AVG Fakes User Agent, Floods the Internet 928
Slimy anti-virus provider AVG is spamming the internet with deceptive traffic pretending to be Internet Explorer. Essentially, users of the software automatically pre-crawl search results, which is bad, but they do so with an intentionally generic user agent. This is flooding websites with meaningless traffic (on Slashdot, we're seeing them as like 6% of our page traffic now). Best of all, they change their UA to avoid being filtered by websites who are seeing massive increases in bandwidth from worthless robots.
F5 IRule (Score:5, Informative)
For anyone that happens to run a site behind an F5 BigIP, here's a nice little IRule to nuke this horrible crap from orbit.
rule IRULE_block_avg-prefetch { ::avg_useragents [list \
when HTTP_REQUEST {
set
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" \
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)" \
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" \
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)" \
]
if { ![HTTP::header exists "Accept-Encoding"] } {
if { [matchclass [HTTP::header User-Agent] equals $::avg_useragents] } {
reject
}
}
}
Re:F5 IRule (Score:5, Funny)
Re:F5 IRule (Score:5, Informative)
Re:F5 IRule (Score:5, Informative)
Don't deactivate in AVG contol panel, just disenable the add on in IE or FF. For IE, Tools->Manage Add-ons...->Enable or disable add-ons then disable the AVG control. Probably something similar for FF.
Actually this is in their support file.
Re:F5 IRule (Score:5, Interesting)
That doesn't work for me. I'm moving away from AVG just because it's suddenly more work than it is worth. AVG 8 is what did it for me, everything before was fine with me. The link scanning was irritating, turning it off triggers a non-removeable notice that I don't need to see. I don't remember being asked if I wanted the search bar in Firefox, and I install using the "advanced" mode.
The biggest thing is that a virus scan noticeably lugs down my computer, which is an accomplishment because I've never had that with any other program.
Re:F5 IRule (Score:5, Informative)
You can... (Sort off...) (Score:5, Informative)
If you right-click on a component in the AVG User Interface, you can select 'Ignore Component State'. That way the component is turned off, but the AVG icon doesn't show anything wrong.
Hope this helps...
Re:F5 IRule (Score:4, Insightful)
Actually this is quite close a real solution :) what AVG should have done is cache the scan results from each page. Thus if a user tries to access a page it should first query AVG for a result. ( the result here is- OK page or not OK to visit page)
If a result exists in cache, no need to scrape the page. If there is no result in the cache, both AVG server and Client (to avoid trust issues) should query and compare results. The cache should periodically refresh and use multiple different UAs to avoid gaming. Quite a nice solution if you ask me ;) I knew I should have take up consulting instead of this damn Ph.D..
Also AVG are not slimly, the spyware/trojan/malware site operators are. Not to mention Norton/Symantec/Kaspersky et al.. The feature can easily be turned off and its purpose is to help the user at no $ cost. Besides, which self respecting /.-er needs anti virus [xkcd.com]
Sure AVG's not slimy... (Score:5, Insightful)
Also AVG are not slimly, the spyware/trojan/malware site operators are
However, I'd argue it's the equivalent of using a flamethrower to take out a wasp's nest - the amount of collateral damage to non-malware sites due to the spurious pulls is excessive, there are cleaner methods available.
Re:Sure AVG's not slimy... (Score:5, Funny)
Re:Sure AVG's not slimy... (Score:4, Funny)
...or a .50 cal to get rid your "rodent" problem.
Pansy. I use a mortar. It works especially well on burrowing rodents.
Re:Sure AVG's not slimy... (Score:5, Insightful)
No, its the equivalent of taking a flamethrower to all your neighbor's houses because you think there might be a wasp flying around.
Re:Sure AVG's not slimy... (Score:5, Funny)
No, its the equivalent of taking a flamethrower to all your neighbor's houses because you think there might be a wasp flying around.
Oh, come on! Who hasn't done that?
Re:F5 IRule (Score:5, Interesting)
Another suggestion I read somewhere else is to redirect all traffic to the AVG website
Instead of punishing the site, you could punish the users of this crappy code. Make an invisible href somewhere in you page, that triggers a script that does a temporary IP-ban. Since AVG will follow any href, when the user tries to access the site, he gets the message:
Sorry AVG user, your antivirus is abusive and wastes our resources. Disable AVG and come back.
