praise the lord.

just trying to be American :-P

I gave on the web stats made no sense.

Had to up our hosting plan :-(

What rubbish. If AVG gave webmasters an easy way to block it then obviously anyone who produced malware/badware sites would also block it in the same way. There are many firefox addons which do similar. I think AVG should stick with it. The guy @ avg-watch.org is a real idiot. Firstly how many people are really going to do a sitewide search of a domain that often? Secondly, if someone wants to perform a DoS there are thousands of much better tools readily available than trying to use AVG. The AVG grabs the html of one page, not images, flash files etc etc so the usage is minimal. What a baby.

I'm sorry but isn't it common sense to only scan links AFTER they've been clicked on instead of trying to analyse the entire interweb? I can't believe the idea to pre-scan links even got off the drawing board. Common sense dictates that having 20m users scan dozens of links everytime a page loads is going to cause problems - it's simply unnecessary, especially as 99% of users will probably only visit just a single link.

> Paris, because it sounds like she's their lead developer.

AVG has already responded to resolve this issue. The full response can be seen here

An updated version of AVG Anti-Virus Free Edition 8.0 is already available, see http://www.avgfree.com.au. The Search-Shield component of LinkScanner has been modified to only notify users of malicious sites. The equivalent modification to the the AVG 8.0 commercial products will be rolled out on 9th July 2008.

Once the updated version has been rolled out to all AVG 8.0 users the issue will be resolved.

As of this date, Search-Shield will no longer scan each search result online for new exploits, which was causing the spikes that web masters addressed with us.

However, it is important to note that AVG still offers full protection against potential exploits through the LinkScanner Active Surf-Shield component of our product, which checks every page for malicious content as it is visited but before it is opened.

We’d like to thank the web community for bringing these challenges to our attention, as building community trust and protecting all of our users is critical to us.

Best Regards, Lloyd Borrett

Marketing Manager, AVG (AU/NZ)

Can they not just set AVG as a local proxy service that IE/Firefox/Opera etc uses?

That way the page is only downloaded once, at the users request, but still scanned for malware etc before being given to the user/browser.

"That means a small portion of the rogue traffic will continue"

How can it be considered "rogue" if it's actually a requested view?

Paris, rogue and requested.

I've already switched to NOD32, because LinkScanner slowed things down too much.

There was never any reason they couldn't provide the same protection be scanning after the user clicked a link.

It's nice to see they have listened and re-architected (for all the language pedants, I know there is no such word - but it still conveys the required meaning) the solution.

So they finally worked out that they'll be sued over the increased bandwidth costs they will be inflicting on people... about time too!

Paris because she would certainly have worked this out faster than AVG did... no, really!

We've switched to Avast!, which is proving much slicker in every way. Even without the real-time scanning, AVG8 was bloaty and turned even a fast PC to treacle for several minutes after start-up.

Re the scanning, they could settle for an intermediate solution of checking URLs against their own list of dodgy ones (wasting only their own bandwidth) updated automatically based on the on-demand checking initiated by actual visitors to the sites in question. Of course, that would upset those who might be uneasy about Grisoft potentially collecting searching-habit data, but it's probably not as bad as actual connections being unknowingly opened to sites of dubious repute.

You know, the solution that makes sense.

Download it when clicked, scan then feed to the browser...

Seven pages of results from Google for "depressed tigers". I have to admit to being somewhat surprised by this.

I suppose that all those articles predicting their imminent extinction must have had a detrimental effect on the mental state of those tigers who like to keep up with current affairs.

Their product doesn't work (virus updates fail) if your system partition is FAT32 rather than NTFS.

There also seems to be a problem following a recent AVG update, which has broken AVG integration with my Internerd-only (ie no Exchange) installation of Outlook (yes, I know I shouldn't, but that's another story).

By the end of the week it'll be AVG down one user, Avast plus one user (I'm already using AVG for a couple of antiques still running W98).

