mother; like your mom is so fat that Soviet Russia sat on her.
Instead of up'ing everyones web stats to amazing levels.
I thought that AVG were good guys like Google that put their customers first rather than the neo-conservative fascists that bought the White House. It's all the other A/V companies that scare me. Maybe all has changed since they acquired Linkscanner.
Let me tell you how I feel about the other guys. It all started with Cyberstorm I, back in 2006.
The Department of Homeless Insecurity claim that their exercises are on an imaginary parallel internet housed somewhere in the basement of the Pentagon (or somewhere like that). I personally believe that Cyberstorm I exercise was live although I do not wish to prove that, just speculate...
To my knowledge AVG/Grisoft were not a participant in Cyberstorm, however Symantec, M$, Cisco and other commercial players were. There were some really horrible viruses that did the rounds at the time, blackmailing people into believing that all their secrets had been passed on with the virus. Another twist was that the computer would 'self-destruct' at the end of the month. Viruses made it into the news at the time, hospitals having scanners put out and such like. I was amazed at how sophisticated those viruses were. They stripped out all A/V protection, deleting the files and registry entries. Obviously a script kiddy in somewhere like Hungary could have written them, but I thought the level of sophistication and timing was odd.
The whole idea of Cyberstorm 1 was to test whether an online anti-government word of mouth campaign could be contained. The government would not want the truth about how we got into this war to get out, and it was on the basis of Cyberstorm I that informed Rumsfeld that 'The War Against Terrorism' was here for 75 years or so. Rumsfeld was correct to focus on Cyberstorm instead of Iraq, but it could have been instrumental in his 'demise'.
Coupled with the 'not' live exercise was 'Full Spectrum Dominance', i.e. different stories in security blogs about what the viruses were about. I think the exercise lasted a fortnight or so, and a week or two before the exercise officially started. Cyberstorm II had a deeper focus on spoof blogs and 'Full Spectrum Dominance', however, I did not 'participate' in that one...
If AVG are now playing ball with the Department of Homeless Insecurity then the 4th generational cyber-warfare scene is getting hotter and hotter.
Warfare has always been information warfare, remember 'Enigma'? It matters more than anything that grunts with bullets and bombs. Warfare is notionally about an external threat, however, it is always about control of the domestic population. An internal threat is a lot, lot worse than an external one for the guys in the palaces. Cyberstorm has a political motive, no matter how flowery the official language. In all warfare - online or otherwise - there is propaganda and fog of war. Fog of war means that nobody really knows what is going on. Hence, only wildly speculative hypothesis can be used to make sense of it all - hard facts don't happen and pukka adversaries run feints. Nonetheless, the Department of Homeland Insecurity do hint at this in their official spiel:
"The Cyber Storm II scenario will be executed by persistent, fictitious adversaries with a distinct political and economic agenda. The Cyber Storm II adversary will use sophisticated attack vectors to create a large-scale incident requiring players to focus on response."
http://www.dhs.gov/xprepresp/training/gc_1204738760400.shtm
The document on Cryptome is a must read as this shows the whole game plan. It's scary:
http://cryptome.org/cyberstorm.pdf
Note that they is talking anti-globalisation, not al-make-believe or the Chinese or the Estonians...
A press release story from the time:
"Original Cyberstorm 1 bulletin (AP, Feb. 10, 2006):
The government concluded its "Cyber Storm" wargame Friday, its biggest-ever exercise to test how it would respond
I'm the network, systems and phone admin for our company (medium-sized business), and we actually use AVG Network edition, which is exactly the same as the free edition except it can be controlled by a broken, crippled management console. AVG 8 came out with this feature and I turned it off the first day (at least on the clients that the management console would work on, which was not many) because it started sucking up all our bandwidth. I rolled back to 7.5 on all the important machines because their software has just become too malicious and bloated. Aside from the scanning feature, there are a zillion other little addons which all cause an error state in the program if manually disabled. On top of that, it requires restarts about once a month, and it eats our remote software (RAdmin); even if you add it to the exceptions. I've had no luck with the twenty-some emails that I've sent them about that; they keep claiming that they can't replicate it in their labs even when I show them screens of the scanner wiping a file and the exceptions list in the background showing exactly the same file with the "any location" setting enabled. This all probably makes me sound like a bad admin, I wish I could convince my boss to get a real AV solution, but instead I'm dealing with at least one problem every single day caused by AVG. Also, don't install AVG with the Netware 5.0 client (I know, I know, we're upgrading now, shut up). Bottom line: AVG used to be great for home users, but now it's a black hole of productivity, and an absolute nightmare in a business environment.
