AVG scanner blasts internet with fake traffic Early last month, webmasters here at The Reg noticed an unexpected spike in our site traffic. Suddenly, we had far more readers than ever before, and they were reading at a record clip. Visits actually doubled on certain landing pages, and more than a few ho-hum stories attracted an audience worthy of a Pulitzer Prize winner. Or …
On creating an antivirus solution that is actually worse for web traffic than most of the malware it protects against! And now all the really repugnant sites that may come up in a search have your IP logged too, as a side benefit of AVG's "clicking on everything"!
This is the same mentality that thinks using depleted uranium projectiles is a good idea.
Can't someone figure out that the end doesn't always justify the means?
The thing is I have never been hit with anything drive by or otherwise that has affected my computer in any detrimental way. I use AV but no link scanner stuff. I may have been rootkited, or other malwared but as far as I am concerned if I see nothing wrong, nothing is wrong. I tend to do security audits etc. quite a lot so I am well aware of what traffic is being generated by my computer.
However when I upgraded from AVG7.5 to 8 I found that lots of things slowed down. The daily scan jumped from 45 minutes to 5 hours (with quite heavy CPU usage) and web browsing was severely affected. Not just on search sites either. I can only assume that link scanner either scans everything to see if it needs full scanning or just generally slows FF and IE down big time.
So I have removed it. I have no problem with Grisoft, the free product is very reasonably priced (and it is up to users to understand what they are installing. If you don't agree I have some excellent value magic beans for sale), but I'd rather I was able to riskily browse the web when the alternative is not being able to browse anything at any reasonable speed.
Computer is 1.8GHz mobile Sempron with 1gig RAM running XP Pro; so, whilst not exactly a speed daemon, it's not obsolete either.
I've had to remove AVG from my system since the forced upgrade to version 8. Why oh why don't these customers learn from the mistakes of others.
Anyone remember when Norton was useful and popular? Now I dont know anyone personally who'd recommend or use it.
I'm now using ClamAV which is lightweight and does what I want. I think AVGs best bet is to remove the link scanning software from the free version or auto-disable it and advise users they can choose to enable it or not.
"AVG 8 might be free but it's worth every penny."
I dunno, when I add in the time I spent ripping off what I had before and installing it, the time I spent trying to work out what was causing it to insist my machine was a malware infested cesspool (false positives to a man) and the time I spent ripping it off and reverting to my old setup, I think it's a tad overpriced.
We host 400 web sites and yes, a lot of them do have page 1 rankings. In fact I can't think of one (of our serious customers) that doesn't.
The reason I'm posting anonymously is for client protection, so if you think I'm spilling my client list think again.
For your info, it's not "bollocks" (by the way, how old are you, 7? 8?) - I've analysed the logs on two of our web servers and in the current month the AVG "utility" is accounting for 7% on one and 8% of the traffic on the other. If that's 2/7ths of what's to come, then it will be very significant indeed.
Don't single me out you silly boy - you may have noticed there's rather a lot of other people posting along these lines... Still you probably have some need to prove yourself as terribly clever. Get a life.
I already stopped using AVG the minute the Link scanner appeared. I dont want a phorm like analysis of my web browsing, even worse I dont want stupid load everything ten times delays. And what is the point when google does this anyay?
Disabling the link scanner consistantly report a fault condition, hence uninstall..
What know?
Avast me harties!
I don't understand where half these user "problems" are coming from. Search results are no slower than using facebook (which uses AJAX to load a different page for every frame) and as there is no time spent rendering the pages, which for most "Wiz Bang Look-at-me-look-at-me sites is where half your loading time goes, then there really is very little difference.
I have AVG 8 and upgraded not long after it came out. I'm on AOL so if you would expect slow down, you'd expect it there but I haven't noticed any. The linkscanner is bloody useful, although it does flag up sites I would have guessed were bad anyway.
The real bit I don't get is why you're all being so upset. If you really used AVG prior to this story breaking you'd know at least how to switch on/off modules and all linkscanner is, is another module. And don't give me all this "it's bloated resource hogging" crap because, frankly, it isn't. My behemoth of a PC (4GHz dual core + 4GB ram + WinXP) came to a crawl when norton just started up with windows. Hell, even the old AVG 7 took forever to start a scan compared to the new scanner in 8. So anyone who says avg 8 is slow has either upgraded to vista or is talking out their proverbial.
Science, because this could be the new "Mike or Joel"
If you're a webmaster, then you're making some content freely available on the internet to anyone who asks for it. That's up to you. if somebody wants to make loads of requests to your site for security reasons and you serve the results back, that's your call. You've got the option of only sending responses to people who post credentials to your site, but you choose not to. Just because AVG make software that's useful doesn't require people to run it. I use it, I don't really care if it scans search results or not because I don't expose myself much to malware risks on the internet and I don't notice any slowdown in browsing experience. So as far as I'm concerned, this is just part of life for webmasters and they should deal with it.
I'm old enough to have a thick enough skin to pay no attention to your insults.
If two of your hosts are recieving 7% and 8% of hits from AVG it simply means that you aren't getting any real visitors. Just do the maths, let's keep it simple and say AVG accounts for only 5% of your traffic. In this case one hit from AVG and nineteen hits from elsewhere. Now in an extreme worst case scenario for AVG let's assume that AVG is the only AV product available, everybody uses it and you don't have any dediciated followers that return frequently then nineteen hits from a new visitor is pretty bad, no wonder you want to remain anonymous.
Maybe its just me, but I can't see how this is significantly different to features we are seeing more and more of in modern browsers which pre-emptively cache pages from links on the current page in a effort to speed up the browsing 'experience'.
