Slashdot Mirror
AVG Fakes User Agent, Floods the Internet
Slimy anti-virus provider AVG is spamming the internet with deceptive traffic pretending to be Internet Explorer. Essentially, users of the software automatically pre-crawl search results, which is bad, but they do so with an intentionally generic user agent. This is flooding websites with meaningless traffic (on Slashdot, we're seeing them as like 6% of our page traffic now). Best of all, they change their UA to avoid being filtered by websites who are seeing massive increases in bandwidth from worthless robots.
A couple months ago, a random article on my company's site got around 20 times the number of hits that the top story of the day should be getting. I checked the logs, and saw legit-looking IE user agents, but they didnt look normal. None of them had any cookies, and none of them were downloading the CSS or image files that they should have been. The IP addresses were from all around the world. WTF?
I found out that Google was doing one of its things where it changes the google logo for some special occasion, and it links to a search. That article was on the first page of the results.
I did a search for the exact user agent and discovered it was AVG. When you go to a Google search, AVG downloads each result looking for malware. Hooray for falsified user agents.
Though, I suspect the reason they use a legit-looking IE user agent is because malware sites could sniff the AVG user agent and serve up an innocent page for them, and malware for everyone else.
So if AVG has turned to the dark side, what free/cheap non-bloatware options are out there worth trusting? I know of a few but it's a little hard to know who to trust.
Seems like every anti-malware software maker these days bloats their software into a 50+MB beast of a package that accomplishes little more than to slow your computer down. I have more trouble with their software than I do with actual mal-ware.
Try this on Apache servers:
#Here we assume certain MSIE 6.0 agents are from linkscanner
#redirect these requests back to avg in the hope they'll see their silliness
Rewritecond %{HTTP_USER_AGENT} ".*MSIE 6.0; Windows NT 5.1; SV1.$" [OR]
Rewritecond %{HTTP_USER_AGENT} ".*MSIE 6.0; Windows NT 5.1;1813.$"
RewriteCond %{HTTP_REFERER} ^$
RewriteCond %{HTTP:Accept-Encoding} ^$
RewriteRule ^.* http://www.avg.com/?LinkScannerSucks [R=307,L]
Brought to you by These guys.
When the AVG Free forced upgrade came out, I went in search of another antivirus software product and picked Avira too, but it also seems to enjoy popping up useless dialog boxes, more so than even AVG ever did.
Is there a good AV software package that is free and up to date and doesn't suck ass?
Except that it's not good.
That is, of course, unless you consider it deleting legitimate programs for being "Generic Trojans" a good thing.
Yes, the intentions were good, but flooding webservers with traffic was probably the wrong way to implement this. Personally, I noticed that this particular feature was slowing my browser down significantly - I ended up disabling the plugin in Firefox to fix the issue. This should be optional IMO, not installed by default.
Yeah, and embedded virus scanning is all that is currently good for. It does not have an On-Access scanner, making it almost useless in a desktop environment.
here's my proposed compromise:
1. scan the users search results
2. upload data to avg database
3. next user that has those urls in a search result first check with the avg database to see if those sites have been scanned in say the last hour.
4. only scan urls that haven't been checked recently
of course, then the AVG server would take the brunt of the increased bandwidth, but hey that only seems fair.
OTOH, why people continue to struggle with keeping a windows box running when they could just wipe and install a nice Linux desktop....I'm so happy my Ubuntu desktop doesn't expose me to these kinds of issues.
"The Most Fun Possible on 4 wheels" is at SunBuggy in Las Vegas
Ok, sure I understand all of the issues at hand here. It is obviously flooding the internet with fake results which must be stopped. So maybe it shouldn't be a default option. But I have to say, that for searching for skeevy websites on Google (not that any of us would be searching for cracks, hacks, warez, or skeevy porn) it sure is useful to know which websites will try to hi-jack my computer before I click the links to them.
It's the same in IE6 if you have SP2 installed
http://www.spywareinfoforum.com/lofiversion/index.php/t91168.html
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
When it comes to search engines, there's at least a method available to opt out. It may not be as good as opt-in in many ways, but robots.txt is pretty well respected by most reputable firms.
It's useless on a workstation? Only if you're a nincompoop and don't scan suspicious files manually, before you go to run them. I.E. the way things used to work before computers were generally fast enough to make on-access virus scanning bearable. It's a good alternative, if you don't sit on your brain--which, of course makes it unusable to most people, (if that's what you meant)
Constitutional rights may be respected, repealed, or modified; but they must never be ignored.
The question is, how much of that 37.64% is actually AVG in disguise...
Ok, I should clarify. I've been running 7.5 free version for a few months now. In the last 30 days before June 25th, I would get daily popups saying "7.5 is being discontinued, upgrade to 8.0 (pay version) to stay protected. If this isn't slimey, I don't know what is.
