The End of the LinkScanner Controversy?

Slashdot reports on and Australian website's reaction to being flooded by traffic by AVG's LinkScanner. As before, AVG has promised to fix this problem. It's nice to see an anti-virus company—particularly a company which makes its products available for free—listening to its users and fixing its products. Commercial anti-virus companies like Symantec and McAfee turned their products into bloated messes years ago and its nice to see AVG back away before doing the same.

People Actually Read This?

I found an interesting comment attached to my post about AVG's LinkScanner identifying itself as IE6. Pat Bitton says:

Following is AVG's official response to LinkScanner concerns:

We’d like to thank our web community for bringing these challenges to our attention, as building community trust and protecting all of our users is critical to us. We have modified the Search-Shield component of LinkScanner to only notify users of malicious sites; this modified version will be rolled out on July 9th 2008. As of this date. Search-Shield will no longer scan each search result online for new exploits, which was causing the spikes that webmasters addressed with us. However, it is important to note that AVG still offers full protection against potential exploits through the Active Surf-Shield component of our product, which checks every page for malicious content as it is visited but before it is opened.

I couldn't find any reference to this on AVG's website but it's late and I wasn't looking too hard. A quick google search leads a blog post which link to comments from an article by The Register on the controversy. Among those comments is one by (presumably the same) Pat Bitton:

Response from AVG
By Pat Bitton
Posted Saturday 14th June 2008 02:59 GMT

Hi, folks. Pat Bitton from AVG here. This issue has clearly raised some concerns that we had not anticipated, and we acknowledge that we need to do something. Our primary purpose with LinkScanner, as Roger Thompson has pointed out, is to protect users against web-based threats that they cannot see. These threats are also usually invisible to web site operators, who presumably also don't wish to be unwittingly passing infections on to their visitors. This kind of problem can and does affect all types of web sites, big or small, and is extremely transient - which is why we don't use the static database approach cited by some as a viable alternative. Over the next few days, we will be exploring ways in which we can continue to deliver informed protection as unobtrusively as possible without adversely impacting site analytics. Any webmaster reading this post who is interested in working with us constructively to reach this goal is welcome to contact me at pat.bitton(at)avg.com.

These two comments suggest that AVG is taking this problem seriously and is working hard to fix it. Hopefully their update will do just that. In the meantime, I've reinstalled AVG antivirus without the Safe-Search component which includes LinkScanner. I've done this even though Firefox 3 is not affected by LinkScanner because AVG's Search Shield extension doesn't work with the newest version of Firefox. But you never know when you'll want or need to use Internet Explorer right?

Ultimately, the problem of malicious websites installing drive-by malware is a real one and it is good to see antivirus companies trying to do something about it. Basically what we have here is an arms race between the malware authors and security software authors. What is happening now is a lot like what happened with old computer viruses which would infect any executable file on your computer which led antivirus software to scan every program that tries to run on your computer. The same thing is going to start to happen now with web pages.

Slashdot Takes On AVG

It's official, I have no life. I've been pouring over a recent Slashdot discussion of AVG's LinkScanner problems. Along with the typically sensationalistic write-up calling Grisoft "slimy" for their product's perfectly legitimate if poorly implemented new feature, the discussion includes a lot of good stuff including how to disable LinkScanner and suggested alternative's to AVG antivirus. It's ironic that Slashdot, the website which first pioneered the Slashdot Effect, which is the term coinedd by how a popular website can knock a smaller website offline by linking to it is up in arms over what is essentially an automated version of the same kind phenomon.

LinkScanner Identifies Itself As IE6

AVG's LinkScanner feature continues to be controversial. And The Register continues to field complaints about LinkScanner's affect on website statistics. LinkScanner donwloads websites found in search results looking for sites that try to download malware onto your computer. LinkScanner now identifies itself as Internet Explorer 6 to websites after webmasters began filtering it from their traffic logs. This makes it undistinguishable from normal web traffic and skews website traffic statistics which hurts website advertising revenue. The Register quotes Steve Jackson, co-chair of the International Web Analytics Association:

"In order to make an omelet you have to crack some eggs. But a good omelet has cheese, ham, peppers, mushrooms and all sorts of other ingredients which AVG seem to have forgotten about."

While the controversy over the LinkScanner's bandwidth hogging and traffic skewing is a serious problem, the problem of websites that install malware on your computer is very real. Tools like LinkScanner would seem to be necessary to protect less sophisticated users of vulnerable operating systems (like Windows, there I've said it) from having their computers attacked by websites which knowingly or not are hosting malware which exploits unprotected computers.

Is AVG Bad For Websites?

A new website called AVG Watch claims that a component in AVG's antivirus product can overwhelm web servers by hitting them hard and downloading pages in an attempt to determine if they are hosting malware that can infect your computer. Another website complains that this component also hurts websites financially by skewing their traffic statistics which affects their ad revenue.

The component is called LinkScanner:

"LinkScanner works with both Internet Explorer and Firefox, and consists of two features, AVG Active Surf-Shield and AVG Search-Shield. AVG Active Surf-Shield prevents you from accidentally becoming infected by drive-by downloads and other exploits, ensuring the web pages you visit are safe at the only time that really matters - when you are about to click the link. AVG Search-Shield works with Google, Yahoo and MSN search engines to deliver a real-time safety verdict on all search results, including search ads, displaying an icon to show the safety rating for each site."

That's a direct quote from the documentation of AVG Anti-Virus Free 8.0 describing LinkScanner.

AVG Watch seems pretty steamed about the practice, comparing comparing it to a Denial of Service Attack. They claim that according to their own tests LinkScanner will download a page it encounters during a Google search hundreds of times more than necessary, leading to a lot of stress on webs servers as the number of people using the latest version of AVG Anti-Virus grows.

This seems like a worrisome possibility for me since I've always sworn by AVG for protecting my computers from viruses and other malware. Recently, AVG has been giving me problems with false positives and now this....

There is one ironic post-script to this episode. I have been using Firefox 3 as my main browser since its second Beta version and right now AVG Safe Search, which presumeably allows AVG to run LinkScanner within Firefox, is not compatible with the latest version of my favorite browser. So it seems that none of this applies to me right now. I'm neither "protected" from accidentally clicking on evil websites and I'm not inadvertantly "attacking" good websites either. Still, it's an interesting issue.