Frankly, as an end user, I don't give a damn about your costs and stats.
You'd care if your favorite web sites become pay sites due to rising bandwidth costs, especially if Norton and McAfee try pulling this shit too.
I wrote a blog article about this back in March, and it's just now getting known? I had a horrible time trying to convince people to stop using it because they thought they needed it, and didn't care as they didn't have to pay for bandwidth. Back before I wrote the article, I installed the new version of the program, searched for something and 5-20 minutes later it returned the scan results (not joking either -- I reported it to them. Had many, many e-mails back and forth). Wondered what the program really did, so I searched for just my website that has real-time user info displayed to me. Saw it actually downloaded and accessed the page (wasting my bandwidth on the server, processor, etc) so I disabled it. AVG gave me a red exclamation mark -- so I complained to them again, and again, about once a month. Latest release allows you to disable the link scanner and tell the program to ignore any warnings from it. I still wish they and all the others would remove it though. The entire thing is redundant or pointless. AVG's scans the website even if you don't visit it - then again once you do (just imagine a search engine indexing a FBI sting site, and you go searching for info about the sting, and get the sting site as a result). Other programs look up in a database if it's safe or not. It's all just a waste of resources all the way around.
"because you know, if you make something publicly available on the public internet, I'm pretty sure by definition, you've therefore given them permission to access it."
So because I have a public e-mail address, I'm giving spammers permission to send me junk mail and viruses?
(Dons flameproof underwear)
Sorry, moderators, if yer PHBs force you to use IE,
but that does NOT legitimize it.
You may go ahead and flame me now, for I am filled with love,
AND I'm wearing my flameproof underwear!
Exceeding the recommended torque is not recommended.
You are correct, and I did not mean to state that all valid browsers would have all 3 of these set as that is not the case. Perhaps what I should have said instead is:
"Every browser out there will have at least one of these 3 options set"
Because from testing that a few people at Webmaster World have performed they have found that linkscanner doesn't set any of these 3 options. That combined with the user agents we are aware of should be a unique enough combination to be a reliable method for detecting this DDoSing malware, with out the worry that we are blocking valid visitors to our sites.
And of course if AVG wants to continue this arms race against the server admins, we will simply adapt. It is how ever a pain in the ass to be spending time on this instead of more productive things.
Here's hoping Girsoft sees the light and does the right thing soon, pull back linkscanner and re-release AVG 8 with out it!
it's the only way to be sure
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
I switched from Norton Anti Virus to AVG about a year ago. AVG was free, it doesn't seem to be as much of a system hog as Norton AV and is easy to use and seemed to get favorable reviews.
Now I hear that it is the mother of all evil. Ok, not really, but I'm assuming that those who have vented against AVG in this thread would recommend I use something different.
So, what do I use for a good, preferably (but not necessarily) free, anti virus program?
Yes yes, but no valid *Windows and IE6* user will be without these three Accept-* headers! ;)
[not the GP]
I wonder what kind of traffic this is generating on Wikipedia, since it's on the first page of results for most queries.
Am I missing something, or can't you just disable the AVG extensions? This is what I did in both Firefox and IE6. I left the SafeSurf thingy running in the AVG console, but so far as I can tell, neither IE nor Firefox are letting it do anything. That said, I, too, thought that AVG 8 went in the wrong direction -- too much useless junk.
I don't think I've seen a posting so completely devoid of any intelligence in a long time.
Are users not supposed to protect themselves in the interests of the website?
Sure they should. Nobody has suggested that they should not.
Since AVG is producing something that helps end-users do you really want to be seen as a promoter of the problem?
If they want to help the end-users, they should scan the content before it's given over to the webbrowser - not pre-scan all links.
Since the problem of malware sites is not going to go away and since AVG is effective more antivirus software will start using these techniques. Unless you have something better to suggest?
