AVG Fakes User Agent, Floods the Internet

Slimy anti-virus provider AVG is spamming the internet with deceptive traffic pretending to be Internet Explorer. Essentially, users of the software automatically pre-crawl search results, which is bad, but they do so with an intentionally generic user agent. This is flooding websites with meaningless traffic (on Slashdot, we're seeing them as like 6% of our page traffic now). Best of all, they change their UA to avoid being filtered by websites who are seeing massive increases in bandwidth from worthless robots.

F5 IRule

[Precision]

For anyone that happens to run a site behind an F5 BigIP, here's a nice little IRule to nuke this horrible crap from orbit.

rule IRULE_block_avg-prefetch {
      when HTTP_REQUEST {
        set ::avg_useragents [list \
                "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" \
                "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)" \
                "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" \
                "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)" \
        ]

        if { ![HTTP::header exists "Accept-Encoding"] } {
                if { [matchclass [HTTP::header User-Agent] equals $::avg_useragents] } {
                        reject
                }
        }
}

One Word

[Spazztastic]

Avira.

I turned it off

[stoolpigeon]

I use AVG on a couple machines. I didn't really think about the traffic tracking piece of this when I saw it working, I just thought about it slowing me down, increasing bandwidth use, etc. and I turned it off.

I know most people don't mess with defaults - and I'm not defending them as far as the agent thing and all that - but it was easy to do.

On the negative side my avg icon in the systray has a big exclamation over it like something is really wrong - when I know it's just because I turned off a piece of functionality I don't want to use.

This is not AVG itself

[brunes69]

This is not AVG doing this, it is the AVG IE toolbar. And since this is running in the IE context it is debatable if it should not use the IE user agent.

If you use Firefox or disable the toolbar it is a non issue. The issue to me is I can't figure out how to install AVG without this toolbar, or how to remove it.

Once good

[Rinisari]

AVG was once a good product. Then, it got bloated and started eating up kernel memory voraciously. It was impossible to play games with it running in the background, especially Crysis (skip the jokes, my system could handle it maxed once I replaced AVG with Avast!). Now, with this development, I'll be sure to replace AVG with Avast! on all of my machines, not just my gaming one.

Slow news day...

[s0litaire]

Must be a slow news day...This story's been around for nearly 2 weeks. AVG will probably keep changing the useragent with every few updates to annoy Admins and stats sites...

Re:Alternative Anti-Virus Software?

[LMacG]

Avast.

It's not just for Talk-Like-A-Pirate Day any more!

Re:I turned it off

[funfail]

If you are using Firefox, just disable the AVG addon within Firefox addon manager. You won't get the big exclamation mark.

Re:I turned it off

[maxume]

There is a solution to the exclamation:

http://grandstreamdreams.blogspot.com/2008/04/taming-avg-free-version-8.html [blogspot.com]

In short, run "avg_free_stf_*.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch" from a cmd box or the run box.

Sort of a ridiculous contortion to get to an option that should be more available, but it works.

Re:I turned it off

[sbeacom]

You can choose when installing AVG under the custom install not to install the search protection at all. Your AVG icon won't show that there's an error and you don't get the ridiculous slow down while searching.

Re:I turned it off

[thundercleese]

You can install AVG 8 without LinkScanner which returns AVG to it's previous functionality(just anti-virus).

From the FAQ:

If you wish to install AVG 8.0 Free Edition without the LinkScanner component, or uninstall this component from your program, please proceed as follows:

        * Download the AVG 8.0 Free Edition installation package from our website.
        * Run the installation with the parameters /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch. One way to achieve this is to:
                    o save the AVG Free installation file directly to disk C:\
                    o open menu Start -> Run
                    o type
                        c:\avg_free_stf_*.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch
        * The installation will be started, and AVG will be installed without the LinkScanner component.

It runs in Firefox as well

[Animaether]

LinkScanner, the component they're talking about, works in Firefox as well - so no, using Firefox does not 'keep you safe'.

Nor is this about the users of the thing in the first place - either they like its functionality (security theatre-advance warning blabla) and leave it on, or they don't and they switch it off.

This is about the poor, poor admins who are suddenly seeing bogus traffic and omgosh it's spoofing user agents at that!
*changes his user agent to 'cry more, Taco' in FF and hits F5 .. repeatedly*

Re:New (free) antivirus?

