This is not a stunt but I think this is worth a read as members are being recommended to dump AVG 8 for Avast.
The old LinkScanner problem… thanks for reporting again.
A bad step of Grisoft… Move to Finjan, Scandoo, SiteAdvisor… and, of course, avast
Thanks for the advice.
AVG will be removed today before I get hit with the Ver 8 update.
Hi…
Wow! :o
I didn’t realize Linkscanner was having that kind of effect. : Although from what I’ve heard, the new service pack is supposed to fix some of the problems…
http://www.lockergnome.com/blade/2008/07/04/avg-8-has-released-sp1-for-download/
I don’t know if it addresses the issues with Linkscanner. Also, AVG 7.5 is supposed to be supported up to 12-31-08, so those who liked 7.5 won’t have to upgrade too soon…hopefully. :-\
Best Regards…
QUOTE from Lloyd Borrett today 10:17am AEST
G’day,
We’ve received the following communication from AVG Technologies HQ about the LinkScanner concerns expressed here on Whirlpool and elsewhere.
AVG has recently been made aware of the increased web traffic that the new Search-Shield component of our AVG Anti-Virus Free Edition 8.0 product is causing in an attempt to notify users about infected websites. We have actively listened to the web masters who have brought this to our attention, and as a company we have reacted quickly to solve them.
In working with the web master community, AVG has responded immediately and on Tuesday, July 9th, AVG will issue a product modification to address the spikes that a few individuals have seen with their web traffic.
We have modified the Search-Shield component of the product to only notify users of malicious sites. Search-Shield no longer scans each search result online for new exploits, which was causing the spikes that web masters addressed with us. However, it is important to note that AVG still offers full protection against potential exploits through the Active Surf-Shield component of our product, which checks every page for malicious content as it is visited, but before it is opened.
We’d like to thank our web community for bringing these challenges to our attention, as building community trust and protecting all of our users is critical to us.
AVG’s primary concern is protecting our customers. In order to do this, we have actively provided our customers with cutting edge technology. There are 20,000 to 30,000 unique pieces of malware being submitted to anti-virus labs around the world each day, and the vast majority of these will be delivered via web based exploit and social engineering tricks from hacked and rogue websites.
Nearly all of these pieces of malware are designed to steal financial and personal information from victims. In order to protect our customers, and the world in general, we released technology in our free product that is designed to discover and block these sites. As a result of this, we included real-time, dynamic scanning in our free product that we recently released to customers.
Because of the unique nature of our technology – we scan web links before our customers open them to ensure they are safe – we anticipated that we would see a spike in the number of sites that were analysed, however, we underestimated the popularity of our product and the resulting number of verdicts that came back to us. As a result, we did not anticipate seeing the volumes we have seen in two months for another 24-36 months.
Today we are rendering over 1 billion verdicts per week that result in the identification of 1 infected URL per 43 searches which equates to rendering a red verdict to 1 in every nine 9 users. While this has affected web traffic analysis and marketing analytics on a handful of sites, we are dedicated to protecting our users with the best technology on the market today while at the same time not being disruptive.
###ENDS###
We will be doing our very best to keep you all fully informed about any specifics of the roll out of the modifications as we learn more.
Best Regards, Lloyd Borrett
Marketing Manager, AVG (AU/NZ)
I must say I’d like to know what exactly that means
Search-Shield no longer scans each search result online for new exploits.Good point Igor. How can it knows [i]before[/i] scanning? A black list? ???
I think it means that it no longer scans all 10-20 links on a search results page, but only any link that is actually clicked.
When? When the user already clicked it? ???
i tried AVG on one of my computers and it installed the safe search in my firefox 3 without asking me or saying it was going too…so guess what…was just trying out AVG and guess what’s back on that computer : ???
and why do i need it-when there is WOT and Finjan in the first place
click pic to enlarge-avg is 2nd down :o
Yeah, the scanner intercepts the click and does a crafty scan before the page is loaded.
before the page is loaded.
Better late than never ;D
was just trying out AVG and guess what's back on that computerAlso know as a temporary lapse of memory..... Nice to see you got your memory and avast! back on your system... ;D ;D
Erm, so, it basically turns the LinkScanner into a HTTP scanner with limited functionality (i.e. without stream scanning, and only on websearch results)?