Why not just do the sane thing? Why not just scan the content as it's being downloaded? Why on earth be a malicious bastard costing people and companies hundreds of millions in extra bandwidth costs?
Frankly, as an end user, I don't give a damn about your costs and stats. I don't care about it for amazon, ebay, myspace, or paypal. I do care that if I follow a link to an unsavory site that I am protected.
Which you can be in any case if the software in question is anything close to sensible. In your arrogance, you've completely forgotten that there might be better ideas on how to do this. Ideas that are even simpler, and that has been implemented in a lot of products for a long, long time.
I suspect that you're either extremely dim, or you work for AVG. This thread is suspiciously full of people defending AVG, without really contributing anything but hyperbole and bullshit. You're one of those "contributors".
Here is another question. Do you want a userbase that is populated by malware infected computers? Is that preferable to figuring out a way to work with AVG new technique?
Work with them!? WORK with them!? If they pick up all the bandwidth-bill-hikes they've caused globally - then sure - I would be willing to work with them. I do suspect that they would go bankrupt if they tried, though.
And why on earth should anyone work with someone who does something as foolish as this? When much simpler, better and easier solutions has existed for a long time?
No, AVG deserves all the blame they can get.
"Rune Kristian Viken" - http://www.nwo.no - arca
the problem is is screws up analytics.
To which I say "Boo frickin' hoo".
The Kruger Dunning explains most post on
When I tried to submit this story back on June 14 with a link to a Wired article it was rejected. Now it's affecting you and it becomes interesting? Yea, I know we aren't to take the rejecting process personally, but sometimes it seems the editors just want to post dups and make Cowboy Neal jokes rather than look at what they are offered or give any feedback on why something was rejected weeks ago but is now of international interest.
I'm an American. I love this country and the freedoms that we used to have.
Why not just scan web pages as they are downloaded by the browser?
Is there some really clever reason why this doesn't work, i.e why it's more effective to grab the web pages ahead of time? Because I can't think of one, other than a case of PEBCAK at AVG. You could route all TCP/IP traffic through a transparent proxy and scan the pages there before releasing them to the browser: if there's malware, you don't let it through. Surely this would be just as good at catching malware, and more "environmentally friendly" for the Internet generally.
>north
You're an immobile computer, remember?
If he had a robots.txt file then how did Google (or whatever search engine he was using) index it? Hmm?
In the words of Beavis and Butt-Head: "Just because one thing's cool doesn't mean another thing doesn't suck."
For the Windows boxes I use at home, I have the A/V software set to scan only on write or modify, and exclude certain files that get written to a lot but are very unlikely to carry an infection (e.g., log files). Using this setup, files are generally only scanned a few times (depending on how the download and install system uses temporary space), but the system is still just as protected.
Well, some paranoids would argue that by doing so, you're still vulnerable to any threat between the last write to a file and the latest signature file update. An on-open scan which compares the date of the last "on-write-scan" with the date of the signature update would plug the hole.
another interesting approach is AvFS which tries to integrate virus scanning inside a file system layer and to scan the data on the fly as it is loaded (thus not blocking the execution for a long time while a huge file is accessed but scanning data as it is streamed from the underlying file system - should fix all the "drawing an installer's icon freezes the desktop" situations).
This wouldn't work if you don't really have control over the system, and someone evil came in and turned off the A/V and then loaded a virus. Just in case, though, I have scheduled full drive scans run weekly during low use hours.
Well, a physical access is a guaranteed way to compromise a system anyway. Though I don't know if you can trust the scanner once the system is compromised : several viruses are well known for hiding themselves from scan (and some do even intercept updater's access to the web and prevent downloading a signature definition of that virus - the antivirus always report a clean system but that's only because its signature file is corrupted). I think scanning from a bootable media (CD-R, usb key) would probably be more reliable.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
There is a similar pest from a virus scanner identifying as ClamAV 0.92.1
It retrieves URLs from our website but it does not include a Host: header with the requests it makes.