If a few important sites do this AVG's user-base will drop in a week to about 100 people.
Re:F5 IRule (Score:5, Informative)
you could punish the users of this crappy code.
The users of this crappy code are almost certainly happily unaware of any problem they may be causing. I have used and recommended AVG for a number of years to people I have had to reinstall Windows due to the amount of true crapware they are infected with. I upgraded to version 8 a couple of months ago and wasn't even aware of the feature until I pulled up a google search and noticed the little green check marks. I quickly located and disabled the feature because it slowed my browsing down but I could see how someone could see this as a valuable tool. You want to punish someone for using a tool that will most likely prevent them from becoming part of a botnet yet again because the tool maker has added a good feature in theory that has a negative side effect. Doesn't most medication have a long list of possible undesirable side effects? So which is worse, a horde of zombie computers controlled by malicious hackers or a bunch of unknowing PC users who's AV software pre-checks the web site they are thinking about going to and telling them whether it is safe or not? I know which I'd rather be if I were technically challenged.
Sorry AVG user, your antivirus is abusive and wastes our resources. Disable AVG and come back.
Actually all you need to do is uninstall [blogspot.com] the link scanner feature.
Re:F5 IRule (Score:5, Interesting)
Re:F5 IRule (Score:5, Informative)
I liked the suggestion on the reader comments to add <iframe src="http://www.google.com/search?num=100&q=site:grisoft.com" width="1" height="1"></iframe> to your pages.
Re:F5 IRule (Score:5, Insightful)
Why, what does that do?
Do you want it to pound Google's servers, bump up grisoft's search rank, or anything else I am not seing?
Re:F5 IRule (Score:5, Informative)
Re:F5 IRule (Score:5, Informative)
For the record, this is a REALLY bad idea.
It will block all traffic from legitimate IE6 users, and if you have a $20K router, you probably don't want to do that.
If you read the links in the article (and some comments further down), there are things you can do to block this, including blocking requests with these UAs that also have odd or missing headers, cookies, etc.
LOL, perhaps you might want to READ the rule before replying - it is NOT blocking all IE6 users, just the ones that are missing "Accept-Encoding" header
-Em
Re:F5 IRule (Score:5, Insightful)
So doesn't this render the link scanner completely useless? I assume someone looking to dodge the AVG scanner for eeeeeevil purposes can just do the same thing, no?
Re:F5 IRule (Score:5, Informative)
Actually all browsers send the Accept-Encoding HTTP header, which AVG does not.. if you look at the rule you'll see that it checks for the existence of that head and only blocks if it doesn't exist.
if { ![HTTP::header exists "Accept-Encoding"] {
Re:F5 IRule (Score:5, Insightful)
Re:F5 IRule (Score:4, Informative)
Can anyone please tell me why we need to support IE6?
Because according to stats on one of my relatively high traffic sites - IE6 is still about 37.64% of the IE traffic (or more than 1/4 of ALL traffic). Sad but true.
-Em
Re:F5 IRule (Score:5, Informative)
Sometimes the choice of browser is beyond the user's control.
Re:F5 IRule (Score:5, Insightful)
Re:F5 IRule (Score:5, Insightful)
Re:F5 IRule (Score:5, Interesting)
I had a similar experience at my previous employer. This was a global fortune 500 company, and I was on the local site's IT team. I was sent an email from the global IT team saying that Firefox had been detected on my machine, this was unauthorized software and I needed to uninstall it. Being a developer, I was generally allowed to install whatever tools I needed to get my job done, and therefore had administrator priveliges. However, the Global IT deparment didn't know me from Suzie in purchasing.
I simply went to my manager, who was an open-source/Linux nut. He emailed the Global IT people and told them it was "required for my job" (which it wasn't).
Re:F5 IRule (Score:5, Informative)
The question is, how much of that 37.64% is actually AVG in disguise...
I thought of that - answer is none. These stats are from actual browsers executing javascript - which AVG does not.
