AVG Backs Down From Flooding the Internet 297
Simon Wright writes "As a website that is featured heavily in many Google Australia search results, Whirlpool (Australia's largest technology forum) has been particularly affected by AVG's LinkScanner. We've seen a traffic increase as much as 12 hits per second from these bots. So we've actively and loudly campaigned against this move by AVG, encouraging all users of AVG 8.0 to uninstall the product. The discussion starts here. And AVG's backing down is posted here."
From that URL:"'As promised, I am letting you know that the latest update for AVG Free edition has addressed and rectified the issue that [Whirlpool] have brought to our attention. This update has now been released to users and has also been built into the latest installation package for AVG Free.' — Peter Cameron, Managing Director, AVG Australia."
Are you sure? (Score:2, Interesting)
LinkScanner was unnecessary in the first place (Score:5, Interesting)
I fail to see what Grisoft ever thought LinkScanner would acheive above the scanners that are becoming common in competing products that simply intercept http and pop3 traffic as it comes over the network. To me it seemed unnecessary to actually fetch every single search result. It also would obviously interfere with web analytics, and is potentially a security risk to people using AVG, not in terms of desktop security, but in terms of your real-life personal security. For example, I recall a recent article where the FBI had arrested people [slashdot.org] merely for clicking links to a porn site they had set up. Are you really safe from such operations and the general tendency of Government agencies to monitor activity these days when your computer is in effect programmed to click links for you?
I don't see information at the links in the summary of what changes were actually made to AVG now. Does anyone have details?
Re:So is AVG still a good AV prog? (Score:2, Interesting)
I too use AVG and have for a long time, mostly cause Norton / McAffe sucks. I would like to know if there are any other good free AV programs out there nowadays.
I know that the good people of /. will help guide me to a good solution with a minimum of ranting and flaming.
*snicker*
No seriously, any suggestions?
Re:LinkScanner was unnecessary in the first place (Score:2, Interesting)
Although if it is widely known that software can click links for you; then using AVG should help to shield you and others from such already far-fetched charges based on the so-called evidence of your request for child pornography.
Re:LinkScanner was unnecessary in the first place (Score:5, Interesting)
Re:So is AVG still a good AV prog? (Score:5, Interesting)
I second your question. I used AVG Free for a long time and uninstalled it very quickly when I heard the news. But I'm having choosing a replacement cost-free anti-virus program for Windows. Here's are the factors I've been considering...
AVG Free [avg.com] Pro: seems pretty effective and runs inobtrusively (at least locally). Con: has DDoS'd websites in the past and perhaps still shouldn't be trusted.
Avira [avira.com] Pro: no track record of DDoS'ing websites. Con: obnoxious pop-ups "reminding" me about the premium version; apparently [wikipedia.org] got some poor reviews for infection treatment.
Avast [avast.com] Pro: no track record of DDoS'ing websites. Con: requires manual re-registration.
I'm using Avira now but I'm considering switching again because of the pop-ups. Any advice? (And yes, I already run Linux but still need Windows for some things, and no, I'm not interested in paying for anti-virus software, since 99% of virus protection is common sense.)
Re:Another good reason is... (Score:2, Interesting)
Run Linux, then you can tell all those virus-writing-wankstains to go suck a fat cuze.
Or, if you must run Windows, ditch ALL your anti-virus/anti-spyware/third party firewalls and set all your everyday users as Limited Accounts. I've been running like this for over 18 months and I'm completely malware-free.
Whirlpool and WebCentral (Score:3, Interesting)
Thing about Whirlpool is that it's a custom CF package developed by the webmaster and it's a thing of beauty. The ugly thing about is that it's hosted on WebCentral.
WebCentral [webcentral.com.au]... Whirlpool doesn't have to pay any money to WebCentral, they host it for free. The funky thing is that almost nobody on Whirlpool ever recommends WebCentral for webhosting. They recommend all sorts of other companies in Australia, except probably the most vocal one, WebCentral.
The reason? I've got customers that have PHP and ASP websites with WebCentral and pay $40 a month for a massive 200 MB of storage and 1 GB of transfers. Which is nothing these days. And for that amount of money, you'd think that the sites would at least be quick... think again. They are slow because WebCentral really don't know what they are doing. They've only got IIS and the first access to a website always takes ages for the DLL of the virtual site to start up and do its stuff. All the subsequent accesses are pretty quick. 12 accesses per second for the biggest techie forum in Australia shouldn't be all that much extra and certainly shouldn't bring the server to its knees. Search on Whirlpool hasn't been working most of the time because WebCentral's servers just won't take it. Full-text search will never exist, not as long as it's on WebCentral anyways.
WebCentral got bought out, not too long ago, by MelbourneIT, a registrar for .au domains, so you'd think that WebCentral had a clue when it came to DNS. They don't. I asked them to set up a new subdomain with a different IP address? What do they do? The redirect mail.something.com.au to point to the new IP address, with the hilarious consequence of a dozen people not being able to get any emails for a few days.
