Slashdot Mirror
AVG Fakes User Agent, Floods the Internet
Slimy anti-virus provider AVG is spamming the internet with deceptive traffic pretending to be Internet Explorer. Essentially, users of the software automatically pre-crawl search results, which is bad, but they do so with an intentionally generic user agent. This is flooding websites with meaningless traffic (on Slashdot, we're seeing them as like 6% of our page traffic now). Best of all, they change their UA to avoid being filtered by websites who are seeing massive increases in bandwidth from worthless robots.
For anyone that happens to run a site behind an F5 BigIP, here's a nice little IRule to nuke this horrible crap from orbit.
rule IRULE_block_avg-prefetch { ::avg_useragents [list \
when HTTP_REQUEST {
set
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" \
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)" \
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" \
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)" \
]
if { ![HTTP::header exists "Accept-Encoding"] } {
if { [matchclass [HTTP::header User-Agent] equals $::avg_useragents] } {
reject
}
}
}
- U
Avira.
Posts not to be taken literally. Almost everything is sarcasm.
Why don't you tell us how you really feel about AVG?
What doesn't kill you only delays the inevitable
A couple months ago, a random article on my company's site got around 20 times the number of hits that the top story of the day should be getting. I checked the logs, and saw legit-looking IE user agents, but they didnt look normal. None of them had any cookies, and none of them were downloading the CSS or image files that they should have been. The IP addresses were from all around the world. WTF?
I found out that Google was doing one of its things where it changes the google logo for some special occasion, and it links to a search. That article was on the first page of the results.
I did a search for the exact user agent and discovered it was AVG. When you go to a Google search, AVG downloads each result looking for malware. Hooray for falsified user agents.
Though, I suspect the reason they use a legit-looking IE user agent is because malware sites could sniff the AVG user agent and serve up an innocent page for them, and malware for everyone else.
This is sleazy, too bad they have a good free antivirus.
I'm not anti-social, I'm anti-idiot.
I use AVG on a couple machines. I didn't really think about the traffic tracking piece of this when I saw it working, I just thought about it slowing me down, increasing bandwidth use, etc. and I turned it off.
I know most people don't mess with defaults - and I'm not defending them as far as the agent thing and all that - but it was easy to do.
On the negative side my avg icon in the systray has a big exclamation over it like something is really wrong - when I know it's just because I turned off a piece of functionality I don't want to use.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
Hooray look at all the hits I'm getting.
I bet AVG would score higher on ACID than IE...
if you want the definition of Slimey see Symantec/Mcafee/MicrosoftOneCare
while this doesnt excuse their behaviour, trying to protect people (a lot of them for free) is not Slimey but insulting them on the front page of Slashdot is
pathetic> on Slashdot, we're seeing them as like 6% of our page traffic now
Come on Taco... proper English (or at least something seemingly like it) isn't that hard... is 6% exactly, around 6% or really just 'like 6%'
I honestly like, do not recall like the last time I like, saw someone use 'like' in that long standing improper way in like text, it's always like, been for me, like only something a person like, verbalizes.
Help Brendan pay off his student loans
This is not AVG doing this, it is the AVG IE toolbar. And since this is running in the IE context it is debatable if it should not use the IE user agent.
If you use Firefox or disable the toolbar it is a non issue. The issue to me is I can't figure out how to install AVG without this toolbar, or how to remove it.
So if AVG has turned to the dark side, what free/cheap non-bloatware options are out there worth trusting? I know of a few but it's a little hard to know who to trust.
Seems like every anti-malware software maker these days bloats their software into a 50+MB beast of a package that accomplishes little more than to slow your computer down. I have more trouble with their software than I do with actual mal-ware.
Try this on Apache servers:
#Here we assume certain MSIE 6.0 agents are from linkscanner
#redirect these requests back to avg in the hope they'll see their silliness
Rewritecond %{HTTP_USER_AGENT} ".*MSIE 6.0; Windows NT 5.1; SV1.$" [OR]
Rewritecond %{HTTP_USER_AGENT} ".*MSIE 6.0; Windows NT 5.1;1813.$"
RewriteCond %{HTTP_REFERER} ^$
RewriteCond %{HTTP:Accept-Encoding} ^$
RewriteRule ^.* http://www.avg.com/?LinkScannerSucks [R=307,L]
Brought to you by These guys.
AVG has become more obnoxious recently than it used to be anyway, but I think this is the straw that broke the camels back for me. Can some nice slashdot user suggest a new (free) antivirus for me to use on my windows box?
"If you want a vision of the future, Winston, imagine a boot stamping on a human face forever." - George Orwell, 1984
....used to fake user agents all the time. As a man I thought I was always properly connecting to her internet portal. guess not.
AVG was once a good product. Then, it got bloated and started eating up kernel memory voraciously. It was impossible to play games with it running in the background, especially Crysis (skip the jokes, my system could handle it maxed once I replaced AVG with Avast!). Now, with this development, I'll be sure to replace AVG with Avast! on all of my machines, not just my gaming one.
Colin Dean Go a year without DRM
Smiley anti-virus provider? The integrity of Slashdot submissions just keeps going up and up! Nice example Taco.
Must be a slow news day...This story's been around for nearly 2 weeks. AVG will probably keep changing the useragent with every few updates to annoy Admins and stats sites...
Laters Sol "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
With all the readers of Slashdot, I think it would be safe to bet we will see a DDOS of AVG servers.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
People will stop using it once they realize it hogs their bandwidth.
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
Is many years I've never heard AVG referred to as "Slimey" I don't think the toolbar is a good idea either but... slimey? AVG is awesome.
You need explicit permission to access a public website now? Shit! I'd better get offline and write an apology to CmdrTaco - I've been using /. without permission for the best part of a decade!
Time to post a specific statement on all websites stating that AVG does NOT have consent to access or "visit" these websites.
That's a bit like putting up a 'No Trespassing' sign inside your cellar, and expecting it to prevent people coming over your fence.
Real Daleks don't climb stairs - they level the building.
(on Slashdot, we're seeing them as like 6% of our page traffic now).
Not so fun when it happens to you, eh?
LinkScanner, the component they're talking about, works in Firefox as well - so no, using Firefox does not 'keep you safe'.
Nor is this about the users of the thing in the first place - either they like its functionality (security theatre-advance warning blabla) and leave it on, or they don't and they switch it off.
This is about the poor, poor admins who are suddenly seeing bogus traffic and omgosh it's spoofing user agents at that! .. repeatedly*
*changes his user agent to 'cry more, Taco' in FF and hits F5
no your not a lawyer, but i'm pretty sure your not smart enough to be one either.
you didn't give them permission to access your publicly available site?
really?
are you sure?
because you know, if you make something publicly available on the public internet, I'm pretty sure by definition, you've therefore given them permission to access it.
Just like everyone else "in the public".
Did you give Google permission?
how about every other search/index site?
as to the "extra bandwidth" since it is by definition, caused by your websites being found via search providers, maybe you should be sending the bill for linking to them and thus causing the "extra bandwidth" to Google/Yahoo/MS and see how far that gets you.
This is easily the worst feature of the new AVG Version 8. Not only does it flood the net with bogus traffic, but the load on the user's PC can grind things to a halt. I deactivated that feature, and now AVG constantly alerts me that I'm in danger because not all aspects of AVG are functioning... The Horror!
Stop by my site where I write about ERP systems & more
You can actually install AVG 8 without the 'Safe Search' feature that crawls websites (it's essentially a BHO/Firefox extension). Even if you already have AVG 8, you can uninstall it and reinstall:
At a Command Prompt window, type /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch
c:\downloads\avg_free_stf_xxxxxxxxxx.exe
where c:\downloads\avg_free_stf_xxxxxxxxxx.exe is the full path of your AVG 8 installer.
Go somewhere random
Has anyone else noticed that AVG 8 is also DOG SLOW on their PC? My computer is from 2001 and ran fine with 7.5, but 8.0 is unusably slow. Every time an application is opened it takes forever for AVG to scan it and let the app open. This combined with this linkscanner bullcrap has caused me to switch. I doubt I'll ever go back.
hate replying to myself, but didn't notice this before - it works in FF2, not in FF3.
Disabling it FF-side: Tools > Add-ons > AVG Safe Search > Disable /nokarma-anon
They're trying to do an honest service to their anti-virus users, and if they could truly masquerade as real users it might work.
So far however, it's trivial for the bad guys to work around their efforts.
If they could make it work right, it might make sense for some sort of pseudo-protocol addition where each AVG client notifies a site AFTER a series of visits that X number of visits that day were of the fake variety.