I'm afraid it's not the solution that makes sense.

You click, page gets downloaded in Link Scanner, gets scanned by link scanner, then the browser downloads the page again.

So the problem with a server detecting Link Scanner and a) serving something harmless to Link Scanner then malware to the browser or b) serving something harmful to Link Scanner remains.

The only solution that makes sense is to let the browser download the page, scan it, and then allow the browser to render the page or alert the user.

Sorry AVG - low overhead is paramount for me and the home users I support, most of whom have oldish kit. That was one of the reasons I recommended AVG in the first place! I also didn't like the arm-twisting to switch at the end of May, which turned out to be a false alarm. If you can't trust AV suppliers.. :-(

Clam AV now has half a dozen new users.

Finally, AVG wake up, smell the coffee and abort their arrogant 'we know what's best' nonsense.

The damage has however been done, not so much by AVG's flawed security strategy but their continued insistence that there was nothing wrong with it. It wouldn't have been as bad if there was some merit to what AVG were attempting to do and problems were an unforeseen side-effect but its seems everyone except AVG could see what what was wrong with AVG's unnecessary approach.

Well done to El Reg and everyone who kept the pressure up on AVG.

AVG : shot down in flames.

> "That means a small portion of the rogue traffic will continue"

> How can it be considered "rogue" if it's actually a requested view?

My guess is you'll get one view for AVG doing the post-click/pre-view scan, and a second view for the real user.

A big improvement on getting an AVG view for something the user didn't even look at.

Ditto, although I've jumped to Avast! rather than ClamAV. I already use ClamAV on my linux machines (mail scanning for example), so using a different scanner on the desktop seems to make sense.

It's a shame - although AVG has never actually found a virus on any of my machines (I think in my life so far I've only ever 'caught' one virus - and that was on my Atari ST) it has always (up until v8) struck me as one of the better choices - since it's quite unobtrusive and seemed to 'do what it said on the tin' (apologies to ronseal). The new version looks like it's heading the way of Norton when Symantec took over - bloated, too much attention to being pretty, and a real killer of the machine.

I've had Linkscanner disabled for several weeks now and will continue to supress it, but as a webmaster it's good that Linkscanner will be altered. It's a pitty that the whole world and their monkey had to scream at AVG for them to realise what a mistake they had made.

I will continue to use AVG as it is, at the core, a very good virus detector and healer. I wish AVG will stick to what they're good at and not take their basic product into other areas.

This whole "fake traffic" business is bogus. The Register has made a mountain out of a molehill. So now a valuable security tool has been blunted because The Register was worried its advertisers might worry that traffic is a few percent lower than The Register tells them it is.

Thanks Register, for NOT putting your reader's interests first.

"My guess is you'll get one view for AVG doing the post-click/pre-view scan, and a second view for the real user."

Obviously, twice for links you follow is better than also following umpteen links that you don't follow. But doing it twice would mean that if a dishonest webmaster could identify which is the pre-click and which is the post-click they can return DIFFERENT content for the two cases.

If the solution isn't that the SAME page is used for both purposes, then it needs to be changed so that it is. And that's for safety, not JUST for traffic economy

they're still going to scan links anyway. Regardless of their intent with the collected data, you'll still download pages twice, and your bandwidth usage will still be affected - a negative point for users with an ISP usage cap. And for webmasters too, even if the bandwidth consumed is small per person, that soon mounts up over many visitors per month. Unacceptable.

...of my life. Does things I haven't asked it to, installs crud I haven't asked for - not done. Buh-bye, AVG...

"So now a valuable security tool has been blunted because The Register was worried its advertisers might worry that traffic is a few percent lower than The Register tells them it is."

Firstly, the tool hasn't been blunted.

Secondly, the "few percent" is only true if hardly anyone uses AVG. If everyone on the web used this, the traffic impact will be enormous. Any product which relies on staying unpopular to be practical can't have much of a future. Maybe Cisco have shares in AVG?

