Slashdot Mirror
AVG Backs Down From Flooding the Internet
Simon Wright writes "As a website that is featured heavily in many Google Australia search results, Whirlpool (Australia's largest technology forum) has been particularly affected by AVG's LinkScanner. We've seen a traffic increase as much as 12 hits per second from these bots. So we've actively and loudly campaigned against this move by AVG, encouraging all users of AVG 8.0 to uninstall the product. The discussion starts here. And AVG's backing down is posted here."
From that URL:"'As promised, I am letting you know that the latest update for AVG Free edition has addressed and rectified the issue that [Whirlpool] have brought to our attention. This update has now been released to users and has also been built into the latest installation package for AVG Free.' — Peter Cameron, Managing Director, AVG Australia."
Maybe you should keep looking. A company in the business that AVG is in should have seen this coming, what makes you think more of the same "quality" is not in the future? It shows a serious lack of foresight for a company that should have top-drawer management and programmers considering their business. Frankly, this kind of crap reflects badly on what consumers should assume for the quality of their product.
If you want news from today, you have to come back tomorrow.
The site complains to AVG that its load has increased, so in response in gets a /.ing. Nice!
Anyway, the statement that "We've seen a traffic increase as much as 12 hits per second" is meaningless without knowing the overall traffic levels - for example, is +12/sec an increase of 100%, or an increase of 1%?. It's referred to as a "significant drain" on resources, but quoting one number without the other is pointless.
See: http://forums.whirlpool.net.au/forum-replies.cfm?t=1007329&p=13#r256
The fix has been independently tested.
Cheers WTW
I dunno, I use Avast, it's pretty good and free as well. I like the UI a bit better and it seems to get definition updates pretty frequently. Much less of a resource hog than Norton/McAfee too, although so is AVG.
All your base are belong to Wii.
I second your question. I used AVG Free for a long time and uninstalled it very quickly when I heard the news. But I'm having choosing a replacement cost-free anti-virus program for Windows. Here's are the factors I've been considering...
AVG Free Pro: seems pretty effective and runs inobtrusively (at least locally). Con: has DDoS'd websites in the past and perhaps still shouldn't be trusted.
Avira Pro: no track record of DDoS'ing websites. Con: obnoxious pop-ups "reminding" me about the premium version; apparently got some poor reviews for infection treatment.
Avast Pro: no track record of DDoS'ing websites. Con: requires manual re-registration.
I'm using Avira now but I'm considering switching again because of the pop-ups. Any advice? (And yes, I already run Linux but still need Windows for some things, and no, I'm not interested in paying for anti-virus software, since 99% of virus protection is common sense.)
It turns out that LinkScanner was implemented in secret by two employees during odd hours, when all the other people had gone home(*). One of these employees, who likes to use the handle "pinky", was in charge of unit testing, while the second employee, who sometimes goes under the nickname "brain", actually designed the module.
Investigations are ongoing, but preliminary questioning of the employees does suggest that LinkScanner's purpose was either to "take over the world", or possibly to "zort" a "narf-poit".
(*) except for Norm, who didn't notice anything because he was busy looking for a misplaced stapler in another part of the building.
This is about the same amount of protection as pulling out is a form of birth control.
Are you telling me:
1. You never open links in search results to sites you have never been to?
- If you are running windows using Firefox or IE there have been many cases of 0 day exploits
2. Do you not use any USB storage devices?
- Just this Christmas I purchases a digital photo frame for a family member that had built in storage. low and behold when I went to preload it with photos it was already infected with a virus that was set to use auto play to install.
3. You 100% trust EVERY thing your friends or family send you? Document infections are still somewhat common. I suppose using Open office would get you around macro infections but you also might not be able to open company documents then.
I would also imagine that ANYONE who is on slashdot and manages security also believes in the layered approach. Inbound only filtering from your firewall and using your gut to know what is safe or not is an easy one to work around.. Well unless you are a hermit that never gets any email.
... contains some kind of overflow bug? I guess hundreds of thousands of AVG equiped PCs will get infected instantly?
A programm that fetches each and every link it comes across *can't* be a very good idea. Certainly a feature invented by people without a security mindset?