[Anonymous Coward]

AVG has become more obnoxious recently than it used to be anyway, but I think this is the straw that broke the camels back for me. Can some nice slashdot user suggest a new (free) antivirus for me to use on my windows box?

Use Linux and your antivirus paranoia will end.

HOWTO install AVG without Search Crawling

[bheer]

You can actually install AVG 8 without the 'Safe Search' feature that crawls websites (it's essentially a BHO/Firefox extension). Even if you already have AVG 8, you can uninstall it and reinstall:

At a Command Prompt window, type
c:\downloads\avg_free_stf_xxxxxxxxxx.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch

where c:\downloads\avg_free_stf_xxxxxxxxxx.exe is the full path of your AVG 8 installer.

AVG 8 is dog slow

[street struttin']

Has anyone else noticed that AVG 8 is also DOG SLOW on their PC? My computer is from 2001 and ran fine with 7.5, but 8.0 is unusably slow. Every time an application is opened it takes forever for AVG to scan it and let the app open. This combined with this linkscanner bullcrap has caused me to switch. I doubt I'll ever go back.

(P.S. Not in Firefox 3)

[Anonymous Coward]

hate replying to myself, but didn't notice this before - it works in FF2, not in FF3.

Disabling it FF-side: Tools > Add-ons > AVG Safe Search > Disable /nokarma-anon

Re:One Word

[TheLinuxSRC]

I don't use windows on the desktop so I cannot really comment, however I do administer some Linux mail relays that use ClamAV with extremely good results.

I mention this because there is a windows client that uses the same FOSS engine -- ClamWin [clamwin.com].

Re:F5 IRule

[Snerdley]

For the record, this is a REALLY bad idea.

It will block all traffic from legitimate IE6 users, and if you have a $20K router, you probably don't want to do that.

If you read the links in the article (and some comments further down), there are things you can do to block this, including blocking requests with these UAs that also have odd or missing headers, cookies, etc.

Re:This is not AVG itself

[j79zlr]

You are prompted if you want the toolbar during installation. That is not the problem. It is the LinkScanner for AVG Safe Search that is causing this. You can also install AVG without it: Instructions [avg.com]. You can also disable the add-on in both Firefox and IE7, I do not know how to disable it in IE6.

Re:New (free) antivirus?

[KlomDark]

I've been using Avast! Home Edition [avast.com] for a while now, no complaints.

Re:Block MSIE?

[brunascle]

The Mozilla part at the beginning is the standard IE user agent. IE has been falsifying their UA as Mozilla since the beginning, originally because Netscape was the top dog, and Microsoft wanted to make sure that it worked with sites that sniffed the UA only worked with Netscape.

Grisoft dropped the ball with AVG v8.0

[GogglesPisano]

I'm a longtime user of AVG. Version 7 was reasonably lightweight, effective and (most importantly to me) unobtrusive.

Unfortunately, version 8 is a different story. After Grisoft forced me to upgrade in May, suddenly AVG became a nagging resource hog. Nightly scan times rocketed from about an hour to over six hours - a scheduled scan that started at 2am would still be going at 8:30am. I have been able to reduce this time somewhat by changing the scan settings (e.g., don't scan inside compressed archives), but it's still slow.

Most annoyingly, their new "LinkScanner" and "SafeSurf" features slowed my browser to a crawl. I didn't want these, since I already use FireFox with the AdBlock and NoScript extensions. I tried to simply disable LinkScanner, but then AVG constantly bothered me with nagging warnings that my computer "was not fully protected". After a little digging, I found that it was possible to uninstall the feature entirely with the following command:

avg_free_stf_xxxx.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch

(Substitute "avg_free_stf_xxxx.exe" in the above command with the name of your setup file.)

This improved my browser performance, and eliminated the warnings.

I'm still (grudgingly) using AVG, but I will switch if/when I find a better alternative.

Re:payback

[jamie]

It's not really the load -- it's throwing off our internal metrics so we don't know what readers are actually interested in. We like numbers, and messing with our stats annoys us.

Nagware alert!

[GameboyRMH]

avast! antivirus Home Edition is FREE to use but it is necessary to register before the end of the initial 60 day trial period. To register, click here. Following registration you will receive by E-mail a license key valid for a period of 1 year. After you have downloaded and installed the program, the license key must be inserted into it within 60 days. The registration process is very easy, and it will take you only a couple of minutes.