As I do agree with both of the responses the interesting part is that is how the law is written.
It works just like the IT policies at work. You are not allowed to use work IT for personal.. Everyone uses it from time to time for personal. They only pull out the policy when the want to fire someone and do not have just cause.
Even I think its a stupidly written law, but it is one. And yes as stated in the law you do need permission to access any computer or network. So when you use the internet and the FBI shows up yes they can use this law against you.
interesting isn't it??
love the taste, hate the texture
Will someone tell me why AVG is "slimy", and what I should use instead of it that is also free?
Well, I submitted this 3 days ago but I guess CmdrTaco wanted to write an original post. One of the suggestions I had: if you have AVG 8 installed on your machine, why don't you search this a few times, so AVG can taste their own medicine:
Three o'clock is always too late or too early for anything you want to do. - Jean-Paul Sartre
The Mozilla part at the beginning is the standard IE user agent. IE has been falsifying their UA as Mozilla since the beginning, originally because Netscape was the top dog, and Microsoft wanted to make sure that it worked with sites that sniffed the UA only worked with Netscape.
Seems that for a company that makes its living from the net deciding to piss off web masters, website and (in the end) users is one slightly strange business tactic. In this field people have long memories and this stink will hand around.
What if all the websites decided to post up a warning like "Hello Visitor, we detect that you are using AVG - were you aware that this program is known to cause problems like this, and this and that you can find freeware with almost all the same functionality here, here and here".
Of course AVG could simply attempt to block that kind of traffic, but they are treading on thin ice here. If the net community as a whole decided it would be better off without such crummy tactics I'd bet there are numerous ways they could hurt AVG for this.
I'm a longtime user of AVG. Version 7 was reasonably lightweight, effective and (most importantly to me) unobtrusive.
Unfortunately, version 8 is a different story. After Grisoft forced me to upgrade in May, suddenly AVG became a nagging resource hog. Nightly scan times rocketed from about an hour to over six hours - a scheduled scan that started at 2am would still be going at 8:30am. I have been able to reduce this time somewhat by changing the scan settings (e.g., don't scan inside compressed archives), but it's still slow.
Most annoyingly, their new "LinkScanner" and "SafeSurf" features slowed my browser to a crawl. I didn't want these, since I already use FireFox with the AdBlock and NoScript extensions. I tried to simply disable LinkScanner, but then AVG constantly bothered me with nagging warnings that my computer "was not fully protected". After a little digging, I found that it was possible to uninstall the feature entirely with the following command:
avg_free_stf_xxxx.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch
(Substitute "avg_free_stf_xxxx.exe" in the above command with the name of your setup file.)
This improved my browser performance, and eliminated the warnings.
I'm still (grudgingly) using AVG, but I will switch if/when I find a better alternative.
And never had any virus, privacy, stability issues...
Not a single issue in 4 years...
Hopefully, they will stop whatever shait they are doing now so I can keep them in high regard.
Stop with the amateur dramatics already, you big girl's blouse.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
When probing for sites that serve malware, wouldn't you have to make the probe look identical to a legitimate user?
Otherwise the malicious site could just serve innocuous content to the probe and malware to everyone else.
My Karma: ran over your Dogma
StrawberryFrog
How exactly do the websites getting slammed with this bullshit traffic "not even install this part of the program" and "if you don't like it don't use it"?
Did you miss this part: (on Slashdot, we're seeing them as like 6% of our page traffic now)
So how does Slashdot "just not use" the AVG product and recover that 6% of their page traffic again?
The complaint is that they are "spamming the internet with deceptive traffic". That's a server/hosting complaint, not a user complaint about some user who can't figure out how to disable that feature.
Kudos on getting a "4 Insightful" for a ridiculously inapplicable and nonsensical response though!
avast! antivirus Home Edition is FREE to use but it is necessary to register before the end of the initial 60 day trial period. To register, click here. Following registration you will receive by E-mail a license key valid for a period of 1 year. After you have downloaded and installed the program, the license key must be inserted into it within 60 days. The registration process is very easy, and it will take you only a couple of minutes.
Also Avira has been getting more and more annoying over the years, it's practically adware now.
So now it looks like it's either AVG with the browser plugins removed or MoonAV (which is FOSS):
http://www.moonsecure.com/
(It used to have a problem where you'd need to remove the Windows service manually after uninstalling, they might have fixed it though.)
"When information is power, privacy is freedom" - Jah-Wren Ryel
Shouldn't it be avg_free_stfu_xxxx.exe ??
I love AVG for the free scanner it provides but ...
Safesearch: It doesn't work.
Somehow I ended up on one of those "Your computer is infected..." sites
while trying to dl their crap. So for fun I went back to the referrer page
(google) and sure enough, it was marked as safe.
here's my proposed compromise:
1. scan the users search results
2. upload data to avg database
3. next user that has those urls in a search result first check with the avg database to see if those sites have been scanned in say the last hour.
4. only scan urls that haven't been checked recently
of course, then the AVG server would take the brunt of the increased bandwidth, but hey that only seems fair.
OTOH, why people continue to struggle with keeping a windows box running when they could just wipe and install a nice Linux desktop....I'm so happy my Ubuntu desktop doesn't expose me to these kinds of issues.
"The Most Fun Possible on 4 wheels" is at SunBuggy in Las Vegas
I've used it before, it's pretty good.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Hah! Checking my addons in FF3, and on AVG Safe Search 8 it says "Not compatible with Firefox 3.0". Awesome :-)
And with AVG, I'm becoming a little less paranoid with websites
That is, you're reducing your security because you believe AVG is providing you valid information about the reliability of websites.
I installed AVG on my mother-in-law's machine because she had an expired trial version of some other AV software. It was great for a while, but they must've had a change in direction/managment. Because all of a sudden they started with popups to get a full paid version of the software - even uninstalling the product didn't fix it. I had to surgically extract crap from the registry and program files folder to finally get rid of it. Avast or ClamWin for me - no more AVG.
90% of everything is crap. Also, crap is relative.
Ok, sure I understand all of the issues at hand here. It is obviously flooding the internet with fake results which must be stopped. So maybe it shouldn't be a default option. But I have to say, that for searching for skeevy websites on Google (not that any of us would be searching for cracks, hacks, warez, or skeevy porn) it sure is useful to know which websites will try to hi-jack my computer before I click the links to them.
I think I missed the memo - why is AVG a "Slimy anti-virus provider"? That portion of the summary BEGS for supporting links...
Be careful of your thoughts; they could become words at any minute...
I've been a happy AVG Free user on my Windows machines at home for a few years. I noticed the same problems as others have noted when the 8.0 upgrade was enforced, but I have mostly gotten used to it.
/. community (Linux is not what I'm looking for, as my wife sees no reason to relearn how to use her computer, and I still want to play COD4).
What I'd like to know is if there's a comperable free antivirus that doesn't piss off the
Take off every 'sig' for great justice.
I don't use that linkscanner crap. I use AVG cause its free, but I don't use the email scanner or the linkscanner...which is probaby what's causing this. If you do a custom install you can uncheck that linkscanner crap.
AVG's botnet is currently 20 million strong and growing. If AVG can do this type of DDoS against websites, what is to stop any other malicious entity from doing the same?
"which is easily correctable with a change in the default install"
When you figure out how to get all of the people installing AVG to make this simple change to their default install, let us know. We can use the same technique to get all the IE6 users to upgrade to a secure browser.
Until then, we're stuck cleaning up the mess created by this irresponsible and not very well thought out feature.
And if that causes problems for webmasters, Thompson says, so be it. "I don't want to sound flip about this, but if you want to make omelets, you have to break some eggs."
Sounds like a "fuck off" to me.
I guess slimy is in the eye of the beholder, but the attitude reminds me of Claria.
Never attribute to malice that which can be adequately explained by stupidity.
I never spellcheck and I freely admit it. Save your karma for more worthwhile "lol erorrs" replies
Yes, we would do well to recall Hanlon's razor
"Never attribute to malice that which can be adequately explained by stupidity."
my insights may be modded Funny, but at least some of my jokes are modded Insightful
These guys rock! Free life-time license, etc... Small footprint and easy to use. http://www.comodo.com/
Safari does it too :)
Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_2; en-us) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.18
notice the "like Gecko", probably to impersonate Firefox
When it comes to search engines, there's at least a method available to opt out. It may not be as good as opt-in in many ways, but robots.txt is pretty well respected by most reputable firms.
For what AVG is trying to do, wouldn't inserting a proxy between the internet and the user make more sense?
