Sunday, July 6, 2008

People Actually Read This?

I found an interesting comment attached to my post about AVG's LinkScanner identifying itself as IE6. Pat Bitton says:

Following is AVG's official response to LinkScanner concerns:

We’d like to thank our web community for bringing these challenges to our attention, as building community trust and protecting all of our users is critical to us. We have modified the Search-Shield component of LinkScanner to only notify users of malicious sites; this modified version will be rolled out on July 9th 2008. As of this date. Search-Shield will no longer scan each search result online for new exploits, which was causing the spikes that webmasters addressed with us. However, it is important to note that AVG still offers full protection against potential exploits through the Active Surf-Shield component of our product, which checks every page for malicious content as it is visited but before it is opened.
I couldn't find any reference to this on AVG's website but it's late and I wasn't looking too hard. A quick google search leads a blog post which link to comments from an article by The Register on the controversy. Among those comments is one by (presumably the same) Pat Bitton:
Response from AVG
By Pat Bitton
Posted Saturday 14th June 2008 02:59 GMT

Hi, folks. Pat Bitton from AVG here. This issue has clearly raised some concerns that we had not anticipated, and we acknowledge that we need to do something. Our primary purpose with LinkScanner, as Roger Thompson has pointed out, is to protect users against web-based threats that they cannot see. These threats are also usually invisible to web site operators, who presumably also don't wish to be unwittingly passing infections on to their visitors. This kind of problem can and does affect all types of web sites, big or small, and is extremely transient - which is why we don't use the static database approach cited by some as a viable alternative. Over the next few days, we will be exploring ways in which we can continue to deliver informed protection as unobtrusively as possible without adversely impacting site analytics. Any webmaster reading this post who is interested in working with us constructively to reach this goal is welcome to contact me at pat.bitton(at)

These two comments suggest that AVG is taking this problem seriously and is working hard to fix it. Hopefully their update will do just that. In the meantime, I've reinstalled AVG antivirus without the Safe-Search component which includes LinkScanner. I've done this even though Firefox 3 is not affected by LinkScanner because AVG's Search Shield extension doesn't work with the newest version of Firefox. But you never know when you'll want or need to use Internet Explorer right?

Ultimately, the problem of malicious websites installing drive-by malware is a real one and it is good to see antivirus companies trying to do something about it. Basically what we have here is an arms race between the malware authors and security software authors. What is happening now is a lot like what happened with old computer viruses which would infect any executable file on your computer which led antivirus software to scan every program that tries to run on your computer. The same thing is going to start to happen now with web pages.

No comments: