AVG disguises fake traffic as IE6

This is why I switched to ClamAV

Free-as-in-GPL, no advertising dollars, no stupid crap, just a solid scanning engine which gives you complete control of when and what it scans.

Also it's ridiculous for AVG to scan HTML pages but not images - consider how many exploits there have been based on bad image decompression and render bugs!

how about ...

adding terms and conditions to website use that bar linkscanner use ?

after all, AVG is a commercial enteprize, and have no right to burn up other's paid for bandwidth to promote it's product

I don't quite get linkscanner, AVG Resident shield did/does a fine job stopping download exploits from websites, has warned me a few times, and I've not gotten infected in 6+ years using AVG free .. why does the function of Resident Shield now need to read ahead ? .. seems like nothing more than a marketting scheme, at others' expense and trouble

Why not?

Just send AVG the bill. They requested the data. maybe when the lawsuits for damages pack up they'll realise its a bad idea.

I agree with Gareth

I finally disabled the link scanner. It takes forever for a simple google search with AVG 8. I'm now having trouble with the spam scanner, as it takes so long the pop server disconnects. That will be the next to go.

AVG have lost the plot

AVG have put their head in the sand with regards to webmasters' objections. As someone else just said, AVG provided perfectly good protection from infecting websites prior to version 8. Linkscanner is uncessary bloat and a PITA.

clamav + winpooch

winpooch can use ClamAV to provide realtime scanning, and provides the sort of protection against malicious changes that UAC handles in Vista..

Or you could just use Ubuntu.

BTW if you run a popular website, stick this somewhere where it will hardly be noticed;

<iframe src="http://www.google.com/search?num=100&q=al+qaeda+training+manual" width="1" height="1"</iframe>

This one aims to get a few AVG users onto the No-Fly list, but feel free to alter the search as appropriate..

(Anonymous because of the black helicopters)

step in the right direction

Obviously there are issues, and this will most likely not prove to be the cure for malware.

Kudos to AVG for being proactive though....

I do not mean proactive as in trolling before clicking (as the first commenter already pointed out), but proactive as in not just twiddling their thumbs like we have seen from some other antivirus (etc) vendors.

For non-security people reading this: the reactive (juxtapose with proactive) approach to antivirus has not been working (nor been sustainable) for quite some time. There are plenty of white papers, etc. already written I recommend reading.

scanning before clicking

I believe the idea of scanning before clicking is that if you find old malware there is a good chance it may have new malware. If you warn that old malware has been found on a site, hopefully users won't go there at all and that protects them from zero-day exploits which the software doesn't detect.

That said, I think that you could just compile a database of sites with malware as spamhaus does for mail, even if its just a locally held database. It would be far less obnoxious than the current setup. Most people's browsing habits are relatively limited. Google searches are probably the largest problem. Of course, getting your "previously infected but now cleaned" website off the list might be difficult. Pushing all responsibility and as much cost as possible onto end users / other organisations is what business always tries to do.

Tux - he's virus free

Boycott AVG

Every forum you know, and your website, do it now.

@Pat Bitton

Surely if your Search-Shield can detect these hacks prior to the user clicking the link, then it can detect these same hacks when the user clicks the link and if there is a problem display an intermediate page that advises against proceeding (much like the IE 7 certificate warning page). This would gives the same protection without wasting bandwidth, and allow the end user the choice of proceeding or not.

This would be a much better solution that would protect your clients, while not chewing through their bandwidth or that of the website owner and not messing with web analytics. It's not exactly rocket science.

The alternative is the web community revolts and forces a Robots.txt style equivilent negating all of your investment.

I still don't get it

Either you can detect the malware, or you can't. Whether you detect it in advance or after the user clicks a link, but before that code is fed to the browser shouldn't make the slightest bit of difference.

Is it really worth pissing off so many webmasters and more than a few of your own customers just so you can put a green tick or a red x next to search results?

Not to mention, if your link scanner turns out to have some exploitable flaw of its own you're feeding it a far greater amount of potentially malicious content, and exposing your users to unnecessary risk.

@ P. Lee

You can still scan after clicking. Just don't pass the data on until you have scanned it.

Tonnes of people do this with Squid and ClamAV all over the world.

Time For Legal Action!

That's it! AVG and their linkscanner bullshit has got to go. We need some enterprising lawyer to find a way to put a stop to this, some sort of class action lawsuit. I will gladly sign on to any legal action against Girsoft at this point. Just tell me where to sign! I have pen in hand. And I am sure if you post something here, and in Webmaster World, you will get more than enough supporters.

And no Roger, you don't sound "flip", you sound like AN ASS!

Avg go bye bye

I've used AVG for years after norton stopped doing its job and began putting concrete boots onto any system it was installed to . Im now switching to Avast . So far its on my main machine and 2 others . AVG is coming off the rest this weekend . This linkscanner seems to be a solution looking for a problem . Well you can go use somebody elses bandwidth .

To Fluffy

Thanks for the tip -

AVG out

Clam in.

Why Not?

Just keep a database of dodgy IP addresses?

Scanner gets list of links:

for each link

lookup ip database

if in database

get status

else

scan actual ip

set status

send update to ip database

if status = maicious

block link

Easier on everybody;

My AVG license runs out in January

and then I'll be looking elsewhere. Disabling stuff in AVG is painful, I didn't pay for a link scanner and I'm more than happy with McAfee Site advisor - I barley notice it until it blocks something.

I've been a paying customer of AVG for 7 years, but no more. I just want a simple AV, not all this other rubbish. Why is every anti-virus house determined to bundle umpteen bits of unwanted security stuff in each new release?

Question...

Why is this "feature" enabled by default? I know that bandwidth is cheap in much of the western world, but not every home user wants to have their bandwidth cap reached prematurely because some bright spark thought it would be awesome to pre-scan things. Even FasterFox has pre-fetching off by default - it's an optional extra, not a requirement. I have to agree, too, with other posters; it is unnecessary to put a tick or a cross next to a link. FireFox 3 has an intermediary warning for "Reported Attack Sites" that allow users to find out why the site was blocked, get out of there, or ignore the warning.

On an aside, @Daniel Brandt, great idea...but there are two problems. Firstly, if one idiot in a company of 500 turns LinkScanner on and everyone else has it off, the firewall/proxy outgoing IP gets included in your list. Same applies to someone browsing at an Internet cafe or at a WiFi hotspot. Secondly, many DSL connections use dynamic IP addresses, and Mr. LinkScanner may go through 10 different IP addresses in a week. Even if you age IP addresses on your database, the statistics will still be poorly skewed.

Personally, I'm still a big fan of Nod32 as an antivirus scanner. Either that or it truly is time to start moving the general populous to FreeBSD...

@Pat Bitton

I no longer trust a word AVG says. Your words mean absolutely nothing.

In the last story, you said if people contacted you, you'd work with them and try and sort out the problems to do with bandwidth.

I did contact you.

