AVG Backs Down From Flooding the Internet

Simon Wright writes "As a website that is featured heavily in many Google Australia search results, Whirlpool (Australia's largest technology forum) has been particularly affected by AVG's LinkScanner. We've seen a traffic increase as much as 12 hits per second from these bots. So we've actively and loudly campaigned against this move by AVG, encouraging all users of AVG 8.0 to uninstall the product. The discussion starts here. And AVG's backing down is posted here." From that URL:"'As promised, I am letting you know that the latest update for AVG Free edition has addressed and rectified the issue that [Whirlpool] have brought to our attention. This update has now been released to users and has also been built into the latest installation package for AVG Free.' — Peter Cameron, Managing Director, AVG Australia."

Good Stuff!

[IceDiver]

I was looking at alternatives to AVG because of this. Good to know I don't have to keep looking.

Re:Good Stuff!

[Frosty+Piss]

I was looking at alternatives to AVG because of this. Good to know I don't have to keep looking.

Maybe you should keep looking. A company in the business that AVG is in should have seen this coming, what makes you think more of the same "quality" is not in the future? It shows a serious lack of foresight for a company that should have top-drawer management and programmers considering their business. Frankly, this kind of crap reflects badly on what consumers should assume for the quality of their product.

Re:Good Stuff!

[shellbeach]

I was looking at alternatives to AVG because of this. Good to know I don't have to keep looking.

If you have a look at the Whirlpool page, you'll see that every page in the forum is headed by an orange banner, that not only references the AVG problem and suggests users uninstall the software, but also recommends and has direct links to "superior alternatives" such as Avast and Avira.

I can't think of a better way to quickly change a company's mind than this sort of strategy :)

Re:Good Stuff!

[hairyfeet]

That is why after using AVG for years I switched to Avast. The whole point of AVG was that it WASN'T all bloaty and full of extra crap like Norton. Now they are just as slow,just as sluggish,and just as irritating. Oh and for the user that says turn it off? I don't know that it is still the case as I switched to Avast,but AVG would scream that it wasn't working if you disabled the bloat. So you would have to check the stupid thing because you had no idea if it really wasn't working because of an error,or if it was just bitching because you had turned off linkscanner. Anyway that is my 02c,YMMV

Re:Good Stuff!

There are (or at least there were) other motives to dump AVG.

1) I installed it - just once, long ago, and threw it out of the window as soon as I found out that it was adding a spam footer advertizing itself in each e-mail I sent. Didn't even try to find if that could be turned off: garbage belongs in the garbage bin, not on my PC, and certainly not in my outgoing mails without my knowledge.
Don't know if they're still doing it, or if it's still on by default, and I'm not interested in finding out either.

2) Visit the forum TFA links to, find the post by the guy who upgraded to Avast and immediately discovered a pile of bad stuff on his system that AVG had apparently missed. Instead of scanning sites you don't visit, it sounds like they'd better start doing something about the quality of the scan on those you DO visit.

I'm sure #2 hasn't always been as bad as it sounds here. But protection is a process, not a goal, and it smells like they're lagging a bit behind right now.

Re:Good Stuff!

[Jurily]

AVG took a serious wrong turn somewhere. It used to be a no-questions-asked-use-me-please virus scanner of the highest quality. I used to recommend it to everyone. I used to start fixing my friends' computers by uninstalling the bloated virus scanners they had and installing AVG.

Now they've gone corporate (for lack of a better term).

Anyone know of an alternative to fill the role?

Way to go!

[djce]

The site complains to AVG that its load has increased, so in response in gets a /.ing. Nice!

Anyway, the statement that "We've seen a traffic increase as much as 12 hits per second" is meaningless without knowing the overall traffic levels - for example, is +12/sec an increase of 100%, or an increase of 1%?. It's referred to as a "significant drain" on resources, but quoting one number without the other is pointless.

Re:So is AVG still a good AV prog?

[onefriedrice]

Here is a secret for you: You do not need AV software.

Actually, let me clarify that statement. You might need AV software if you are a very uninformed user who likes to open email attachments from unknown people or download lots of useless software from questionable sources. However, if that person I described is not you, then you do not need AV software, and it is just taking system (and apparently network) resources.

The reason you don't need AV software is because there are only two ways to get virus on your computer: 1) Network-related software you use is exploited. 2) You willingly (although accidentally) run the bad software yourself. Yes, I'm simplifying things, but it is hardly any more complicated than this. Since you are an informed user, you have learned not to run bad software, so #2 doesn't apply to you; and since you patch your system regularly (right?), #1 is very unlikely.

