The Register® — Biting the hand that feeds IT

Feeds

AVG disguises fake traffic as IE6

Where's the ham and cheese?

By Cade Metz, 26th June 2008
  • print
  • alert

Ensure Ease of Recovery with Asigra’s Agentless Software

Exclusive AVG has rejiggered the fake traffic it's spewing across the internet, causing new headaches for the world's webmasters.

In late February, AVG paired its updated anti-virus engine with a real-time malware scanner that vets search engine results before you click on them. If you search Google, for instance, this LinkScanner automatically visits each address that turns up on Google's results page.

According to the company, more than 20 million people have downloaded the new AVG 8, and this has caused a huge up-tick in traffic on sites across the web, including The Register. Because the scanner attempts to disguise itself as a real live human click, webmasters who rely on log files for their traffic numbers may be unaware their stats are skewed. And others complain that LinkScanner has added extra dollars to their bandwidth bill.

Daniel Brandt, who runs Wikipedia Watch, estimates that LinkScanner traffic to the site has outstripped legitimate clicks by nearly ten times. In this graph, the pink line represents suspected LinkScanner scans, the blue line legitimate clicks:

LinkScanner meets Wikipedia Watch

LinkScanner meets Wikipedia Watch

When we first told the tale of AVG's fake traffic earlier this month, we pointed out that if webmasters were wise to the problem, they could filter LinkScanner visits from their log files. Each scan left a unique user agent: "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)."

But over the weekend, the company changed this user agent on the for-pay version of AVG 8. It appears that scans now use these agents as well:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)

Judging from the log files of two separate web sites, including Wikipedia Watch, the first agent is by far the most common. Which is bad news for webmasters. That's also the Internet Explorer 6 user agent. Unlike the other two - and the original "1813" agent - it's a perfectly valid agent that may turn up with real clicks.

AVG's chief of research Roger Thompson says the for-pay LinkScanner is only using the IE6 user agent. Presumably, the company believes this is more likely to fool malware exploits. "There are still ways for concerned web masters to filter LinkScanner requests out of their statistics," he told us over email. But he did not divulge these methods and did not say whether they might clip legitimate traffic as well.

Many webmasters may have no choice but to abandon log file analysis, adopting alternative tools from companies like Google, Yahoo!, comScore, or Nielsen NetRatings. And these tools have their drawbacks. comScore's service tends to underestimate traffic from daytime work machines. And if you go with Google Analytics, you have to tag your pages with JavaScript - and share your traffic numbers with Google.

Plus, these tools won't solve the bandwidth issue.

Steps to Take Before Choosing a Business Continuity Partner

Page:

COMMENTS

House Rules Send Corrections
All Reader Comments (161)
Latest Comments
Lloyd Borrett

AVG Responds to and Resolves LinkScanner Issues

AVG has already responded to resolve this issue. The full response can be seen at http://www.avg.com.au/index.cfm?section=news&feature=104

An updated version of AVG Anti-Virus Free Edition 8.0 is already available, see http://www.avgfree.com.au. The Search-Shield component of LinkScanner has been modified to only notify users of malicious sites. The equivalent modification to the the AVG 8.0 commercial products will be rolled out on 9th July 2008.

Once the updated version has been rolled out to all AVG 8.0 users the issue will be resolved.

As of this date, Search-Shield will no longer scan each search result online for new exploits, which was causing the spikes that web masters addressed with us.

However, it is important to note that AVG still offers full protection against potential exploits through the LinkScanner Active Surf-Shield component of our product, which checks every page for malicious content as it is visited but before it is opened.

We’d like to thank the web community for bringing these challenges to our attention, as building community trust and protecting all of our users is critical to us.

Best Regards, Lloyd Borrett

Marketing Manager, AVG (AU/NZ)

0
0
sidephase

@Roger Thompson & Alan W. Rateliff, II

@AWR,II - "I am disappointed by the number of knee-jerk folk out there who will abandon a brand or product at the drop of a hat. But then, having worked in retail for over a decade, I recognize that those folks are everywhere and their opinions will change with the phases of the moon. Now, that does not mean their opinions carry any less validity, it just means that they are more harshly critical, more quick to react, tend to be less forgiving, sometimes less positively communicative, and often more outspoken than others." - AWR, II

Ok you seem to be missing the point. Let's draw a diagram - you being a sales guy know all about those - without images so we don't lose AWR, II in his zealous support of what he sells:

1. Symantec is bloatware - for example (well a true example but an example nonetheless)

2. Many people switched from Symantec to AVG (I personally switched to BitDefender and VERY glad i did, thank you filter :p) to avoid just that type of problem

3. Users are finding searches, etc. acting up and affecting their speed - to many if it looks like bloat, it must be bloat

4. Reactions occur, much to an AVG RESELLER'S dismay

This negative press will continue and will mvoe forward while those of us non-important techies (by your esteem) who JUST HAPPEN TO BE THE ONES EVERYONE CALLS FOR HELP continue recommending our friends, families, and customers AWAY from AVG.