Also Avira has been getting more and more annoying over the years, it's practically adware now.

So now it looks like it's either AVG with the browser plugins removed or MoonAV (which is FOSS):

http://www.moonsecure.com/ [moonsecure.com]

(It used to have a problem where you'd need to remove the Windows service manually after uninstalling, they might have fixed it though.)

Re:Once good

[0racle]

As of June 25th, 2008, it seems that they no longer even offer a free product.

Ok, no. As of June 25, they stopped supporting AVG Free 7 in order to get their free users on the Updated AVG Free 8. Incidentally, AVG 8 is the version with the problem this story is describing if you installed the IE toolbar. Anyway, 0.32 seconds for a Google search would show you the latest free version.

Re:F5 IRule

[Em Ellel]

For the record, this is a REALLY bad idea.

It will block all traffic from legitimate IE6 users, and if you have a $20K router, you probably don't want to do that.

If you read the links in the article (and some comments further down), there are things you can do to block this, including blocking requests with these UAs that also have odd or missing headers, cookies, etc.

LOL, perhaps you might want to READ the rule before replying - it is NOT blocking all IE6 users, just the ones that are missing "Accept-Encoding" header

-Em

Re:F5 IRule

[afidel]

I think someone did since free.grisoft.com has been down all day today! My AVG is complaining about not being able to get it's updates. Oh and the plugin REALLY freaking slows down FF on Google results so I turned the damn thing off. I guess I know why now!

Re:F5 IRule

[Precision]

Actually all browsers send the Accept-Encoding HTTP header, which AVG does not.. if you look at the rule you'll see that it checks for the existence of that head and only blocks if it doesn't exist.

                if { ![HTTP::header exists "Accept-Encoding"] {

Safe Search

[fireheadca]

I love AVG for the free scanner it provides but ...

Safesearch: It doesn't work.

Somehow I ended up on one of those "Your computer is infected..." sites
while trying to dl their crap. So for fun I went back to the referrer page
(google) and sure enough, it was marked as safe.

Re:Alternative Anti-Virus Software?

[mapsjanhere]

I second Avast, it's free for home use, and has very reasonable commercial license terms. Plus it gives you one code for all machines, no need to chase 20 different keys like you do with Norton etc. And the key is good for the whole license period; before I used to loose at least 10 % of licenses to crashes or borked installs, and getting new ones from Norton was like pulling wisdom teeth on a grouchy alligator.

Re:F5 IRule

[Anonymous Coward]

The first one isn't. I wouldn't mind seeing a wide-spread block of that user agent, but a business will probably want to avoid losing those customers.

Firefox3 saves the day!

[__aardcx5948]

Hah! Checking my addons in FF3, and on AVG Safe Search 8 it says "Not compatible with Firefox 3.0". Awesome :-)

I'm going to agree with the slimy assessment

[WarmBoota]

I installed AVG on my mother-in-law's machine because she had an expired trial version of some other AV software. It was great for a while, but they must've had a change in direction/managment. Because all of a sudden they started with popups to get a full paid version of the software - even uninstalling the product didn't fix it. I had to surgically extract crap from the registry and program files folder to finally get rid of it. Avast or ClamWin for me - no more AVG.

Re:HOWTO install AVG without Search Crawling

[MagicM]

You can also just turn it off in the options screen. If you can find the correct options screen. And if you don't mind a tray icon that says "warning, something is horribly wrong!" all the time.

Re:I discovered this the hard way

[InlawBiker]

They are attempting to help their customers at the expense of everybody else on the Internet. If I understand the article, they're pre-scanning every possible URL on a page. In essense they're clicking every possible link before you do.

For instance I searched for "avg" on google and counted the number of "href=" appearances on the resulting page. It happened to be an even 100. AVG is visiting ALL of of those HREFs in the background. A user will click on only one.

I would assume their scanner is smart enough to remove duplicates HREFs and do some other smart things. But still, this is a terrible idea. I guess we all have to go buy more servers and bandwidth so the anti-virus people can make a living now?

Re:F5 IRule

[Em Ellel]

Can anyone please tell me why we need to support IE6?