Thanks AVG for doing the right thing.

Love the self-deluded spin on their press release. Grisoft, you need a re-shuffle in your marketing department and a new PR agency. AVG V8 programmers, hang your heads in shame. Grisoft, your new mission statement is K.I.S.S. Looking forward to the streamlined, small-footprint version 9 (ie. re-badged version 7) edition.

It's not even FAT32 partitions either that AVG 8 crapped out over, we were on WIN2k with an NTFS and it still wouldn't update itself or uninstall...except in safe mode

but fairplay to AVG, they refunded us.

How many of these AC "Linkscanner was a GoodThingTM" comments actually come from frustrated malware writers.

Yes, because those folks whould actually welcome the 10x increased chance of getting a "link farm" cheap shot if a vulnerability was found in said Linkscanner...

On the off chance last AC was not a vxer, mind you, LS was NEVER a valuable security tool (the way it was implemented it was just a great attack vector), and El Reg is actually putting readers interests first, because for the Web at large LS was a nuisance at best and for users it was "insert something bad here" at best. Bad security model = no security at all.

Bill, because even MS can figure out their stuff is broken, faster...

Why the whining about users feeling unhappy about a product?

STOP WHINING.

I've got rid of AVG- not just because of the linkscanning- that was silly and I turned it off.

The bit that did it for me -I'm running XP with 500MB RAM- is that when moving files, AVG checked the files and left bits of itself in the directory. This led to constant "Directory not Empty" errors and bailing out of the Move operation. Unsurprisingly, this left files all over the place and took a while to tidy up. The part of AVG responsible was an unkillable process and the only way I found to be able to move files was to uninstall completely.

Gary F - "virus detector and healer" ?

Detector, yes, healer? No.

So few viruses want healing these days, maybe they did back in the day of macro viruses. Virus deletion is the functionality you are looking for, one that you will find in Avast; can't delete a trojan? It will at the next reboot. Problem solved. Gone.

AVG? It doesn't like trojans. It cries "Trojan! Trojan!", but unable to, do the miracle of, converting deleterious viruses to essential system files ie. 'healing', AVG at best quarantines them, waiting for help. More commonly, the computer freezes whilst AVG screams "Trojan! Remove?" then "fail" then "Quarantine?" then "Fail" in a presumably unending cycle, akin to a toddler screaming when it cannot see its mum.

AVG is free for home non-commercial use, and free of Linkscanner too, but it is not top of its class.

Paris, 'cos like AVG she's not top of her class and she does things that make perfect sense to her whilst leaving innocent bystanders raising more than an eyebrow.

And unlike AVG, she mostly visits sites of dubious repute by invitation, while her visits are fully documented in the press, she attempts no justification of her extravagant statistics, whilst she provokes intentional clicks most everywhere she goes. Did you see Paris go?

I had manually turned off the link scanner. However when you want something in AVG disabled, it constantly displays an error in the system tray. You don't know if you have developed a real problem as it will be hidden behind the deliberate change.

"How many of these AC "Linkscanner was a GoodThingTM" comments actually come from frustrated malware writers."

Do you look under you bed every night?

Some people (my wife and my parents included) thought it was a great addition to their computer security as they are scared shitless of having their bank/card/personal information stolen and them ending up having to pay the bill. It might have done nothing to help, but they felt it was doing something to protect them from phishers.

I know people all over were complaining that they had to pay uplift on the hosting plans etc, but how much extra bandwidth was AVG8 actually taking? As far as i know it only downloaded the page without images/crap flash ads etc. How may times would that page have to be downloaded to amount to much?

As a side note, i had to change to Avast because AVG stopped updating. Runs fine on my two other computers though.

*Black helicopters because obviously Nuno is always twitching the curtains looking for them"

Surely adverts are one of the main ways that malware can get on legitimate sites? (I remember The Reg being hit by a dodgy 3rd party ad a few years ago?)

