AVG Backs Down From Flooding the Internet 297
Simon Wright writes "As a website that is featured heavily in many Google Australia search results, Whirlpool (Australia's largest technology forum) has been particularly affected by AVG's LinkScanner. We've seen a traffic increase as much as 12 hits per second from these bots. So we've actively and loudly campaigned against this move by AVG, encouraging all users of AVG 8.0 to uninstall the product. The discussion starts here. And AVG's backing down is posted here."
From that URL:"'As promised, I am letting you know that the latest update for AVG Free edition has addressed and rectified the issue that [Whirlpool] have brought to our attention. This update has now been released to users and has also been built into the latest installation package for AVG Free.' — Peter Cameron, Managing Director, AVG Australia."
So is AVG still a good AV prog? (Score:4, Informative)
I use AVG... and was watching this.
I'm sure they thought it was a good idea, and sometimes good companies make bad moves.... I got AVG because leo laporte reccomended it, and dammit, i like leo.
But things change over time... is AVG still a good free AVG prog? And I dont mean just because of this controversy, they made good on it and responded. I mean the long haul.
Re:Are you sure? (Score:5, Informative)
See: http://forums.whirlpool.net.au/forum-replies.cfm?t=1007329&p=13#r256
The fix has been independently tested.
Cheers WTW
Re:Way to go! (Score:5, Informative)
Simon has state that the server normally deals with 50 queries / second.
So 12 more / second is quite a bit of load.
Cheers WTW
Re:So is AVG still a good AV prog? (Score:5, Informative)
Re:So is AVG still a good AV prog? (Score:5, Informative)
I recently gave up on AVG. It was a nice free option until this version 8. Surely, Grisoft knew this was a big problem for a long time. They're not the only people who thought this approach of extra verification would be a good idea. MCAfee did it, Opera (I think) just linked up with one of the Microsoft spawns that tests everything and drags web use to a crawl. It's as poor an idea as "background" disk defragging which does nothing other than work the drives because it's not possible to sort a drive which is in flux.
Avast! is frequently recommended as a free anti-virus. BUT...do some research and you'll see it's not that great at catching known junk. ESET does test very well but you only get 30 days of free use. Avir's free version does seem to offer full integration (in-line scanning, auto updates, etc.) which I don't remember being there a few years ago when freeware scanners only worked on-demand. http://www.free-av.com/ [free-av.com] It tests very well, actually, better than AVG and Avast!
In their defense, if I remember correctly, AVG DID offer free fully integrated inline scanning first with a decent catch rate. Why did it take them so long to comprehend version 8 was a hog and would generate so much anger and resentment? Who knows. Maybe their time has past just line PKZip...
Re:So is AVG still a good AV prog? (Score:5, Informative)
The and Update system in AVG 8.0 is vastly improved.
I was using Avast and and installed it for several family members only to have one of them get a HORRID spyware infection.
Interestingly AVAST did not detect it at all, Spybot and Ad-aware could not completely remove it, but after installing AVG 8.0 it cleaned everything up.
After checking several reviews it seems AVG 8.0 has one of the best Virus and Spyware detection rates among current products.
Re:So is AVG still a good AV prog? (Score:5, Informative)
This is about the same amount of protection as pulling out is a form of birth control.
Are you telling me:
1. You never open links in search results to sites you have never been to?
- If you are running windows using Firefox or IE there have been many cases of 0 day exploits
2. Do you not use any USB storage devices?
- Just this Christmas I purchases a digital photo frame for a family member that had built in storage. low and behold when I went to preload it with photos it was already infected with a virus that was set to use auto play to install.
3. You 100% trust EVERY thing your friends or family send you? Document infections are still somewhat common. I suppose using Open office would get you around macro infections but you also might not be able to open company documents then.
I would also imagine that ANYONE who is on slashdot and manages security also believes in the layered approach. Inbound only filtering from your firewall and using your gut to know what is safe or not is an easy one to work around.. Well unless you are a hermit that never gets any email.
Re:Way to go! (Score:3, Informative)
Well, I'm not sure how efficient Coldfusion is for handling large web forums, and how fast their database back-end is (16 million posts), but if each request takes 0.1 second of CPU time, it means it's enough traffic to keep a whole extra server busy. Approaching it differently: there are typically about 1000 users online, which open maybe one page per minute each. That means about 20 page requests per second during normal usage. Someone else mentioned 50 requests per second, but it's not clear whether that includes static content (images, CSS, javascript), while AVG only requests web pages. Database/script-driven pages take much more server resources than static content.
ZXTM TrafficScript rule: (Score:4, Informative)
Users of Zeus Technology's ZXTM could use the following TrafficScript rule to protect themselves from AVG's DDoS attacks:
if( http.getHeader("Accept-Encoding") == "" &&
http.getHeader("Referer") == "" )
{
$ua = http.getHeader("User-Agent");
if( $ua == "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"||
$ua == "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)"||
$ua == "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"||
$ua == "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)" )
{
connection.discard();
}
}
Too late for me, but damn, it's hard to get rid of (Score:3, Informative)
Re:Way to go! (Score:5, Informative)
The single web server that powers Whirlpool is typically handling 30 to 40 non-cached template requests per second. We've got over 15 gigabytes worth of user posts online, and receive hundreds of referrals from Google every minute.