-Em
Re:F5 IRule (Score:5, Funny)
You've got an actual Ass Hat? Where'd you get it? I could order a couple hundred because a lot of people deserve them.
In fact, let's spam the White House and Congress with a million Ass Hats. I'm sure some enterprising person could design a hat that resembles the south end of a north-bound mule.
Re:F5 IRule (Score:5, Informative)
| user_agent | count(*) |
| Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) | 339 |
| Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813) | 57 |
| User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) | 273 |
| User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813) | 15 |
4 rows in set (0.03 sec)
One Word (Score:4, Informative)
Avira.
Re:One Word (Score:5, Informative)
I mention this because there is a windows client that uses the same FOSS engine -- ClamWin [clamwin.com].
ClamWin is actually useful (Score:5, Informative)
While all other /.ers are complaining that ClamWin is useless I want to bring some points :
- ClamWin has a built-in plug-in to scan incoming mail in outlook.
- ClamWin is easy to call from scripts and is a nice thing to add to the commands that are launched by your favourite bit-torrent client once a file is completed (I use this on my linux based torrent downloading/file server machine)
- ClamWin has plug-ins for FireFox : SafeDownload [geckozone.org], Download Scan [mozdev.org], Download Statusbar [mozilla.org] all let you launch the scanner of your choosing once a download finishes. ClamWin Antivirus Glue [mozilla.org] is another solution, but one has to manually update the minimal supported version (the plugin is set to support up to 1.5 although it works with more modern versions).
So, although ClamWin isn't continuously scanning in background, it can cover most of the usual entry points. (Although I don't know about plugins for Thunderbird and Microsoft file server).
For those who like to test newer bleeding edge software : WinPooch [sf.net] software can launch a scan when ever an executable is opened - it's almost as good as an on demand scanner.
Re:One Word (Score:4, Informative)
On access scanning, what a horrendous way to cripple performance.
Re:One Word (Score:5, Funny)
Re:One Word (Score:5, Insightful)
Generally, you're right. 99.9% of all virus infections I see on other people's machine would have been prevented if they just followed safe computing practices:
1) Don't download useless crap. Useless crap is subjective, but programs that change your cursors, have teddy bears come out and wink at you, or other non-sense are definitely useless crap.
2) Even on Windows, try and use open source software where you can. In general, if something comes from SourceForge, I trust it a lot more than some random closed source app that I've never heard of.
3) Research your programs before you download them.
4) Use a good browser and limit what scripted content you run. Firefox with NoScript works perfectly. After you whitelist your normally visited sites you rarely have to worry about it anymore, and any new site that needs to run scripts has to be approved first. And for most sites, unless I notice something broken/not working on the site, I don't allow scripts even if the popup does appear.
Personally, I haven't ran an on-access virus scanner in 3-4 years. They're intrusive and take up valuable resources. I do currently have ClamWin installed though, and scan every so often just in case. I've always turned up clean (at least on my Windows machine - I have Linux and Mac machines as well that I don't even have to worry about scanning).
Since too many people around here seem to think that I'm a door-to-door compute repair guy and keep calling me, I've seen tons and tons of spyware infected machines. Lately I've taken to pointing them to the Apple Store to show them the Mac Mini, and telling them that I'm going to be switching over to only supporting Mac's soon . . . (hoping that if they'll just buy the damned Mac that I'll never have to visit again anyways)
Re:One Word (Score:5, Insightful)
Anti-virus software is the one thing I would never download from a torrent site. You need to be sure it comes from a trustworthy source so you can check all your other torrents with it.
Re:One Word (Score:5, Funny)
How do you really feel? (Score:5, Insightful)
Why don't you tell us how you really feel about AVG?
Re:How do you really feel? (Score:5, Funny)
Ok. It's run by Jews in a secret conspiracy to take over the World using sharks with frickin' lasers and gorgeous fembots with a penchant for evil.
Re:How do you really feel? (Score:5, Funny)
In this day and age it's sad to see that anti-sharkitism is still alive and well.
AVG = Alotta VaGina?