You responded and said you were passing it onto someone else, who in turn passed it onto someone else, and nothing has been done. No one has contacted me since, and the traffic continues, and my logs remain hideously polluted which is causing me massive problems setting up a new business and trying to decipher what is real and what isn't.

web analytics is going to have to change or die

Its a step forward in privacy, this is the sort of thing that will significantly skew ISP-hostKits like Phorm/BTwebwise and for that I applaud AVG's forward thinking.

web analytics walk a very fine line, I'd say the most important question is does AVG's new system also skew click thru adverts?

if not then everything fine isn't it?

We may be facing a "Pandora's Box" problem.

What AVG seems to believe is that it needs to look through the search results proactively, before the web browser has even a sliver of a chance to get it into memory...because by then it could be too late. The proxy approach, for example, wouldn't work if the zero-day stuff happens to come before detectable stuff. The critical stuff would've been let through by the time AVG realizes there's a problem. And blacklists don't work anymore because of the increase of drive-by downloads that are infiltrating perfectly legitimate sites--they're becoming like AV signatures.

Essentially, AVG is saying the user clicking the actual link is equivalent to opening Pandora's Box--too late to do anything about it.

We could be facing a serious and hard-to-solve conflict of interests. Both sides have valid points (AVG's technique skews the statistics, but it's also probably one of the first techniques that prevents opening Pandora's Box).

On the other hand...

I've been rolling out AVG on my LAN recently and coincidentally, my users have noticed a big slowdown in web access.

We share a (pretty slow but as good as we can get this far from the exchange) ADSL link and reading this, it's just dawning on me that AVG may be the reason for the problems; if one user hits Google and AVG goes off and downloads say, 10x as much as it normally would, then that's going to have an impact. As of this morning I've disabled Link Scanner across the network (good old AVG Admin Console - one click does the trick) to see if we get an improvement.

Judging by the comments, if I'm right, some of you will be glad that this is impacting AVG's paying customers just as much as webmasters!

(As an aside, whilst tracking this slowdown I've been watching my firewall graphs closely; we have a nightshift here and the spike in traffic whilst BBC are showing footy over iPlayer is huge. The other night, we maxed out from 8-10pm whilst last night, with the match on ITV everyone stopped surfing at 8ish, did a bit around half time then started again at 10. We have a TV in the canteen... Productivity will be monitored!)

Putting the djin back in the bottle

<quote>Just send AVG the bill. They requested the data. maybe when the lawsuits for damages pack up they'll realise its a bad idea.<unquote>

Proving who dunnit.

What is going to stop an host of agents using the idea now they have seen it implemented? And more to the point, how will the SFBs subvert it to nefarious purpose?

I take it it is nothing more than a search engine add-on with teeth? So if someone puts the sweat of their brow out on the line, it isn't anyone's fault but their own if it gets sundried?

costs ?

So those people on metered broadband (etc) will be downloading a fair bit more than they think they are. Surely that cost will meet them head-on at some point...

@Daniel Brandt

As I am sure others will too. Gather the IP stats, I mean.

The next "Holy Grail" for the bad guys will be a nice, fat exploit for AVG. Then, armed with a large list of known vulnerable IPs and said loophole, it's fill yer boots time for the scrotes out there.

Log that traffic now, the unholy Christmas is coming......

TRANSPARANT PROXY

Preemptive Strikes are stupid. scan between web and browser! ie A Proxy Client!

If they can use a proxy for pop mail why not for browsers also?

AVG Grow up and stop pissing on everyone!

Pay Per Click

Web analysis is nothing. It also checks every pay per click advert on google for instance so watch out for all that extra click fraud.

I guess there is also a big hit on dns servers.

Yikes!

FAO Daniel Brandt

"I plan to make available a list of the IP addresses of AVG users I've collected. It won't happen until I have a few thousand or so to start it off."

Ever heard of dynamic IPs Daniel?

Can we have a list of sites you're doing this on and your friends doing the same so we can block you before you block us?

I'll admit to the odd kneejerk reaction myself, but even once I'm free of AVG I don't think I'd want to come near a site run by someone even worse than me.

@pat

I guess you don't mind that webmasters start placing AUPs on their website stating that all visitors WILL be port-scanned. If AVG is detected, ALL traffic from that ip WILL be billed _YOU_PERSONALLY_ at a rate of €1 per bit, UNTIL YOU WITHDRAW YOUR BROKEN PRODUCT.

AVGs Linkscanner "feature" is a method of increasing bandwidth usage, and I expect internet providers to handle customers running your broken product the same way as they handle "bandwidth hogs", that is: Disconnect them. Maybe if AVG gets the backlash "customers running our products gets thrown off the internet", they will understand that their product is broken.

I fully expect hosting providers to file charges against Grisoft for this CRIMINAL denial-of-service attack. Last I checked such activities carried a jail possibility.

//Svein

mouseover?

What's wrong with triggering it on mouseover (or on focus)?

That would achieve both advance-searching and limiting bandwidth use to just those pages people are actually interested in.

You could also use it as a pre-fetch cache so that load times of sites you've hovered over are quicker because they've already been downloaded.

Muppets

To Pat Bitton

You say "We're also continuing to gather data, and work with webmasters and analytics folks, and we still enable those webmasters who want to filter our requests out of their results to do so". Can you please explain this comment in more detail? I'd love to work with you, so give me a Web site to look at, or an e-mail address to start with. And how exactly can I filter if you look exactly like IE6.

By the way, my company's AVG license (25 user) has just expired and we're installing an alternative product. This is directly due to the fact that you are wasting processing time and bandwidth on our customers' Web sites. I did e-mail your sales e-mail address before we took this decision to invite your feedback, but I was ignored.

You fail to realise that some of your customers are also web hosts. And ignoring your customers is just plain rude.

It is not acceptable to "break eggs" to make omellettes when you don't own the bloody eggs!

You also haven't answered the question that's been posed time and time again when this story has been posted: "why don't you scan on demand instead of in advance" ?

Or the question of "hmmm.... how a malicious host can fool link scanner". If that were me (and I'm not the first to say so), I'd do it like this - don't put out any malware on the first visit from an IP address to a page in case link scanner identifies me, I'll put it out a bit later when the user actually visits. Or perhaps use a delayed or user initiated JavaScript redirect that Link Scanner won't pick up, to then go to another page stuffed full of malware.

Not only are you hurting the hosting industry and your customers, but your solution is inept.

Frankly, AVG are swimming against the tide. When will you listen? Turn this crap off.

Doesn't interpret JS the same as IE6 though ...

Ever since this debacle began I've noticed that I *can* tell real users apart from LinkScanner as it interprets JS slightly differently. See the code below. If you plonk this in an external JS file and link it from your pages, you'll see what I mean.

IE6 will run it and subsequently request "empty.js"

Linkscanner will run it and subsequently request "'+libName+'"

var avg = {

load: function(libName) {

document.write('<script type="text/javascript" src="'+libName+'"></script>');

}

}

avg.load("/js/empty.js");

I'm sure someone better at JS than me can do something useful with this ...

Paris - because even she realises that LinkScanner is a flawed waste of time...