AV programs already seem to believe themselves free to shove whatever weird stuff deep into the system they deem best, so that wouldn't be new, and it would lighten the load considerably for both user connections and website admins. Rather than inspecting every link on every page the viewer visits, the AV app could just pass HTTP traffic through a local proxy, thus getting a first look at everything, without modifying the behavior or bandwidth demands of the client in the slightest.
I freely confess fairly limited understanding of this area, so I could well be wrong; but surely there is a more efficient way to do what AVG is trying to do(never mind whether or not what they are doing is OK)?
Very good site: http://www.tweakguides.com/ I've been using a few of his guides for a reference now for a couple years.
You must be hallucinating. Yes, that is the complaint, and no, you're the one being disingenuous.
Caveat Utilitor
I wonder if this AVG behaviour of doing prefetch on linked sites is driving up advertising clicks at all?
Could AVG be unintentionally committing massive click fraud?
I have to ask though, aren't there professionals who administrate these websites? Why aren't they dealing with this problem, as it is their job?
How? This is something entirely outside the webmasters control. Take /. (as we have some actual figures from above to play with). A 6% increase in traffic means a 6% increase in costs*, and for no gain to the site ( a loss in fact, as viewing metrics are now screwed up as well ).
I've seen two suggestions:
1. vigilantism - embed a miniture iframe with a google search for 100 pages from their site in your site's footer and hurt them back ( they have to pay someone else ). I find this is a rather distasteful approach, ethically.
2.create some form of RBL list of user ip's that are using AVG and bounce them to a page with instructions on why and how to disable it. Which is just silly, really.
*Yes, I realise that assumes a linear cost/bandwitch pricing structure which is relatively inaccurate, but fundamentally more bandwidth will cost more money.
"Success is based on knowing how far to go in going too far"
AVG lets you turn off the Link Scanner. It's under Tools>Advanced Settings>Link Scanner. I just turned it off and browsing is definitely faster, especially when I hit the back button. This is especially noticeable with Flickr. They obviously didn't consider the consequences. It's a nice idea, being able to scan links and see if they are safe, but it has its serious downside. I trust that AVG will either turn the link scanner off by default or completely disable it very soon.
If not, then rig your pages to include an IMG tag with a randomly generated file name prefaced by a constant prefix. The random portion should thwart browser caching, and the constant prefix should allow you easily grep through a log file to count the number of times these were loaded. Configure your server to rewrite all requests for images with that prefix to a 1-pixel transparent image so that "real" clients don't see a "broken image" icon.
I'll admit this isn't my area of expertise. Is there something I'm missing?
used to be a good tool, but you can't even surf with a 500 MHz box with that evil bitslapper installed.
if this is supposed to be a new economy, how come they still want my old fashioned money?
We'd considered doing something like this for ad links. We offer the AdRater plug-in, which checks the legitimacy of advertised sites and puts a rating icon atop each ad. For some ad URLs, we can decode the URL and see what site is being advertised, so we don't have to follow the link. But there are cases where that's not enough. Sometimes the advertised site is just a redirector, and we'd like to follow the redirection chain and rate the ultimate target. Sometimes, the ad links are obfusicated. (Google doesn't do that; DoubleClick does.) For those cases, we'd have to pre-read the ad site from the plug-in in the user's browser, but not render the ad into a window.
If we do that, every advertiser sees a false click-through for every ad displayed. The AdWords advertiser community would not be happy.
This is the same problem AVG hit.
They need to send the "is this a bad web page" request to their OWN server that has daily or hourly cached results instead of checking over and over. Sure there would be a delay, but it would be mainly using THEIR and their CUSTOMERS bandwidth and not chewing up my sites bandwidth.
How about the websites that exist for the common good rather than profit? You're wasting their bandwidth fopr your own benefit. Kinda antisocial don't you think?
I guess you've never used Avira then?
free-av.com
Free antivirus for Windows, Linux, BSD, and others.
I'm starting to think GNU is the problem with "GNU/Linux" these days.
Seems like the Open AV project needs step up it's progress (or become active again?).
Of course I didn't RTFA... why would I do that? You really are new here aren't you? Don't let my UID fool you.
Really? Tweakguides? It's a great site, but you're suggesting that I should have to hack my program to make it usable? Why? I used AVG Free for a long time, but switched for a couple of reasons. 1) It doesn't perform very well in av tests (try AVComparatives.org). 2) Unless I had email to respond to, my computer wasn't usable during a virus scan. So, why on Earth would I want a virus scanner that hogs resources while simultaneously not doing its job very well? If it were the ONLY free scanner on the market, fine, but there are better options. Me? I ended up just paying for Eset's NOD32 Anti-Virus.
Some readers (and AVG) don't get why this is "slimey". It's worse than slimey -- it's outrageous.
We provide a web service for serious scientists, and each query to our system requires a LOT of computational and database resources. We're not talking about delivering up static results or a simple database query here, we're talking about launching jobs that run for several seconds to several minutes. A given page might have dozens of these links. So a scientist who asks an reasonable question would spend a few seconds of our server's resources. But then AVS comes along, and could launch dozens of searches that might potentially use an HOUR of CPU time.
Most of these links would never be clicked, because they're not what the scientist is interested in. But AVS, being blind and dumb, hits every one of them.
If this goes on unchecked, we're going to have to install some elaborate traps, at great cost to us, to try to detect AVS's scans based on behavioral patters. For example, no scientist would ever click on links in quick succession, because she/he wouldn't have time to read the results. But this will cost us tens of thousands of dollars in programmer resources.
AVS, you suck. Your holier-than-thou attitude is disgusting. What you're really doing is sucking off the resources of other companies in order to improve your own profits. You're throwing the cost of the criminals onto the shoulders of innocents.
Wow. Just wow. You managed to make an ends-justify-the-means argument, a false dichotomy, a red herring, and probably a few other fallacies I missed because I was already laughing so hard.
AVG is breaking two key rules of good app behavior on the internet: they are making huge numbers of requests that users don't want or know about, and they are providing fraudulent info in the request headers to prevent affected services from mitigating the problem.
How many companies write internet-enabled apps? What do you think? 1000? 10000? 100000? If AVG's behavior here is OK, is it also OK for all of those other apps to pile on as well, each one adding another 6% of overhead to *the entire internet*? Or is AVG special for some reason that allows them to play by different rules than everyone else?
This is very abusive on AVG's part, and your spirited defense relies on logical fallacies and hand waving. Your "if you don't want AVG to eat bandwidth and lie about its useragent, you must want your users to be infected with malware" bit is just icing on the cake.
Truly, you have a dizzying intellect.
If I wanted a sig I would have filled in that stupid box.
I've used all sorts of personal and enterprise anti-virus. AVG is the least slimy of all of the Antivirus companies I have dealt with in 13 years of working in IT.
After reading rave reviews I tried a switch to ESET NOD32 once, but it used more system resources than AVG.
I have used AVG pro; free, and network edition (I am IT Director for a mid sized medical technology co) which I switched our company to from Symantec and everyone has been happy ever since.
I think the feature they are discussing is one of the newer features in AVG 8, which I disable anyway.
I wouldn;t be surprised if other AV companies are behind this sort of article, because AVG has never bee known as "Slimy."
While all other /.ers are complaining that ClamWin is useless I want to bring some points :
- ClamWin has a built-in plug-in to scan incoming mail in outlook.
- ClamWin is easy to call from scripts and is a nice thing to add to the commands that are launched by your favourite bit-torrent client once a file is completed (I use this on my linux based torrent downloading/file server machine)
- ClamWin has plug-ins for FireFox : SafeDownload, Download Scan, Download Statusbar all let you launch the scanner of your choosing once a download finishes. ClamWin Antivirus Glue is another solution, but one has to manually update the minimal supported version (the plugin is set to support up to 1.5 although it works with more modern versions).
So, although ClamWin isn't continuously scanning in background, it can cover most of the usual entry points. (Although I don't know about plugins for Thunderbird and Microsoft file server).
For those who like to test newer bleeding edge software : WinPooch software can launch a scan when ever an executable is opened - it's almost as good as an on demand scanner.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
I think you're missing the point: it scans links that users are not going to. It scans every result from a search, and not just the ones that you're browsing to. This significantly increases the traffic that sites have to deal with while not increasing user security at all, since the pages can just as easily be scanned while they are downloaded.
But maybe you're just trolling.
Look, I'm all for setting up a public water fountain and letting people drink from it. It's what I expect. But when someone brings a hose and they aren't even drinking the most of the water they suck out (i.e. the pre-crawling bit), then, yeah, I'm going to say "Quit it, and let other people have a drink", especially if I'm paying for the water.