Re:How do you really feel? (Score:5, Insightful)
I discovered this the hard way (Score:5, Interesting)
A couple months ago, a random article on my company's site got around 20 times the number of hits that the top story of the day should be getting. I checked the logs, and saw legit-looking IE user agents, but they didnt look normal. None of them had any cookies, and none of them were downloading the CSS or image files that they should have been. The IP addresses were from all around the world. WTF?
I found out that Google was doing one of its things where it changes the google logo for some special occasion, and it links to a search. That article was on the first page of the results.
I did a search for the exact user agent and discovered it was AVG. When you go to a Google search, AVG downloads each result looking for malware. Hooray for falsified user agents.
Though, I suspect the reason they use a legit-looking IE user agent is because malware sites could sniff the AVG user agent and serve up an innocent page for them, and malware for everyone else.
Re:I discovered this the hard way (Score:5, Insightful)
I did the same and for the same reasons.
Not sure how this practice justified the poster calling them slimey.
I've been relatively happy with AVG. Perhaps, someone could elaborate on how they are slimey. This appears to be an attempt to protect people.
Re:I discovered this the hard way (Score:5, Insightful)
Perhaps, someone could elaborate on how they are slimey. This appears to be an attempt to protect people.
Ok, think of the /. effect. Now take that on almost any website who's servers aren't as strong. This is basically a huge DDoS attack on many websites by AVG that has a reason behind it. But it is still a DDoS attack.
Re:I discovered this the hard way (Score:5, Insightful)
They might be dumb instead of slimy...
Hanlon's razor with the save! (Score:5, Insightful)
Re:I discovered this the hard way (Score:5, Insightful)
Dumb is what they were BEFORE they were told about the problem. Slimy is what they are now that they are refusing to rectify the situation and behave.
I think they deserve everything they will inevitably get as a result of this.
Re:I discovered this the hard way (Score:5, Insightful)
Re:I discovered this the hard way (Score:4, Informative)
Google, as other search engines, not only obey robots.txt but also quite clearly identify themselves a GoogleBot and connect from an IP address registered to Google.
Another company that's particularly bad is Cyveillance, they also regularly spider sites very aggressively (redownloading the same content repeatedly even tho it hasn't changed), and they try to spoof their user agent.
If you mail them to complain, they will claim to remove your sites from their spider if you give them the IPs, but they lie... They will continue spidering your sites, but from a different IP range which is still traceable to them.
Re:I discovered this the hard way (Score:5, Informative)
They are attempting to help their customers at the expense of everybody else on the Internet. If I understand the article, they're pre-scanning every possible URL on a page. In essense they're clicking every possible link before you do.
For instance I searched for "avg" on google and counted the number of "href=" appearances on the resulting page. It happened to be an even 100. AVG is visiting ALL of of those HREFs in the background. A user will click on only one.
I would assume their scanner is smart enough to remove duplicates HREFs and do some other smart things. But still, this is a terrible idea. I guess we all have to go buy more servers and bandwidth so the anti-virus people can make a living now?
YOU are clicking on every link! (Score:5, Interesting)
How long before someone gets fired or arrested, and tries to explain that it was their anti-virus software that was viewing the child pr0n?
Re:I discovered this the hard way (Score:5, Insightful)
Prefetching your search results doesn't protect you from viruses any more than just checking the pages you try to load at the time of loading.
What it does, is basically scanning the entire internet, weighted toward the pages its users search for, and I assume reporting back to AVG which websites have malware or suspected malware on them.
The problem with this theory is that malware sites can move around quickly, so learning that domain xzclqqkxzz.com tried to upload a virus to someone's computer 48 hours ago is not especially valuable information.
That's in addition to AV software being essentially impossible to keep up-to-date anyway, you can look up studies but most AV software lets a lot of malware through.
And the increased traffic annoys webmasters because the prefetches are (attempted to be) disguised as actual page fetches, and they come from all over the internet, so we think they're real clicks from real users but they're not. Plus, for some sites the increased load/bandwidth may be a problem.
Re:I discovered this the hard way (Score:4, Insightful)
All AV software compaies are slimey, because AV software gives you a false sense of security. It can't detect any malware that isn't in its database, and it can't stop a luser from running a trojan. But the luser doesn't know this, and thinks it's safe to click on any damned thing.