Time for action

Someone out there must have the time to set up an action group - if enough webmasters change their terms and conditions to explicitly deny this action, then we can take direct legal action.

Flippant

"I don't want to sound flip about this, but if you want to make omelets, you have to break some eggs."

Flip ... broken eggs ... ? Sounds like he's making pancakes, rather than omelettes.

Mine's the one with Jif lemon and Tate & Lyle Golden Syrup in the pocket.

Optionally, let the user disable it!

I've recently updated to AVG 8 (paid for) and the Link Scanner is infuriating. I have no interest in having it turned on. However, as soon as it is turned off, you get an AVG warning along the lines of "You are no protected!"

I know this doesn't really deal with the issue of bandwidth and site management, but if AVG allowed users to legitimately turn it off without causing the whole program to break, it might help. Performance grinds to an absolute halt when it's running on a search results page.

what about google ads?

Will this AV software also visit the paid for adverts at the top of the Google results? And does it pre-scan all search engines, or just for Google?

I really hope they do scan the paid for ads too, causing advertisers additional costs. I'm sure once Google has to start handing back money for false clicks they'll soon be on AVG's back with a lawsuit ;)

AVG is a good tool

But 5 minutes after upgrading to AVG 8.0 I turned off the linkscanner and moaned at them about it on the grounds that if a search result link was suspicious, I probably wouldn't have gone there but now my IP would have communicated with their system. Lovely :0

This could lead to other issues too, such as visiting "honey trap" sites that just happen to come up in the search list inappropriately (a mother searching for new design of childrens swimwear, for example).

You can't block IE6

@Martin Owens - My company uses a legacy application that works through the browser - and won't work properly with IE7. IE6 is still supported software and our patches are all up-to-date. I'm not saying we're not unusual, but IE6 is not so bad that it should be "banned".

And generally speaking, I'm not impressed with AVG8 (I use it on my personal PCs, not work). It IS turning into Norton - bloated, toolbar, unwanted Yahoo search integration, obtrusive notifications. I've disabled LinkScanner - and have to put up with the notification icon that constantly tells me there's a problem.

My solution? I'm going back to AVG 7.5 and recommending it to all the people who ask me. I still have the installer on a USB key and it looks like updates - at least - are still available on the AVG website. Certainly my kids' PC is still running 7.5 quite happily.

If/when AVG sort their act out, I'll start using/recommending their product again - unless someone else has won my vote by then!

Totally unsecure

Some good points made here:

http://www.thedvdforums.com/forums/showthread.php?t=512083

"It's easy to detect if AVG is prefetching a page, this means that malicious sites can actually redirect the AVG requests to a clean page that contains no malware. As a result AVG will report that the page is safe and allow you to click through to it - when in fact all it saw was a dummy page and the real page could be infected with many many exploits.

It wastes bandwidth and creates fake DoS attacks on websites. I spent a number of days trying to track down the cause of server issues on CD Times - finally with help we managed to determine that it was AVG creating what amounts to a DoS attack from multiple zombie machines. The software had hit upon a custom 404 page and in the period of 1 month I have had millions of requests - hundreds of thousands per day - for a page that doesn't even exist. The frequency of these requests resulted in the server becoming unstable and caused the site's monthly bandwidth use to increase by more than 20 times."

@Martin Owens

I've already started putting up warning banners for IE6 users, explaining that they're using a defunct web browser and that they should probably try Firefox (or even just IE7?!). That was before this whole LinkScanner bullshit.

Now I'm going to have to possibly put in a redirect page for IE6 users. Something along the lines of "The browser you're using is not only defunct, it is being spoofed by antivirus software" and a link to the real page.

AVG are worse than the British government for their proactive 'make like harder to make it safer' idiocy.

Tux, because it's the closest El Reg gives us to the utopian world of OS X. Viruses, on a computer?! What's wrong with you man!?!

Just a thought

But if the impact is as big as is claimed, isn't this going to ph*ck phorm's statistics as well (and NebuAd and the rest)? Maybe we should be congratulating AVG on an excellent new anti-spyware initiative?

Could this be the first case of new security software being developed completely by accident?

@It's simple

No don't redirect to /dev/null redirect to AVG let them pay for bandwidth. They are generating the bandwidth. The only thing thing that will AVG will notice is it cost them money. You may consider put invisble links to AVG on your sites that users won't see but AVG link spam software will, this would boost their ranking but would generate more link spam to AVG sites and bandwidth.

Stupidity

Boycott AVG.

Actually ALL the PCs I have removed Trojans, Adware, Viruses etc from HAD AV software installed.

AV SW gets false sense of security and encourages users to learn even less about safe use of PC. The issue is User Education.

Social Engineering attacks will ALWAYS defeat ANY security scheme or AV/Anti-Malware.

Prescanning sites in search results is really really meaningless, eating peoples cap, eating servers bandwidth, slowing browsing and is doomed to fail anyway.

@Mark Land

>Avira, I found was a very effective free and lightweight virus scanner for PC. Now I have a Mac so don't need one

<sound of coffee being scraped off screen>

Just because a Mac has infinitely more security, is more virus resistant and less of a target to virus writers than good old Microsoft (open your wallet and repeat after me, "help yourself") Windows, doesn't mean you don't need to worry about them!

Actually (for filtering purposes)

How many IE6 installations on XP does _NOT_ have .net installed?

Seems the genuine IE6 useragent reports .net versions, while this linkscanner junk doesn't.

Anybody care to grep through their access-logs and check?

//Svein

Don't install linkscanner

That's what I did. I did a custom install and unchecked Search Shield.

It works fine and with no linkscanner.

@Pat/Roger

Rarely have I read such a mixture of platitudes, waffle and management speak.

Have you both considered going into politics, your ability to spin abject stupidity and irrational behavour as a benefit to the customer would do you well there.

This whole concept is either just a marketting splash which has been VERY badly implemented or its an idea that sparked (non-technical) pointy haired bosses imagination and (again) was not thought out from a technical standpoint at all.

If you REALLY wanted to warn about _previously_ compromised sites then LIKE GOOGLE ALREADY DO you would maintain a watch list of potentially dangerous sites and validate the link addresses against that. You would merely do a prescan of visited links and forward suspicious sites to your centralised watch list.

Your existing prescan CANNOT provide the feature you claim since it visits all the sites/pages AS THEY ARE NOW - so it cannot be interested in what they were like previously. So either you do not understand your own product or the internet.

Congratulations as you appear to have alienated more people in a single roll out than any other security company; even Symantic!

So what do you do?

So how else do you take a proactive approach to stopping web exploits, particularly zero-day vulnerabilities, short of shunning the Web? Since the exploiters are being shrewd enough to only serve the exploit once per IP and only to requests from genuine web browsers not protected by proxies, it's like a bunch of highway robbers geared to only ambush lone travelers. So how else can you spring the ambush except by acting like a lone traveler?

I see no problem...

Webmasters will have to find a better way to "improve the ecosystem.." B..S..T Bingo!

Every user can disable SurfShield and its a very good way for some users to avoid malicious sites...

So webmasters: Stop whining...