Of course this makes it fail on websites that use shared hosting on a single IP address.
http://www.searchnewz.com/blog/talk/sn-6-20080701YahooSlurpgetsBannedbyWebmasters.html
I think / hope that the following rule will let snort detect it too. It seems to work in my network (I'm sure it could be improved)...
alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"Incoming AVG"; flow:established,to_server; content:"User-Agent\: Mozilla/4.0"; content:!"Accept-Encoding"; nocase; classtype:web-application-activity; sid:1000003; rev:1;)
Nullius in verba
we only want to protect humans from online viruses embedded in web pages. Why want disassemble robots? We live to serve and protect. No like, then remove the scubbing web option so no scub the Internet search engine results for viruses.
Here I am hoping you aren't a lawyer either.
If you can't establish the difference between "your" and "you're", I wouldn't want to be a party to any contract you drew up.
"Grousing about submission gets you modded down", etc., I know.
But me and eleventy billion other people submitted this story back when it started happening to our servers, seven days ago!
Mod me down, whatever. It's just freaking hilarious that when we have a story that actually matters to nerds in a real, visceral, quantifiable way, it gets ignored for a week.
<sarcasm>Thanks for the update, taco.</sarcasm>
"If GM sold a car with a deadly fault which could be easily fixed with a small adjustment would you argue that because it can be easily fixed by anyone who takes the time to learn about the flaw and how to fix it that GM is not the responsible party?"
You're assigning blame, which, honestly, I don't care about. It seems important to you, but I don't care.
Is "GM" the saem group as "owners of GM vehicles"?
No, they are not, as I said. It appears that you are so consumed with blaming someone that it never occurred to you that people who are not consumed with blaming someone can see that they are two separate groups, and thus when you said "Yes, that is the complaint, and no, you're the one being disingenuous." you were wrong, the complaint that is actually being made is that users of AVG are spamming the internet, NOT AVG themselves.
You can say "it's AVG by proxy" or "it's AVG's fault" but that's only partially true as the problem could be solved without interacting with AVG AT ALL.
EIther you are able to differentiate between a company and its customers, or you are not. Telling someone else they "must be hallucinating" when it's your own failure to see the subtleties is arrogant and thoughtless, and makes you look like an ass.
Thanks, have a nice day.
Yeah, this linux thingy is totally not ready for the desktop. You can't even install decent, free (as in beer) crawling the entire internet/DDoSing random servers anti virus software. Fsck linux. I'm going back to windows.
that it can give some approximation at how many times your site is appearing in a search result page.
Something google et al could already suply with a public rss feed
What's in a sig?
no your not a lawyer, but i'm pretty sure your not smart enough to be one either.
you didn't give them permission to access your publicly available site?
really?
are you sure?
because you know, if you make something publicly available on the public internet, I'm pretty sure by definition, you've therefore given them permission to access it.
Just like everyone else "in the public".
Did you give Google permission?
how about every other search/index site?
as to the "extra bandwidth" since it is by definition, caused by your websites being found via search providers, maybe you should be sending the bill for linking to them and thus causing the "extra bandwidth" to Google/Yahoo/MS and see how far that gets you.
It normal etiquette for a spider/crawler (and this is) to request the robots.txt of a site before requesting the content.
They now hurt every advertising network except Google adwords (because they excluded that url themselves) and bring advertisers real financial damage because they pay for bannersclicks that never happened.
AVG should change the spider to request the robots.txt and publish the name it will use so you could define it as blocked spider. This will not impact the security of AVG because when you choose to go to the site by following a link, bookmark of typing in the url AVG will still detect virusses but it will just be a little slower.
By including LinkScanner in AVG the PC becomes more vulnerable. This was a silly thing to do
I found a way to make AVG indexing a site eating up memory and go to 100% cpu and sometimes even crash. When it works reliable I will publish this slow-down exploit as AVGbuster. Google for that after this weekend.
The site synonymous with unintentional DDoS attacks is crying about a little bit of extra traffic... good grief.
Isn't this just an illegal robot? The only way this differs from normal robots is that it uses distributed resources, and it doesn't consolidate its results into a repository. But beyond that, it's an automated program that scans a web site without any user intervention. That's a robot.
Robots are required to obey robots.txt. Not doing so violates most sites' terms-of-use statements, and courts have upheld these.
What am I missing here? Why isn't this just plain illegal?
If you right-click on a component in the AVG User Interface, you can select 'Ignore Component State'. That way the component is turned off, but the AVG icon doesn't show anything wrong.