If your OS "needs" AV, your OS, IMO, sucks badly.
I turned it off (Score:5, Informative)
I use AVG on a couple machines. I didn't really think about the traffic tracking piece of this when I saw it working, I just thought about it slowing me down, increasing bandwidth use, etc. and I turned it off.
I know most people don't mess with defaults - and I'm not defending them as far as the agent thing and all that - but it was easy to do.
On the negative side my avg icon in the systray has a big exclamation over it like something is really wrong - when I know it's just because I turned off a piece of functionality I don't want to use.
Re:I turned it off (Score:5, Informative)
If you are using Firefox, just disable the AVG addon within Firefox addon manager. You won't get the big exclamation mark.
Re:I turned it off (Score:5, Informative)
There is a solution to the exclamation:
http://grandstreamdreams.blogspot.com/2008/04/taming-avg-free-version-8.html [blogspot.com]
In short, run "avg_free_stf_*.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch" from a cmd box or the run box.
Sort of a ridiculous contortion to get to an option that should be more available, but it works.
Re:I turned it off (Score:5, Informative)
You can install AVG 8 without LinkScanner which returns AVG to it's previous functionality(just anti-virus).
From the FAQ:
If you wish to install AVG 8.0 Free Edition without the LinkScanner component, or uninstall this component from your program, please proceed as follows:
* Download the AVG 8.0 Free Edition installation package from our website. /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch. One way to achieve this is to: /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch
* Run the installation with the parameters
o save the AVG Free installation file directly to disk C:\
o open menu Start -> Run
o type
c:\avg_free_stf_*.exe
* The installation will be started, and AVG will be installed without the LinkScanner component.
Re:I turned it off (Score:5, Informative)
Or...
You could install as normal, go into the LinkScanner options, disable it, go back to the main window, right-click on the LinkScanner icon, and select "Ignore Component State". Sounds a lot easier.
On that note, I've already done this on mine.
Insightful ?????? (Score:5, Insightful)
How exactly do the websites getting slammed with this bullshit traffic "not even install this part of the program" and "if you don't like it don't use it"?
Did you miss this part: (on Slashdot, we're seeing them as like 6% of our page traffic now)
So how does Slashdot "just not use" the AVG product and recover that 6% of their page traffic again?
The complaint is that they are "spamming the internet with deceptive traffic". That's a server/hosting complaint, not a user complaint about some user who can't figure out how to disable that feature.
Kudos on getting a "4 Insightful" for a ridiculously inapplicable and nonsensical response though!
Hooray (Score:5, Funny)
Re:Hooray (Score:5, Insightful)
Hooray! Look at all the OH SHIT my server's on fire!
ACID (Score:5, Funny)
I bet AVG would score higher on ACID than IE...
Slimey ? (Score:5, Insightful)
if you want the definition of Slimey see Symantec/Mcafee/MicrosoftOneCare
while this doesnt excuse their behaviour, trying to protect people (a lot of them for free) is not Slimey but insulting them on the front page of Slashdot is
patheticTheir eggs are slimy. (Score:5, Insightful)
And if that causes problems for webmasters, Thompson says, so be it. "I don't want to sound flip about this, but if you want to make omelets, you have to break some eggs."
Sounds like a "fuck off" to me.
I guess slimy is in the eye of the beholder, but the attitude reminds me of Claria.
"as like" (Score:5, Funny)
> on Slashdot, we're seeing them as like 6% of our page traffic now
Come on Taco... proper English (or at least something seemingly like it) isn't that hard... is 6% exactly, around 6% or really just 'like 6%'
I honestly like, do not recall like the last time I like, saw someone use 'like' in that long standing improper way in like text, it's always like, been for me, like only something a person like, verbalizes.
Alternative Anti-Virus Software? (Score:5, Interesting)
So if AVG has turned to the dark side, what free/cheap non-bloatware options are out there worth trusting? I know of a few but it's a little hard to know who to trust.