It's inconsiderate and wasteful, and unnecessarily so. Slimey? No. But rude.
I used to use AVG (and liked it a lot at the time) but switched to Avast after a couple of failed detections. Avast also will scan content, but they skip the stupid stuff and just scan content you're accessing. And ya, sometimes it's good to know someones got your back when you're on a p0rn binge.
Quack, quack.
Also AVG are not slimly, the spyware/trojan/malware site operators are
However, I'd argue it's the equivalent of using a flamethrower to take out a wasp's nest - the amount of collateral damage to non-malware sites due to the spurious pulls is excessive, there are cleaner methods available.
I don't read AC A human right
How long before someone gets fired or arrested, and tries to explain that it was their anti-virus software that was viewing the child pr0n?
After some checking logs today - the beauty of this mess, is that linkscanner doesn't send accept-encoding and it also seems to 'support' the caching header in a quite hilarious manner.
If your homepage is 100k, browsers will see a page maybe 15k in size, linkscanner sees a page 100k in size.
If you regularly update and set a low/negative expires, then a browser will see the page once (when they visit it), whereas linkscanner seems to re-download the page every time it sees a link to it.... combined with a page that is SEO optimized, and you can see insane bandwidth usage.
*IF* page scanner avoided re-downloading pages with "don't cache" set (since it's bloody pointless), AND supported gzip encoding - then I wouldn't be quite as pissed as I am. Honestly, this is not only a bad idea, it's half-assed coding on top of that.
This reminds me of that FF link-prefetch feature that, IIRC, got removed (or did I just disable it so long ago...) because it was such a pig.
Why not just have AVG pre-scan links you actually *click* on rather than scan the entire page of search results, most of which you'll never look at beyond the summary? Is there a technical reason it can't do that?
ON DELETE CASCADE
I submitted an article to ./ on May 30 about this AVG thing. I did not read about it but discovered it for myself. I was rejected.
http://www.cre8asiteforums.com/forums/index.php?showtopic=62865&hl=
A month later it is news (for Nerds) although it is still stuff that matters.
Now I ask if you need to know someone to submit or does it have to be written by someone else?
This is borderline spyware or badware. Shame on them. Even worse. Let's say you do a search and within the results is a site that, if visited, will raise someone's flag somewhere. Guess what? You visited. You have just made the list of people to monitor. A well meaning crusader of something or other could devastate people lives with this misleading data. I'm sure we can all think of examples. I removed it then did an install without it. Geez did we need this?
Seriously, someone should clunk the marketing people at Grisoft over the head with a large wrench. The adverse publicity (here and over at vulture central (note the date) will cause them big problems). At the very least they need to set the defaults so that safesearch is *turned off* (and send this as part of their automatic updates so the problem doesn't simply keep on growing).
Andy
I got MS Virtual PC installed on PowerPC G5 Quad running (unfortunately, forced) XP SP3.
As you probably know even such a emulator/virtual machine can get infected by a worm/virus and can also actually run it. So, I thought about 4-5 years back and installed AVG Free edition after trying various stuff. It was the previous, simple version which did a damn well job for obvious junk and it was almost transparent to that P3 500 equivalent virtual machine.
It shows me warning that I should update to version 8, after watching that it takes 35 mins just to install, I travelled further back in time in my memories. You know the difference between AVG 7 and AVG 8? Same as the difference between legendary Netscape 3 Gold and Netscape 4 communicator.
RIP to another excellent software/formula wasted by incompetent developers and a company trying to become which they can never be, Symantec. Symantec can save themselves and survive thanks to millions of dollars in advertising, straightly bought out technical correspondents, reviewers but AVG will be a thing of past. I am actually surprised nobody started a "Save AVG 7 petition" yet.
The code they wasted actually saddens me even while I mainly use OS X. Avast guys should be careful, they are in same path too.
Seriously, AVG wasn't trying to DDoS websites around the world - they were only demonstrating that they aren't very good at predicting the consequences of their software's actions.
Never attribute to malice what can readily be explained by simple ignorance.
Comment removed based on user account deletion
Well, it's hardly easily correctable with a change in the default install. /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch
You have to install with this command line:
c:\avg_free_stf_*.exe
You couldn't give that command to someone over a beer or even on the phone. It's ridiculously complex, it should be much more simple. It's really really hard.
They stumbled in their architecture decisions on the new release. Made bad choices. Hopefully AVG is fixing all this nonsense right now.
.
Actually no, I don't.
Nerd rage is the funniest rage.
Well, the "No Trespassing" sign in this case is presumably a robots.txt file.
AVG is choosing not to follow robots.txt. If you accept that AVG's linkscanner is, in fact, a robot, then they're basically ignoring a clear warning to keep the hell out.
What's still open to debate, in my mind anyway, is whether the AVG linkscanner really qualifies as a robot. If it is, then certainly a web browser that performs pre-fetch is as well, and ought to follow the same standards.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I've seen two suggestions:
1. vigilantism - embed a miniture iframe with a google search for 100 pages from their site in your site's footer and hurt them back ( they have to pay someone else ). I find this is a rather distasteful approach, ethically.
2.create some form of RBL list of user ip's that are using AVG and bounce them to a page with instructions on why and how to disable it. Which is just silly, really.
Or just bounce them from whatever they were *trying* to view to a page that explains that they are being banned from the site due to abuse, and explain why.
If enough people suddenly can't use the internet because their Antivirus providers are a bunch of ass hats, that should hit AVG in the pocketbook much harder than the bandwidth-hogging "vigilantism" approach laid out in "1", above.
I fully expect to see someone at AVG go to jail, anyway, (DDoS is a federal offense, and this is criminal negligence, at best). This will hopefully make them more wary of distributing fantastically broken code in the future.
Sorry if I seem like a hard ass, but it's not like this was an unforeseeable consequence of their actions.
This work is licensed under a Creative Commons Attribution 3.0 Unported License.
So, if we all know how to block the AVG client from our sites, what's the purpose in the falsified AVG header? Also, I've been a long time customer of AVG. They've never done anything "slimy". This news does not indicate they are slimy. They are trying to protect their customers, but I do agree they should have found a different way to do this. Personally, I'll be turning off this feature when I get home. I was beginning to wonder why searches were taking so long.
If you wanted to be protected on the pages you view, you could, I don't know, scan them instead of having every computer on the internet doing daily crawls of everywhere even tangentially related to the pages they actually view? Or they could only scan once, and only crawl a website if it hasn't been scanned recently. There is no reason their software has to scan /. 5 million times a day when once would do. After all, if they want to be so cavalier about bandwidth, they can pony up and have their software ask their database about the page every time, instead of just doing another redundant scan.
ASCII stupid question, get a stupid ANSI
Oblig: The following is just my $0.02 from experience with such products, and not meant to troll or start a flame-war. With that being said, any time I find a system running Symantec/McAfee AV of any kind, corporate or otherwise, I have a quick discussion with the user and proceed to uninstall it. Ditto for Microsoft One'could'Care'less'. It's no secret that those products are notorious for siphoning resources and their effectiveness is questionable at best. It's not like there's a silver bullet for anti-malware purposes, but there are much better alternatives out there. Again, just my $0.02.
I've installed AVG, Trend Micro and Bitdefender, among others, in the past several years and must say that the default settings on most anti-virus/anti-spyware apps definitely need some tweaking; IMHO of course. At the very least, a much better explanation for the average end user during the installation process; as in what each module does and if you want to activate it. It would also benefit the end user to have a much easier way to disable problematic features such as Linkscanner in AVG. As for techs and the like, the advanced/custom menus will do just fine.
From my experience, BitDefender could use a rework of the UI. Too much shit to sift through and it would also benefit the users, especially techs, to be able to easily save/restore settings in the event you're setting up several machines at a friend's or family member's house.
Regardless of which product I end up installing, I always choose a custom setup and un-check options such as LinkScanner, or any toolbar-related modules for that matter. During the installation, I explain to the user why it's being installed the way it is. I also disable any scheduled scans as they cause nothing but trouble for the average user; as in full scans scheduled by default to start at 8 or 9am. Most times when I get a call about the machine slowing down to a crawl, I ask if an AV product has been recently installed. Aside from actually being hit by a nasty virus or spyware, it usually ends up being the case. This is from those who try to install the AV app on their own and wonder why the system is running terribly slow. Experiences like that are very common across most anti-malware apps.