However, there may be a tiny window between the time that an exploit is found and the patch being made available where you could potentially be vulnerable. Theoretically, AV software can 'protect' you in this scenario since virus definitions are made available sooner than patches. The solution here is, again, to be an informed user. If a piece of software you use becomes vulnerable to a new exploit, you should know about it and take the necessary precautions yourself during the time before a patch is released, in order to protect your system. This will protect you much better than any AV software will, and it's not difficult since there are not many pieces of software which could even be exploited (the main ones are your browser and other internet-related apps).

Now, I'm a user and developer of Mac OS X, Linux, BSD, and Windows. I have been running Vista for almost a year without a hitch by being an informed user. Actually, I also usually install patches long after they are available because I turned off the automatic download/install feature (I like to know what's using my internet connection), and for some reason it doesn't even notify me of the availability of patches so I often forget. Nevertheless, I've never been compromised mainly because I don't run questionable software or read unknown emails, and the security of the software (and patches) has been good enough.

In my opinion, AV software is a scam. It might be useful for grandmas and other clueless users who open email attachments indiscriminately, but I cannot see how anyone informed enough to be on /. cannot also manage his own security. Not that /. users are at the pinnacle of being-informed-edness, but I should think that you should be informed enough to be able to live without AV software quite easily. Bottom line: run a firewall (preferably a hardware firewall), patch often, be informed, and ditch the AV software.

Re:So is AVG still a good AV prog?

You have a point, but I received an infected Word file from a customer just a couple years ago.

When the contract is a few million bucks, you suck it up and run AV and don't tell them how to run their business.

So, what if LinkScanners scan engine...

[NorQue]

... contains some kind of overflow bug? I guess hundreds of thousands of AVG equiped PCs will get infected instantly?

A programm that fetches each and every link it comes across *can't* be a very good idea. Certainly a feature invented by people without a security mindset?

Re:Are you sure?

[Heembo]

The problem is no so much the consumer experience... (although consumers experience was changed significantly as web searching became a lot more resource intensive).

The problem is that the link scanning featured caused a great deal of traffic to sites - even sites that consumers did not visit. That's not cool.

I certainly won't be looking

[xtracto]

. A company in the business that AVG is in should have seen this coming, what makes you think more of the same "quality" is not in the future?

No, I certainly won't be looking. There are just a handful of companies which *listen* to its customers. There fewer that listen to the users of their product which use it for free.

AVG shown that at least they do listen to their users, and are likely to rectify when they screw up. Similar to what happened with Netflix.

A bad company is not one which makes wrong choices, we all make wrong choices. But when the company is not able to acknowledge their errors and rectify, is when you should start looking for someone else to make business with.

I use AVG Free and recommend it to all the people who come to ask me for an Antivirus. The truth (in my opinion) is that such a thing should be provided with Microsoft Windows for free, after all it is the fault of their crappy Operating System that the computers get all infected.

Re:Are you sure?

[srh2o]

They weren't an optional part of the install unless you used avg_free_stf_*.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch As far as I could tell even selecting custom installation in the default didn't give you an easy way to disable link scanner. Disabling it from the AVG menu didn't actually stop link scanner from loading and running in the background. It also had the side affect of putting up a warning icon and a messages that said your computer may be unsafe or some such nonsense. In this case I think a bit of condemnation towards AVG was richly deserved and hardly a knee jerk reaction. And actually they did try to crash the internet. That's what the uproar was all about.

Re:Are you sure?

[Sique]

Because the idea itself is flawed. Normally you visit only a minuscle part of the links your browser shows you. LinkScanner follows all of those links even when you never planned to visit them.

Re:Are you sure?

[jonbryce]

It could be a lot more than tenfold.

For example, the first link in Google for "wine" is for a program that lets you run windows software in other operating systems, and no 3 is the wikipedia entry about it. The rest of the links are about alcoholic drinks.

Most people outside of slashdot are going to be interested in the alcoholic drink links, but if they have AVG installed, they will be "visiting" winehq.org as well, even though they probably already have windows and the wine program will be completely useless for them.

Re:Are you sure?

[Martin+Blank]

Aside from the problem with increased traffic for webmasters to deal with, if someone had found an exploit for AVG, many systems might have been compromised without the user actively visiting the exploiting sites, making it worse in some ways than an iframe-based exploit. If all it effectively takes is for a link to appear in the page, that adds danger to what was just inconsiderate behavior.