There's no need to be hypothetical. Anyone here have an unmodified AVG 8? Congratulations: you have just downloaded a page on how to home-brew all the most illegal drugs in the USA. Enjoy!
If you were blocking sigs, you wouldn't have to read this.
That is why after using AVG for years I switched to Avast. The whole point of AVG was that it WASN'T all bloaty and full of extra crap like Norton. Now they are just as slow,just as sluggish,and just as irritating. Oh and for the user that says turn it off? I don't know that it is still the case as I switched to Avast,but AVG would scream that it wasn't working if you disabled the bloat. So you would have to check the stupid thing because you had no idea if it really wasn't working because of an error,or if it was just bitching because you had turned off linkscanner. Anyway that is my 02c,YMMV
ACs don't waste your time replying, your posts are never seen by me.
There are (or at least there were) other motives to dump AVG.
1) I installed it - just once, long ago, and threw it out of the window as soon as I found out that it was adding a spam footer advertizing itself in each e-mail I sent. Didn't even try to find if that could be turned off: garbage belongs in the garbage bin, not on my PC, and certainly not in my outgoing mails without my knowledge.
Don't know if they're still doing it, or if it's still on by default, and I'm not interested in finding out either.
2) Visit the forum TFA links to, find the post by the guy who upgraded to Avast and immediately discovered a pile of bad stuff on his system that AVG had apparently missed. Instead of scanning sites you don't visit, it sounds like they'd better start doing something about the quality of the scan on those you DO visit.
I'm sure #2 hasn't always been as bad as it sounds here. But protection is a process, not a goal, and it smells like they're lagging a bit behind right now.
. A company in the business that AVG is in should have seen this coming, what makes you think more of the same "quality" is not in the future?
No, I certainly won't be looking. There are just a handful of companies which *listen* to its customers. There fewer that listen to the users of their product which use it for free.
AVG shown that at least they do listen to their users, and are likely to rectify when they screw up. Similar to what happened with Netflix.
A bad company is not one which makes wrong choices, we all make wrong choices. But when the company is not able to acknowledge their errors and rectify, is when you should start looking for someone else to make business with.
I use AVG Free and recommend it to all the people who come to ask me for an Antivirus. The truth (in my opinion) is that such a thing should be provided with Microsoft Windows for free, after all it is the fault of their crappy Operating System that the computers get all infected.
Ubuntu is an African word meaning 'I can't configure Debian'
How about:
"Program Settings"->Sounds->Settings...
Then scroll to the "Automatic VPS Update" event and pick the "(None)" sound.
They weren't an optional part of the install unless you used avg_free_stf_*.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch
As far as I could tell even selecting custom installation in the default didn't give you an easy way to disable link scanner. Disabling it from the AVG menu didn't actually stop link scanner from loading and running in the background. It also had the side affect of putting up a warning icon and a messages that said your computer may be unsafe or some such nonsense.
In this case I think a bit of condemnation towards AVG was richly deserved and hardly a knee jerk reaction. And actually they did try to crash the internet. That's what the uproar was all about.
As the owner of Whirlpool, please moderate the parent as uninformed.
While I'm not in a position to provide an unbiased opinion of WebCentral, they do cater to a very important market -- people who need a premium quality service. If my experience with the $0 service they provide Whirlpool is any indication, WebCentral are not just technically excellent, their support system is outstanding and reactive. I can only imagine how much better they treat the customers who pay them.
Just because you only want the bargain service, doesn't mean everyone does.
And the only reason Whirlpool isn't blazing fast, is because we're running with a bunch of WebCentral's spare hardware. We're a community service, not a business.
Cheers
Simon Wright
Computers are useless: they can only give you answers. -- Pablo Picasso
Aside from the problem with increased traffic for webmasters to deal with, if someone had found an exploit for AVG, many systems might have been compromised without the user actively visiting the exploiting sites, making it worse in some ways than an iframe-based exploit. If all it effectively takes is for a link to appear in the page, that adds danger to what was just inconsiderate behavior.
You can never go home again... but I guess you can shop there.