Another issue I have with most, if not all 'internet security' apps is their implementation of a firewall. What a monumental piece of complicated horse shit all the way around. Problems ranging from ActiveSync not working anymore because of blocked ports to file-sharing being blocked. And those that claim to be a 'smart' firewall because apps are granted access based on a approval list maintained by the vendor causes it's own set of problems. Needless to say, that I stay away from using such firewall apps from AV vendors. If it's a desktop, the crappy Windows firewall will do. If it's a laptop, I disable file-sharing and explain to the user how to turn it back on if needed, plus I suggest something like Zonealarm if it's a home user or Zonealarm Pro if it's a corporate user.
Comments and rants are more than welcome. LOL!
Yes, but robots.txt lets you specify not only permission to retrieve the page, but also what the robot can do with it. AVG's using the result of the permission I give to Google without having permission itself.
I'd love to see Google step up and say that the application erodes trust between Google and webmasters, and push AVG to do something... or subtly break the functionality in some manner.
In the mean time, since it's possible to detect requests from the AVG toolbar (the missing accept encoding header), web sites could launch an awareness campaign with an interstitial YOU IDIOT! page when a human visit follows AVG's "visit".
A site that started last week, AVG Watch, is collecting the IP addresses of LinkSpanner users that visit two other sites they have. After three days, they have 21,000 addresses.
Would it kill AVG to scan on-the-fly rather than pre-emptively? That way it wouldn't generate any extra traffic.
I've been using AVG Free for years. Then 8 came out and they added a bunch of crap including the link scanner. The link scanner I noticed prevents some sites from loading correctly and seems to slow down others. You can disable the feature but it certainly seems to discourage this. Apparently I new have to find an alternative to AVG. Seems like this was a bad business decision on their part (I certainly won't be buying the full version now).
"UNIX is very simple, it just needs a genius to understand its simplicity." -Dennis Ritchie
It's not the users' fault that AVG have gone and screwed the pooch.
I, for one, hope to see AVG go down in flames as they are sued into oblivion by the majority of websites inconvenienced by this distributed denial of service attack against the internet itself.
Sorry, but even a novice coder would know better than to have code that even pings an address, much less sends a text request for a large amount of text. Not in an application with a couple million users.
Personally, I don't see this as any different than the bot-nets that were all the rage a few years ago on irc. It seems to me that anyone inconvenienced by this attack should be calling the feds. Certainly anyone whose server was knocked down should be.
Civil court is fun (show me the money!), but this is criminal. Someone needs to have their sunlight taken away.
This work is licensed under a Creative Commons Attribution 3.0 Unported License.
"What AVG is doing is illegal"
Source?
"FACT: A distributed denial of service attack is a federal offense."
So is murder, this is neither, why lie about what this is when what it really is is bad enough?
"YOU ARE AN IDIOT"
And you are a liar.
Truth said.
NOD32 is the BEST...no doubt. But its been slowing my system down lately, no idea why. Takes Call of Duty 4 over 60 seconds to start. I disabled it as I was troubleshooting, and bingo, fired right up. So I switched to AVG, since my free trial was almost up anyway. AVG lately has been performing better in tests, but nod32 is the best. I won't argue with ya there! Also, its not hacking...its changing settings...if you're afraid to change default settings of a program...then you're stuck with that they give you as default
Lemme get this straight - for all intents and purposes, AVG has turned their entire customer base into one huge botnet, yes? They can't instruct it to "attack server ", or to initiate campaigns to increase the size of their botnet, but a botnet it remains. Anybody with AVG software installed will accept whatever that software does (at the behest of AVG), but since it lives under a cloak of legitimacy users won't be trying to purge it from their hosts anytime soon.
So - AVG Antivirus is a trojan, it's behavior once installed is much like a worm, it has been shown to inadvertantly cause DDoS attacks on websites (hey, what's the impact on the backbone from this?). AVG Antivirus is the BitTorrent of the botnet world!
If I wrote software like that, DOJ'd have me in jail 'til my beard reached past my kneecaps.
Are users not supposed to protect themselves in the interests of the website?
This isn't being done to protect users. The pages could be scanned just as easily on actual load. This is being done to prevent the users from having to suffer a small delay on loading the page by preloading it (and every other possibly link on the page since the software doesn't know what link you're going to click).
You're just putting spin on the issue because this is affecting your cost/income ratio.
You're very anti-average Joe. Most of us aren't Amazon. Most of us, in fact, make precisely zero income from our websites. And we don't have the kind of financial resources to deal with this kind of distributed attack on our bandwidth. Amazon, Yahoo, and such won't have any problem dealing with this sort of thing, but if it becomes popular, it'll force the rest of us off the web.
Since the problem of malware sites is not going to go away and since AVG is effective more antivirus software will start using these techniques. Unless you have something better to suggest?
Yes, make the user wait the extra second if the user wants to scan a page.
Frankly, as an end user, I don't give a damn about your costs and stats. I don't care about it for amazon, ebay, myspace, or paypal. I do care that if I follow a link to an unsavory site that I am protected.
If that's true, then you won't mind waiting the extra second to load a page instead of having the browser drag down the bandwidth of every site in your search ahead of time for you.
Here is another question. Do you want a userbase that is populated by malware infected computers? Is that preferable to figuring out a way to work with AVG new technique?
That's a false dilemma. Is it preferable to force everyone other than the big guys off the web so that users don't have to wait an extra second on loading a page?
Dont throw your users under the train. They have a right to their security and peace of mind.
Don't throw the majority of web page publishers under a train, just so you can save a second by preloading a page.
"Convictions are more dangerous enemies of truth than lies."
Are you not capapble of telling the difference between the users of AVG and AVG themselves? That's the only explanation for why you think what you do even though you're wrong
I don't agree with the OP's reasoning, but your inability to see that AVG and it's users are separate groups doesn't make your point accurate.
RTFM? http://developer.mozilla.org/en/docs/Link_prefetching_FAQ
Firefox's prefetch only loads stuff explicitly marked as prefetchable. AVG just loads everything.
I hope you can see the difference there.
"You managed to make an ends-justify-the-means argument"
Yes, I'm justifying AVG's actions. Are you saying that I should sacrifice security so CNN has more accurate statistics? If you are...well tough. Do you realize that some of the affected services they are breaking steal your passwords?
From a user's point of view I want as much protection as possible. I don't care if it hurts MTV's bandwidth and processor usage. That's THEIR problem. Welcome to the wild and woolly world of the internet. I want to break AS MANY MALWARE APPS AS POSSIBLE. Really, security is my first concern. Usability is a close second. Your costs? WAYYYY down on the list.
Yes, this might break business models. That's called evolution.
Not trolling, not intentionally.
Granted, this is going to increase web traffic. Grisoft SHOULD start a whitelist/blacklist to ease the traffic on the net. The technique becomes more valid at that point.
Good point Ornedan!
(on Slashdot, we're seeing them as like 6% of our page traffic now)
This is like 6% bonus damage on the Slashdot effect. Eat it, servers!
Just wait till the next patch, when it starts scanning ALL search results, not just the 10 on the current page.
Bots should adhere to the robots.txt rules. That is how webmasters "give permission" to bots such as Googlebot to crawl their website. If a bot doesn't bother reading robots.txt, then it qualifies as abusive, in my book.
I only give permission to googlebot in my robots.txt, and disallow everybody else. Thus AVG does not have permission to do this, no.
I seriously doubt that they will get away with this. If it's 6% of the traffic on ./ then it's a measurable cost. I think one can spin that as a DDoS so just sue them. Or send at least a lovely cease & desist.
This behavior can't be tolerated. Major websites should try and match the source IP fake view with real view and present users with LinkScanner with a notice of what their anti-virus is costing the company.
That ought to shame AVG into pulling the product. It's not like LinkScanner can work, anyway.
The first time through, I read that as avg_free_stfu.exe
That is all.
This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Instead of up'ing everyones web stats to amazing levels.
My SD Card reader quit working on my laptop after installing AVG Free 8. I would have rolled back to v7.5 except for the upgrade pop-up that occurs every time I updated the definitions. That was the last straw. I uninstalled it in favor of Avast. Thus far that is working well for me and my SD card reader works again.
"Me! Me! Me! Me!"
I thought that AVG were good guys like Google that put their customers first rather than the neo-conservative fascists that bought the White House. It's all the other A/V companies that scare me. Maybe all has changed since they acquired Linkscanner.
Let me tell you how I feel about the other guys. It all started with Cyberstorm I, back in 2006.
The Department of Homeless Insecurity claim that their exercises are on an imaginary parallel internet housed somewhere in the basement of the Pentagon (or somewhere like that). I personally believe that Cyberstorm I exercise was live although I do not wish to prove that, just speculate...