Yup, this is mob mentality time - and even those of us who aren't webheads understand the unfair situation some of our fellow techs are in with the b/w, crawl, etc. and sympathize. No way in heck will I promote yet another screwed up program "just because". Bad enough I have to push M$ because of the dominance, user interaction, etc. but I sure as heck am not going to push this crap on people.

Oh for those of you interested (you probably already know this) - GASP! BITDEFENDER DOES A BETTER FREAKIN' JOB THAN AVG WITHOUT CAUSING THE SAME PROBLEMS!

Good-bye AVG.

@RT: The egg comment was simply uncalled for and COMPLETELY unprofessional. This functionality didn't play well to the crowd and I can imagine the joy-joy reaction it's having for your company, investors, etc. This non-important techie WILL BE TAKING OVER 400+ PEOPLE OFF AVG in reaction to this crap PLUS The OFFICIAL "break a few eggs" statement AND your friendly neighborhood reseller up there. Reality check: the same businesses that are buying your product are also getting hit with higher BW costs BECAUSE of your product. AVG and its bottom line go straight to the trash can. The eggs YOU so quickly dismissed as collateral damage are real bottom lines for companies. I will be quoting you sir, and your reseller anytime I am asked about your software.

Congratulations on tanking your investors! Give them a big hug and a cigar from us here in the real world?

0
0
Anonymous Coward

AVG's omelet is scrambled

Who knows what has happened to AVG? I updated to version 8 in mid-May and had the linkscanner operative for safety's sake when the kids and Mama use the computer. I noticed a few stutters but it seemed a good feature. Whoops! Noticed yesterday ( July 2 ) that last update and scan had taken place on June 28, a 3-day gap - I was remiss in my usual daily check. Couldn't get update to work correctly, couldn't reset automatic update as it had been - tried to find out more at AVG's site, couldn't get registered to post in Free forum, read through lots of postings there with similar problems going back to about the date of this article. It seemed the fix was to download new install file released July 2 and tick off "Repair" but servers bogged down greatly ( 2-5kbs! ) - FORGET IT! Uninstalled AVG this morning and put Avira AntiVir in it's place. Someone put a wrench in the works and AVG did not respond quickly enough or well enough to satisfy this user - over 3 days with questionable protection was more worry than I wanted to deal with especially considering this holiday weekend - we all know that's when some attacks are staged. Oh, well, whoever hit 'em, hit 'em hard.

0
0

More from The Register

1,000 O2 staff chose redundancy over Capita
Betrayal, or just decent terms?
48
breaking news
Pttow! Ofcom kicks hams out of MoD bands
Geet off my land, you, you ... 'secondary user'
30
breaking news
Now you can use your phone instead of your wallet at the ATM, too
Blimey, these little paper towels out of the vending machine are really expensive
47
breaking news
UK.gov's £530m bumpkin broadband rollout: 'Train crash waiting to happen'
Whitehall whispers of damning watchdog report next month
30
breaking news
Microsoft Office 365 on iPhone NOW: No, we're not making this up
Word, Excel, Powerpoint for your pocket-stroker
82
breaking news
MySpace zaps millions of teens' tearful rants, causes wave of angst
'Your crappy redesign SUCKS, I wanna read my blogs' screech users
53
Vodafone Oz launches '100 Mbps' 4G service
Nice speed if you can get it
7
EU signs off on eCall emergency-phone-in-every-car plan
GPS and a mobe in every car - do you suppose the NSA would fancy that?
100
breaking news
Who's the daddy of Virgin Media now? That would be Liberty Global
$24bn ISP gobble completes
21
breaking news
SEXY models clash at big bash over catty tweets: Yup, it's HTC v Samsung
Tech titan twits taunt: Doncha wish your mobe was hot like me?
17