Seems like every anti-malware software maker these days bloats their software into a 50+MB beast of a package that accomplishes little more than to slow your computer down. I have more trouble with their software than I do with actual mal-ware.
Re:Alternative Anti-Virus Software? (Score:5, Informative)
Avast.
It's not just for Talk-Like-A-Pirate Day any more!
Nagware alert! (Score:5, Informative)
avast! antivirus Home Edition is FREE to use but it is necessary to register before the end of the initial 60 day trial period. To register, click here. Following registration you will receive by E-mail a license key valid for a period of 1 year. After you have downloaded and installed the program, the license key must be inserted into it within 60 days. The registration process is very easy, and it will take you only a couple of minutes.
Also Avira has been getting more and more annoying over the years, it's practically adware now.
So now it looks like it's either AVG with the browser plugins removed or MoonAV (which is FOSS):
http://www.moonsecure.com/ [moonsecure.com]
(It used to have a problem where you'd need to remove the Windows service manually after uninstalling, they might have fixed it though.)
Re:Alternative Anti-Virus Software? (Score:4, Informative)
Apache Rewrite Rules! (Score:5, Interesting)
Try this on Apache servers:
#Here we assume certain MSIE 6.0 agents are from linkscanner
#redirect these requests back to avg in the hope they'll see their silliness
Rewritecond %{HTTP_USER_AGENT} ".*MSIE 6.0; Windows NT 5.1; SV1.$" [OR]
Rewritecond %{HTTP_USER_AGENT} ".*MSIE 6.0; Windows NT 5.1;1813.$"
RewriteCond %{HTTP_REFERER} ^$
RewriteCond %{HTTP:Accept-Encoding} ^$
RewriteRule ^.* http://www.avg.com/?LinkScannerSucks [R=307,L]
Brought to you by These guys [pixelbeat.org].
Re:Apache Rewrite Rules! (Score:4, Interesting)
Just to comment that this has been working flawlessly for me and others for days.
In addition to much reduced load, AVG will be getting the combined load with an appropriate message in their logs.
Note it's quite safe for valid IE 6.0 users as it checks for very specific user agent strings that most IE 6.0 users don't in fact have.
In addition the referrer must be blank and the Accept-encoding header must be missing.
Also I'm using a 307 redirect so so that potentially non linkscanner clients will keep checking the latest rules.
This also allows you to change the redirect destination without worrying about cached old redirects.
Re:Apache Rewrite Rules! (Score:5, Informative)
I have an updated version of this redirect to AVG, based on info I've been gathering over the last 2 weeks from Webmaster World, El Reg, and of course Pixelbeat. Here is the rule set I am using now:
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ".*MSIE 6.0; Windows NT 5.1; SV1\)$" [OR]
RewriteCond %{HTTP_USER_AGENT} ".*MSIE 6.0; Windows NT 5.1;1813\)$"
RewriteCond %{REQUEST_METHOD} ^GET$
RewriteCond %{HTTP_REFERER} ^$
RewriteCond %{HTTP:Accept-Encoding} ^$
RewriteCond %{HTTP:Accept-Language} ^$
RewriteCond %{HTTP:Accept-Charset} ^$
RewriteRule ^.* http://www.avg.com/?LinkScannerSucks [R=301,L]
I have the check for "GET" method in there so that the earlier "User-Agent: ..." version of linkscanner will still get redirected. See, that version does a HEAD request first, most likely to check for a redirect. So we allow that HEAD request to pass, since it is small any ways. But the GET request that follows will still get redirected. We want to redirect the maximum amount of traffic we can to AVG, to drive the point home.
This filter is also more selective, by also checking for the non-existance of Accept-Language and Accpet-Charset we make absolutely sure we are not redirecting a valid user. No web browser out there would fail to set all 3 of these, so we can be absolutely sure this is crap coming from a linkscanner.
I also decided to use a permanent redirect, in hopes that linkscanner caches this and it will reduce the number of repeat hits from the same user? Not sure if that is the case or not.
Someone in this thread asked if these rules work in the main Apache config file instead od using .htaccess. I don't use .htaccess on my servers either, and these rules reside in our main Apache config file. So the answer is yes, it will work in BOTH places.