And then there's the case of the $65 for 2 year domain registration. You'd think that would include DNS hosting, as asiaregistry.com do for $30 for 2 years. MelbourneIT offers a 1-page website for $140 for 2 years. Well, think again. The $65 only cover domain reservation. It means that you register a domain, pay them money, but that's it. They sell you a product that's more than twice as expensive than with a reasonable competitor, but you can't actually do anything with it. No, what you want is 'Domain Parking', there's no way to get DNS hosting apart from that. $240 for 2 years. We've had domain names with AsiaRegistry for years now, and they've been absolutely reliable, more so than WebCentral will ever be.
I called them about that, they say that the advantage is them being a local business. That's the entire argument. A local business with shit webhosting and crap value. Don't ever do business with WebCentral.
There's no way I'd ever post this on Whirlpool, because it'd get removed by WebCentral, one way or another, immediately. And there's no way you'll see Simon Wright responding to me, it's like everything is open for discussion on Whirlpool as long as it's on topic, except WebCentral. They do provide hosting for free and can make Simon's life a bit uncomfortable at least if WebCentral is all of a sudden open for discussion.
Re:Good Stuff! (Score:5, Interesting)
I don't disagree. Version 8 of their product is the most bloated thing I've seen in ages. Almost moreso than the consumer Norton/McAffee stuff. And to top it off, it's so naggy it's ridiculous.
Re:Another good reason is... (Score:2, Interesting)
I've never ran an antivirus in the 8 years I've used windows.
I've periodically ran scans from antivirus.com to confirm that I have no viruses, and I haven't had any obnoxious (I won't say no spyware, the definition is rather broad ...) spyware in the last 5 years ...
Really, safer web habits and nat based firewall are an excellent defense. You don't always need resource hogging programs or top tier firewalls to protect your computer, just think twice before clicking random links!
Network-Related Software? (Score:3, Interesting)
Seriously, take an XP box and plug it directly into a home cable/ADSL modem.
About a year and a half back, I did that for maybe a week. I'd kept all the crit updates in there, and yet the AV software would pop up every few hours announcing that a new gift had arrived on the PC. Installed a third-party firewall, and then put the thing behind a router/hardware firewall.
Malware evolves rapidly, and we as individuals can't spend as much time combating it as the makers do in developing it. Sure, by only using trusted programs, only surfing to known sites, and never opening suspect attachments, you'll avoid all but 1% of the types malware out there. But when you're talking about thousands of types, the odds aren't so good.
And, when you're talking about a home environment, where the "administrator" cannot lock down the usage all the time, you better have something.
You also left out a vector #3) any software defect that, when combined with networking, leads to an unsafe situation. Using images to trigger buffer overflows and execute code, for example. Or exploiting a Flash bug. Now, combine that with an exploit to gain access to third-party ("Trusted") web servers, and everyone's gonna need something.
As bad as it was, AVG's spoofing the useragent as IE6 was pretty smart: if a site has malware, it'll deliver it to IE6.
Another reason (Score:5, Interesting)
That's a good one, but there's also this suggestion from TFA:
Re:Are you sure? (Score:2, Interesting)
Its not like they out and out tried to crash the internet or steal all our credit card numbers.
Actually, that's _exactly_ what they did. For a site which shows up at the _bottom_ of a google search page, they went from a small fraction of people clicking their link (maybe 1/10?) to _every single person_ doing so, at least if they had AVG installed. So, depending on the percentage of people who search for that term who have AVG, your bandwidth usage could go up by a factor of ten -- and this doesn't apply just to one link on the page, but to every link.
This was a bad idea, and anyone who actually thought about it would have realized that. By definition, AVG with linkscanner is _NOT_ a 'fine product', it's a DDOS generator.
Re:I certainly won't be looking (Score:3, Interesting)
For those of us using Win2K until it's pried out of our cold, dead CPUs, not a choice. Comodo BSODs on Win2K. In fact, after trying Comodo (and I couldn't find anything that said 2K was a bad idea), my system was so borked that I had to reinstall for the first time in 7 years.
Re:So is AVG still a good AV prog? (Score:4, Interesting)
3. Run anything you don't 100% trust in a VM without network access
Which is easier to set-up for an average user: the above, or installing an antivirus? I consider myself fairly computer savy, but I have absolutely no clue how to set up a VM.
Fasterfox (Score:3, Interesting)
Was this AVG thing deemed evil? Bad for the internet? Fasterfox it's a very popular Firefox extension that's even worse. Fasterfox downloads every link, not only from a Google search, but from every page you visit. And this thing is offered by Mozilla addons site at https://addons.mozilla.org/en-US/firefox/addon/1269 [mozilla.org] (though it still hasn't bee updated for Firefox 3). I hope someone follows this article's example and remove this thing from the Mozilla's site.