Slashdot Mirror
AVG Backs Down From Flooding the Internet
Simon Wright writes "As a website that is featured heavily in many Google Australia search results, Whirlpool (Australia's largest technology forum) has been particularly affected by AVG's LinkScanner. We've seen a traffic increase as much as 12 hits per second from these bots. So we've actively and loudly campaigned against this move by AVG, encouraging all users of AVG 8.0 to uninstall the product. The discussion starts here. And AVG's backing down is posted here."
From that URL:"'As promised, I am letting you know that the latest update for AVG Free edition has addressed and rectified the issue that [Whirlpool] have brought to our attention. This update has now been released to users and has also been built into the latest installation package for AVG Free.' — Peter Cameron, Managing Director, AVG Australia."
I use AVG... and was watching this.
I'm sure they thought it was a good idea, and sometimes good companies make bad moves.... I got AVG because leo laporte reccomended it, and dammit, i like leo.
But things change over time... is AVG still a good free AVG prog? And I dont mean just because of this controversy, they made good on it and responded. I mean the long haul.
There's nothing Intelligent about Intelligent Design.
See: http://forums.whirlpool.net.au/forum-replies.cfm?t=1007329&p=13#r256
The fix has been independently tested.
Cheers WTW
Simon has state that the server normally deals with 50 queries / second.
So 12 more / second is quite a bit of load.
Cheers WTW
Well, I'm not sure how efficient Coldfusion is for handling large web forums, and how fast their database back-end is (16 million posts), but if each request takes 0.1 second of CPU time, it means it's enough traffic to keep a whole extra server busy. Approaching it differently: there are typically about 1000 users online, which open maybe one page per minute each. That means about 20 page requests per second during normal usage. Someone else mentioned 50 requests per second, but it's not clear whether that includes static content (images, CSS, javascript), while AVG only requests web pages. Database/script-driven pages take much more server resources than static content.
Avantslash: low-bandwidth mobile slashdot.
Users of Zeus Technology's ZXTM could use the following TrafficScript rule to protect themselves from AVG's DDoS attacks:
if( http.getHeader("Accept-Encoding") == "" &&
http.getHeader("Referer") == "" )
{
$ua = http.getHeader("User-Agent");
if( $ua == "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"||
$ua == "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)"||
$ua == "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"||
$ua == "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)" )
{
connection.discard();
}
}
I already switched from AVG to Avast. One thing I noticed, is that under Vista, the "AVG safe search" doesn't get uninstalled from the Internet Explorer. Mind you, I use Firefox, but after uninstalling the AVG, I realized that I haven't checked if the IE also has this piece of software in it. Well, it does, and now I have no idea how to get rid of it without fiddling with the registry. IE doesn't let me delete the component even with Admin privileges. Any ideas how to get rid of it? Google turned up only similar questions but no solution.
The single web server that powers Whirlpool is typically handling 30 to 40 non-cached template requests per second. We've got over 15 gigabytes worth of user posts online, and receive hundreds of referrals from Google every minute.
Given that it's running on a 4-year-old web server (in tandem with another 4-year-old MySQL box), I think ColdFusion is doing pretty well for itself.
Cheers
Simon Wright
Computers are useless: they can only give you answers. -- Pablo Picasso
I was under the impression that the linkscanner only checked the links in search results, so those AVG8 users shouldn't have downloaded the link unless they clicked on it.
Can you prove it? Rootkits? Priviledge escallation? Malware != virus != bot ... Anyone? Even if it were true, it does not prove your tactic is a good one... you just might have been lucky... Ditching firewall(neither for private nor public IP) is not a good idea. First, there are many programs that open ports. And second, there isn't a day that my outer perimeter isn't under constant attacks.
This is what I'm switching to:
http://www.moonsecure.com/
"When information is power, privacy is freedom" - Jah-Wren Ryel
You do realize that ClamWin currently does not have an on-access scanner, don't you? That means a zero detection rate unless files are manually scanned. Right now, your 'clueless users' are unprotected.
When you're dead, you don't know you're dead. It only affects the people around you. Same thing when you're stupid.
That's 40 requests per second to the web server, not the database. Actually, this custom-built application is quite efficient, because that only translates to around 50-70 queries per second.
MySQL isn't the bottleneck. It's simply running on hardware that's not even a quarter as powerful as it should be if it were commercially operated. And that's before we take into account failover resources or future proofing.
I've seen cases of PHPBB and vB installations, with better hardware than us, unable to handle even a tenth the load we get.
40 requests per second is not a small load for a single website. Whirlpool gets around 1.5 to 2 million non-spider page views per day, plus and additional half million spider hits.