Because according to stats on one of my relatively high traffic sites - IE6 is still about 37.64% of the IE traffic (or more than 1/4 of ALL traffic). Sad but true.

-Em

Re:One Word

[Araxen]

Eh...you don't need $60. Just goto newegg and buy the nod32 oem version for $30.

http://www.newegg.com/Product/Product.aspx?Item=N82E16832114005 [newegg.com]

Re:Once good

[pbhj]

Are you sure you got AVG from Grisoft? Doesn't sound like my experience of it at all (I'm using it on Vista but have used it fro '98 and XP, but not Linux IIRC)

To get the free version - go to free.grisoft.com (google "AVG free" it's the first link) which redirects now to free.avg.com - that seems pretty clear about where the free version is. Now they are giving you a fully functioning product so the 2 extra links to get the download I think are justified:

Click "get it now" button under "Free basic protection". Scroll to bottom of page of features click "Download", choose the one that says "free for private use" in the left column marked "AVG free".

That's hardly "hidden in 6pt". I didn't install, I'm on ubuntu here, but I say: it exists, it's easy to find for anyone who's not trying to be obtuse.

It's not a proper survey but I don't get any popups except when a new version comes along, then you're offered the chance to upgrade to a pay version - perhaps they can somehow tell you're using it on a business machine, are you on a LAN?

-

The article.

As for the "editor" of this article - I think some journalistic pride in making it clear it's a separate product (to AVG anti-virus) which is for malware detection. A product you can choose to use to pre-check internet links. How the heck is it supposed to work if not by, y'know like, following links and checking them for malware?

I'm not saying it's a good thing, just that the article and the summary somewhat misrepresent the situation. Sheesh, I must be new here!

Re:I turned it off

[Anonymous Coward]

On the negative side my avg icon in the systray has a big exclamation over it like something is really wrong - when I know it's just because I turned off a piece of functionality I don't want to use.

Open the AVG user interface, click Tools, Advanced Settings, Ignore Faulty Conditions. Then check Link Scanner and Web Shield. No more red exclamation point.

Re:F5 IRule

[snowraver1]

I am typing this comment into IE6 right now. At my company IE6 is the standard. I had upgraded to IE7 a while ago (TABS!) and someone came up and asked me to uninstall it.

Sometimes the choice of browser is beyond the user's control.

Re:One Word

[Bert64]

On access scanning, what a horrendous way to cripple performance.

Re:I turned it off

[Hatta]

AVG provides a product that for the most part is ABSOLUTELY FREE.

AVG free is licensed [avg.com] for home use only, on no more than 1 PC, and reverse engineering is prohibited. That's a long, long way from ABSOLUTELY FREE.

Re:I discovered this the hard way

[Bert64]

Google, as other search engines, not only obey robots.txt but also quite clearly identify themselves a GoogleBot and connect from an IP address registered to Google.

Another company that's particularly bad is Cyveillance, they also regularly spider sites very aggressively (redownloading the same content repeatedly even tho it hasn't changed), and they try to spoof their user agent.
If you mail them to complain, they will claim to remove your sites from their spider if you give them the IPs, but they lie... They will continue spidering your sites, but from a different IP range which is still traceable to them.

Re:How do you really feel?

[Anonymous Coward]

Ok. It's run by Jews in a secret conspiracy to take over the World using sharks with frickin' lasers and gorgeous fembots with a penchant for evil.

Score:5, Informative ?

This is a disaster for serious web sites

[Anonymous Coward]

Some readers (and AVG) don't get why this is "slimey". It's worse than slimey -- it's outrageous.

We provide a web service for serious scientists, and each query to our system requires a LOT of computational and database resources. We're not talking about delivering up static results or a simple database query here, we're talking about launching jobs that run for several seconds to several minutes. A given page might have dozens of these links. So a scientist who asks an reasonable question would spend a few seconds of our server's resources. But then AVS comes along, and could launch dozens of searches that might potentially use an HOUR of CPU time.

Most of these links would never be clicked, because they're not what the scientist is interested in. But AVS, being blind and dumb, hits every one of them.

If this goes on unchecked, we're going to have to install some elaborate traps, at great cost to us, to try to detect AVS's scans based on behavioral patters. For example, no scientist would ever click on links in quick succession, because she/he wouldn't have time to read the results. But this will cost us tens of thousands of dollars in programmer resources.

