Slashdot Mirror
AVG Backs Down From Flooding the Internet
Simon Wright writes "As a website that is featured heavily in many Google Australia search results, Whirlpool (Australia's largest technology forum) has been particularly affected by AVG's LinkScanner. We've seen a traffic increase as much as 12 hits per second from these bots. So we've actively and loudly campaigned against this move by AVG, encouraging all users of AVG 8.0 to uninstall the product. The discussion starts here. And AVG's backing down is posted here."
From that URL:"'As promised, I am letting you know that the latest update for AVG Free edition has addressed and rectified the issue that [Whirlpool] have brought to our attention. This update has now been released to users and has also been built into the latest installation package for AVG Free.' — Peter Cameron, Managing Director, AVG Australia."
Can it be shown that they have stopped doing this accross the board? Or only for the "high rollers"? It wouldn't surprise me if such a bunch of assholes as these only "whitelist" people that can sue them.
If you want news from today, you have to come back tomorrow.
I was looking at alternatives to AVG because of this. Good to know I don't have to keep looking.
I fail to see what Grisoft ever thought LinkScanner would acheive above the scanners that are becoming common in competing products that simply intercept http and pop3 traffic as it comes over the network. To me it seemed unnecessary to actually fetch every single search result. It also would obviously interfere with web analytics, and is potentially a security risk to people using AVG, not in terms of desktop security, but in terms of your real-life personal security. For example, I recall a recent article where the FBI had arrested people merely for clicking links to a porn site they had set up. Are you really safe from such operations and the general tendency of Government agencies to monitor activity these days when your computer is in effect programmed to click links for you?
I don't see information at the links in the summary of what changes were actually made to AVG now. Does anyone have details?
The site complains to AVG that its load has increased, so in response in gets a /.ing. Nice!
Anyway, the statement that "We've seen a traffic increase as much as 12 hits per second" is meaningless without knowing the overall traffic levels - for example, is +12/sec an increase of 100%, or an increase of 1%?. It's referred to as a "significant drain" on resources, but quoting one number without the other is pointless.
I use AVG... and was watching this.
I'm sure they thought it was a good idea, and sometimes good companies make bad moves.... I got AVG because leo laporte reccomended it, and dammit, i like leo.
But things change over time... is AVG still a good free AVG prog? And I dont mean just because of this controversy, they made good on it and responded. I mean the long haul.
There's nothing Intelligent about Intelligent Design.
I had already disabled LinkScanner.
I followed instructions as posted recently here to remove LinkScanner: this resulted in a re-install of AVG (without LinkScanner). The first update this re-install wanted was LinkScanner plus plugins, there was no way I could cancel and just get virus definitions, no point in continuing.
I have installed Clam. Now I can scan what I want when I want.
Run Linux, then you can tell all those virus-writing-wankstains to go suck a fat cuze.
Or, if you must run Windows, ditch ALL your anti-virus/anti-spyware/third party firewalls and set all your everyday users as Limited Accounts. I've been running like this for over 18 months and I'm completely malware-free.
Squirrel!
Users of Zeus Technology's ZXTM could use the following TrafficScript rule to protect themselves from AVG's DDoS attacks:
if( http.getHeader("Accept-Encoding") == "" &&
http.getHeader("Referer") == "" )
{
$ua = http.getHeader("User-Agent");
if( $ua == "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"||
$ua == "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)"||
$ua == "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"||
$ua == "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)" )
{
connection.discard();
}
}
Thing about Whirlpool is that it's a custom CF package developed by the webmaster and it's a thing of beauty. The ugly thing about is that it's hosted on WebCentral.
WebCentral... Whirlpool doesn't have to pay any money to WebCentral, they host it for free. The funky thing is that almost nobody on Whirlpool ever recommends WebCentral for webhosting. They recommend all sorts of other companies in Australia, except probably the most vocal one, WebCentral.
The reason? I've got customers that have PHP and ASP websites with WebCentral and pay $40 a month for a massive 200 MB of storage and 1 GB of transfers. Which is nothing these days. And for that amount of money, you'd think that the sites would at least be quick... think again. They are slow because WebCentral really don't know what they are doing. They've only got IIS and the first access to a website always takes ages for the DLL of the virtual site to start up and do its stuff. All the subsequent accesses are pretty quick. 12 accesses per second for the biggest techie forum in Australia shouldn't be all that much extra and certainly shouldn't bring the server to its knees. Search on Whirlpool hasn't been working most of the time because WebCentral's servers just won't take it. Full-text search will never exist, not as long as it's on WebCentral anyways.
WebCentral got bought out, not too long ago, by MelbourneIT, a registrar for .au domains, so you'd think that WebCentral had a clue when it came to DNS. They don't. I asked them to set up a new subdomain with a different IP address? What do they do? The redirect mail.something.com.au to point to the new IP address, with the hilarious consequence of a dozen people not being able to get any emails for a few days.