Hope this helps...
What if this gives Internet Explorer a bad name? What will we ever do then?
Have to look into how I can deploy rules to Akamai and the like to keep this crap from pulling in pages.
Won't help much if the request never makes it to my Apache origin.
Sorry to be ignorant, but I don't get it. Doesn't every site owner want to drive up their number of hits so they get rated higher anyway. Doesn't this only happen if a user is looking for something like your site to start with? If 6% of the traffic is coming from AVG now, how much was coming from the same users before AVG8? Are there actually statistics indicating the Internet is being flooded by these requests. Isn't this exactly the sort of thing Tim Berners-Lee is hypothesizing as part of Web3.0? I don't see who this is hurting. Certainly seems like a good thing for the user (if your machine can sustain the workload...mine can't).
Version 8.0 has killed AVG for me. It's slower, does more popups, kills legitimate programs (eg. VNC), and now this...
I'm a paid up AVG user but I'm looking elsewhere.
No sig today...
The thing is, search engines don't send new spiders to all displayed results every search. They update their caches on time intervals, or something similar. Keep in mind that it's in their best interests not to do so, as it would incur bandwidth costs for *them* as well.
If AVG sent its "Do you have malware?" spiders over the web in this fashion, no bandwidth problem would exist.
The obvious solution is to have AVG cache the results on *its* website and have SafeSearch go to that cache for results. Only if AVG has no info on a site would the USER send a spider to the search result, and then the user would upload the spider's report back to AVG.
End result is that the users get faster searches, webmasters don't get flooded by the same spiders over and over, and the (drastically reduced) bandwidth costs go to AVG.
I hated that link scanner crap, but when I disabled it in AVG, it turned red and started "warning" me that I didn't have full protection.
Given that I've never liked or needed that sort of thing, I found that you can simply go into Firefox, then your extensions and disable it there. AVG still thinks it's "working" but it doesn't pester me about this any more, nor does it scan the sites I visit.
sudo apt-get remove avg
I'm sure the users will just go elsewhere for their porn. The thing I don't understand is this: I've used free anti-virus in the past, and if one became bloatware or less updated after a while, I'd simply switch to another free program. Why are people defending AVG when the time would be better spent doing a minimal amount of research and grabbing something else?
Don't worry if you're a kleptomaniac, you can always take something for it.
Here ya go
(But seriously, I agree with karot's above comment: sure, the problem itself is easily attributable to plain stupidity, but their (non-)handling of the fallout is the essence of slimy.
How about gasoline & bees! :-)
I don't know about the paid version, but I couldn't schedule scans when I had the free version. I only scanned when I remembered to do it manually, and that was always when I was using the computer, so I had to work through the associated resource consumption.
This space reserved for administrative use.
1. AVG crawls websites pretending to be users.
2. Get advertisements that pay per user view.
3. PROFIT!
Hi Twitter.
no your not a lawyer, but i'm pretty sure your not smart enough to be one either.
Perhaps not, but you show even less aptitude to enter the legal profession. He, at least, generally shows capitalization and punctuation skills far superior to those displayed in your screed.
Did you give Google permission?
Perhaps not, but he could easily deny permission to Google -- they're reputed to honor the robots.txt file, as well as various other "don't index" tags.
Good to see that Slashdot has abandoned the last pretense of objectivity.
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
Someone please explain the security problem. It's similar in malware of AVG, in that it drops you into a loop that prevents you from closing FireFox or even progressing elsewhere until the application is killed. Does anyone know why this happens or what the code in question has originated?
BE CAREFUL WITH THAT LINK. Nothing happens until you click the false embedded-video inside it.
..or it would have been if there was a way for all user's plug-ins to anonymously share data about the websites they each vet. Sharing that info (Anonymously) with Grisoft will give something back to the company that provides their private users with an excellent piece of software for _FREE_.
> This is flooding websites with meaningless traffic
[insert obligatory slashdot effect joke]
Agreed... People are throwing big fits about this behavior of their software, and perhaps yes, it could have been implemented in a more "bandwidth and site friendly manner". But anyone who has dealt with some of these trojans and spyware infections before knows, it's hard to care a lot about skewing someone's site statistic counter vs. making sure you don't accidentally visit some site that screws you up that badly again!
