AVG Backs Down From Flooding the Internet

Simon Wright writes "As a website that is featured heavily in many Google Australia search results, Whirlpool (Australia's largest technology forum) has been particularly affected by AVG's LinkScanner. We've seen a traffic increase as much as 12 hits per second from these bots. So we've actively and loudly campaigned against this move by AVG, encouraging all users of AVG 8.0 to uninstall the product. The discussion starts here. And AVG's backing down is posted here." From that URL:"'As promised, I am letting you know that the latest update for AVG Free edition has addressed and rectified the issue that [Whirlpool] have brought to our attention. This update has now been released to users and has also been built into the latest installation package for AVG Free.' — Peter Cameron, Managing Director, AVG Australia."

So is AVG still a good AV prog?

[deft]

I use AVG... and was watching this.

I'm sure they thought it was a good idea, and sometimes good companies make bad moves.... I got AVG because leo laporte reccomended it, and dammit, i like leo.

But things change over time... is AVG still a good free AVG prog? And I dont mean just because of this controversy, they made good on it and responded. I mean the long haul.

Re:So is AVG still a good AV prog?

[i.of.the.storm]

I dunno, I use Avast, it's pretty good and free as well. I like the UI a bit better and it seems to get definition updates pretty frequently. Much less of a resource hog than Norton/McAfee too, although so is AVG.

Re:So is AVG still a good AV prog?

[FredThompson]

I recently gave up on AVG. It was a nice free option until this version 8. Surely, Grisoft knew this was a big problem for a long time. They're not the only people who thought this approach of extra verification would be a good idea. MCAfee did it, Opera (I think) just linked up with one of the Microsoft spawns that tests everything and drags web use to a crawl. It's as poor an idea as "background" disk defragging which does nothing other than work the drives because it's not possible to sort a drive which is in flux.

Avast! is frequently recommended as a free anti-virus. BUT...do some research and you'll see it's not that great at catching known junk. ESET does test very well but you only get 30 days of free use. Avir's free version does seem to offer full integration (in-line scanning, auto updates, etc.) which I don't remember being there a few years ago when freeware scanners only worked on-demand. http://www.free-av.com/ It tests very well, actually, better than AVG and Avast!

In their defense, if I remember correctly, AVG DID offer free fully integrated inline scanning first with a decent catch rate. Why did it take them so long to comprehend version 8 was a hog and would generate so much anger and resentment? Who knows. Maybe their time has past just line PKZip...

Re:So is AVG still a good AV prog?

[BagOBones]

The and Update system in AVG 8.0 is vastly improved.

I was using Avast and and installed it for several family members only to have one of them get a HORRID spyware infection.

Interestingly AVAST did not detect it at all, Spybot and Ad-aware could not completely remove it, but after installing AVG 8.0 it cleaned everything up.

After checking several reviews it seems AVG 8.0 has one of the best Virus and Spyware detection rates among current products.

Re:So is AVG still a good AV prog?

This is about the same amount of protection as pulling out is a form of birth control.

Are you telling me:

1. You never open links in search results to sites you have never been to?
- If you are running windows using Firefox or IE there have been many cases of 0 day exploits

2. Do you not use any USB storage devices?
- Just this Christmas I purchases a digital photo frame for a family member that had built in storage. low and behold when I went to preload it with photos it was already infected with a virus that was set to use auto play to install.

3. You 100% trust EVERY thing your friends or family send you? Document infections are still somewhat common. I suppose using Open office would get you around macro infections but you also might not be able to open company documents then.

I would also imagine that ANYONE who is on slashdot and manages security also believes in the layered approach. Inbound only filtering from your firewall and using your gut to know what is safe or not is an easy one to work around.. Well unless you are a hermit that never gets any email.

Re:So is AVG still a good AV prog?

[sqlrob]

I don't browse (usually) for pr0n or for cracks, so I don't worry.

What about those cracks into the high profile web servers that deposit malware? You have to trust every webmaster out there to have properly secured their systems.

Re:So is AVG still a good AV prog?

How about:
"Program Settings"->Sounds->Settings...
Then scroll to the "Automatic VPS Update" event and pick the "(None)" sound.

Re:So is AVG still a good AV prog?

[number11]

Well, yes but.. (you've seen the complaints).

Other decent free ones are:
Avast is popular.
AVira seems good, you get one popup ad per update.
Comodo permits business use.
BitDefender has a free version.
I'm not including ClamAV because it's just a scanner, no realtime protection.

Posting AC because I've moderated,
number11

Re:Are you sure?

See: http://forums.whirlpool.net.au/forum-replies.cfm?t=1007329&p=13#r256

The fix has been independently tested.

Cheers WTW

Re:Way to go!

Simon has state that the server normally deals with 50 queries / second.

So 12 more / second is quite a bit of load.

Cheers WTW

ZXTM TrafficScript rule:

Users of Zeus Technology's ZXTM could use the following TrafficScript rule to protect themselves from AVG's DDoS attacks:

if( http.getHeader("Accept-Encoding") == "" &&
        http.getHeader("Referer") == "" )
{
      $ua = http.getHeader("User-Agent");
      if( $ua == "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"||
              $ua == "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)"||
              $ua == "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"||
              $ua == "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)" )
      {
            connection.discard();
      }
}

Re:Way to go!

[Now15]

The single web server that powers Whirlpool is typically handling 30 to 40 non-cached template requests per second. We've got over 15 gigabytes worth of user posts online, and receive hundreds of referrals from Google every minute.

Given that it's running on a 4-year-old web server (in tandem with another 4-year-old MySQL box), I think ColdFusion is doing pretty well for itself.

Cheers
Simon Wright

Moon Secure AV (FOSS)

[GameboyRMH]

This is what I'm switching to:

http://www.moonsecure.com/

Re:I certainly won't be looking

[Holistic+Missile]

You do realize that ClamWin currently does not have an on-access scanner, don't you? That means a zero detection rate unless files are manually scanned. Right now, your 'clueless users' are unprotected.

Re:Way to go!

[Now15]

That's 40 requests per second to the web server, not the database. Actually, this custom-built application is quite efficient, because that only translates to around 50-70 queries per second.

MySQL isn't the bottleneck. It's simply running on hardware that's not even a quarter as powerful as it should be if it were commercially operated. And that's before we take into account failover resources or future proofing.

I've seen cases of PHPBB and vB installations, with better hardware than us, unable to handle even a tenth the load we get.

40 requests per second is not a small load for a single website. Whirlpool gets around 1.5 to 2 million non-spider page views per day, plus and additional half million spider hits.

PostgreSQL and Firebird are certainly more comprehensive database stacks, but I'm quite sure they wouldn't match MySQL for efficiency when dealing with these relatively uncomplicated queries. Even if they could provide a nominal improvement, the effort involved in porting the databases and every query in this custom application would be extreme overkill.

Cheers
Simon Wright

Re:Whirlpool and WebCentral

[Now15]

As the owner of Whirlpool, please moderate the parent as uninformed.

While I'm not in a position to provide an unbiased opinion of WebCentral, they do cater to a very important market -- people who need a premium quality service. If my experience with the $0 service they provide Whirlpool is any indication, WebCentral are not just technically excellent, their support system is outstanding and reactive. I can only imagine how much better they treat the customers who pay them.

Just because you only want the bargain service, doesn't mean everyone does.

And the only reason Whirlpool isn't blazing fast, is because we're running with a bunch of WebCentral's spare hardware. We're a community service, not a business.

Cheers
Simon Wright