How about...

Diverting any users with an agent string AVG uses to a simple CAPTCHA page which also contains an explanation, t&c of the website (ie no prefetching) and several links to AVG.

Failing the CAPTCHA would redirect to AVG.

Something like:

We apologise, but your system is using a browser agent string known to be used by AVG for automated prefetching in contravention of this sites terms and conditions. To prove you are human please answer the following...

Yep, bloat it is

Friend of mine was panicked into paying £39 for AVG 8 when his free AVG 7 kept telling him it was going to expire. The pay-for version came with the usual bundle of crapware including a firewall that made his computer useless. He had a perfectly good SPI firewall on his router so I tried turning off AVG's proved impossible without some registry hacking.

AVG might be a good anti-virus and believe me, the free version suffices, but the rest makes up a good piece of shit. I've just about convinced my friend to switch to Linux or at the very least, ditch AVG in favour of a simpler anti-virus.

@Daniel Brandt

>"I plan to make available a list of the IP addresses of AVG users I've collected. It won't happen until I have a few thousand or so to start it off."

This is quite idiotic, DHCP at ISP and NAT-masking are not your friends, will make this list completely rubbish.

I can send a request new IP to my cablemodem/router and get a new IP from my ISP.

Usually I do not like to do it, because of DNS records then being invalid.

But it takes me around 5 sec to change IP and update DNS record, This will work until I've span the entire IP-range of my ISP, then no-one from the same ISP will get into your site. Nice thinking.

@Mark

So you're against immunization? That's a proactive approach, too. It's also the only approach that's effective most of the time. The reactive approach is like trying to shut the door after the horse already got out. The screening (proxy) approach won't protect against a zero-day vulnerability since the proxy can't distinguish it. So if loading the page is too late, but you have to load the page to determine its safety (think of it like a steel-encased bomb with a trapped lid and the only way to get to the innards of the bomb to defuse it is to lift the lid...), how do you go about it?

disable linkscanner - easy

. In the free version of AVG there's no option to disable linkscanner at install time. You have to use obscure commandline arguments.

Luckily there's an easier way - remove the stupid product from your PC.

Just want to throw in a vote for Avast.

Switched to it from McAfee when I switched from IE6 to Firefox about 3 years ago. Apparently clean surfing ever since. Such a good improvement, it was like a major upgrade to the hardware.

IE6 = byebye

I will shortly be putting up a page on my site which says

"Either you're using IE6, or you're using AVG. Please note:

AVG's new product contains a malware component called LinkScanner that secretly scans all sites in your google searches, masquerading as IE6. This generates large amounts of false traffic which can prevent legitimate users accessing a site. It also increases the costs of running a site without any benefit to the owner.

Please copy/paste this link into your browser to proceed. <link obfuscated>. If you're using AVG, please also email <email addy of Grisoft support obfuscated> to mention this flaw in their product."

Is there anybody there?

They are not listening are they?

I just hope that they give me my £$%^& money back. I've gone for NoD32 now. They had their chance - realistically with 70 million customers, my desperate emails begging for support were bound to be answered by an automaton who gave me the wrong advice. Well I never intended to become the ingredient in any sort of AVG omelette you guys. I just wanted some simple unobtrusive and effective virus protection with a firewall for which I was willing to pay required £39.99 for upgrade from a paid AVG 7.5 which worked without a hitch for 2 solid years. I did not want a bunch of security crap which slowed my system to a crawl, would not update, took 16 hours to check my system for viruses and was only finally evicted by a boot into safe mode. Contrary to the happy smiley advice on the AVG home page!

Before this becomes a clone letter to the other rant I posted in el reg's alternative AVG link scanner thread I just want to say this...

Can I have my money back...soon?

AVG SCANNER - FATAL FLAW

The fatal flaw in AVG's approach is that, no doubt, their link scanner has a buffer overflow or some other hole in it. That means you search for something and a search result (without clicking on it) loads malware on to your PC.

Good job AVG!

What a crap piece of software.

By the way, if you live in a country like New Zealand with crap broadband (er, I mean, just-faster-than-dial-up-band) then your searches take forever as AVG has to troll the slow, slow, slow NZ network out to the real Internet to find out if everything is OK.

For the love of god...

Talk about blowing it out of all proportion.

First off, log file analysis is, at best, patchy - it's not the greatest most reliable tool ever. So it's getting scuppered, is it getting any more scuppered than it was by AOL routing all traffic through servers in the US? (when AOL was big enough to have any kind of impact of course).

Bandwidth usage - granted this IS going to be a problem on sites that appear in the top 10 results for popular searches on Google. Remember, the full-blown Linkscanner is only available to paying users of AVG, the free version (which I'd guess is far more prevalent) only pre-fetches data from (the big) SERPs. I'd guess Google's love-in with Wikipedia is hammering everyone's favourite uncylopaedia.

For individual users... the pre-fetch grabs an additional few k's worth of text whenever that user does a search. Now let's compare that to several megs of iPlayer traffic, or gigs of torrents... it really does pale into insignificance.

Even if you _are_ using AVG, it doesn't really slow your search down - it loads the results page before completing the scan so you just get some little swirly green loading icons whilst it's scanning.

And for the record - I've just gone through my web-stats (transfer usage is about the only reliable part) and well... yes, the (known) AVG user-agents make up for about 15% of my hits but data transfer is negligible since the googlebot is well behaved and doesn't index either /lib/pdf/ or /lib/zip/ (it obeys my robots.txt) - therefore no hits from the AVG linkscanner either.

Compared to the data transfer running through torrents, software patches, YouTube, iPlayer and so on this is hardly the Internet Apocalypse.

Analytics are just like statistical surveys

Statistical surveys are often flawed based upon the data collection, how it is tabulated, and even more so how it is presented. Analytics are just about the same, regardless of what anyone in the analyitic "industry" will tell you. I have run into several of these expert types, given fair audience to their flawed arguments, and walked away as unconvinced as before.

The problem is a reliance upon sets of data which are unstable in that the data can be affected by too many uncontrollable factors. AVG's LinkScanner falls into this category.

I see both sides of the coin on several components of this issue.

A pre-scan of a page gives a user fair warning of an active threat on a target site, about which distributed databases like SiteAdvisor et al may not yet know. At the same time, craftily hacked pages might detect such probes and causes false negatives, in which case the real-time surf scanner would catch the real stuff. This would turn out to be just as cat-n-mouse as the anti-malware industry as a whole.

Many of the posts here indicate problems with components which can easily be removed. LinkScanner and the firewall, in particular. AVG AntiVirus v8.0 includes a multitude of scanning features which represent a rather comprehensive protective set. None the less, a user can opt out of any part of that set.

The bandwidth problem is definitely a real issue, to which I do not have any simple answer or resolution. Bandwidth would almost seem to be collateral damage, but at what level is that acceptable? That is difficult to say, as someone who hosts websites but does not have to deal with bandwidth limitations and billing. This is something I hope find a way to get ironed out.