Given that it's running on a 4-year-old web server (in tandem with another 4-year-old MySQL box), I think ColdFusion is doing pretty well for itself.
Cheers
Simon Wright
Re:LinkScanner was unnecessary in the first place (Score:1, Informative)
I was under the impression that the linkscanner only checked the links in search results, so those AVG8 users shouldn't have downloaded the link unless they clicked on it.
Re:So is AVG still a good AV prog? (Score:3, Informative)
Manual reregistration is once a year, which is a pain in the neck. If you can handle that it's OK. Oh and you have to disable the sound otherwise it screams 'VIRUS DATABASE HAS BEEN UPDATED!!' at full volume about twice a day (I *really* wish they'd give an option to just switch that off and leave the other sounds on).
Re:Another good reason is... (Score:2, Informative)
Re:So is AVG still a good AV prog? (Score:2, Informative)
There are solutions for each one of those circumstances:
1. You never open links in search results to sites you have never been to? - If you are running windows using Firefox or IE there have been many cases of 0 day exploits
Run your browser with lower privileges (even if you are a not an administrator, which by itself thwarts most of the virus, which expect otherwise, run it with a constrained token). See http://blogs.msdn.com/nigelwa/archive/2005/07/29/445155.aspx [msdn.com]. Additionally, IE7 protected mode under Vista has an excellent record.
2. Do you not use any USB storage devices? - Just this Christmas I purchases a digital photo frame for a family member that had built in storage. low and behold when I went to preload it with photos it was already infected with a virus that was set to use auto play to install.
This one is straight-forward: just deactivate auto-run.
3. You 100% trust EVERY thing your friends or family send you? Document infections are still somewhat common. I suppose using Open office would get you around macro infections but you also might not be able to open company documents then.
This may be a bit more problematic, but macros are usually not set to be run by default. If you are paranoid, you can always run Office apps with less privileges.
Re:So is AVG still a good AV prog? (Score:2, Informative)
1. Use NoScript
2. Disable autoplay
3. Run anything you don't 100% trust in a VM without network access
Re:So is AVG still a good AV prog? (Score:4, Informative)
I don't browse (usually) for pr0n or for cracks, so I don't worry.
What about those cracks into the high profile web servers that deposit malware? You have to trust every webmaster out there to have properly secured their systems.
Re:So is AVG still a good AV prog? (Score:5, Informative)
How about:
"Program Settings"->Sounds->Settings...
Then scroll to the "Automatic VPS Update" event and pick the "(None)" sound.
Moon Secure AV (FOSS) (Score:4, Informative)
This is what I'm switching to:
http://www.moonsecure.com/ [moonsecure.com]
Re:I certainly won't be looking (Score:5, Informative)
Re:Way to go! (Score:5, Informative)
That's 40 requests per second to the web server, not the database. Actually, this custom-built application is quite efficient, because that only translates to around 50-70 queries per second.
MySQL isn't the bottleneck. It's simply running on hardware that's not even a quarter as powerful as it should be if it were commercially operated. And that's before we take into account failover resources or future proofing.
I've seen cases of PHPBB and vB installations, with better hardware than us, unable to handle even a tenth the load we get.
40 requests per second is not a small load for a single website. Whirlpool gets around 1.5 to 2 million non-spider page views per day, plus and additional half million spider hits.
PostgreSQL and Firebird are certainly more comprehensive database stacks, but I'm quite sure they wouldn't match MySQL for efficiency when dealing with these relatively uncomplicated queries. Even if they could provide a nominal improvement, the effort involved in porting the databases and every query in this custom application would be extreme overkill.
Cheers
Simon Wright
Re:Whirlpool and WebCentral (Score:5, Informative)
As the owner of Whirlpool, please moderate the parent as uninformed.
While I'm not in a position to provide an unbiased opinion of WebCentral, they do cater to a very important market -- people who need a premium quality service. If my experience with the $0 service they provide Whirlpool is any indication, WebCentral are not just technically excellent, their support system is outstanding and reactive. I can only imagine how much better they treat the customers who pay them.
Just because you only want the bargain service, doesn't mean everyone does.
And the only reason Whirlpool isn't blazing fast, is because we're running with a bunch of WebCentral's spare hardware. We're a community service, not a business.
Cheers
Simon Wright
Re:Too late for me, but damn, it's hard to get rid (Score:3, Informative)
Re:I certainly won't be looking (Score:1, Informative)
For those of us using Win2K until it's pried out of our cold, dead CPUs, not a choice. Comodo BSODs on Win2K.