To my knowledge AVG/Grisoft were not a participant in Cyberstorm, however Symantec, M$, Cisco and other commercial players were. There were some really horrible viruses that did the rounds at the time, blackmailing people into believing that all their secrets had been passed on with the virus. Another twist was that the computer would 'self-destruct' at the end of the month. Viruses made it into the news at the time, hospitals having scanners put out and such like. I was amazed at how sophisticated those viruses were. They stripped out all A/V protection, deleting the files and registry entries. Obviously a script kiddy in somewhere like Hungary could have written them, but I thought the level of sophistication and timing was odd.
The whole idea of Cyberstorm 1 was to test whether an online anti-government word of mouth campaign could be contained. The government would not want the truth about how we got into this war to get out, and it was on the basis of Cyberstorm I that informed Rumsfeld that 'The War Against Terrorism' was here for 75 years or so. Rumsfeld was correct to focus on Cyberstorm instead of Iraq, but it could have been instrumental in his 'demise'.
Coupled with the 'not' live exercise was 'Full Spectrum Dominance', i.e. different stories in security blogs about what the viruses were about. I think the exercise lasted a fortnight or so, and a week or two before the exercise officially started. Cyberstorm II had a deeper focus on spoof blogs and 'Full Spectrum Dominance', however, I did not 'participate' in that one...
If AVG are now playing ball with the Department of Homeless Insecurity then the 4th generational cyber-warfare scene is getting hotter and hotter.
Warfare has always been information warfare, remember 'Enigma'? It matters more than anything that grunts with bullets and bombs. Warfare is notionally about an external threat, however, it is always about control of the domestic population. An internal threat is a lot, lot worse than an external one for the guys in the palaces. Cyberstorm has a political motive, no matter how flowery the official language. In all warfare - online or otherwise - there is propaganda and fog of war. Fog of war means that nobody really knows what is going on. Hence, only wildly speculative hypothesis can be used to make sense of it all - hard facts don't happen and pukka adversaries run feints. Nonetheless, the Department of Homeland Insecurity do hint at this in their official spiel:
"The Cyber Storm II scenario will be executed by persistent, fictitious adversaries with a distinct political and economic agenda. The Cyber Storm II adversary will use sophisticated attack vectors to create a large-scale incident requiring players to focus on response."
http://www.dhs.gov/xprepresp/training/gc_1204738760400.shtm
The document on Cryptome is a must read as this shows the whole game plan. It's scary:
http://cryptome.org/cyberstorm.pdf
Note that they is talking anti-globalisation, not al-make-believe or the Chinese or the Estonians...
A press release story from the time:
"Original Cyberstorm 1 bulletin (AP, Feb. 10, 2006):
The government concluded its "Cyber Storm" wargame Friday, its biggest-ever exercise to test how it would respond
I'm the network, systems and phone admin for our company (medium-sized business), and we actually use AVG Network edition, which is exactly the same as the free edition except it can be controlled by a broken, crippled management console. AVG 8 came out with this feature and I turned it off the first day (at least on the clients that the management console would work on, which was not many) because it started sucking up all our bandwidth. I rolled back to 7.5 on all the important machines because their software has just become too malicious and bloated. Aside from the scanning feature, there are a zillion other little addons which all cause an error state in the program if manually disabled. On top of that, it requires restarts about once a month, and it eats our remote software (RAdmin); even if you add it to the exceptions. I've had no luck with the twenty-some emails that I've sent them about that; they keep claiming that they can't replicate it in their labs even when I show them screens of the scanner wiping a file and the exceptions list in the background showing exactly the same file with the "any location" setting enabled. This all probably makes me sound like a bad admin, I wish I could convince my boss to get a real AV solution, but instead I'm dealing with at least one problem every single day caused by AVG. Also, don't install AVG with the Netware 5.0 client (I know, I know, we're upgrading now, shut up). Bottom line: AVG used to be great for home users, but now it's a black hole of productivity, and an absolute nightmare in a business environment.
Frankly, as an end user, I don't give a damn about your costs and stats.
You'd care if your favorite web sites become pay sites due to rising bandwidth costs, especially if Norton and McAfee try pulling this shit too.
I wrote a blog article about this back in March, and it's just now getting known? I had a horrible time trying to convince people to stop using it because they thought they needed it, and didn't care as they didn't have to pay for bandwidth. Back before I wrote the article, I installed the new version of the program, searched for something and 5-20 minutes later it returned the scan results (not joking either -- I reported it to them. Had many, many e-mails back and forth). Wondered what the program really did, so I searched for just my website that has real-time user info displayed to me. Saw it actually downloaded and accessed the page (wasting my bandwidth on the server, processor, etc) so I disabled it. AVG gave me a red exclamation mark -- so I complained to them again, and again, about once a month. Latest release allows you to disable the link scanner and tell the program to ignore any warnings from it. I still wish they and all the others would remove it though. The entire thing is redundant or pointless. AVG's scans the website even if you don't visit it - then again once you do (just imagine a search engine indexing a FBI sting site, and you go searching for info about the sting, and get the sting site as a result). Other programs look up in a database if it's safe or not. It's all just a waste of resources all the way around.
it's the only way to be sure
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
I switched from Norton Anti Virus to AVG about a year ago. AVG was free, it doesn't seem to be as much of a system hog as Norton AV and is easy to use and seemed to get favorable reviews.
Now I hear that it is the mother of all evil. Ok, not really, but I'm assuming that those who have vented against AVG in this thread would recommend I use something different.
So, what do I use for a good, preferably (but not necessarily) free, anti virus program?
heh, its grisoft, not girsoft, that may be why you are not able to get to the site :-)
Am I missing something, or can't you just disable the AVG extensions? This is what I did in both Firefox and IE6. I left the SafeSurf thingy running in the AVG console, but so far as I can tell, neither IE nor Firefox are letting it do anything. That said, I, too, thought that AVG 8 went in the wrong direction -- too much useless junk.
I don't think I've seen a posting so completely devoid of any intelligence in a long time.
Are users not supposed to protect themselves in the interests of the website?
Sure they should. Nobody has suggested that they should not.
Since AVG is producing something that helps end-users do you really want to be seen as a promoter of the problem?
If they want to help the end-users, they should scan the content before it's given over to the webbrowser - not pre-scan all links.
Since the problem of malware sites is not going to go away and since AVG is effective more antivirus software will start using these techniques. Unless you have something better to suggest?
Why not just do the sane thing? Why not just scan the content as it's being downloaded? Why on earth be a malicious bastard costing people and companies hundreds of millions in extra bandwidth costs?
Frankly, as an end user, I don't give a damn about your costs and stats. I don't care about it for amazon, ebay, myspace, or paypal. I do care that if I follow a link to an unsavory site that I am protected.
Which you can be in any case if the software in question is anything close to sensible. In your arrogance, you've completely forgotten that there might be better ideas on how to do this. Ideas that are even simpler, and that has been implemented in a lot of products for a long, long time.
I suspect that you're either extremely dim, or you work for AVG. This thread is suspiciously full of people defending AVG, without really contributing anything but hyperbole and bullshit. You're one of those "contributors".
Here is another question. Do you want a userbase that is populated by malware infected computers? Is that preferable to figuring out a way to work with AVG new technique?
Work with them!? WORK with them!? If they pick up all the bandwidth-bill-hikes they've caused globally - then sure - I would be willing to work with them. I do suspect that they would go bankrupt if they tried, though.
And why on earth should anyone work with someone who does something as foolish as this? When much simpler, better and easier solutions has existed for a long time?
No, AVG deserves all the blame they can get.
"Rune Kristian Viken" - http://www.nwo.no - arca
the problem is is screws up analytics.
To which I say "Boo frickin' hoo".
The Kruger Dunning explains most post on
When I tried to submit this story back on June 14 with a link to a Wired article it was rejected. Now it's affecting you and it becomes interesting? Yea, I know we aren't to take the rejecting process personally, but sometimes it seems the editors just want to post dups and make Cowboy Neal jokes rather than look at what they are offered or give any feedback on why something was rejected weeks ago but is now of international interest.
I'm an American. I love this country and the freedoms that we used to have.
Why not just scan web pages as they are downloaded by the browser?
Is there some really clever reason why this doesn't work, i.e why it's more effective to grab the web pages ahead of time? Because I can't think of one, other than a case of PEBCAK at AVG. You could route all TCP/IP traffic through a transparent proxy and scan the pages there before releasing them to the browser: if there's malware, you don't let it through. Surely this would be just as good at catching malware, and more "environmentally friendly" for the Internet generally.