As most ads are rotated on each page load, surely if 2 requests are made for the same page, they'll most likely be serving different ads to AVG and the browser?

'Nuff said.

@Wize -- Open the AVG UI, right-click on the icon for the component you've turned off, and click on "Ignore component state". The icon in the UI will change to yellow, and the system tray icon won't show an error for that anymore.

I know. It took me a while to find it.

just turn link scanner off on the config page,...

coat for obv

"Some people (my wife and my parents included) thought it was a great addition to their computer security as they are scared shitless of having their bank/card/personal information stolen and them ending up having to pay the bill. It might have done nothing to help, but they felt it was doing something to protect them from phishers."

Do they also like the idea of Phorm, ID cards and locking up anyone that looks vaguely muslim without trial? -- Just three more things that will do nothing to help, but are being touted as security measures.

if it scanned a link to an *extreme porn* website you yould be done for visiting it even if you hadn't.

AVG has done an excellent job with Link Scanner. As an IT security expert, I think it is a great idea. Webmasters may not be too pleased - but, hay, if we want to improve user security then certain sacrifices need to be made. I am surprised that AVG is giving way to criticism. Users should be pleased with this technology, which I believe the silent majority are ! Please stop whining and let AVG produce innovative products that provide a service to normal internet users !!!

AVG has done an excellent job with Link Scanner. As an IT security expert, I think it is a great idea. Webmasters may not be too pleased - but, hay, if we want to improve user security then certain sacrifices need to be made. I am surprised that AVG is giving way to criticism. Users should be pleased with this technology, which I believe the silent majority are ! Please stop whining and let AVG have the freedom to produce innovative products that provide a service to normal internet users ! AVG you have a fan !

"for bringing these challenges to our attention"

Thanks Lloyd, but one little thing, cut the mumbo jumbo and speak your mind. A spades is a spade and a challenge is still a problem.

Here the PROBLEM was your spam traffic, it wasn't/ isn't t a challenge, it was a PROBLEM. We brought the PROBLEM to your attention.

The CHALLENGE was for you fix it.

Can we get ti right next time please, and can we bin the management speak? Oh and this has got NOTHING to do with and positive attitude mind games you guys play around the boardroom table.

It was a PROBLEM and you rose to the CHALLENGE of fixing it.

Spread the word my good man.

Well first of all, if LinkScanner only downloads the text of the .html (et al) page, then it's not all that useful. Case in point: spam emails that contain an image that displays the message text. So then LS will need to look at images and run them through an OCR filter to scan for content. But then how long will it be before the badPeople(tm) start using flash to do their thing, further obscuring themselves from the LinkScanner? The fundamental design of this "innovative product" is painfully flawed, rendering the product utterly useless.

Now, to those who prefer to question how much bandwidth is really taken up by this...clearly none of your run websites, but I digress. In literal terms one character in the .html (et al) file is one byte, so 1024 characters is one KB. The front page of El Reg is about 32 KB of source code. The count of AVG users is some 20 million. So the potential additional bandwidth is 20,000,000 * 32 KB = OVER 600 GB, and that's all without actually visiting the site. That's just because the users went to google and ran a search query. Start including images to make the LinkScanner more useful, and the used bandwidth increases by an order of magnitude.

Lastly, there's the web analytics side to consider! If LinkScanner visits are indistinguishable from "real" visits, then an entire industry (web analytics) breaks down. And there are search engine advertisers to consider. If LinkScanner is following all links on a search results page, then it's plausible that paid advertisement links are being visited as well, causing multiple erroneous clicks on links advertisers pay to place there, which causes the charge to the advertiser to shoot through the roof! As much as people don't like ads, it's still an unfair burder on advertisers to shoulder the burden of LinkScanner's poorly thought out concept.

So to sum up, those who think LinkScanner is a GoodThing(tm) are evidently clueless.