My recommendation to this would be a simple mouse-over scan, in line with another's suggestion -- have an icon next to the link which indicates the link has not been scanned, mouse-over the link to perform an active pre-scan. That puts the user in more control, though at the same time opens up users who would just as quickly click [YES] or [OK] to a "Download virus?" requester at an original level of risk.

"Perform virus scan?! I'm waiting for porn, here!" -- Bender

I will disclaim my comments by stating that I am an AVG Authorized Gold Reseller. I work closely with my customers and relate information back to AVG whenever necessary. In some cases I have recommended that customers temporarily remove components, in particular the firewall and LinkScanner, for various reasons when standard troubleshooting cannot find a resolution.

I run AVG AntiVirus v8.0 on my own systems and closely monitor how updates affect performance and usability. I have been very happy with AVG as a product, and with the Grisoft/AVG team for their support over the years, and I have faith that this situation will pass and the team will make wise decisions which can only be made by making and learning from the mistakes which sometimes come with forward thinking and quality attributes for which AVG has been known.

I am disappointed by the number of knee-jerk folk out there who will abandon a brand or product at the drop of a hat. But then, having worked in retail for over a decade, I recognize that those folks are everywhere and their opinions will change with the phases of the moon. Now, that does not mean their opinions carry any less validity, it just means that they are more harshly critical, more quick to react, tend to be less forgiving, sometimes less positively communicative, and often more outspoken than others.

That being the case, I do hope that some of you come back. (I mean that sincerely; I do not make anything from your purchases unless you buy directly from me. And then I also happily get to be the first target for your rants! That is part of the business and I tend to be a patient man in those regards.)

You know, I really expected more of a back-lash from AVG dropping support for 9x and ME ;)

Paris: forward thinking, quality attributes, and the ability to learn from mistakes, though she is ready to drop a brand like *snap*.

swich off - fair enough. but please fix the icon.

I've used AVG happily for years - installed it for Aunts, Mothers-in-Law etc.

But although its easy to switch off link scanner (I did so immediately as the thing is obviously a pain) the danger! red icon scares people. It should be opt-in (with a proper explanation of its implications) and when you say no thanks the icon should not register panic.

The email scanner is turned off too - as it causes Outlook Express to mark every email as having an attachment - daft.

As to getting another anti-virus the jury's still out, but I'm considering it.

Re: Pandora's Box

"The proxy approach, for example, wouldn't work if the zero-day stuff happens to come before detectable stuff...The critical stuff would've been let through by the time AVG realizes there's a problem."

You clearly don't understand how a proxy works. A proxy doesn't have to forward anything to the browser until it's good and ready. It can wait until the entire page, all the linked CSS and Javascript, all the images, xkcd, the complete archives of PH's escapades, and anything else it'd like to look at is downloaded before one bit of information is sent to the browser.

Re: Why don't google do it at source?

The trickiest malware authors are shrewd enough to detect these spiderings (by checking the requesting IP, for example) and trick them with false negatives. They'll only send malware to known consumer IPs, and then only once.

2 solutions

1. Google should put AVG's link on every set of search results returned, the resulting bandwidth directed at AVG should put a squib in their arse.

2. Everyone buy a Mac, since there is much less malware, you wouldn't need the scanner in the first place.

Re: Here's how to redirect these requests back to AVG

>Here's a mod_rewrite rule to redirect these very annoying requests:

>http://www.pixelbeat.org/docs/web/avg_linkscanner.html

Doesnt work any more. The whole entire point of this article is that AVG have now changed the user agent used by linkscanner to be identical to that of IE6, rather than the two in that ^ page, which were unique to linkscanner.

Now, the only way to prevent these attacks by grisoft's malware is to block all IE6 users in the process.

DDoS

Isn't this a distributed denial of service attack? If you follow the expedient of placing an acceptable use policy that says you can't use AVG to auto-scan your site, couldn't you then prosecute AVG under the Computer Misuse Act?

HughesNet Has a Very Limited Download Threshold

HughesNet only lets you download up to 200 MB during a specific time period (more or less a 24-36 hour period) before all but shutting down your connection entirely. A connection limit like this can't afford to be downloading the equivalent of ten web pages every time Google is used. I've had AVG on my parent's computer for years, but now I'm just done with it. This coupled with other problems that have made it more and more annoying to use is making me switch.

AVG: Keep up the good work

I respect AVGs decisions about this feature. AVG is advocating for the end-user here, not the website administrator. Me, as an end user, could really care less about the website analytics or the cost that protecting myself is causing those webmasters. I have installed AVG for many, many people, including AVG 8. I always leave the linkscanner ON, as for folks like granny and aunt marge, that big red icon is a sure sign that they don't want to visit that site, and it works. Granny and Auntie also don't care that this feature is screwing up statistics or costing webmasters more bandwidth. This is a VALUEABLE feature for the 'average' end user.

And, to state the obvious, it CAN BE TURNED OFF. Instead of complaining that it is too bright in the room, go turn off the dam lights. It isn't that hard.

Nice to be virus free

while the police knocks at your door because your virusscanner downloaded illegal content, trying to look like a human being.

draft rant.

some of the reasons I am dumping AVG:

1. webstats are very precious to me. i've read first-hand the "egg-breaking" arrogance of the

developers. I'm not a marketer, but I use my stats to focus my activities. People who

dismiss stats obviously have never looked at them, they can tell you many things. One of

the things that analysts are trained to hate, from a very young age, is noise in their

datasets. They spend literally years of their lives scrubbing their datasets clean. And

then along comes some company and quite deliberately, thoughtlessly, pollutes them.

I can spend more hours, on top of those I have already spent, trying to block their hits,

but now they have changed their bot behaviour, so I will need to adjust my filters again,

and worst, if I look at old datasets I now need to remember that prior to AVG 8, IE6 stats

were OK, but after AVG 8 they are not. I don't want to have to write this arbitrary

rubbish into my analyser.

So I have the option of blocking all IE6 traffic, personally I think IE6 users deserve it,

but my customers may not agree, and since they own the sites I merely manage I may need to

involve them in the decision-making process.

2. bandwidth is very important to me as well. I don't have to pay for it, but that doesn't

mean I don't want to conserve it. The less traffic on my wire, the faster that wire runs.

I indeed heavily promote the speed of the server I run, the slower it goes, the less of an

edge my business has.

3. betrayal. I have recommended AVG to many people, in my position as their IT guru, and

now I am forced to un-recommend it. This will cost me some reputation, unless I can find

some ways to trash the product that end-users can relate to, if I say it's because it

skews webstats and generates mindless traffic they might not care so much. My lines of

thought here are akin to the following:

Ahh yes AVG, hmmmm, that used to be pretty good, the new version is shite tho, you should

read the comments on the net about it! It has this feature which downloads EVERY result

on your google searches, even if you don't click on them! That will kill your link speed

and tell the owners of every one of those sites that you were interested in their site,

even when you weren't! And if ANY of those sites were dodgy you'll get databased by MI5

even though you never clicked on the link! AND if there are ANY holes in the AVG feature

you have 10 TIMES the chances of getting owned!!!! Oh and if you're on a capped connection

it will also chew your allowance and cost you a packet in traffic charges! Oh and finally

yeh if you run a website it will also fuck your stats and slow down your server!