AVS, you suck. Your holier-than-thou attitude is disgusting. What you're really doing is sucking off the resources of other companies in order to improve your own profits. You're throwing the cost of the criminals onto the shoulders of innocents.

Re:Once good

[mdm-adph]

You can turn off that feature in your AVG control panel. (It'll install updates at next restart.)

ClamWin is actually useful

[DrYak]

While all other /.ers are complaining that ClamWin is useless I want to bring some points :
- ClamWin has a built-in plug-in to scan incoming mail in outlook.
- ClamWin is easy to call from scripts and is a nice thing to add to the commands that are launched by your favourite bit-torrent client once a file is completed (I use this on my linux based torrent downloading/file server machine)
- ClamWin has plug-ins for FireFox : SafeDownload [geckozone.org], Download Scan [mozdev.org], Download Statusbar [mozilla.org] all let you launch the scanner of your choosing once a download finishes. ClamWin Antivirus Glue [mozilla.org] is another solution, but one has to manually update the minimal supported version (the plugin is set to support up to 1.5 although it works with more modern versions).

So, although ClamWin isn't continuously scanning in background, it can cover most of the usual entry points. (Although I don't know about plugins for Thunderbird and Microsoft file server).

For those who like to test newer bleeding edge software : WinPooch [sf.net] software can launch a scan when ever an executable is opened - it's almost as good as an on demand scanner.

Re:I turned it off

[barakn]

I upgraded to FireFox 3 and it broke the AVG addon (I have the free version, not sure if the pay version would break or not). Considering the behavior of the AVG addon, I'm glad its broken, and am thinking of migrating to a different AV product.

Which idiot wrote this program anyway?

[dumbo11]

After some checking logs today - the beauty of this mess, is that linkscanner doesn't send accept-encoding and it also seems to 'support' the caching header in a quite hilarious manner.
If your homepage is 100k, browsers will see a page maybe 15k in size, linkscanner sees a page 100k in size.
If you regularly update and set a low/negative expires, then a browser will see the page once (when they visit it), whereas linkscanner seems to re-download the page every time it sees a link to it.... combined with a page that is SEO optimized, and you can see insane bandwidth usage.
*IF* page scanner avoided re-downloading pages with "don't cache" set (since it's bloody pointless), AND supported gzip encoding - then I wouldn't be quite as pissed as I am. Honestly, this is not only a bad idea, it's half-assed coding on top of that.

Re:F5 IRule

[jamie]

Not a typo, here's a clip from a short period last night before Slashdot banned it:

| user_agent                                                          | count(*) |
| Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)             |      339 |
| Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)             |       57 |
| User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |      273 |
| User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813) |       15 |
4 rows in set (0.03 sec)

Re:F5 IRule

[cthulu_mt]

The site* I admin runs even higher than that. We get about 90% IE6, 5% IE7, 3% FF and 2% Safari.
Most people and major companies hate upgrading.


*A marketing data service accessed by most of the major CPG retailers and manufacturers in the US.

Re:Apache Rewrite Rules!

[Anonymous Coward]

I have an updated version of this redirect to AVG, based on info I've been gathering over the last 2 weeks from Webmaster World, El Reg, and of course Pixelbeat. Here is the rule set I am using now:

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ".*MSIE 6.0; Windows NT 5.1; SV1\)$" [OR]
RewriteCond %{HTTP_USER_AGENT} ".*MSIE 6.0; Windows NT 5.1;1813\)$"
RewriteCond %{REQUEST_METHOD} ^GET$
RewriteCond %{HTTP_REFERER} ^$
RewriteCond %{HTTP:Accept-Encoding} ^$
RewriteCond %{HTTP:Accept-Language} ^$
RewriteCond %{HTTP:Accept-Charset} ^$
RewriteRule ^.* http://www.avg.com/?LinkScannerSucks [R=301,L]

I have the check for "GET" method in there so that the earlier "User-Agent: ..." version of linkscanner will still get redirected. See, that version does a HEAD request first, most likely to check for a redirect. So we allow that HEAD request to pass, since it is small any ways. But the GET request that follows will still get redirected. We want to redirect the maximum amount of traffic we can to AVG, to drive the point home.