And then there's the case of the $65 for 2 year domain registration. You'd think that would include DNS hosting, as asiaregistry.com do for $30 for 2 years. MelbourneIT offers a 1-page website for $140 for 2 years. Well, think again. The $65 only cover domain reservation. It means that you register a domain, pay them money, but that's it. They sell you a product that's more than twice as expensive than with a reasonable competitor, but you can't actually do anything with it. No, what you want is 'Domain Parking', there's no way to get DNS hosting apart from that. $240 for 2 years. We've had domain names with AsiaRegistry for years now, and they've been absolutely reliable, more so than WebCentral will ever be.
I called them about that, they say that the advantage is them being a local business. That's the entire argument. A local business with shit webhosting and crap value. Don't ever do business with WebCentral.
There's no way I'd ever post this on Whirlpool, because it'd get removed by WebCentral, one way or another, immediately. And there's no way you'll see Simon Wright responding to me, it's like everything is open for discussion on Whirlpool as long as it's on topic, except WebCentral. They do provide hosting for free and can make Simon's life a bit uncomfortable at least if WebCentral is all of a sudden open for discussion.
... contains some kind of overflow bug? I guess hundreds of thousands of AVG equiped PCs will get infected instantly?
A programm that fetches each and every link it comes across *can't* be a very good idea. Certainly a feature invented by people without a security mindset?
I've never ran an antivirus in the 8 years I've used windows.
I've periodically ran scans from antivirus.com to confirm that I have no viruses, and I haven't had any obnoxious (I won't say no spyware, the definition is rather broad ...) spyware in the last 5 years ...
Really, safer web habits and nat based firewall are an excellent defense. You don't always need resource hogging programs or top tier firewalls to protect your computer, just think twice before clicking random links!
No, I am not an English major. My posts are subject to typos and incorrect grammar. Do not expect perfection.
Uh, vector #1 includes basic Windows networking.
Seriously, take an XP box and plug it directly into a home cable/ADSL modem.
About a year and a half back, I did that for maybe a week. I'd kept all the crit updates in there, and yet the AV software would pop up every few hours announcing that a new gift had arrived on the PC. Installed a third-party firewall, and then put the thing behind a router/hardware firewall.
Malware evolves rapidly, and we as individuals can't spend as much time combating it as the makers do in developing it. Sure, by only using trusted programs, only surfing to known sites, and never opening suspect attachments, you'll avoid all but 1% of the types malware out there. But when you're talking about thousands of types, the odds aren't so good.
And, when you're talking about a home environment, where the "administrator" cannot lock down the usage all the time, you better have something.
You also left out a vector #3) any software defect that, when combined with networking, leads to an unsafe situation. Using images to trigger buffer overflows and execute code, for example. Or exploiting a Flash bug. Now, combine that with an exploit to gain access to third-party ("Trusted") web servers, and everyone's gonna need something.
As bad as it was, AVG's spoofing the useragent as IE6 was pretty smart: if a site has malware, it'll deliver it to IE6.
I already switched from AVG to Avast. One thing I noticed, is that under Vista, the "AVG safe search" doesn't get uninstalled from the Internet Explorer. Mind you, I use Firefox, but after uninstalling the AVG, I realized that I haven't checked if the IE also has this piece of software in it. Well, it does, and now I have no idea how to get rid of it without fiddling with the registry. IE doesn't let me delete the component even with Admin privileges. Any ideas how to get rid of it? Google turned up only similar questions but no solution.
Goddamned sales-speak, full of lies and deception, as always. There was no "issue" to "addres and rectify" after being "brought to attention". Of course they knew it would work like that, they desgined it to. They just thought they would get away with it. The world would be a better place if it were to be criminal to tell such cattledung as an official statement.
This is Slashdot. Common sense is futile. You will be modded down.
Bad ideas like this one seem to have a life if their own in marketing departments.
That's a good one, but there's also this suggestion from TFA:
. A company in the business that AVG is in should have seen this coming, what makes you think more of the same "quality" is not in the future?
No, I certainly won't be looking. There are just a handful of companies which *listen* to its customers. There fewer that listen to the users of their product which use it for free.
AVG shown that at least they do listen to their users, and are likely to rectify when they screw up. Similar to what happened with Netflix.
A bad company is not one which makes wrong choices, we all make wrong choices. But when the company is not able to acknowledge their errors and rectify, is when you should start looking for someone else to make business with.
I use AVG Free and recommend it to all the people who come to ask me for an Antivirus. The truth (in my opinion) is that such a thing should be provided with Microsoft Windows for free, after all it is the fault of their crappy Operating System that the computers get all infected.