Does anyone else have an image of our 'IT expert' walking down a suburban street looking serious while filming a serious looking advert for home IT security then walking straight into a lampost by spelling 'hey' wrong and double posting?

Paris because even she could spell hey correctly.

/me slips on the banana skin of uncouched quotes

Maxx,

Your AVG LinkScanner seems to have developed some sort of bi-polar self-awareness.

Not only is it "link scanning" the "Post comment" button, generating multiple gibberish posts in the process, it can't decide whether you should be anonymous or not.

Perhaps you should turn off AVG and compose your own posts. They might be more intelligible.

"So now a valuable security tool has been blunted"

WTF was valuable about scanning links you might never have visited anyway? Stop being so stupid.

"It might have done nothing to help, but they felt it was doing something to protect them from phishers."

Errr, so what you're saying here is that it made them feel better, but might not have actually made them any safer?

Back here on Planet Earth, we call that a "false sense of security" and it's generally considered a Bad Thing by people who *do* have a clue about security issues.

Oh, and Maxx/AC? As an IT security expert, surely you should know that posting again with "anonymous" checked won't make your first non-anonymous post go away, but will instead cause a double post and make you look like the prat you clearly are. If you're the sort of "expert" who thinks Linkscanner is a great idea, then killing it off is obviously a good move by Grisoft!

If you're an "IT security expert" then I weep for the future of the web as you've obviously missed the entire point of why the LinkScanner in it's previous incarnation was bad.

LinkScanner was going to sites you probably didn't want it to go to so all those nefarious sites already had your IP logged as a visitor. Imagine you're sitting at work, search something in Google, and the LinkScanner previewed a site that violated your office internet policy or worse.

Like the boss would believe you pleading that you didn't actually go to the Playboy site and sacked you anyway.

Personal attacks aside - it has to be acknowledged that there is more than one side to this argument. Whether or not any individual thinks ' AVG Link Scanner is a good thing' is down to them. Personally, I do think it is good for user security on the web. However, we clearly, need to analyze the effectiveness of Link Scanner. Those who think that they know the inner workings of this product and it's deficiencies can contact AVG and explain this to them. Is it open source ? Not as far as I know, maybe the experts here can let us know. I think any product that moves a step closer to improving user security on the internet is really a good thing.

I believe the 'silent majority' you refer to are silent because they are blissfully unaware of LinkScanners' potential to do more harm than good. As an IT security 'expert' shouldn't you be doing more to ensure your users are aware of the threats they face in the course of their surfing, rather than relying on someone else to do the job for you? And while you're at it, ask your IT department if they appreciate the increased bandwidth costs involved user-side for no actual real-world benefit.

Oh, and as a webmaster, sorry, but the argument 'sacrifices need to be made' smacks of Roger Thompson's own 'omelettes and eggs' argument when originally questioned by El Reg. Is that really you, Roger?

I applaud AVG for finally coming to their senses.

But neither they nor The Register give the real facts.

LinkScanner was so easy to fool that every webmaster worthy of the title has been doing so ever since AVG launched it - and presumably every drive-by download site has been doing the same.

AVG dumped it because it was a security risk for their users.

If the link scanner is there, does it get "clicked" twice? Once for the scan, and once for when I really want to pay?

Maybe these guys are promoting double payments to vendors or some such?

It could happen, but does link scanner work on "secured" pages (https://)?

AVG was doing pre scanning to give the user a perceived faster browsing experience at the cost of everyone else, well bugger them.

They should scan as the page is loaded, and then send the results to a central database to be pulled from later.

And yes it does rather increase the liability and exposure of their clients, perhaps they should run a proxy instead, and then feel the pain of the download, that would give their users a faster experience and only cost AVG.

It is just badly produced, the idea is fine if the costs are met by the parties concerned and not everyone else.

"re-architected"?