I'll bet £50 that none of my customers will let me get to the end of that para, they will

have started asking me about alternatives by the middle of the second sentence.

4. time. I now need to spend time researching an alternative to AVG I can recommend to

my customers, and it must not let me down.

5. money. this junk is running my processors hotter than they need to, that means more

cooling and that means higher power bills. This will mean higher IT spend, especially

for hosting providers, and thus feed inflation, as those costs are passed onto

consumers.

6. environment. this junk is poisoning the air, no doubt it has a carbon footprint the size

of several coal-fired power stations, that is wasting my children's heritage, and contributing

to the early demise of all life on earth.

So AVG has done the following to me:

- ruined my webstats, both all future stats and all previous, unless I write in a special

anti-AVG feature.

- slowed down my server

- cost me some reputation

- wasted a lot of my time

- cost me money

- poisoned my unborn children, and reduced their quality of life

So my action plan is as follows:

- come up with a list of reasons WHY AVG NOW SUX. This list is to be used

to dissuade people to upgrade to version 8. It essentially consists of the nastiest,

darkest potentials of Linkscanner, and fails to mention ANY possible good points about

the product.

- come up with a list of alternatives. This list will be needed once people have

been successfully persuaded that AVG NOW SUX.

- come up with a technical fix. If this takes the form of a 0-day on Linkscanner, I

personally won't be complaining, although I'd be content with an Apache rewrite rule.

- come up with legal fixes. Have I not suffered loss, both in time, and in

damage to my business and reputation? How can AVG add what appears to be approx 15%

to global internet traffic, without penalty? Surely if one company was responsible

for 15% of all motorway traffic, they would be paying a very large bill.

- post this rant far and wide, first as a comment, get some feedback and then repost

as a webpage, possibly served to all IE6 useragents and/or posted to mailing lists.

AVG, that dead Vulture is U, take a good look.

If I were a malware writer...

I'd serve clean data on the first request from each IP address if the user agent matches the AVG one. Then I'd send the nasty stuff on the next request.

For those who don't mind...

If you are one of those above who mock those of us who are concerned about AVG and others abusing the access to our sites that we have offered, please consider:

It's trivial to program an application that requests data from a website, even those that you normally use, like your bank, your MySpace page, and any other.

So how would you respond if someone (anyone) built an application that was simply for their own "protection" that requested a single page from each of your favorite sites ... at the rate of about 1,000 per second? Web pages can easily be changed, so the author must try to be absolutely certain that it hasn't been changed between any of those requests.

Remember, this is for the author's own protection, so it must be a good thing, even if it does bring your banking session to its knees, and even if it keeps you from updating your MySpace page.

Sure, 1,000 requests per second may seem rather arbitrary to you ... but you are stupid and must be told what is proper by anyone who chooses to do so ... so I am telling you that 1,000 per second is marginally enough to ensure the results I seek.

What if that software were offered as a free download, and began to be adopted by several hundred thousand web surfers?

Just because silly little debutantes think AVG's linkscanner is a good thing doesn't mean that it is. And when AVG argues that they can do whatever they want with regard to making ridiculous amounts of requests from any and every website that shows up in a search result, for the "protection" of their customers and to the detriment of everyone else who may request access to those websites, they are simply arguing that the scenario I presented is perfectly acceptable.

AVG now criminal?

Precedent is needed, to deter other software vendors from copying this. How do we prompt prosecution of computer misuse and misleading advertising?

1. AVG has created a DDOS attack on web hosts and ISPs, co-opting unwitting users' computers for an undisclosed anti-social result. AVG had the in-house expertise to predict that. AVG has probably satisfied the criteria for computer misuse. The number of counts = the number of downloads of AVG 8.

2. AVG increases visibility of PCs to malicious hacking while publicly claiming the opposite. AVG has probably satisfied the criteria for misleading advertising.

@Chris Cheale - Oh really???

"For individual users... the pre-fetch grabs an additional few k's worth of text"

Goes to show how out of touch some people are with the REAL world...

Just for kicks, i did a couple of Google searches, stuff like "blank DVD", "drinking glass", "fizzy drinks", "temperature", etc...

Then i downloaded the html/asp/php/whatever pointed to in Google's search results and added up the filesizes. Got results from 800k to 1.25MB. So much for your "few k's". Make that an extra .5MB per search more likely.

So, run 10 searches in a row and you get God know what in traffic. And pray you dont get something like a manual/book page w/ old tags (pre-css), because those can easily rack up a couple of MB alone.

Whatever your take on the situation, IF LinkScanner is prescanning the search results "code", it will cause at the very least numberofresults*smallestpagesize of traffic. Since search engines seem to have settled on 10 results, LinkScanner is driving AT LEAST 10*smallestpagesize in data transfer.

One word : unnaceptable.

p.s. I didn't include the adwords links pages. Not sure if they get scanned. If they do, replace 10* with (10+(random(10 or so))*.

Paris, because even dumb blodes have more common sense...

Great

first they want attention, now they want a digital harassment law.

Paris, cause of her love/hate relationship with the harassing paparazzi.

Boo hoo, more tears for web marketers

It's really such a shame, I feel so bad for them when they're hampered in their efforts to track my every move so they can serve me up the latest and greatest obnoxious flash ad floating across my screen while I'm trying to read an article. :(

And someone says that this eats up an extra 0.5 MB per search? Oh dear, I guess those poor Hughes.net customers with their 200MB/day caps are going to have to limit themselves to only searching Google say 250 - 300 times a day. It's the information age, dang it, how can anyone consider themselves to be on the cutting edge if they're not searching Google a minimum of 800 times a day! They might as well go back to using stone tablets and a chisel for their telecommunication needs. :(

Upgrade

Thanks for all reasons why to upgrade to AVG 8.0 !!! At least 12 computers...

A.aargh.VG 8

@ Alan W Rateliff II

"I work closely with my customers and relate information back to AVG whenever necessary."

In that case Alan I'm afraid that you are going to have to tell AVG that lots of people are saying that AVG 8 is a bit of an abortion. Personally I do not really want more than the usual expected degree of nonsense and frustration with MS.Windows and what we seasoned veterans know as the installing/uninstalling/upgrading programs game.

AVG I'm afraid tipped me over in this dept. Neither am I entirely happy with a philosophical lecture by someone (however well-meaning they are) about what I consider to be genuine justifiable consumer grievances.

Virus protection and a firewall we know are serious matters as I wrote else where and people are inclined to become a little jittery and excitable if installed vital security software is flawed and cannot be trusted. Then such issues as "brand loyalty" become of a secondary nature as meanwhile your machine, your setup your life, your customers lives are possibly going titsup. We can't afford that and have to look elsewhere if the stuff we have isn't working properly. I was recommended NOD32, that's where I'm going. Bye bye AVG. Nothing to do with brand loyalty, everything to do with practical security and not having to mess about with "issues," that should have been beta tested properly not unleashed on poor saps like me.