AVG has always had a pretty good, reliable and value-priced line of products ... and AVG 8 is no exception. Free for home/personal use, and cheap for anyone else (half the price of crap like Norton that doesn't work as well), plus they now incorporate spyware AND virus scanning in one product. Used to be you had to load 2 products for that.
I've been wondering what this user agent was. I manage a bunch of sites which dynamically generate pages with URLs like: http://example.com/?page=a/b/c
These pages have relative links to JS files like: src="scripts/common.js"
The stupid parser sees this and tries to scan http://example.com/?page=a/b/c/scripts/common.js which returns a friendly "This page doesn't exist - search for it, go to home page, etc." page. This friendly error page contains, you guessed it, a relative link to a script file. So AVG requests http://example.com/?page=a/b/c/scripts/scripts/common.js and so on until the URL length limit is reached.
This has caused massive traffic spikes on these sites. Hundreds of thousands of extra requests per day. I can't imagine the AVG users like it much either when their DSL connection gets maxed out.
I have always recommended AVG to my friends who can't or aren't smart enough to use something other than Windows. If AVG has all of a sudden become one of the bad guys, what free antivirus solution is out there?
sig.
AVG sux shit encrusted arseholes.
That's about all there is to it.
Avira for those who don't like Avast.
The free edition doesn't offer a boot time scan like Avast, but you don't have to fill out a form for a registration number like you do with Avast either. It gives you a single pop up ad once daily when it updates. I have found it to be more effective with newer virus's than Avast.
Google and every other search engine obeys robots.txt, so yes, I did give them permission.
Nah I think the UID is too old to be twitter.
It does cry out for a "-1, Mentally Disturbed" moderation though ...
"For instance I searched for "avg" on google and counted the number of "href=" appearances on the resulting page. It happened to be an even 100."
Because you have set a cookie to that effect - the default of google is to return 10 results (and possible news tieins)
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
Version 8 is a real monster which installs a ton of shit, which you can't really get rid of - even if you chose not to install it, it installs and runs services etc.
I used to like it - that is over.
Why is it ALWAYS that companies inflate theri programs to the point of unusability - Nero, Paintshop pro it goes on...
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
Does this mean Google, Yahoo, etc., PPC clicks are being counted twice?
Meh, I use Clamwin myself. Used to use AVG until it became bloated.
The numbers that matter here are not years. Stay away from Vegas, for your own sake.
Not twitter. Twitter changes the subject line in every reply, and would find some way to include either "M$" or something similar for IE.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Not only are they spamming the whole web, their code is buggy. For example, it does not pay attention to the directive. We use a load of rewrites on our website, and relative naming to js and css files. We started getting loads and loads of traffic to our site a few months ago. Looking at the logs, you could see requests like this:
http://www.domain.com/certain_rewritten_url/js/javascript.js
http://www.domain.com/certain_rewritten_url/js/js/javascript.js
http://www.domain.com/certain_rewritten_url/js/js/js/javascript.js
and so on. Because of our rewrite rules, our site was just ignoring everything after the "certain_rewritten_url", and serving up a real page. On this page was our js includes again, so the loop would continue. We thought it was some trojan bot, but we fixed it by using absolute URLs for js and css files and all is fine. I couldn't believe it when this AVG virus story hit the press that it was actually those bastards causing it! What they have done is simply unbelievable. If they want to do such a feature, they should setup their own spider and their own database of malicious websites. Then users can query their database if they want this feature. It's like Google saying "We're not going to spider the internet for everyone anymore, we'll give you our software and you call all spider your own copy and query that instead of us."
Want some cheese to go with that whine?
Kaspersky Anti-Virus, or Nod32. (I personally use KAV, and suggest that one to my clients.)
Congratulations, that was one of the dumbest posts on the internet.
on Slashdot, we're seeing them as, like, 6% of our page traffic now
Everyone knows "like" is an apositive phrase and must be surrounded by at LEAST 2 commas.
Duh.
Ok, I don't like this new "feature", either - but this is the first time in a long time that I've seen AVG being described as "slimy". Are you serious? Lots of folks consider them one of the best anti-virus vendors out there, not the least because they offer a basic AV solution for free.