An architect is a person who designs buildings. Its use in any other context is pure crap. I believe the word you are looking for .... wait for it.... its really simple.... is *redesigned*.

Stop trying to be a dotcom market-tard by using made up words!

Oh Yes the omelette comment. Well that really annoyed me at the time. Never mind "Open Source." AVG released flawed software that they took my money for (at least the softs was flawed on this legacy system anyway)

- did not do what it was supposed to do

- came with things that people did not want.

- slowed machines to a slug.

- on this legacy box took 16 hours to scan the machine for viruses.

- would not update its virus signature either locally or over the Net,

- visited sites that you we did not want it to

- did not install itself correctly,

- emails that we sent with our avg.cfg to support were bounced back

- did not uninstall itself in a friendly fashion and was only evicted in safe mode. Contrary to the blether on the AVG website.

-the lifeline of 24 hour support was 1 automated e-mail days later that told us we were on a FAT32 partition when it was NTFS and that an update will be released "soon," How soon????

We bailed out and got ourselves sorted elsewhere.

I don't want maximum aggro when installing new software and I have to say that my experiece with AVG 8 was one long headache.

The only one good thing I can say for my experience with AVG 8 (bastard thing) was as I said earlier

- they gave us our money back.

If LinkScanner doesn't download Google ads (and thus doesn't execute the JavaScript which loads them) then presumably its bevhaviour is distinguishable from that of a standard browser by looking at the values of JavaScript variables after the page has been loaded by the browser.

Not a useful distinction for log file analysis, but a useful exercise for the budding malware writer...

With all the whining here, who's getting all that cheese? Really, other than the articles appearing in the Reg-what other major news sites-disregard the bloggers rehashing Cade's story-covered all this alleged bandwidth being used? Uh, none. Yes, AVG is getting sued-uh, not unless it's a huge settlement for wheels of chesse to all the whiners out there. Forget about security, who needs it, so long as the web masters from check-out-my-lame-site.org are happy. Really, no one else cares, and now AVG has 100 less users, boo effin hoo!

Seriously, maybe AVG should have thought about the potential problems and planned a little better with the release of 8.0, but lets give them credit for listening to all your problems, addressing it, and still offering a good FREE product. Now I'll use another free AV, ya, that'll stick it to em! Way to go, you show em! Oh, no, I'm a clueless PC user, wah! get over it!

Using the Jolly Roger since I have a little Captin in me!

"It might have done nothing to help, but they felt it was doing something to protect them from phishers."

That is called the placebo effect. If i have a BIG headache i take some XL stuff. Minor headache, probably take aspirin or paracetamol. If im not sure whether or not i have an headache i DONT drink water with sugar. Main reasons its because its pointless and useless.

Let me tell you some "news breaking" stuff. Many people have been doing LS's task in a more rudimentary way. Involves a transparent proxy and a fair bit of "rewriting". Behold, it too takes away many nasty things attached to your humble webpages. Does not go on a hellbent attempt on downloading the whole Internet tough. Lacks a "dont click this link, ForMoronsTM" too. Why should it have one? It will try and catch it IF AND WHEN the user actually goes there.

I dont bash LS's attempt. Its ok in my book to catch web traffic midway and take a look at it. I bash their utterly braindead way of going at it. I bash even more the outrageous way in wich they tell you "we know better" when its obvious they dont. I totally bash their utter lack of balls (for lack of better metaphor) in not standing up and taking it like men when it all goes tits up (three words: PR wont fly).

Evil Jobs, even his zealot clonelike PR/evangelism didnt stink so bad.

When I said "It might have done nothing to help, but they felt it was doing something to protect them from phishers" I was thinking more along the lines of "it might not stop all the phishing sites, but it should stop a lot/most of them, which will definitely help them feel safer", and when you are dealing with my Dad (80 years old) he needs all the help he can get avoiding the pitfalls of the internet.

Yes, the smart hackers will find ways of circumventing it and infecting people with firefox with adblock plus and noscript installed, but they are not all smart.