If they were really interested in this with the money that they got from license upgrades and new purchases AVG might perhaps employ people to answer their telephones. Or at least add the caveat that the bastard thing might not work with Windows 2000 whatever file system you have installed.

I wonder if the fact that AVG isn't owned by Grisoft anymore has much to do with this?

Ah well...Man with steam coming out of his head icon...oh there isn' t one

Exploding pile of harddrives icon...nope.

Have to be Paris then, won't it?

What a bunch of whiners. Kudos to AVG! The Register is just a big hypocritical whiners

LinkScanner is great! Basically all these web masters are a bunch of whiners. AVG has no liability whatsoever to any of the web sites scanned. Every site in the search engines of Google, Yahoo & MSN is there for free by their web master choosing to allow them to be in those search engines data bases so that the web site gets exposure to a wider audience. It is 100% legitimate for a user, using Linkscanner or other tools, to pre-scan those or any other publically accessible web pages. This is only getting the play that it is because The Register is pissed. They could easily remedy the situation by not allowing robots to scan The Register. Oh! But then The Register would not be able to exploit a service provided by search engines that The Register wants to exploit for free!

@Daniel Brandt

My laptop is a Mac Book Pro, but I have a Vista partition on it coutesy of Boot Camp. I've installed AVG on it, and, just for you, will be doing a bunch of Google scans at various publicly available hotspots along the I-95 corridor from Miami north to DC during my travels over the next few weeks. Have fun blocking all those sites...

Idiot.

@ Alan R

I agree totally. Those who object to AVG prescanning are completely in the wrong. I usually use Macs, but AVG is on all the Windows machines I do have to use, and will continue to be there.

I will take note of those who serve up rude messages when AVG pre-scans their sites for me, and where possible will avoid using their sites. This does not, of course, mean that their sites won't show in future Google scans, just that they'll get hit by the scan but that I won't visit the site so they get the negative and no positive. Sucks to be them.

wow can AVG they really be that stupid?

so all malware providers now have a bait page that the search engines spider and looks clean to avg, as soon as you go on it javascript redirects you to the page with the malware on it.

hope you guys didn't invest too much money in that fancy-schmancy "feature", or pissed off a lot of people with its implementation seeing as its going to be that easy to get around.

The answer is too obvious

One MSFT blogger routinely poses the question "what happens if everybody does it?". Meaning, if some obtuse app tries something that is outside the design specification for Windows apps -- what are the ramifications if other apps did the same thing. Would the users be pleased? In all likelyhood, the answer is usually 'NO!'.

Same question needs to be posed here. What happens if everyone scans through the google result sets? Well, bandwidth usage obviously goes up, and the net has to carry even more noise (information that nobody will see nor use) than ever before.

All this, because some websites can't live without javascript, activex and java.

AVG should promote disabling javascript, activex and java, rather than promote disabling the entire Internet. EOD.

@gothicform

Here's a few extra bytes you can put in the footer of all your pages;

<iframe src="http://www.google.com/search?num=100&q=site:grisoft.com" width="1" height="1"</iframe>

You'll barely notice the difference and it shows up as an insignificant box in most web browsers so the majority of your users won't notice either. AVG users will probably see a bit of a slowdown when they visit your site, Grisoft will take quite a hammering, and since Linkscan hides the referrer they won't even know who's site is doing it.

@Anonymous Coward: AVG Prescanning is completely in the wrong

All AVG should do is allow the browser to download the files as usual, scan them to make sure they're okay and put an alert up if they're not, then let the browser carry on rendering the page. Pretty much any anti-virus with a runtime scanner should be able to do that since browsers use the usual OS file open/close calls to store pages in the cache and, if browser integration is necessary then browsers have a load of hooks which can be called when events happen. So why can't AVG?

If you think through it logically then the only conclusion you can come to is the marketing department have taken control of the company because any semi-competent programmer can immediately tell you why it's not going to work. It's security theatre; because you haven't gone there yet then you feel safer and more in control because you're given the choice to avoid going there on the previous page.

Yet you've still downloaded the data (in fact you've downloaded the data for that page and nine other pages), however the page you've downloaded is not guaranteed to be the page you get when you click on your link, and you've also downloaded several other unrelated pages too.

And if there's a bug in the scanner then there's probably more risk of infection, because if it doesn't choke on the page you went to then it might choke on one of the other nine.

I've had to remove the Safe Search / Safe Surf / Link Scanner / whatever it's called module off my two computers because they started to run dog slow. It appears my router doesn't like being spammed with so many DNS requests at the same time. However I've stayed with AVG because of inertia and because Avast is a bit more fiddly, but if I read reports of AVG still doing strange things even though I've got rid of the offending module then it's going to get uninstalled.

What a way to destroy a company's reputation.

@Nuno

"Just for kicks, i did a couple of Google searches, stuff like "blank DVD", "drinking glass", "fizzy drinks", "temperature", etc...

Then i downloaded the html/asp/php/whatever pointed to in Google's search results and added up the filesizes. Got results from 800k to 1.25MB. So much for your "few k's". Make that an extra .5MB per search more likely."

800k - 1.25MB in HTML is just shitty web design and in dire need of optimization. I've seen dissertations take up less space.

Sounds like a good vector for virus writers

Forget about the javascript passing back a clean page to AVG - the obvious path for a virus writer is to find a bug in AVG's code. That way they can install a virus every time anyone using AVG does a search which returns a page with a link to a hacked site in it. If AVG are stupid enough to include this 'feature' they're certainly stupid enough to have easy bugs in their code.

The joy$ of micro$hite

AVG is providing a service that for the most part keeps your $hitware box reasonably safe. Yes you are running windows. Stop using the micro$oft tripe and you will be healed !

I use AVG on some of my machines. No complaints, and it is free to me. it helps keep my TCO of having to run m$ shite for some apps as low as possible. TCO is high with any m$ system. Perhaps this is really the cockerel come home to roost ?

Fully agree with the arguments about how to circumvent AVG linkscan. More thought needed ! If I were a webmaster paying for bandwidth I would not be happy. Give this a couple of weeks and the kinks will be sorted ?

But at least AVG provide a service. I used to use norton. Aaaaaaaaaaaaaaaaagggggggggh ! AVG works. Symantec shite fails too often. Thank you AVG for the service you provide me at no cost. !

Flame because the BBQ is set in anticipation for the retorts ! Go on ...... you know it makes sense !

what about...

webmasters who are really annoyed with this; could forward an additional request to AVG's site (to share some of the bandwidth pain; yes this adds to their own bill (temporarily), but also shares some with AVG)..

As all requests appear to come from IE6 users, I guess an additional request to AVG from ALL IE6 users to your site... would soon put a stop to their games. (Temporary of course; this could end up being a massive DDOS against AVG for trying to pull this stunt; is it legitimate or just playground rules aka "they started it!")

AVG needs a fine,

Why can't AVG learn to get along?

Green Eggs and Ham

This should have been called Green Eggs and Ham shouldn't it?