I hope by now that AVG realizes the futility in their continuing to change how linkscanner acts to try and hide it from us. We will simply continue to work together as a community of server admins to block this crap and send it right back at them!
My ex wife.... (Score:5, Funny)
Re:My ex wife.... (Score:4, Funny)
....used to fake user agents all the time.
You mean she called out other browsers' names during sex? Weird.
Once good (Score:5, Informative)
AVG was once a good product. Then, it got bloated and started eating up kernel memory voraciously. It was impossible to play games with it running in the background, especially Crysis (skip the jokes, my system could handle it maxed once I replaced AVG with Avast!). Now, with this development, I'll be sure to replace AVG with Avast! on all of my machines, not just my gaming one.
On the Up and UP. (Score:4, Insightful)
Smiley anti-virus provider? The integrity of Slashdot submissions just keeps going up and up! Nice example Taco.
Slimey? (Score:4, Insightful)
Re:Slimey? (Score:4, Insightful)
These software and others which aren't in this list (The GIMP, Audacity) are in my highly recommended list of software that all computers should have installed by default.
HOWTO install AVG without Search Crawling (Score:5, Informative)
You can actually install AVG 8 without the 'Safe Search' feature that crawls websites (it's essentially a BHO/Firefox extension). Even if you already have AVG 8, you can uninstall it and reinstall:
At a Command Prompt window, type /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch
c:\downloads\avg_free_stf_xxxxxxxxxx.exe
where c:\downloads\avg_free_stf_xxxxxxxxxx.exe is the full path of your AVG 8 installer.
Re:HOWTO install AVG without Search Crawling (Score:5, Funny)
At a Command Prompt window, type /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch
c:\downloads\avg_free_stf_xxxxxxxxxx.exe
where c:\downloads\avg_free_stf_xxxxxxxxxx.exe is the full path of your AVG 8 installer.
At least it is intuitive....
-Em
Re:HOWTO install AVG without Search Crawling (Score:4, Informative)
You can also just turn it off in the options screen. If you can find the correct options screen. And if you don't mind a tray icon that says "warning, something is horribly wrong!" all the time.
AVG 8 is dog slow (Score:5, Informative)
Grisoft dropped the ball with AVG v8.0 (Score:5, Informative)
I'm a longtime user of AVG. Version 7 was reasonably lightweight, effective and (most importantly to me) unobtrusive.
Unfortunately, version 8 is a different story. After Grisoft forced me to upgrade in May, suddenly AVG became a nagging resource hog. Nightly scan times rocketed from about an hour to over six hours - a scheduled scan that started at 2am would still be going at 8:30am. I have been able to reduce this time somewhat by changing the scan settings (e.g., don't scan inside compressed archives), but it's still slow.
Most annoyingly, their new "LinkScanner" and "SafeSurf" features slowed my browser to a crawl. I didn't want these, since I already use FireFox with the AdBlock and NoScript extensions. I tried to simply disable LinkScanner, but then AVG constantly bothered me with nagging warnings that my computer "was not fully protected". After a little digging, I found that it was possible to uninstall the feature entirely with the following command:
avg_free_stf_xxxx.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch
(Substitute "avg_free_stf_xxxx.exe" in the above command with the name of your setup file.)
This improved my browser performance, and eliminated the warnings.
I'm still (grudgingly) using AVG, but I will switch if/when I find a better alternative.
are you sure it's avg_free_stf_xxxx.exe (Score:5, Funny)
Shouldn't it be avg_free_stfu_xxxx.exe ??
You'd have to fake the user agent (Score:5, Insightful)
When probing for sites that serve malware, wouldn't you have to make the probe look identical to a legitimate user?
Otherwise the malicious site could just serve innocuous content to the probe and malware to everyone else.
I'm going to agree with the slimy assessment (Score:5, Informative)
Slimy? (Score:5, Insightful)
I think I missed the memo - why is AVG a "Slimy anti-virus provider"? That portion of the summary BEGS for supporting links...
What about advertising? (Score:5, Insightful)
Could AVG be unintentionally committing massive click fraud?