Not everyone on the internet trawls technology sites every day and keeps up with current exploits, any help is better than none at all.

/ mines the one with the steps in it for jumping on bandwagons

If I have to reboot *one more fucking time* after its morning update, it's bloody well going.

No, it's not a opinion, it's a fact, there are no two sides unless you're too dumb to appreciate the fact of the matter. You are NO SAFER scanning dozens of pages you don't actually visit than you are just scanning the ones that you DO visit. In fact, if anything you have slightly less privacy with linkscanner as they get your IP/Browser AND if there's any bugs in the code of linkscanner itself it lessens your security also. FACT.

Roger Heathcote.

PS: And I'm not dissing Grisoft, I have used AVG for years, I think it's very good, and indeed I think they have done the right thing by listening and fixing this - if they hadn't I might have reconsidered my choice of AV, which is no biggie itself, but I run an IT business and advise people what to use every day so by placating one person like me who IS bothered about stuff like this.they've prevented potentially hundreds of people who aren't sure what to use switching to say, avast.

who keep telling me my linux machine is infected with some horrible virus?

For some reason, every time I brought up a Google search, it was causing Firefox to crash. Great fun, no?

I've given this some thought over the last few days, and this is how I think LinkScan should have operated;

Step one, client makes a single request to AVG with all the URLs to be checked, and gets a single reply listing each as "known to be bad", "known to be bad but retest anyhow" or "checked and found clean within the last hour".

Then AVG at the client's end can almost immediately apply green ticks or red crosses to most of the results and only very, very occasionally need to test sites that haven't already been checked. When it needs to test a site, the result is sent back to AVG's central database, and the site doesn't need to be retested again by anyone for the next half hour or so.

Obviously, AVG would need to put some effort into verifying that results are coming from their own software, and that they half-hourly check is not performed by the same client each time. IOW they might need to put in some effort to make this work, but I'm sure they have a few smart guys on staff that can figure out how to make this work.

Websites see perhaps one or two extra hits per half hour, checks for infected sites are still performed by random end users, most AVG customers will 'almost' never, ever see a site that AVG hasn't tested in advance. Everyone is happy, except perhaps the website hackers and distributors of malicious software. Did I miss something?

In short; if you want to make an omelette use your own eggs, or at the very least break no more eggs than absolutely necessary.

... because you could just arrange for the malicious page to only deliver it's malicious payload after the 2nd fetch from any IP address. AVG would scan the first request and pass it as being clean, then the user would click, fetch it again, and get hosed!

Duh.

hmmm just read through about half the comments... then got bored... ok first off... since when is malaware hidden in the "html" of a page? isnt it hidden in a flash file or a image or some other file that the html downloads to your pc etc?

so basicaly scanning links etc will only help with pre defined rules of "this site is bad dont load". if it wants to actualy scan to find malaware on the page before it gets to your pc its gonna have to scan all images / mp3's / avi's etc in the page... which increases trafic drasticaly. sounds like marketing hype to me. i use avast pro.. it has a wep page type scanning thing... it scans the content as its being downloaded.. so basicaly what you will see gets scanned not a whole lot else.

on a side note... any pc ive ever worked on that has AVG i uninstall and load any other AV (tried it with a few other antivirus's) and they all detect trouble with the pc (malaware) even tho avg did nothing - granted all pc's i have to look have some problem with them... just makes it easier identifining a problem when avg is on the pc... uninstall it get a performance boost. install other AV remove malaware,.. pc fixed :P

it still amaizes me how AVG managed to get into the market... as im pretty sure that most people that use it are not IT proffesionals.

i asked a few people they all say the "pull" avg has is cause its "free".... come on people there are OTHER free antivirus' FFS. use something that actualy "works"

paris cause she doesnt work either... and shes probably also all full of bloat and malaware

> When I said "It might have done nothing to help, but they felt it was doing something to protect them from phishers" I was thinking more along the lines of "it might not stop all the phishing sites, but it should stop a lot/most of them, which will definitely help them feel safer", and when you are dealing with my Dad (80 years old) he needs all the help he can get avoiding the pitfalls of the internet.