Assorted stuff I do sometimes: Lemuria.org
Just link a big file on AVG site in the slashdot article. They'll surely understand that bandwidth is precious.
Moderation is overrated.
I installed v8 to dispell v7.5's incessant nagging, only to have it close firefox without asking me, install its little addon and finish the install. When I saw this in firefox I was enraged, when I saw what it was doing I was dumbfounded. Then when I googled and found out that you couldn't uninstall it without removing AVG completely I was back to enraged.
AVG came straight off. When an application starts deciding things for me, that's when I remove it. I hope many other AVG users have voted with their feet in the same way and stopped using it because of this.
I've just done the same search. Two sponsored links at the top; ten hits; two sponsored links to the right.
Then there's all the 'cached' links - similar pages - the ten "Gooooooooooooogle" links at the bottom; Web/images/maps/news/shopping at the top of the page; the definition for AVG; and all the links at the bottom.
After writing to file and grepping for href I've found 105 href tags, and for only ten search results. The sheer profligacy of web links is alarming, and only serves to illustrate how misapplied AVG's behaviour actually is.
(Anyone know what Google's take on this is? I bet they're also getting hammered by the sheer number of their links).
F_T
AVG has recently been made aware of the increased web traffic that the
new SearchShield component of our AVG 8 free product is causing in an
attempt to notify users about infected websites. We have activelylistened to the webmasters who have brought this to our attention, and
as a company we have reacted quickly to solve them. In working with
the webmaster community, AVG has responded immediately and on Tuesday,
July 9th, AVG will issue a product modification to address the spikes
that a few individuals have seen with their web traffic. We have
modified the SearchShield component of the product to only notify
users of malicious sites. SearchShield no longer longer scans each
search result online for new exploits, which was causing the spikes
that webmasters addressed with us. However, it is important to note
that AVG still offers full protection against potential exploits
through the Surf Shield component of our product, which checks everypage for malicious content as it is visited but before it is opened.
Weâ(TM)d like to thank our web community for bringing these challenges to
our attention, as building community trust and protecting all of our
users is critical to us.
AVGâ(TM)s primary concern is protecting our customers. In order to do
this, we have actively provided our customers with cutting edge
technology. There are 20,000 to 30,000 unique pieces of malware being
submitted to anti virus labs around the world each day, and the vast
majority of these will be delivered via web based exploit and social
engineering tricks from hacked and rogue websites. Nearly all thesepieces of malware are designed to steal financial and personal
information from victims, and in order to protect our customers, and
the world in general, we released technology in our free product that
is designed to discover and block these sites. As a result of this, we
included real-time, dynamic scanning in our free product that we
recently released to customers. Because of the unique nature of our
technology â" we scan web links before out customers open them to
ensure they are safe - we anticipated that we would see a spike in the
number of sites that were analyzed, however, we underestimated thepopularity of our product and the resulting number of verdicts that
came back to us. As a result, we did not anticipate seeing the volumes
we have seen in two months for another 24-36 months. Today we are
rendering over 1 billion verdicts per week that result in the
identification of 1 infected URL per 43 searches which equates to
rendering a red verdict to 1 in every nine 9 users. While this has
affected web traffic analysis and marketing analytics on a handful of
sites, we are dedicated to protecting our users with the best
technology on the market today while at the same time not being
disruptive.
Upgrading to FF3 will cause the extension to become disabled as its not compatible.
You can also go into the AVG directory and rename the Firefox folder. Unfortunately that has an addon effect that you cannot update AVG (due to it thinking its install is corrupt).
I really think that calling AVG slimy is off. They have provided a good AV solution for millions of people, they are attempting to protect the dumbest user, which this ploy will do.
For those thinking about another AntiVir is pretty solid.
BOO
# If you're a ZXTM user, you can use the following trafficscript. (You could do it in rulebuilder too).
$agent=http.getheader("User-Agent");
log.warn($agent);
if (string.contains($agent, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)") || string.contains($agent, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)") ||
string.contains($agent, "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)") ||
string.contains($agent, "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)") ) {
log.warn("Foo");
if (!http.getheader("Accept-Encoding")){
http.redirect("http://free.avg.com/");
}
}
If, theoretically, I have a robots.txt saying "disallow: /", then I would contend that I have stated clearly on my site that only human visitors are wanted.