>north
You're an immobile computer, remember?
In the words of Beavis and Butt-Head: "Just because one thing's cool doesn't mean another thing doesn't suck."
For the Windows boxes I use at home, I have the A/V software set to scan only on write or modify, and exclude certain files that get written to a lot but are very unlikely to carry an infection (e.g., log files). Using this setup, files are generally only scanned a few times (depending on how the download and install system uses temporary space), but the system is still just as protected.
Well, some paranoids would argue that by doing so, you're still vulnerable to any threat between the last write to a file and the latest signature file update. An on-open scan which compares the date of the last "on-write-scan" with the date of the signature update would plug the hole.
another interesting approach is AvFS which tries to integrate virus scanning inside a file system layer and to scan the data on the fly as it is loaded (thus not blocking the execution for a long time while a huge file is accessed but scanning data as it is streamed from the underlying file system - should fix all the "drawing an installer's icon freezes the desktop" situations).
This wouldn't work if you don't really have control over the system, and someone evil came in and turned off the A/V and then loaded a virus. Just in case, though, I have scheduled full drive scans run weekly during low use hours.
Well, a physical access is a guaranteed way to compromise a system anyway. Though I don't know if you can trust the scanner once the system is compromised : several viruses are well known for hiding themselves from scan (and some do even intercept updater's access to the web and prevent downloading a signature definition of that virus - the antivirus always report a clean system but that's only because its signature file is corrupted). I think scanning from a bootable media (CD-R, usb key) would probably be more reliable.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
First of all, the very nature of that business is fraud -- there is no effective "anti virus" software, period. Therefore you are maintaining that a class of people so ignorant they fail to realize they are downloading and installing something utterly worthles which will needlessly slow down their computer are people who will be knowledgeable and responsible enough to change the default settings to something less destructive? Look at it this way: If GM sold a car with a deadly fault which could be easily fixed with a small adjustment would you argue that because it can be easily fixed by anyone who takes the time to learn about the flaw and how to fix it that GM is not the responsible party?
Caveat Utilitor
There is a similar pest from a virus scanner identifying as ClamAV 0.92.1
It retrieves URLs from our website but it does not include a Host: header with the requests it makes.
Of course this makes it fail on websites that use shared hosting on a single IP address.
I think / hope that the following rule will let snort detect it too. It seems to work in my network (I'm sure it could be improved)...
alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"Incoming AVG"; flow:established,to_server; content:"User-Agent\: Mozilla/4.0"; content:!"Accept-Encoding"; nocase; classtype:web-application-activity; sid:1000003; rev:1;)
Nullius in verba
we only want to protect humans from online viruses embedded in web pages. Why want disassemble robots? We live to serve and protect. No like, then remove the scubbing web option so no scub the Internet search engine results for viruses.
AVG scans every page when you access it anyway. Since it's downloading the page to scan it, you're "visiting" the page in both instances -- so you'd be, potentially*, more of a risk for infection their way.
* if they download the file, parse the page (i.e. download all the integrated stuff and scan them too, parse the javascript, etc), it'd be possible that a virus the scanner isn't set to detect could be downloaded and run. But if they just scan the things (no parsing other than searching for things), risk would be minimal overall I'd think.
"Grousing about submission gets you modded down", etc., I know.
But me and eleventy billion other people submitted this story back when it started happening to our servers, seven days ago!
Mod me down, whatever. It's just freaking hilarious that when we have a story that actually matters to nerds in a real, visceral, quantifiable way, it gets ignored for a week.
<sarcasm>Thanks for the update, taco.</sarcasm>
that it can give some approximation at how many times your site is appearing in a search result page.
Something google et al could already suply with a public rss feed
What's in a sig?
Wow. Just wow.
Stopped reading there.
--Jeremy
Jesus was a liberal
If you right-click on a component in the AVG User Interface, you can select 'Ignore Component State'. That way the component is turned off, but the AVG icon doesn't show anything wrong.
Hope this helps...
Sorry to be ignorant, but I don't get it. Doesn't every site owner want to drive up their number of hits so they get rated higher anyway. Doesn't this only happen if a user is looking for something like your site to start with? If 6% of the traffic is coming from AVG now, how much was coming from the same users before AVG8? Are there actually statistics indicating the Internet is being flooded by these requests. Isn't this exactly the sort of thing Tim Berners-Lee is hypothesizing as part of Web3.0? I don't see who this is hurting. Certainly seems like a good thing for the user (if your machine can sustain the workload...mine can't).
Version 8.0 has killed AVG for me. It's slower, does more popups, kills legitimate programs (eg. VNC), and now this...
I'm a paid up AVG user but I'm looking elsewhere.
No sig today...
Or send it out as part of the automatic update. That AVG does at least once a week.
It is, and I did. You make it seem like it's splitting the atom or something, which to you, I suppose it could be.
Ah the old "I know you are but what am I" retort. Should have seen that coming based on your posts.
Please point out, if you can, where I defended anyone. I simply pointed out where the issue was occurring instead of thoughtlessly lashing out like a petulant child. If you can't be bothered to think beyond the first level, and regard immature raving as a substitute for intelligent commentary, then I don't see why you're bothering to comment at all.
So what you're saying is since you haven't learned that there is a difference between a company and its customers, a product and its users, that you are "terminally stupid"?
Would you be upset if I agreed with you?
sudo apt-get remove avg
I'm sure the users will just go elsewhere for their porn. The thing I don't understand is this: I've used free anti-virus in the past, and if one became bloatware or less updated after a while, I'd simply switch to another free program. Why are people defending AVG when the time would be better spent doing a minimal amount of research and grabbing something else?
Don't worry if you're a kleptomaniac, you can always take something for it.
Here ya go
(But seriously, I agree with karot's above comment: sure, the problem itself is easily attributable to plain stupidity, but their (non-)handling of the fallout is the essence of slimy.
How about gasoline & bees! :-)
You mean you don't know that Internet Explorer already had a bad name?
Some people nicknamed it Internet Exploder for a good reason you know. :)
Microsoft Outlook was nicknamed Microsoft Lookout for similar reasons.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
I don't know about the paid version, but I couldn't schedule scans when I had the free version. I only scanned when I remembered to do it manually, and that was always when I was using the computer, so I had to work through the associated resource consumption.
This space reserved for administrative use.
Oh? And how is that "without interacting with AVG AT ALL" then? You just don't get it. I am fully aware that AVG and the unfortunate souls who download their product are not the same people -- I just massively disagree with your contention that "AVG is not spamming the web with deceptive traffic". They factually, literally are, because they are releasing a piece of software configured to do precisely that to a market that mostly has no idea that it happens or how to correct it or even why they should care.
Furthermore, when I said "oh sure, all that has to be done is to educate every single person who downloaded the software aimed specifically at lusers. It's so easy and so simple, I'm surprised you haven't already taken care of that", I was referring to all the users everywhere currently acting as AVGs agents spamming the web on their behalf via their malicious and defective software. Now surely, that is spelled out well enough, even you can comprehend it?
Good night to you, sir!
Caveat Utilitor
"You managed to make an ends-justify-the-means argument"
Yes, I'm justifying AVG's actions.
Well, if it actually worked you might have had a somewhat valid point. Tell me, what exactly does AVG's shotgun approach do that could not be achieved by using a local filtering proxy instead?
The main objection is that this "feature" is just plain dumb and has a horrible implementation.
If J.K.R wrote Windows: Puteulanus fenestra mortalis!
Projecting much, Mr McGuiggin? :) BTW, you've just been beaten by a woman.
Caveat Utilitor
Good to see that Slashdot has abandoned the last pretense of objectivity.
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
..or it would have been if there was a way for all user's plug-ins to anonymously share data about the websites they each vet. Sharing that info (Anonymously) with Grisoft will give something back to the company that provides their private users with an excellent piece of software for _FREE_.
> This is flooding websites with meaningless traffic
[insert obligatory slashdot effect joke]
Agreed... People are throwing big fits about this behavior of their software, and perhaps yes, it could have been implemented in a more "bandwidth and site friendly manner". But anyone who has dealt with some of these trojans and spyware infections before knows, it's hard to care a lot about skewing someone's site statistic counter vs. making sure you don't accidentally visit some site that screws you up that badly again!
AVG has always had a pretty good, reliable and value-priced line of products ... and AVG 8 is no exception. Free for home/personal use, and cheap for anyone else (half the price of crap like Norton that doesn't work as well), plus they now incorporate spyware AND virus scanning in one product. Used to be you had to load 2 products for that.