To be honest, I'll probably just uninstall AVG completely and never touch another one of their products again. I only use Windows to play games so there's really not much risk to me of getting a virus.
"When the president does it, that means it's not illegal." - Richard M. Nixon
It's not really the load -- it's throwing off our internal metrics so we don't know what readers are actually interested in. We like numbers, and messing with our stats annoys us.
Eh, 6% doesn't sound too bad, and from what I understand the AVG bot hits will be coming from people doing searches; therefore now you're getting a good metric of what people are searching for on google, might help you get new users.
It's more than decent of them to provide a free version.
Do you realize how many people have no ability to order any expensive worthless AV software from Mcafee or Symantec? Like nobody has a credit card?
AVG 7.5 worked great for a free program for lots of these people. They have nowhere else to go.
AVG7 was fairly lightweight and caused me no problems, unlike the PCTOOLS antivirus one guy kept installing at his office. It caused so many problems he had to uninstall it, but when uninstalled took the XP LSP (layered service providers) stack with it. After that he would have to call me.
It took me 4+ hours to find that problem. There was a free thing called LSPFIX that took care of it if anyone has a computer that seems to be perfectly working but won't talk on the network.
As to the new AVG8, I have been re-installing it with those command line switches to get rid of the link scanner. Link scanners are always a bad idea, it makes no sense to preload links from someone's yahoo page with hundreds of links they will never click on, what does anyone care if malware is behind them?
AVG came up with a silly idea with that whole link scanner idea. Hopefully they are fixing the problem by turning that thing off right now.
.
NOD32 is pretty good about not being intrusive/using up resources. Whenever I fix(wipe/reinstall) someone's horribly infected PC I try to get them to buy it, it will save you the "it keeps popping up saying XYZ" calls.
but like you say if you are careful you really don't need on-access. In 12 years or so of owning a computer that had net access I have only had one virus. Got it from the warez version of one of the Mortal Kombat games (oddly enough...warez, downloaded from the right places, is almost always clean). An update to Starcraft came out and was nice enough to tell me that it couldn't patch the exe because it was the wrong size. Now that's virus protection!
How long before someone gets fired or arrested, and tries to explain that it was their anti-virus software that was viewing the child pr0n?
I got MS Virtual PC installed on PowerPC G5 Quad running (unfortunately, forced) XP SP3.
As you probably know even such a emulator/virtual machine can get infected by a worm/virus and can also actually run it. So, I thought about 4-5 years back and installed AVG Free edition after trying various stuff. It was the previous, simple version which did a damn well job for obvious junk and it was almost transparent to that P3 500 equivalent virtual machine.
It shows me warning that I should update to version 8, after watching that it takes 35 mins just to install, I travelled further back in time in my memories. You know the difference between AVG 7 and AVG 8? Same as the difference between legendary Netscape 3 Gold and Netscape 4 communicator.
RIP to another excellent software/formula wasted by incompetent developers and a company trying to become which they can never be, Symantec. Symantec can save themselves and survive thanks to millions of dollars in advertising, straightly bought out technical correspondents, reviewers but AVG will be a thing of past. I am actually surprised nobody started a "Save AVG 7 petition" yet.
The code they wasted actually saddens me even while I mainly use OS X. Avast guys should be careful, they are in same path too.
Another suggestion I read somewhere else is to redirect all traffic to the AVG website
Instead of punishing the site, you could punish the users of this crappy code. Make an invisible href somewhere in you page, that triggers a script that does a temporary IP-ban. Since AVG will follow any href, when the user tries to access the site, he gets the message:
Sorry AVG user, your antivirus is abusive and wastes our resources. Disable AVG and come back.
If a few important sites do this AVG's user-base will drop in a week to about 100 people.
I had a similar experience at my previous employer. This was a global fortune 500 company, and I was on the local site's IT team. I was sent an email from the global IT team saying that Firefox had been detected on my machine, this was unauthorized software and I needed to uninstall it. Being a developer, I was generally allowed to install whatever tools I needed to get my job done, and therefore had administrator priveliges. However, the Global IT deparment didn't know me from Suzie in purchasing.
I simply went to my manager, who was an open-source/Linux nut. He emailed the Global IT people and told them it was "required for my job" (which it wasn't).
That doesn't work for me. I'm moving away from AVG just because it's suddenly more work than it is worth. AVG 8 is what did it for me, everything before was fine with me. The link scanning was irritating, turning it off triggers a non-removeable notice that I don't need to see. I don't remember being asked if I wanted the search bar in Firefox, and I install using the "advanced" mode.
The biggest thing is that a virus scan noticeably lugs down my computer, which is an accomplishment because I've never had that with any other program.
For the Windows boxes I use at home, I have the A/V software set to scan only on write or modify, and exclude certain files that get written to a lot but are very unlikely to carry an infection (e.g., log files). Using this setup, files are generally only scanned a few times (depending on how the download and install system uses temporary space), but the system is still just as protected.