PostgreSQL and Firebird are certainly more comprehensive database stacks, but I'm quite sure they wouldn't match MySQL for efficiency when dealing with these relatively uncomplicated queries. Even if they could provide a nominal improvement, the effort involved in porting the databases and every query in this custom application would be extreme overkill.
Cheers
Simon Wright
Computers are useless: they can only give you answers. -- Pablo Picasso
As the owner of Whirlpool, please moderate the parent as uninformed.
While I'm not in a position to provide an unbiased opinion of WebCentral, they do cater to a very important market -- people who need a premium quality service. If my experience with the $0 service they provide Whirlpool is any indication, WebCentral are not just technically excellent, their support system is outstanding and reactive. I can only imagine how much better they treat the customers who pay them.
Just because you only want the bargain service, doesn't mean everyone does.
And the only reason Whirlpool isn't blazing fast, is because we're running with a bunch of WebCentral's spare hardware. We're a community service, not a business.
Cheers
Simon Wright
Computers are useless: they can only give you answers. -- Pablo Picasso
You can disable the safe search plug in pretty easily in IE. Just go to Tools, Internet Options. Take the Program tab, and push the Manage Add-Ons button. Find AVG Safe Search in the list and click it, then select disable. Hit OK, then OK again. Done.
Ceci n'est pas une sig.
:wq!
For those of us using Win2K until it's pried out of our cold, dead CPUs, not a choice. Comodo BSODs on Win2K.
Funny, it didn't BSOD for me. I ran it on a W2K machine for 3-4 months and never had a BSOD (due to Comodo or any other reason either... FWIW I also use Comodo Personal Firewall). I switched to another AV (BitDefender) because I'm rotating through the free AVs trying them out (currently using BitDefender and AVira on different W2K machines, and AVG on an XP machine), and because I got nailed with virtumonde while using it. (Which is not to say it couldn't have happened using another AV, especially since vm is classified as spyware.)
So I'd respectfully suggest that the problem? incompatibility? you experienced was just a little more complicated than "W2K".
Posting AC because I've moderated,
number11
Version 8 of their product is the most bloated thing I've seen in ages.
Yeah utilizing 50MB of my 2GB system memory is an affront to all that I hold dear. A free program that has the audacity to work and has shown a consistent track record of reliability and performance! I'm writing my congressman asap.
On the Oregon Cost born and raised, On the beach is where I spent most of my days
Accessing every webpage you see a link to multiplies the bandwidth you use by at least an order of magnitude.
On the other hand on today's modern web, the HTML page only accounts for a small fraction of all the content that is fetched from a webserver. The bulk of what your browser downloads is all the various other flashy shiny and blinking stuff that are added to "enhance" your browsing experience. You know, all these "punch the monkey" flash crapplets.
AVG scanner doesn't download them, only the main HTML page and associated scripts (i.e.: where dangerous code could actually be hidden). Not even the CSS associate with those pages.
If you want to actually improve your browsing experience and have better use of your bandwith install some tools to kill all this useless flash (adblock+, flashblock or noscript). Your firefox will also gain stability with the same move.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
I'm not sure exactly what program (or version) you think you're providing instructions for, but it doesn't seem to be AVG 8.
I gave up on AVG about a year ago when they began nagging me endlessly. For a while AOL offered a free version of Kaspersky that was pretty nice, but they have since pulled it and replaced it with McAfee. After that expired, I gave up on all the free AV packages. I tested a couple of them (including AVG) and they were all too bloaty, too naggy, or too crippled. I eventually decided that the money wasn't worth my time and frustration, and paid for ESET NOD32. It's a heck of a lot cheaper than a new machine, it's as fast as anything I've ever used, and it does an excellent job at staying the hell out of your way. Sure it would have been nice to have something free, but when it comes down to it, I'm completely happy with it, and in my opinion it's probably worth $40 more in terms of convenience and saved frustrations than any AV product I've ever used, free or commercial. (Barring the free AOL/Kaspersky that is no longer available- I can't tell you how irritated I was when I found out that AOL had dumped it for that POS McAfee.)
If I don't put anything here, will anyone recognize me anymore?
http://avast.com/eng/avast_4_home.html
been working great for me
-- troutsoup.com
Right click on your AVG icon and click on "Open AVG User Interface". Right click on Linkscanner in Overview and click Open. Uncheck "Enable AVG Search-Shield (need web browser restart)". (You do not have to restart your browser to disable it.)
Now click on Overview on the left to go back to the Overview screen. Right click on Linkscanner and select "Ignore component State". It's shut off and AVG won't whine at you for turning it off.
Random Thoughts From A Diseased Mind (Not For Dummies)
Work computers ? You do know that Avira is free only for personal use, right ? :-)
(The banners are indeed annoying, but I am assuming that they are not present in the paid-for version, and that is the only one that you can install on work computers)