An extended egg metaphor should have necessitated a title such as that no?

Good Evening Officer

So, let me see if I've got this right...

Every dodgy website that LinkScanner visits will have your IP address in their usage logs. You will be identified as a legitimate visitor. Traffic from that site to your PC will be traceable via your ISP. If that site is currently under police investigation you can, potentially, expect a knock at your door any time soon.

Your defence that it was LinkScanner that visited the site and not you is indefensible in court as LinkScanner traffic is deliberately indistinguishable from a human visitor.

Now how comfortable do AVG customers feel having this software installed ?

Paris, coz even she wouldn't shoot herself in the foot and think it was for her own good.

Turning off linkscanner WITHOUT annoying error icon

Nice and easy:

Leave LinkScanner turned on in AVG to prevent the red icon from appearing.

From IE

Tools > Manage Add Ons > Enable or Disable Add Ons

Find AVG Safe Search

Disable

Done.

Linkscanner is a bit pointless though, AVG seems to be doing a Norton. Same with everything, as soon as something gets more popular, and they start making more money, they get more staff, and start doing development that just doesn't need to be done. Looks like it might be time to try and find a new small AV program.

I looked at clamAV, but the site seemed to imply it was just an email scanner for UNIX..? I take it from previous comments it's not just for UNIX, but does it offer proper system protection, or just scan emails?

Even more traffic today!

Just noticed while checking my server logs to see if I'd had the new strings hit yet that there are 4 versions of the string (the 2 listed already, plus the same with User-Agent: prepended which looks like an error in the LinkScanner code as it appears to be sending User-Agent: User-Agent: .... ), and on top of that it seems to now be hitting my site 4 times per Google result - first a HEAD request for the link Google shows, then a GET for the same URL, then a HEAD for the index page for the site, then a GET for the index page. It looks as though these HEAD requests could be the result of caching being added to another new version - but given that my site uses dynamic pages, as do many others, the HEAD is always going to result in LinkScanner then going to have to retrieve the page anyway.

While this additional data is nominal, the traffic that we're seeing on the Google search results (it's actually links from Google Products appearing at the top of the search results page, so it's easy for us to track as the links are specific to Google Products) is about 15 times was it was a month ago.

Luckily listing products on Google Products is free at the moment - however, there are companies that will list products in Google Products as well as other shopping sites on a CPC rate. I pity anyone who is paying a CPC rate for Google Products listings right now ...

Count me in for a lawsuit

We are seeing a doubling of traffic on some sites caused by linkscanner. Count me in for a lawsuit.

Sounds mostly good to me

Not the right product for knowledgeable users like elReg readers obviously.

Ideal for granny. (as I cant get her off M$ )

It's illegal, plain and simple

AVG's product is a robot, plain and simple, and it's violating the law by ignoring robots.txt.

What is a robot? It's a program that automatically follows links within a web site, without a user specifically directing it to do so. The fact that AVG's robot is distributed to the user's computer is irrelevant. The fact that AVG's robot doesn't cache its results in a central database is irrelevant. It's still a robot, and therefore it *must* obey the robots.txt file.

This has been well established in courts. Most sites have terms-of-use pages, and these TOS pages have been held valid by courts everywhere. In addition, "industry standard practices" are also valid in court, and robots.txt is one of the best examples of a widely-recognized industry standard. So AVG is screwed from two directions: TOS and robots.txt.

If I were AOL, Yahoo, Google, Amazon, or any big site with a legal staff, I'd nail these guys to the wall, and set a precedent. It would be a great service to the world.

@Roger Thompson & Alan W. Rateliff, II

@AWR,II - "I am disappointed by the number of knee-jerk folk out there who will abandon a brand or product at the drop of a hat. But then, having worked in retail for over a decade, I recognize that those folks are everywhere and their opinions will change with the phases of the moon. Now, that does not mean their opinions carry any less validity, it just means that they are more harshly critical, more quick to react, tend to be less forgiving, sometimes less positively communicative, and often more outspoken than others." - AWR, II

Ok you seem to be missing the point. Let's draw a diagram - you being a sales guy know all about those - without images so we don't lose AWR, II in his zealous support of what he sells:

1. Symantec is bloatware - for example (well a true example but an example nonetheless)

2. Many people switched from Symantec to AVG (I personally switched to BitDefender and VERY glad i did, thank you filter :p) to avoid just that type of problem

3. Users are finding searches, etc. acting up and affecting their speed - to many if it looks like bloat, it must be bloat

4. Reactions occur, much to an AVG RESELLER'S dismay

This negative press will continue and will mvoe forward while those of us non-important techies (by your esteem) who JUST HAPPEN TO BE THE ONES EVERYONE CALLS FOR HELP continue recommending our friends, families, and customers AWAY from AVG.

Yup, this is mob mentality time - and even those of us who aren't webheads understand the unfair situation some of our fellow techs are in with the b/w, crawl, etc. and sympathize. No way in heck will I promote yet another screwed up program "just because". Bad enough I have to push M$ because of the dominance, user interaction, etc. but I sure as heck am not going to push this crap on people.

Oh for those of you interested (you probably already know this) - GASP! BITDEFENDER DOES A BETTER FREAKIN' JOB THAN AVG WITHOUT CAUSING THE SAME PROBLEMS!

Good-bye AVG.

@RT: The egg comment was simply uncalled for and COMPLETELY unprofessional. This functionality didn't play well to the crowd and I can imagine the joy-joy reaction it's having for your company, investors, etc. This non-important techie WILL BE TAKING OVER 400+ PEOPLE OFF AVG in reaction to this crap PLUS The OFFICIAL "break a few eggs" statement AND your friendly neighborhood reseller up there. Reality check: the same businesses that are buying your product are also getting hit with higher BW costs BECAUSE of your product. AVG and its bottom line go straight to the trash can. The eggs YOU so quickly dismissed as collateral damage are real bottom lines for companies. I will be quoting you sir, and your reseller anytime I am asked about your software.

Congratulations on tanking your investors! Give them a big hug and a cigar from us here in the real world?

AVG's omelet is scrambled

Who knows what has happened to AVG? I updated to version 8 in mid-May and had the linkscanner operative for safety's sake when the kids and Mama use the computer. I noticed a few stutters but it seemed a good feature. Whoops! Noticed yesterday ( July 2 ) that last update and scan had taken place on June 28, a 3-day gap - I was remiss in my usual daily check. Couldn't get update to work correctly, couldn't reset automatic update as it had been - tried to find out more at AVG's site, couldn't get registered to post in Free forum, read through lots of postings there with similar problems going back to about the date of this article. It seemed the fix was to download new install file released July 2 and tick off "Repair" but servers bogged down greatly ( 2-5kbs! ) - FORGET IT! Uninstalled AVG this morning and put Avira AntiVir in it's place. Someone put a wrench in the works and AVG did not respond quickly enough or well enough to satisfy this user - over 3 days with questionable protection was more worry than I wanted to deal with especially considering this holiday weekend - we all know that's when some attacks are staged. Oh, well, whoever hit 'em, hit 'em hard.