This filter is also more selective, by also checking for the non-existance of Accept-Language and Accpet-Charset we make absolutely sure we are not redirecting a valid user. No web browser out there would fail to set all 3 of these, so we can be absolutely sure this is crap coming from a linkscanner.

I also decided to use a permanent redirect, in hopes that linkscanner caches this and it will reduce the number of repeat hits from the same user? Not sure if that is the case or not.

Someone in this thread asked if these rules work in the main Apache config file instead od using .htaccess. I don't use .htaccess on my servers either, and these rules reside in our main Apache config file. So the answer is yes, it will work in BOTH places.

I hope by now that AVG realizes the futility in their continuing to change how linkscanner acts to try and hide it from us. We will simply continue to work together as a community of server admins to block this crap and send it right back at them!

Re:I turned it off

[clang_jangle]

Do you realize how many people have no ability to order any expensive worthless AV software from Mcafee or Symantec? Like nobody has a credit card? AVG 7.5 worked great for a free program for lots of these people. They have nowhere else to go.

Yeah, must be like shooting fish in a barrel for AVG. Seriously, "anti-virus" software is pointless, even for windows victi^H^H^H^H^H users. 98% of the time PEBKAC, and for the remaining 2% antivirus still won't help. It is literally superstition to believe otherwise.

Re:F5 IRule

[Em Ellel]

The question is, how much of that 37.64% is actually AVG in disguise...

I thought of that - answer is none. These stats are from actual browsers executing javascript - which AVG does not.

-Em

Re:Once good

[Machtyn]

As posted above, try Comodo's [comodo.com] products. Excellent! firewall software plus all the other security software you need for free.

Re:F5 IRule

[klubar]

Don't deactivate in AVG contol panel, just disenable the add on in IE or FF. For IE, Tools->Manage Add-ons...->Enable or disable add-ons then disable the AVG control. Probably something similar for FF.

Actually this is in their support file.

Re:One Word

[spyrochaete]

You can (and should) disable the interface skins when installing Avast or at the preferences screen. They should make this the default since the skinned interface is very cryptic and the unskinned interface is above average in usability.

Re:AVG 8 is dog slow

[springbox]

Works fine for me. Might want to try this: Go to advanced settings > resident shield and uncheck "scan potentially unwanted programs and ..."

Re:ClamWin is actually useful

[nabsltd]

For those who like to test newer bleeding edge software : WinPooch [sf.net] software can launch a scan when ever an executable is opened - it's almost as good as an on demand scanner.

Scanning when an executable (or other file) is opened is the worst type of real-time scanning, and what makes people complain about anti-virus software slowing down their machine.

The system I have to use at work has on-open scanning and does a full scan in the background every time someone logs in or the virus definition file is updated, both of which tend to happen when I'm most interested in getting the machine to do something quickly.

For the Windows boxes I use at home, I have the A/V software set to scan only on write or modify, and exclude certain files that get written to a lot but are very unlikely to carry an infection (e.g., log files). Using this setup, files are generally only scanned a few times (depending on how the download and install system uses temporary space), but the system is still just as protected.

This wouldn't work if you don't really have control over the system, and someone evil came in and turned off the A/V and then loaded a virus. Just in case, though, I have scheduled full drive scans run weekly during low use hours.

Re:One Word

[cparker15]

According to http://www.clamwin.com/content/view/35/27/ [clamwin.com], on-access functionality is going to be in the next major version.

Re:F5 IRule

[springbox]

Oops. The command should be:

avg_free_stf_*.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch

Because the second part looks like a copy of the first part.

Re:F5 IRule

[gmcraff]

I recommend using a data class rather than setting a global variable.

Data classes are compiled at configuration load and are static, whereas setting the global variable with each firing of the event absorbs a small amount of processing time to reset the variable. Setting global variables can also move TMM into a slower processing regime. As the HTTP_REQUEST event is very 'inner loop', it is best to optimize it as much as possible.

If you absolutely have to set a global variable with a semi-fixed value, I recommend doing it during the RULE_INIT event.

(As of July 1st, F5 is offering expanded iRule support to Premium and Premium Plus support contract holders. Call in with your troublesome iRules, and you have a somewhat decent chance of ending up with me at the other end of the phone.)

Re:Apache Rewrite Rules!

[Anonymous Coward]

Probably not a brilliant idea to use a 301 redirect in there.