Don’t ask me, I don’t work for AVG!
Erm, so, it basically turns the LinkScanner into a HTTP scanner with limited functionality (i.e. without stream scanning, and only on websearch results)?
That might be good for advertising hype but sure doesn’t do much towards protection. ??? ???
At least it saves websites thinking they have six quadrazillion hexabillion new visitors when it’s really just AVG ringing the bell.
I should note that I really have no idea what changes were made (if any, actually) - I’m just speculating according to the descriptions posted in this thread.
Personally, I don’t think the LinkScanner idea can be fixed anyhow - either it works (protection wise), but then it simultaneously floods the Internet, destroys statistics, and wastes bandwidth - or the mentioned problems are solved somehow, but then it just can’t work (or can be easily bypassed). Only my opinion though.
I think we’re all just going on what is dodgily eluctable logically deductable.
Hasn’t it just become like Webshield now, except that Linkscanner reports back to AVG any links that are bad so that if those links turn up in future searches, AVG users will see a warning without any scanning going on?
That’s my best guess.
UPDATE
AVG have released a new SP1 to stop Link scanner interogating all the search results such as on a Google page.
Now there appears to be a similar problem in FIREFOX 3 !!
QUOTE [Thanks to Sirikan: http://forums.whirlpool.net.au/forum-replies.cfm?t=1007329&p=13#r256 ]
Ok round 2…sorry for the long post.
This time I made the most of the mistake I made the first time and tested the old version, the new version and also a install without AVG on there at all.
Ok the Environment I was using:
Vmware Workstation 6:
Fresh copy of windows xp sp2 (x86)
Logged in as a local admin account
Installed Firefox 2.0.0.15 – Default options selected during install
Installed wireshark 1.0.1 – Default options selected during install
First time around I loaded:
Installed AVG from avg_free_stf_all_8_100a1323.exe which was downloaded from avg web site – Default options selected during install and allowed update agent to run.
Second time around I loaded:
Installed AVG from avg_free_stf_en_8_138a1332.exe which was downloaded from avg server directly – Default options selected during install and allowed update agent to run.
Tests conducted:
Internet Explorer 6.0 and Firefox:
Google Search for “AVG” (use their bandwidth)
Google Search for “AVG” Right after first test
Google Search for “Whirlpool”
Google Search for “Whirlpool” right after first test.
Google Search for “Microsoft”
Google Search for “Microsoft” right after first test.
Close and open IE.
Repeat above tests.
What was found:
Well the results found from this test are allot more positive then the first round. To give you an idea of the magnitude of improvement the log file for before the upgrade on Firefox is 858 KiB and after the upgrade it is now only 18.5 KiB (which remember contains the entries for Firefox searching google itself).
As for sending requests to every page in a google search result I have found that AVG now doesn’t send any request to web pages, it appears to just rely on information it retrieves from dns requests.
The one thing I did find strange though was the Firefox tests do create a TCP connection with some of the pages in the search results which I thought was originally caused by AVG but I couldn’t see the traffic in IE6 tests. So I also included a test without AVG installed on the system at all (not uninstalled I rolled back to a clean install of windows using vmware snapshot) and I can confirm the traffic is in fact there. Meaning the traffic is caused by Firefox not AVG.
Recommendations:
If you are an AVG user upgrade to the latest version as soon as possible. Not only will it speed your browsing experience up it will reduce the load on web pages.
Well done AVG and sorry for jumping the gun with my inital test on the wrong version.
Wireshark logs for whirlpool google search only:
http://www.sirikan.net/download/AVG_Wireshark.zip
Wireshark (tool needed to view them):
http://www.wireshark.org/ (opensource)
AVG older version:
WP_Firefox_AVG_8_100a1323.pcap
WP_IE6_AVG_8_100a1323.pcap
AVG New Version:
WP_Firefox_AVG_8_138a1332.pcap
WP_IE6_AVG_8_138a1332.pcap
No AVG Installation:
WP_Firefox_No_AVG.pcap
WP_IE6_No_AVG.pcap