Re:Sending the bills to them. (Score:4, Insightful)
You need explicit permission to access a public website now? Shit! I'd better get offline and write an apology to CmdrTaco - I've been using /. without permission for the best part of a decade!
Time to post a specific statement on all websites stating that AVG does NOT have consent to access or "visit" these websites.
That's a bit like putting up a 'No Trespassing' sign inside your cellar, and expecting it to prevent people coming over your fence.
Re:Sending the bills to them. (Score:5, Insightful)
no your not a lawyer, but i'm pretty sure your not smart enough to be one either.
you didn't give them permission to access your publicly available site?
really?
are you sure?
because you know, if you make something publicly available on the public internet, I'm pretty sure by definition, you've therefore given them permission to access it.
Just like everyone else "in the public".
Did you give Google permission?
how about every other search/index site?
as to the "extra bandwidth" since it is by definition, caused by your websites being found via search providers, maybe you should be sending the bill for linking to them and thus causing the "extra bandwidth" to Google/Yahoo/MS and see how far that gets you.
It runs in Firefox as well (Score:5, Informative)
LinkScanner, the component they're talking about, works in Firefox as well - so no, using Firefox does not 'keep you safe'.
Nor is this about the users of the thing in the first place - either they like its functionality (security theatre-advance warning blabla) and leave it on, or they don't and they switch it off.
This is about the poor, poor admins who are suddenly seeing bogus traffic and omgosh it's spoofing user agents at that! .. repeatedly*
*changes his user agent to 'cry more, Taco' in FF and hits F5
Re:New (free) antivirus? (Score:4, Informative)
I've been using Avast! Home Edition [avast.com] for a while now, no complaints.
Re:payback (Score:5, Informative)
Re:payback (Score:5, Funny)
so we don't know what readers are actually interested in
Porn. Anime. Sometimes computers.
Hope that alleviates your concerns.
So AVG is reducing your security... (Score:4, Insightful)
And with AVG, I'm becoming a little less paranoid with websites
That is, you're reducing your security because you believe AVG is providing you valid information about the reliability of websites.
Comment removed (Score:5, Insightful)
Re:Awwww, so sorry for all the webmasters (Score:4, Insightful)
I think you're missing the point: it scans links that users are not going to. It scans every result from a search, and not just the ones that you're browsing to. This significantly increases the traffic that sites have to deal with while not increasing user security at all, since the pages can just as easily be scanned while they are downloaded.
But maybe you're just trolling.
Re:Awwww, so sorry for all the webmasters (Score:5, Insightful)
Are users not supposed to protect themselves in the interests of the website?
This isn't being done to protect users. The pages could be scanned just as easily on actual load. This is being done to prevent the users from having to suffer a small delay on loading the page by preloading it (and every other possibly link on the page since the software doesn't know what link you're going to click).
You're just putting spin on the issue because this is affecting your cost/income ratio.
You're very anti-average Joe. Most of us aren't Amazon. Most of us, in fact, make precisely zero income from our websites. And we don't have the kind of financial resources to deal with this kind of distributed attack on our bandwidth. Amazon, Yahoo, and such won't have any problem dealing with this sort of thing, but if it becomes popular, it'll force the rest of us off the web.
Since the problem of malware sites is not going to go away and since AVG is effective more antivirus software will start using these techniques. Unless you have something better to suggest?
Yes, make the user wait the extra second if the user wants to scan a page.
Frankly, as an end user, I don't give a damn about your costs and stats. I don't care about it for amazon, ebay, myspace, or paypal. I do care that if I follow a link to an unsavory site that I am protected.
If that's true, then you won't mind waiting the extra second to load a page instead of having the browser drag down the bandwidth of every site in your search ahead of time for you.
Here is another question. Do you want a userbase that is populated by malware infected computers? Is that preferable to figuring out a way to work with AVG new technique?
That's a false dilemma. Is it preferable to force everyone other than the big guys off the web so that users don't have to wait an extra second on loading a page?
Dont throw your users under the train. They have a right to their security and peace of mind.
Don't throw the majority of web page publishers under a train, just so you can save a second by preloading a page.