Following is AVG's official response to LinkScanner concerns:
We'd like to thank our web community for bringing these challenges to our attention, as building community trust and protecting all of our users is critical to us. We have modified the Search-Shield component of LinkScanner to only notify users of malicious sites; this modified version will be rolled out on July 9th 2008. As of this date. Search-Shield will no longer scan each search result online for new exploits, which was causing the spikes that webmasters addressed with us. However, it is important to note that AVG still offers full protection against potential exploits through the Active Surf-Shield component of our product, which checks every page for malicious content as it is visited but before it is opened.
Since their scanner is easily detected by the website it visits, and therefore can be fed GOOD content by the bad site, it is totally ineffective in protecting the user from anything at all when the user actually clicks the link to visit the site.
no your not a lawyer, but i'm pretty sure your not smart enough to be one either.
you didn't give them permission to access your publicly available site?
really?
are you sure?
because you know, if you make something publicly available on the public internet, I'm pretty sure by definition, you've therefore given them permission to access it.
Just like everyone else "in the public".
Did you give Google permission?
how about every other search/index site?
as to the "extra bandwidth" since it is by definition, caused by your websites being found via search providers, maybe you should be sending the bill for linking to them and thus causing the "extra bandwidth" to Google/Yahoo/MS and see how far that gets you.
No, you're not an English teacher, and I'm pretty sure you're not smart enough to be one either.
I first noticed the problem while in a A+ training / job development program http://perscholas.org/ in NY). The instructor told us to install this and other basic sets of software on the Lab PCs that pertained to our course work. The lab PCs were COMPAQ PCs circa 1999 - 2004. After installing AVG on Windows 2000 or Windows XP, take a look at the VM usage of AVG in Task manager ( click PROCESSES tab then click VIEW menu, select Columns... Virtual Memory size). On the older PCs after a few minutes (Pentium III or older) the VM will grow 40, 60, 80, 120MB!!! This behaviour also appears on Pentium 4 PCs with Vista. Half of my classmates were noobs and couldn't explain why their PCs were so slow. I stopped using AVG since then.
I seem to remember unchecking this "feature" on a computer I fixed up / updated recently, but it just hit me that the green checkboxes weren't some "fabulous new google feature" but was indeed AVG link checking...
Maybe I did, maybe I didn't. I know it's not compatible with Firefox 3, but that particular computer didn't have 3 yet.
Looks like I have an extension to go uninstall from a few computers :/.
Maybe you could make the argument that they shouldn't be spoofing user agents, or follow robots.txt (Through which you might be revoking permission!)
I like http://www.avast.com/ quite a bit.
I'll second this endorsement. I wanted out of the AVG v8 Linkscanner business even before the public outcry - on my Mother's somewhat underpowered desktop (she didn't know it was underpowered, but thought I had set her up with a new spanky machine - thanks AVG) it slowed the user browsing experience significantly, as well as kicking the shit out of her DSL-lite connection, which is already somewhat strained when streaming video and similar activities.
So I installed Avast on one of my desktops, and it works pretty well, once you turn off the sound effects which give you such treats as a really macho voice telling you a new update has been installed. The only issue for me was that the free version - as far as I've found - doesn't support scheduling drive scans, but rather supports a scan on boot. You need the Pro version for the anytime scheduling capability.
You can work around this by using the Avast Quickscanner and the Windows Scheduler. There's a good Howto on this on Avast forums at http://forum.avast.com/index.php?board=2;action=display;threadid=3796.
[17] Leary, T., White, C., Wood, P. R., Bhabha, W. D., and Wirth, N. Lambda calculus considered harmful. In Proceedings
no your not a lawyer, but i'm pretty sure your not smart enough to be one either.
Eliza is smarter than you are:
"What about 'my not a lawyer, but you're pretty sure my not smart enough to be one either' did you mean?"
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
Hmm, looks like I was correct about you lying.
NO YOU STUPID FUCKING WHORE MY POINT WAS THAT "AVG" IS NOT THE SAME AS "CUSTOMERS OF AVG". I find it humorous tat you call me stupid because YOU didn't understand what YOU were reading.