Funny, it didn't BSOD for me. I ran it on a W2K machine for 3-4 months and never had a BSOD (due to Comodo or any other reason either... FWIW I also use Comodo Personal Firewall). I switched to another AV (BitDefender) because I'm rotating through the free AVs trying them out (currently using BitDefender and AVira on different W2K machines, and AVG on an XP machine), and because I got nailed with virtumonde while using it. (Which is not to say it couldn't have happened using another AV, especially since vm is classified as spyware.)
So I'd respectfully suggest that the problem? incompatibility? you experienced was just a little more complicated than "W2K".
Posting AC because I've moderated,
number11
Re:So is AVG still a good AV prog? (Score:5, Informative)
Well, yes but.. (you've seen the complaints).
Other decent free ones are:
Avast [avast.com] is popular.
AVira [avira.com] seems good, you get one popup ad per update.
Comodo [comodo.com] permits business use.
BitDefender [bitdefender.com] has a free version.
I'm not including ClamAV because it's just a scanner, no realtime protection.
Posting AC because I've moderated,
number11
Re:So is AVG still a good AV prog? (Score:3, Informative)
disable exec for avnotify.exe to disable the avira popups
Instructions for all versions of Windows (including W2K) at:
http://www.dslreports.com/forum/r20463169-Avira-AntiVir-Personal-Free-Antivirus [dslreports.com]
Posting AC because I've moderated,
number11
Re:Good Stuff! (Score:2, Informative)
Version 8 of their product is the most bloated thing I've seen in ages.
Yeah utilizing 50MB of my 2GB system memory is an affront to all that I hold dear. A free program that has the audacity to work and has shown a consistent track record of reliability and performance! I'm writing my congressman asap.
Bandwidth impact (Score:3, Informative)
Accessing every webpage you see a link to multiplies the bandwidth you use by at least an order of magnitude.
On the other hand on today's modern web, the HTML page only accounts for a small fraction of all the content that is fetched from a webserver. The bulk of what your browser downloads is all the various other flashy shiny and blinking stuff that are added to "enhance" your browsing experience. You know, all these "punch the monkey" flash crapplets.
AVG scanner doesn't download them, only the main HTML page and associated scripts (i.e.: where dangerous code could actually be hidden). Not even the CSS associate with those pages.
If you want to actually improve your browsing experience and have better use of your bandwith install some tools to kill all this useless flash (adblock+, flashblock or noscript). Your firefox will also gain stability with the same move.
Re:Good Stuff! (Score:1, Informative)
I'm not sure exactly what program (or version) you think you're providing instructions for, but it doesn't seem to be AVG 8.
Re:I certainly won't be looking (Score:3, Informative)
I gave up on AVG about a year ago when they began nagging me endlessly. For a while AOL offered a free version of Kaspersky that was pretty nice, but they have since pulled it and replaced it with McAfee. After that expired, I gave up on all the free AV packages. I tested a couple of them (including AVG) and they were all too bloaty, too naggy, or too crippled. I eventually decided that the money wasn't worth my time and frustration, and paid for ESET NOD32. It's a heck of a lot cheaper than a new machine, it's as fast as anything I've ever used, and it does an excellent job at staying the hell out of your way. Sure it would have been nice to have something free, but when it comes down to it, I'm completely happy with it, and in my opinion it's probably worth $40 more in terms of convenience and saved frustrations than any AV product I've ever used, free or commercial. (Barring the free AOL/Kaspersky that is no longer available- I can't tell you how irritated I was when I found out that AOL had dumped it for that POS McAfee.)
Re:Good Stuff! (Score:2, Informative)
http://avast.com/eng/avast_4_home.html [avast.com]
been working great for me
Re:Are you sure? (Score:3, Informative)
Right click on your AVG icon and click on "Open AVG User Interface". Right click on Linkscanner in Overview and click Open. Uncheck "Enable AVG Search-Shield (need web browser restart)". (You do not have to restart your browser to disable it.)
Now click on Overview on the left to go back to the Overview screen. Right click on Linkscanner and select "Ignore component State". It's shut off and AVG won't whine at you for turning it off.
Re:Moon Secure AV (FOSS) (Score:3, Informative)
Agreed - I'll second the recommendation for Moon Secure. Moon Secure is Free/Open Source and uses the same signature database as ClamAV, which for the user means that it is the most frequently updated signature database available. :)
I've been using it for a couple of months now, and so far so good. The only "problem" with it is they have not implemented a way to disable realtime scanning (necessary for some Microsoft Live games, such as Viva Pinata) so you need to use the services control panel (or a batch file) to disable the realtime scanning engine.
It is the least bloated antivirus package out there. In fact I don't think it even integrates with email clients - you need to download ClamWin for that.
Re:Good Stuff! (Score:3, Informative)
Work computers ? You do know that Avira is free only for personal use, right ? :-)
(The banners are indeed annoying, but I am assuming that they are not present in the paid-for version, and that is the only one that you can install on work computers)