The original code was using a 307 (Temporary Redirect) so that when people come back having got rid of the AVG software, they'll be able to get the original page.

Otherwise, sounds good!

Re:One Word

[MBGMorden]

Actually just visiting the wrong web site can get your computer infected even if you follow all of that advice.

Generally not with the NoScript part in place. Firefox already blocks pop-ups, but with NoScript I can filter down by domain what scripts to allow - I only allow scripts for very trusted sights (ie, like Slashdot, NeweEgg, my bank etc), and I NEVER, even for those sites, whitelist any script coming from offsite, which kills any scripts that an ad might run. I also run AdBlock Plus as well to kill non-scripted ads, but that's usually to get rid of annoyances more than actual harmful stuff.

With NoScript in place a page basically can't infect you unless you specifically enable scripts from that domain to run.

Now of course a "trusted" sight could become compromised if hacked or if the admin went over to the dark side for some reason, but that rarely happens.

As I said, I've dealt with the little trojans that download the tons and tons of self-replicating spyware and viruses, but only to remove them from other peoples' computers. My own computer hasn't seen a virus or spyware in years :).

Re:F5 IRule

[ArhcAngel]

you could punish the users of this crappy code.

The users of this crappy code are almost certainly happily unaware of any problem they may be causing. I have used and recommended AVG for a number of years to people I have had to reinstall Windows due to the amount of true crapware they are infected with. I upgraded to version 8 a couple of months ago and wasn't even aware of the feature until I pulled up a google search and noticed the little green check marks. I quickly located and disabled the feature because it slowed my browsing down but I could see how someone could see this as a valuable tool. You want to punish someone for using a tool that will most likely prevent them from becoming part of a botnet yet again because the tool maker has added a good feature in theory that has a negative side effect. Doesn't most medication have a long list of possible undesirable side effects? So which is worse, a horde of zombie computers controlled by malicious hackers or a bunch of unknowing PC users who's AV software pre-checks the web site they are thinking about going to and telling them whether it is safe or not? I know which I'd rather be if I were technically challenged.

Sorry AVG user, your antivirus is abusive and wastes our resources. Disable AVG and come back.

Actually all you need to do is uninstall [blogspot.com] the link scanner feature.

Re:F5 IRule

[sjames]

I liked the suggestion on the reader comments to add <iframe src="http://www.google.com/search?num=100&q=site:grisoft.com" width="1" height="1"></iframe> to your pages.

Re:F5 IRule

[initdeep]

no
not only wrong but dead wrong

http:\\free.avg.com

and the old http:\\free.grisoft.com forwards to it.

You can... (Sort off...)

[Scorpiana]

If you right-click on a component in the AVG User Interface, you can select 'Ignore Component State'. That way the component is turned off, but the AVG icon doesn't show anything wrong.

Hope this helps...

Re:F5 IRule

[TriezGamer]

You obviously know very little about the average user. It is because the average user readily follows random instructions that virus software is so important in the first place.

Re:I turned it off

[mdielmann]

Or...
You could install as normal, go into the LinkScanner options, disable it, go back to the main window, right-click on the LinkScanner icon, and select "Ignore Component State". Sounds a lot easier.
On that note, I've already done this on mine.

Re:F5 IRule

[mashade]

what are other free AV systems (other than Clam)?

I like http://www.avast.com/ [avast.com] quite a bit.

Re:F5 IRule

[LiquidFire_HK]

DDoS Grisoft with their own plugin - it fetches all linked search result pages in a Google search in order to scan them.

Re:F5 IRule

[Skylinux]

Try Antivir!

From my personal experiance, as a computer service technician, it finds AND fixes infections where Norton (Personal + Corporate) and AVG find nothing.

http://www.free-av.com/ [free-av.com]

Re:F5 IRule

[spoco2]

Download the latest version of AVG, when you install that it now has the option to not even install the horrendous link checking thing. So it doesn't have it, and it doesn't whinge about not having it.

It was a horrendous idea by the AVG guys, because in general I do like their products, use the free client on all my home pcs and have the paid one running on all work ones.

(none use the link checker)

Re:F5 IRule

[tubapro12]

Avast! AV Home [wikipedia.org].

Re:F5 IRule

[Ysangkok]

Antivir is adware. There's ads popping up, requesting that you buy the full product. And the user-interface is ugly.