Well, some paranoids would argue that by doing so, you're still vulnerable to any threat between the last write to a file and the latest signature file update. An on-open scan which compares the date of the last "on-write-scan" with the date of the signature update would plug the hole.
another interesting approach is AvFS which tries to integrate virus scanning inside a file system layer and to scan the data on the fly as it is loaded (thus not blocking the execution for a long time while a huge file is accessed but scanning data as it is streamed from the underlying file system - should fix all the "drawing an installer's icon freezes the desktop" situations).
This wouldn't work if you don't really have control over the system, and someone evil came in and turned off the A/V and then loaded a virus. Just in case, though, I have scheduled full drive scans run weekly during low use hours.
Well, a physical access is a guaranteed way to compromise a system anyway. Though I don't know if you can trust the scanner once the system is compromised : several viruses are well known for hiding themselves from scan (and some do even intercept updater's access to the web and prevent downloading a signature definition of that virus - the antivirus always report a clean system but that's only because its signature file is corrupted). I think scanning from a bootable media (CD-R, usb key) would probably be more reliable.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Version 8.0 has killed AVG for me. It's slower, does more popups, kills legitimate programs (eg. VNC), and now this...
I'm a paid up AVG user but I'm looking elsewhere.
No sig today...
I'm sure the users will just go elsewhere for their porn. The thing I don't understand is this: I've used free anti-virus in the past, and if one became bloatware or less updated after a while, I'd simply switch to another free program. Why are people defending AVG when the time would be better spent doing a minimal amount of research and grabbing something else?
Don't worry if you're a kleptomaniac, you can always take something for it.
Once again: Why stop at dealing with AVG? Get rid of the whole mess. Every time I move some one from Windows to Linux the "what shall I do about spyware/adware/printer/windowsupdate" questions just go away. I used to recommend AVG about 4 years ago. Since then, I just recommend an OS without a need for antivirus software.
well, with the dancing pigs problem, universal java exploits (i mean JRE exploits not javascript here) it could be you're telling people to move to a platform where sophisticated anti-malware doesn't exist, with the fallacy that 'it's linux, it's not targeted by hackers'
of course, pure linux exploits don't exist, but an exploit of a p2p application written in java or python, oh heck, even a bad site, that runs a java exploit as part of say 'free movie downloads' it's possible to write once, run anywhere code that can equally infect mac and linux desktops that thanks to the dancing pigs problem relies on closed source, 'feature' software that doesn't come 'default' with linux, but which they're going to install the first time a website doesn't work without it.
all the most popular bittorent software all comes in a 'universal' language, either java or python... and they're all in the 'multiverse' repositories... making them easy for linux users to install...
sure, in a write once, run anywhere situation, you can't do as much to a linux machine, as to a windows machine, but the basic stuff, but depending on what the hacker hopes to do, it could be super simple.
linux isn't kryptonite to good hacker.https://www.gnu.org/philosophy/free-sw.html
Actually, I have abandoned Norton & McAfee products, but I've forgotten about them.
I don't recall them lugging my computer as much as AVG 8 either, because I would notice a lag between keypresses and when they actually show up on the screen, and a virus scan would take about several hours scanning an 18GB 15kRPM hard drive. I don't think Norton or McAfee virus scanners that I used were as bad, though maybe more recent versions were.
I zapped the link scanner on my laptop & PC, but to my surprise when I went to disable the same thing on my wife's computer she stopped me. She was more than happy to have the web a little bit slower if it meant her google results were tested & filtered for her.
I too am not happy with AVG 8. I don't like the fact it displays a critical error if I disable scanning of outbound email, I don't like the link scanner and I certainly don't like the speed or the UI. The only reason I upgraded was because v7 kept popping up ads for v8, which pissed me off even more.
Hal Spacejock: Science Fiction with Nuts
Your company is insane.
Or just stupid.
Nobody who knows anything about IE and is mostly sane would ever make IE standard. Have the option, sure, but you should STRONGLY recommend people not use it.
You'd be amazed at the number of "enterprise" "web interface" applications that...turn out to only work on IE, and with any luck only on a specific version.
Let's see, right now I'm looking at CC&B and Blue Pumpkin, both of which simply will not render on anything but IE, not even with fake user clients.
Posting this using Firefox though ;-)
People replying to my sig annoy me. That's why I change it all the time.
Ahh. but you see, I was talking about internally written apps, not enterprise apps.
I've written some very simple web apps myself, and I understand the technologies and code. It takes some very careful stupid planning to make it only work on IE. You have to do something like choose IE specific javascript or ActiveX (one of the worst ideas in the history of computers, IMHO).
There's almost nothing that you can do with IE jscript and activex that you can't do with regular javascript. (Granted there may be some functions that you'll need to write yourself or find a pre-written library for)
Just lazy programming.