Ubuntu is an African word meaning 'I can't configure Debian'
Can you prove it? Rootkits? Priviledge escallation? Malware != virus != bot ... Anyone? Even if it were true, it does not prove your tactic is a good one... you just might have been lucky... Ditching firewall(neither for private nor public IP) is not a good idea. First, there are many programs that open ports. And second, there isn't a day that my outer perimeter isn't under constant attacks.
news just in, whirlpool hit with a new torrent of traffic due to posting on slashdot... mmm irony.
This is what I'm switching to:
http://www.moonsecure.com/
"When information is power, privacy is freedom" - Jah-Wren Ryel
I actually bought AVG 8.0 (been using the free edition for years and felt guilty), then immediately uninstalled it.
The problem? Crashing my machine left and right. I could reliably crash winamp by opening small files, and other programs acted very very oddly.
Uninstalled, and the problems went away.
You can disable the safe search plug in pretty easily in IE. Just go to Tools, Internet Options. Take the Program tab, and push the Manage Add-Ons button. Find AVG Safe Search in the list and click it, then select disable. Hit OK, then OK again. Done.
Ceci n'est pas une sig.
:wq!
I had AVG 7.5 on my wife's computer. It kept bugging me to install AVG 8 by saying there would be no more virus definitions after June 30th. So, I tried to upgrade-THREE TIMES! Every time its installer crashed. I even uninstalled 7.5 and it STILL crashed. Then I went to DSL Reports and read all the complaints about AVG 8.0, so I put Avast! on her computer. It works GREAT!
Accessing every webpage you see a link to multiplies the bandwidth you use by at least an order of magnitude.
On the other hand on today's modern web, the HTML page only accounts for a small fraction of all the content that is fetched from a webserver. The bulk of what your browser downloads is all the various other flashy shiny and blinking stuff that are added to "enhance" your browsing experience. You know, all these "punch the monkey" flash crapplets.
AVG scanner doesn't download them, only the main HTML page and associated scripts (i.e.: where dangerous code could actually be hidden). Not even the CSS associate with those pages.
If you want to actually improve your browsing experience and have better use of your bandwith install some tools to kill all this useless flash (adblock+, flashblock or noscript). Your firefox will also gain stability with the same move.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Many virus scanners, including AVG, are a little over zealous. They report some things as bad that aren't. Ones that commonly get flagged are trainers for video games. Reason is they do things like monitor the keyboard and hook in to other processes. However they are doing it to let people cheat in games, not for nefarious purposes. However you'll find that some virus scanners get all worked up about them, while others don't.
Just because you switch scanners and the new one goes off, doesn't mean your old one did a bad job. You need to evaluate what it is finding. Also there's the consideration of things like malware/adware scanning. Some virus scanners check for this, some don't, and what they check for varies. The reason is the whole malware thing isn't as clear. Something I consider malware, another user may be perfectly ok with. Also since it comes with software sometimes and removing it can break the software, some virus scanners dont' mess with it, leaving that instead to anti-malware apps like Windows Defender.
So don't be too quick to judge on numbers.
Was this AVG thing deemed evil? Bad for the internet? Fasterfox it's a very popular Firefox extension that's even worse. Fasterfox downloads every link, not only from a Google search, but from every page you visit. And this thing is offered by Mozilla addons site at https://addons.mozilla.org/en-US/firefox/addon/1269 (though it still hasn't bee updated for Firefox 3). I hope someone follows this article's example and remove this thing from the Mozilla's site.
That's a moronic statement. It is along the lines of saying "Don't lock the door, just sleep with a shotgun next to your bed." Yes, I'll admit the shotgun would be far more useful at stopping a determined attacker IF (and only if) you notice the person and can act.
AV programs are just another level in having good defense in depth, and being proactive about security. What that philosophy means is:
1) You don't have a single point of security, you have multiple levels. There isn't one failure point. Thus if something slips through one level, it isn't in the clear.
2) You have security systems that don't rely on someone minding after them, in addition to ones that do. Thus if there is a slip in vigilance, that can't necessarily be exploited because there are automated systems.
3) You don't assume things are secure just because you haven't faced attack there before. You look for potential weaknesses and work on ways to secure those.
This is the way to achieve good security, and to do it while maintaining good usability. Sure, we could tell everyone that every program has to be isolated in it's own VM. That'd be totally unusable and only (sort of) secure until there's an exploit to the VM program (which has happened to VMWare at least once before). Or we could be smart about it: We run a virus scanner, a malware scanner, a software firewall on the PCs, a hardware firewall on the network, we patch our systems, we have good security policies (like using UAC/sudo). Then things are still perfectly usable, and even if people drop their guard, even if an attack gets in through something, it is unlikely to be a real problem.
So even if you are a pro user, run a virus scanner anyhow. Will you need it? Probably not. However proactive security and defense in depth are the way to go.