AVG Backs Down From Flooding the Internet 297
Simon Wright writes "As a website that is featured heavily in many Google Australia search results, Whirlpool (Australia's largest technology forum) has been particularly affected by AVG's LinkScanner. We've seen a traffic increase as much as 12 hits per second from these bots. So we've actively and loudly campaigned against this move by AVG, encouraging all users of AVG 8.0 to uninstall the product. The discussion starts here. And AVG's backing down is posted here."
From that URL:"'As promised, I am letting you know that the latest update for AVG Free edition has addressed and rectified the issue that [Whirlpool] have brought to our attention. This update has now been released to users and has also been built into the latest installation package for AVG Free.' — Peter Cameron, Managing Director, AVG Australia."
Good Stuff! (Score:5, Insightful)
I was looking at alternatives to AVG because of this. Good to know I don't have to keep looking.
Re:Good Stuff! (Score:5, Insightful)
Maybe you should keep looking. A company in the business that AVG is in should have seen this coming, what makes you think more of the same "quality" is not in the future? It shows a serious lack of foresight for a company that should have top-drawer management and programmers considering their business. Frankly, this kind of crap reflects badly on what consumers should assume for the quality of their product.
Way to go! (Score:5, Insightful)
Anyway, the statement that "We've seen a traffic increase as much as 12 hits per second" is meaningless without knowing the overall traffic levels - for example, is +12/sec an increase of 100%, or an increase of 1%?. It's referred to as a "significant drain" on resources, but quoting one number without the other is pointless.
Re:Good Stuff! (Score:4, Insightful)
You might want to keep looking. Companies that do this kind of thing once don't usually stop at 1.
I've uninstalled AVG Free after using it for years (Score:4, Insightful)
I followed instructions as posted recently here to remove LinkScanner: this resulted in a re-install of AVG (without LinkScanner). The first update this re-install wanted was LinkScanner plus plugins, there was no way I could cancel and just get virus definitions, no point in continuing.
I have installed Clam. Now I can scan what I want when I want.
Re:So is AVG still a good AV prog? (Score:4, Insightful)
Actually, let me clarify that statement. You might need AV software if you are a very uninformed user who likes to open email attachments from unknown people or download lots of useless software from questionable sources. However, if that person I described is not you, then you do not need AV software, and it is just taking system (and apparently network) resources.
The reason you don't need AV software is because there are only two ways to get virus on your computer: 1) Network-related software you use is exploited. 2) You willingly (although accidentally) run the bad software yourself. Yes, I'm simplifying things, but it is hardly any more complicated than this. Since you are an informed user, you have learned not to run bad software, so #2 doesn't apply to you; and since you patch your system regularly (right?), #1 is very unlikely.
However, there may be a tiny window between the time that an exploit is found and the patch being made available where you could potentially be vulnerable. Theoretically, AV software can 'protect' you in this scenario since virus definitions are made available sooner than patches. The solution here is, again, to be an informed user. If a piece of software you use becomes vulnerable to a new exploit, you should know about it and take the necessary precautions yourself during the time before a patch is released, in order to protect your system. This will protect you much better than any AV software will, and it's not difficult since there are not many pieces of software which could even be exploited (the main ones are your browser and other internet-related apps).
Now, I'm a user and developer of Mac OS X, Linux, BSD, and Windows. I have been running Vista for almost a year without a hitch by being an informed user. Actually, I also usually install patches long after they are available because I turned off the automatic download/install feature (I like to know what's using my internet connection), and for some reason it doesn't even notify me of the availability of patches so I often forget. Nevertheless, I've never been compromised mainly because I don't run questionable software or read unknown emails, and the security of the software (and patches) has been good enough.
In my opinion, AV software is a scam. It might be useful for grandmas and other clueless users who open email attachments indiscriminately, but I cannot see how anyone informed enough to be on
Re:Good Stuff! (Score:5, Insightful)
I was looking at alternatives to AVG because of this. Good to know I don't have to keep looking.
If you have a look at the Whirlpool page, you'll see that every page in the forum is headed by an orange banner, that not only references the AVG problem and suggests users uninstall the software, but also recommends and has direct links to "superior alternatives" such as Avast and Avira.
I can't think of a better way to quickly change a company's mind than this sort of strategy :)
Re:So is AVG still a good AV prog? (Score:4, Insightful)
You have a point, but I received an infected Word file from a customer just a couple years ago.
When the contract is a few million bucks, you suck it up and run AV and don't tell them how to run their business.