I have always recommended AVG to my friends who can't or aren't smart enough to use something other than Windows. If AVG has all of a sudden become one of the bad guys, what free antivirus solution is out there?
sig.
Nah I think the UID is too old to be twitter.
It does cry out for a "-1, Mentally Disturbed" moderation though ...
"For instance I searched for "avg" on google and counted the number of "href=" appearances on the resulting page. It happened to be an even 100."
Because you have set a cookie to that effect - the default of google is to return 10 results (and possible news tieins)
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
Version 8 is a real monster which installs a ton of shit, which you can't really get rid of - even if you chose not to install it, it installs and runs services etc.
I used to like it - that is over.
Why is it ALWAYS that companies inflate theri programs to the point of unusability - Nero, Paintshop pro it goes on...
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
Meh, I use Clamwin myself. Used to use AVG until it became bloated.
Not twitter. Twitter changes the subject line in every reply, and would find some way to include either "M$" or something similar for IE.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Not only are they spamming the whole web, their code is buggy. For example, it does not pay attention to the directive. We use a load of rewrites on our website, and relative naming to js and css files. We started getting loads and loads of traffic to our site a few months ago. Looking at the logs, you could see requests like this:
http://www.domain.com/certain_rewritten_url/js/javascript.js
http://www.domain.com/certain_rewritten_url/js/js/javascript.js
http://www.domain.com/certain_rewritten_url/js/js/js/javascript.js
and so on. Because of our rewrite rules, our site was just ignoring everything after the "certain_rewritten_url", and serving up a real page. On this page was our js includes again, so the loop would continue. We thought it was some trojan bot, but we fixed it by using absolute URLs for js and css files and all is fine. I couldn't believe it when this AVG virus story hit the press that it was actually those bastards causing it! What they have done is simply unbelievable. If they want to do such a feature, they should setup their own spider and their own database of malicious websites. Then users can query their database if they want this feature. It's like Google saying "We're not going to spider the internet for everyone anymore, we'll give you our software and you call all spider your own copy and query that instead of us."
Kaspersky Anti-Virus, or Nod32. (I personally use KAV, and suggest that one to my clients.)
Well I don't, but then nor do I complain that Windows is hard to use because one particular piece of software available for it is a bit shit.
It's official. Most of you are morons.
Ok, I don't like this new "feature", either - but this is the first time in a long time that I've seen AVG being described as "slimy". Are you serious? Lots of folks consider them one of the best anti-virus vendors out there, not the least because they offer a basic AV solution for free.
Assorted stuff I do sometimes: Lemuria.org
Just link a big file on AVG site in the slashdot article. They'll surely understand that bandwidth is precious.
Moderation is overrated.
Uh, EVERY User Agent has Mozilla in there, and they've said Mozilla since before Mozilla even existed.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
For the last time, Microsoft actually HAS a product called LookOut. It's an acquired email search utility.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
I've just done the same search. Two sponsored links at the top; ten hits; two sponsored links to the right.
Then there's all the 'cached' links - similar pages - the ten "Gooooooooooooogle" links at the bottom; Web/images/maps/news/shopping at the top of the page; the definition for AVG; and all the links at the bottom.
After writing to file and grepping for href I've found 105 href tags, and for only ten search results. The sheer profligacy of web links is alarming, and only serves to illustrate how misapplied AVG's behaviour actually is.
(Anyone know what Google's take on this is? I bet they're also getting hammered by the sheer number of their links).
F_T
"Projecting much, Mr McGuiggin?"
If you call telling the truth abotu you projecting.
"BTW, you've just been trolled by a > child."
Fixed that for you, to make it reflect reality.
And honestly, you're not smart enough to continue this discussion. You;ve demonstrated that you can't even tell the difference between a company and its customers, why would I continue to debate this with someone who isn't even intelligent enough to do that?
Lastly, I realize that being a"woman" you're used to men talling you you're right so they can get in your pants, which is almost certainly what resulted in your obvious inability to intelligently defend your point (which was impossible, but a bright individual would have at least done better that to fire off rstraw man after straw man as some kind of "defense") but I have no desire to get in your pants, so the chance of me ignoring the fact that your argument is wrong and foolish is nil.
Go back out to a bar and pick up some loser, you'll get back to having people agree with your opinion no matter how stupid it is in no time, and you'll be right back in your comfort zone.
But you'll still be wrong.
Upgrading to FF3 will cause the extension to become disabled as its not compatible.
You can also go into the AVG directory and rename the Firefox folder. Unfortunately that has an addon effect that you cannot update AVG (due to it thinking its install is corrupt).
I really think that calling AVG slimy is off. They have provided a good AV solution for millions of people, they are attempting to protect the dumbest user, which this ploy will do.
For those thinking about another AntiVir is pretty solid.
BOO
Obviously you are just an impotent little troll. You may now have the last word, as that is clearly what you want.
Caveat Utilitor
If, theoretically, I have a robots.txt saying "disallow: /", then I would contend that I have stated clearly on my site that only human visitors are wanted.
Following is AVG's official response to LinkScanner concerns:
We'd like to thank our web community for bringing these challenges to our attention, as building community trust and protecting all of our users is critical to us. We have modified the Search-Shield component of LinkScanner to only notify users of malicious sites; this modified version will be rolled out on July 9th 2008. As of this date. Search-Shield will no longer scan each search result online for new exploits, which was causing the spikes that webmasters addressed with us. However, it is important to note that AVG still offers full protection against potential exploits through the Active Surf-Shield component of our product, which checks every page for malicious content as it is visited but before it is opened.
I first noticed the problem while in a A+ training / job development program http://perscholas.org/ in NY). The instructor told us to install this and other basic sets of software on the Lab PCs that pertained to our course work. The lab PCs were COMPAQ PCs circa 1999 - 2004. After installing AVG on Windows 2000 or Windows XP, take a look at the VM usage of AVG in Task manager ( click PROCESSES tab then click VIEW menu, select Columns... Virtual Memory size). On the older PCs after a few minutes (Pentium III or older) the VM will grow 40, 60, 80, 120MB!!! This behaviour also appears on Pentium 4 PCs with Vista. Half of my classmates were noobs and couldn't explain why their PCs were so slow. I stopped using AVG since then.
I seem to remember unchecking this "feature" on a computer I fixed up / updated recently, but it just hit me that the green checkboxes weren't some "fabulous new google feature" but was indeed AVG link checking...
Maybe I did, maybe I didn't. I know it's not compatible with Firefox 3, but that particular computer didn't have 3 yet.
Looks like I have an extension to go uninstall from a few computers :/.
Maybe you could make the argument that they shouldn't be spoofing user agents, or follow robots.txt (Through which you might be revoking permission!)
I like http://www.avast.com/ quite a bit.
I'll second this endorsement. I wanted out of the AVG v8 Linkscanner business even before the public outcry - on my Mother's somewhat underpowered desktop (she didn't know it was underpowered, but thought I had set her up with a new spanky machine - thanks AVG) it slowed the user browsing experience significantly, as well as kicking the shit out of her DSL-lite connection, which is already somewhat strained when streaming video and similar activities.
So I installed Avast on one of my desktops, and it works pretty well, once you turn off the sound effects which give you such treats as a really macho voice telling you a new update has been installed. The only issue for me was that the free version - as far as I've found - doesn't support scheduling drive scans, but rather supports a scan on boot. You need the Pro version for the anytime scheduling capability.
You can work around this by using the Avast Quickscanner and the Windows Scheduler. There's a good Howto on this on Avast forums at http://forum.avast.com/index.php?board=2;action=display;threadid=3796.
[17] Leary, T., White, C., Wood, P. R., Bhabha, W. D., and Wirth, N. Lambda calculus considered harmful. In Proceedings
no your not a lawyer, but i'm pretty sure your not smart enough to be one either.
Eliza is smarter than you are:
"What about 'my not a lawyer, but you're pretty sure my not smart enough to be one either' did you mean?"
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
You must be the most stupid person on /.
Your whole "point" was your incorrect contention that "AVG is not spamming the web with deceptive traffic". But by making the default config of their crapware do precisely that , it was an idiotic statement, because that is precisely what AVG has done . Now, you misogynist dickhead asswipe, you may insert the final (and no doubt laughably wrong) word. Buh-bye!
Caveat Utilitor
Hmm, looks like I was correct about you lying.
NO YOU STUPID FUCKING WHORE MY POINT WAS THAT "AVG" IS NOT THE SAME AS "CUSTOMERS OF AVG". I find it humorous tat you call me stupid because YOU didn't understand what YOU were reading.