AVG Fixes LinkScanner!!
AVG has released an updated version that corrects the LinkScanner bot issue (build 138, July 4), which we’ve all noticed slamming our servers and analytics data over the last several weeks:
We have modified the Search-Shield component of the product to only notify users of malicious sites.Search-Shield no longer scans each search result online for new exploits, which was causing the spikes that web masters addressed with us. However, it is important to note that AVG still offers full protection against potential exploits through the Active Surf-Shield component of our product, which checks every page for malicious content as it is visited, but before it is opened.
As you’ve just read in the quote above, AVG has stopped scanning each page that returns in a SERP for users of their free tool. Instead pages will be scanned by proxy after a user clicks on the link.
For paid users, it’s a little different. SERP’s will still be scanned but via a pure database approach (not the DDOS approach :), which means the sites listed in SERP’s will be compared to a black list of known “bad” sites. The blacklist is based on internal AVG research and from the real-time results reported by users who have opted-into AVG’s “prevalence reporting system” (a feature of AVG 8). This means AVG is still scanning sites, but on a very limited basis, thus the detrimental effects on analytics should be very minimal and only caused by users who participate in prevelance reporting. Still some data pollution will occur…
AVG hasn’t confirmed that they’ve released a fix to the “noscript” issue I mentioned. I do know they are working on it and have fixed the problem in internal builds. Regardless, if the LinkScanner is working in the way they say it is, the problem will be negligible (but some data pollution will still occur ;).
Kudos to AVG Corporate, Roger Thompson, Pat Bitton, Greg Mosher, and all the other engineers who listened to the community on the web and worked quickly to fix the problem. Now let’s hope the the build 138 update works as described. Time will tell.
Judah added the following ...
Hi Thomas: That’s good news, and you are not alone in seeing the bandwidth increases. The point of integrating such a “blanket” technology is 1) to differentiate the product 2) use the feature to position the product against competitors 3) to protect users from what AVG calls “zero day” exploits, which frankly makes little sense since zero day exploits aren’t known on day zero, not loaded into the virus defs, and are only added to the installed product after the user updates. Your comment on a publicity stunt is interesting, but the backlash they received and the egg makeup they now wear in the webmaster community certainly isn’t good publicity. Thanks for reading and thanks for your comment!
Thomas added the following ...
I noticed from my logs that one of the User-Agents (MSIE 6.0; Windows NT 5.1;1813) has already virtually disappeared, the rest is hopefully to follow soon. So I reckon I’ll wait another week or two before I apply some blocking (it definitely has caused a significant increase of useless traffic for some of my sites as well (about 30%-40% over the last 6 months (and I am literally paying for every MB used)).
I am just wondering anyway what the point of integrating such a blanket link scanner technology into an antivirus program is. The latter should detect any malware anyway when it is about to be opened (I am using Avast for instance, which includes a Web Shield as well, but doesn’t use any link scanner).
Or was this all just a publicity stunt by AVG?
Thomas