Re:So is AVG still a good AV prog? (Score:3, Insightful)
I'm not sure why this guy is moderated flamebait, because he certainly has a point. I guess I'm the kind of user he describes, and how many viruses have I seen in the last 8 or so years? Zero. That's right, none.
And is this because I don't bother to check? Hardly: I'm running Zone Alarm, SpyBot S&D, and Avira, and I make backups (to USB disk). I even rotate those backup disks to an off-site location (my parents house!). I have all my patches up to date. I watch the lights on my ADSL modem for activity at times when I'm not doing anything, and if the HD spins up while I'm not doing anything I investigate why.
I'm not saying that I'm invulnerable, that would just be silly, but I've taken all the usual precautions and a few that most people don't bother with, and I've NEVER seen anything unusual.
So what's the difference with people who do get infected? Well, I readily admit that some of it is random luck, because I don't shy away from downloading "trialware" (you know, from http://www.thetrialwarebay.org/ [thetrialwarebay.org] pr0n, and TV shows. So there are plenty of potential infection vectors.
However, I don't give permission to suspicious websites to download anything I didn't request first. I run spam, popup, ad, and flash blockers mostly to stop the annoying barrage of color and sound that makes up much of the web these days, and if something makes it through that shield: I don't want any shitty cursors (the system default works for me) or dancing girls on my desktop, and I NEVER run any "funny" exes. I'm sure I missed out on a lot of entertainment over the years that way. And I've set Zone Alarm to a "shoot first, ask questions later" policy - ET will not be phoning home from my machine.
So, why not run entirely without anti-virus? It doesn't seem to be doing anything much for me anyway. Sure, it will increase the risk of me missing a potential infection - but that risk is not zero in the current situation anyway, as there might always be a virus out there that is too new to be detected by Avira anyway.
So, what if LinkScanners scan engine... (Score:5, Insightful)
A programm that fetches each and every link it comes across *can't* be a very good idea. Certainly a feature invented by people without a security mindset [schneier.com]?
Re:Are you sure? (Score:3, Insightful)
One could always just turn the link scanner off. It requires the clicking of a button, if thats not to hard?
Comment removed (Score:5, Insightful)
"brought to our attention", yeah, sure... (Score:3, Insightful)
Goddamned sales-speak, full of lies and deception, as always. There was no "issue" to "addres and rectify" after being "brought to attention". Of course they knew it would work like that, they desgined it to. They just thought they would get away with it. The world would be a better place if it were to be criminal to tell such cattledung as an official statement.
Re:Are you sure? (Score:5, Insightful)
The problem is that the link scanning featured caused a great deal of traffic to sites - even sites that consumers did not visit. That's not cool.
They will be back. (Score:4, Insightful)
Re:Good Stuff! (Score:5, Insightful)
There are (or at least there were) other motives to dump AVG.
1) I installed it - just once, long ago, and threw it out of the window as soon as I found out that it was adding a spam footer advertizing itself in each e-mail I sent. Didn't even try to find if that could be turned off: garbage belongs in the garbage bin, not on my PC, and certainly not in my outgoing mails without my knowledge.
Don't know if they're still doing it, or if it's still on by default, and I'm not interested in finding out either.
2) Visit the forum TFA links to, find the post by the guy who upgraded to Avast and immediately discovered a pile of bad stuff on his system that AVG had apparently missed. Instead of scanning sites you don't visit, it sounds like they'd better start doing something about the quality of the scan on those you DO visit.
I'm sure #2 hasn't always been as bad as it sounds here. But protection is a process, not a goal, and it smells like they're lagging a bit behind right now.
I certainly won't be looking (Score:5, Insightful)
. A company in the business that AVG is in should have seen this coming, what makes you think more of the same "quality" is not in the future?
No, I certainly won't be looking. There are just a handful of companies which *listen* to its customers. There fewer that listen to the users of their product which use it for free.
AVG shown that at least they do listen to their users, and are likely to rectify when they screw up. Similar to what happened with Netflix.
A bad company is not one which makes wrong choices, we all make wrong choices. But when the company is not able to acknowledge their errors and rectify, is when you should start looking for someone else to make business with.
I use AVG Free and recommend it to all the people who come to ask me for an Antivirus. The truth (in my opinion) is that such a thing should be provided with Microsoft Windows for free, after all it is the fault of their crappy Operating System that the computers get all infected.
Comment removed (Score:3, Insightful)
Re:Good Stuff! (Score:5, Insightful)
AVG took a serious wrong turn somewhere. It used to be a no-questions-asked-use-me-please virus scanner of the highest quality. I used to recommend it to everyone. I used to start fixing my friends' computers by uninstalling the bloated virus scanners they had and installing AVG.