> Yes, the smart hackers will find ways of circumventing it and infecting people with firefox with adblock plus and noscript installed, but they are not all smart.

Putting green ticks on links so your (or anyone else's) Dad thinks he can click on it isn't the right way to go about security if the design behind the ticks is flawed.

First it'll be smart people who can get round Link Scanner, then it'll probably find its way into the usual script toolkits. The fact there are two downloads by two different programs (Link Scanner and the browser) means there are two points of attack and the two downloads can be different to take advantage of different exploits in the scanner and the browser.

AVG bought a lemon when they bought Link Scanner, they just won't admit it.

A cheater solution for the customer and the AV firm would be for the websites to guarantee the data they publish to the net. If the anti virus client had a database of certified sites and only scanned content outsite of this list then it would be less intrusive and an incentive for the websites to take some responciblity for their data.

Personally I would have the AV scanner access all web data via a proxy provided by the AV firm. This would give the AV company control of the safety level of content and if they provided encrypted web traffic remove the likes of PHORM.

Where the AV company is republishing the data in encrypted form along with advisor notices and optional ad removal then snooping the stream would be an infringment on the AV company.

I owuld pay for a service like this and then the people we pay to protect us from malware could take PHORM to court for us or just remove all phorm sponsered ads untill they stop snooping.

All this LinkScanner arguing is so much piss and wind

An AV that requires a reboot after updating - now that is seriously fcuked.

On top of the web 2.0 floaty-bloaty interface it was the last straw for this user.

I have been using Exploit Prevention Labs LinkScanner Pro since August 2006; it was recommended in an Agnitum (Outpost Firewall) newsletter. In November 2007, AVG acquired Exploit Prevention Labs and eventually incorporated LinkScanner functionality into their own products. LinkScanner Pro currently remains available as a standalone product. As I use ESET NOD32 for AV protection I have no knowledge of how LinkScanner functions have been incorporated into AVG products but it does not seem unreasonable to assume the core LinkScanner logic in the two products is pretty similar if not identical.

Disregarding the optional search engine integration for the moment, as I understand it the standalone Linkscanner Pro utilises Layered Service Provider (LSP) logic to scan the incoming data stream. A Layered Service Provider is a DLL that uses Winsock APIs to insert itself into the TCP/IP stack. Once in the stack, a Layered Service Provider can intercept and modify inbound and outbound Internet traffic. It effectively does this 'on the fly'; in other words it does not download a requested page twice but can intercept exploits before they are processed by the browser.

While I can see how the search engine integration facility would and has been the cause of some aggravation, my guess is that the purpose behind its introduction (initial versions of LinkScanner Pro did not have the facility) may have been twofold. Firstly, there is a slight gain in efficiency i.e. any compromised sites in a page of results are flagged before you follow any of the links. Secondly, if you have agreed to participate in automatic reporting of detected treats, compromised sites will be detected sooner in that you will be reporting sites that you might otherwise not have visited.

As long as there is no unacceptable resource impact, I am a great believer in [mixed metaphor warning!] both 'belts and braces' and not 'putting all your eggs in one basket' where security is concerned. I have no connection with Exploit Prevention Labs apart from being a customer of their software and as long as the standalone version remains available I shall continue to deploy it.

"I have been using Exploit Prevention Labs LinkScanner Pro since August 2006"

Bad news Chris - that version of LinkScanner is just as easily fooled as the AVG version and The Register has helpfully published details of how to do it, so any malware writer who didn't know before will certainly know now.

I don't want nice folks like you to have drive-by downloads inflicted on them because of a misplaced faith in this useless product and neither does AVG - which is why they just dumped it.