Now they've gone corporate (for lack of a better term).
Anyone know of an alternative to fill the role?
Re:Are you sure? (Score:4, Insightful)
It would be quite convenient if one could just piss in any doorway when the need arose. We don't do it (most of us) because it is antisocial.
Accessing every webpage you see a link to multiplies the bandwidth you use by at least an order of magnitude.
Re:Are you sure? (Score:5, Insightful)
Re:Are you sure? (Score:5, Insightful)
Because the idea itself is flawed. Normally you visit only a minuscle part of the links your browser shows you. LinkScanner follows all of those links even when you never planned to visit them.
AVG 8.0 (Score:4, Insightful)
I actually bought AVG 8.0 (been using the free edition for years and felt guilty), then immediately uninstalled it.
The problem? Crashing my machine left and right. I could reliably crash winamp by opening small files, and other programs acted very very oddly.
Uninstalled, and the problems went away.
Re:Are you sure? (Score:5, Insightful)
It could be a lot more than tenfold.
For example, the first link in Google for "wine" is for a program that lets you run windows software in other operating systems, and no 3 is the wikipedia entry about it. The rest of the links are about alcoholic drinks.
Most people outside of slashdot are going to be interested in the alcoholic drink links, but if they have AVG installed, they will be "visiting" winehq.org as well, even though they probably already have windows and the wine program will be completely useless for them.
Re:Are you sure? (Score:5, Insightful)
Aside from the problem with increased traffic for webmasters to deal with, if someone had found an exploit for AVG, many systems might have been compromised without the user actively visiting the exploiting sites, making it worse in some ways than an iframe-based exploit. If all it effectively takes is for a link to appear in the page, that adds danger to what was just inconsiderate behavior.
Re:So is AVG still a good AV prog? (Score:3, Insightful)
OK, so the operating system won't be hosed, but all his user data will be? That doesn't sound too helpful, given that the operating system can be trivially recreated; all of the data in "My Documents/Pictures/Crap" is still accessible (deletable) to a virus that runs as said limited user.
AVG 8 SUCKS anyway! (Score:3, Insightful)
Re:Bandwidth impact (Score:3, Insightful)
I look forward to the day where adblock, flashblock and noscript are standard features in a browser.
Have to be careful on #2 (Score:3, Insightful)
Many virus scanners, including AVG, are a little over zealous. They report some things as bad that aren't. Ones that commonly get flagged are trainers for video games. Reason is they do things like monitor the keyboard and hook in to other processes. However they are doing it to let people cheat in games, not for nefarious purposes. However you'll find that some virus scanners get all worked up about them, while others don't.
Just because you switch scanners and the new one goes off, doesn't mean your old one did a bad job. You need to evaluate what it is finding. Also there's the consideration of things like malware/adware scanning. Some virus scanners check for this, some don't, and what they check for varies. The reason is the whole malware thing isn't as clear. Something I consider malware, another user may be perfectly ok with. Also since it comes with software sometimes and removing it can break the software, some virus scanners dont' mess with it, leaving that instead to anti-malware apps like Windows Defender.
So don't be too quick to judge on numbers.
Don't listen to the grandparent (Score:3, Insightful)
That's a moronic statement. It is along the lines of saying "Don't lock the door, just sleep with a shotgun next to your bed." Yes, I'll admit the shotgun would be far more useful at stopping a determined attacker IF (and only if) you notice the person and can act.
AV programs are just another level in having good defense in depth, and being proactive about security. What that philosophy means is:
1) You don't have a single point of security, you have multiple levels. There isn't one failure point. Thus if something slips through one level, it isn't in the clear.
2) You have security systems that don't rely on someone minding after them, in addition to ones that do. Thus if there is a slip in vigilance, that can't necessarily be exploited because there are automated systems.
3) You don't assume things are secure just because you haven't faced attack there before. You look for potential weaknesses and work on ways to secure those.
This is the way to achieve good security, and to do it while maintaining good usability. Sure, we could tell everyone that every program has to be isolated in it's own VM. That'd be totally unusable and only (sort of) secure until there's an exploit to the VM program (which has happened to VMWare at least once before). Or we could be smart about it: We run a virus scanner, a malware scanner, a software firewall on the PCs, a hardware firewall on the network, we patch our systems, we have good security policies (like using UAC/sudo). Then things are still perfectly usable, and even if people drop their guard, even if an attack gets in through something, it is unlikely to be a real problem.
So even if you are a pro user, run a virus scanner anyhow. Will you need it? Probably not. However proactive security and defense in depth are the way to go.