(I will personally garrotte the next marketing person who uses the term 'enhancing the user experience')
Quote: "The only AVG employee on this thread declared their interest ... Pat has asked for your help, feedback and assistance to come up with a workable solution to the concerns voiced here. How many Anonymous Cowards have actually done that?"
Oh come on. The average AV business model is bloody brilliant from the owner's point of view. From the customer's POV, it quickly takes on the appearance of a scam.
Those AV solutions that do not rely on heuristics, are solely dependant on fresh updates. When your AV subscription runs out, you're left with old definition files and you quickly become vulnerable. Not to say that you weren't involnurable while running the AV crap in the mean time, because if you're touched by a new threat, you may think you're safe, but in reality your one hour old definition file might not be fresh enough to fully protect you.
In short: AV gives most users a false sense of security.
Then you can factor in the wasted CPU cycles, the huge memory footprint and the smell of burnt aluminium as the hard disk head touches the platter 100x more than necessary because of some stupid AV product. Oh, and now you can also factor in the wasted network bandwidth.
Lovely.
Not to forget all those BSODs caused by dodgy device drivers installed by certain AV vendors...
And at the end of the day... This question remains open: What causes the most pain and grief? Malware or the products that "protect" against them?
I disable javascript/activex/java by default on my computer at home. I only trust sites that are useful (and trustworthy). In the end none of IE's exploits have ever been any issue for me. I run an AV scan annually, and it never turns up anything. I've done this for the past 20+ years. I have occasionally tried some AV products, and they OTOH have caused problems for me. (I remember vividly NAV triggering a BSOD under NT4 when inserting a floppy -- lovely)
In short: The AVG guys don't need our help. Their product that scan links is broken and needs to be removed. That's all.
Well, Link Scanner may indeed be the best thing since sliced bread but ever since, well, forever really, the idea of getting a computer program to take the lazy way out and do things the worst possible way has been seen to be bad practice. Entire carreers have been built on not doing it the "Link Scanner Way", and a library of books have been written along the lines of "never do anything the Link Scanner way".
Testing every link on a search engine page is simply a waste of resources at every level. I can't speak for anyone else, but often when I'm using Google for work purposes I need to make a couple of attempts at a query before I see *anything* worth clicking on. Why in Azathoth's name anyone would think it a "good" idea for software to go swanning after the links I have no intention of using is beyond me. No doubt I am being intensely thick, even less doubt you will explain it, at length (this now being the John A Thompson Opinion Page).
Point of information: Since any "scanning" actually takes place in the user's machine anyway, what exactly are the different semantics of doing this *after* a click rather than before? Other than the real speed costs of the software becoming all-too apparent to the user in an unambiguous way of course.
Reality time. The thinking of this clearly never went beyond the "let's hide the cycles needed under the user's reading time" stage. The idea is causing real damage at every level. It should be consigned to the stupid box and everyone concerned given a light touch of the cattle prod for being immensely thick and another to remind them to think it through *first* next time.
One rarely comes across a situation so worthy of the Gordon Bennet Award For Not Getting It.
Ok. Seems like a lot of people don't get it. Linkscanner shouldn't load sites *before* I actually click on 'em! Doing so isn't "live" scanning at all. Its eating away my bandwidth, and the site(s) bandwidth as well. I do understand the need for this kind of scan, but you could have this as well done at *load* time, by setting up a local proxy that checks the site, then serves it to the browser if its OK.
I do see some webmasters that would be happy for this, though. I remember some of those "warez" site groups like t100.com or something like that getting paid for clicked-in users (that is, site visitors.) They'd be very happy to get a zillion extra "visitors" thanks to this.
The rest of us, however, really don't want this kind of stuff.
The spidering behavior of "modern browsers" you are talking about is outside of the RFC specifications.
Between Firefox 2.x, IE 6.x and 7.x and Opera, none of them do this sort of prefetching by default (as far as I know, in the installations I have).
You have to configure it or add a plug-in that does it.
AVG does it by default without asking you if you want to increase the load on target servers you aren't even planning on visiting.
The extra traffic would make things unusable for anyone on DIALUP. Such people still exist - often the poorest or those a long way from the exchange.
If I had a malware site I'd change it to deliver the malware on the 2nd (or nth) request which neatly sidesteps the check. OR linkbanger (sic) must check when you click ASWELL making the first check redundant (!).
Yes use html and javascript detection BUT do it on fetch before display. This whole mechanism is about having something "marketable" that you can show the user. A check behind the scenes is too invisible for marketting suits to sell.
I worked in software for many years and the suits could only sell "one idea" at a time. Which was awkard as we had multiple products. One the "big new thing" ever got sold. Oh and they had to have a "new feature" to sell each product on. They had no ability to sell "improved" or "faster" just new feature (or gimick). Linkbanger is about "having something sexy to sell" and maybe they were losing sales or its original owner. After all is my links are all safe why would I need an AV. Clearly a broken argument but I suspect they worried about losing customers to it.
To the guys saying how well it works - are you sure? Were those events false positives or actual problems? How would you know?
The idea of validating is good the implementation mental.
Also reminds me of symantec dealing with sygate. It was recognised as one of the best firewalls and so they bought it, chewed it up and EVENTUALLY used bits of its technology. The first steps they took were to 1) take it off the market, 2) remove the support forum, 3) stop official downloads - so no easy reinstalls, etc...
Lets hope there are no exploits in Linkbanger - you've got N times the chance of getting zapped. Or sites that look for other exploits once they have your IP - you just visited N-times as many sites!
Good point by the guy who mentioned searching with more than 10 per page. That must be mad to see.
If you go to AVG's site you'll notice the FREE product appears to only do the Link Scanner as Safe Search. However, if you click on the link anyway you're screwed because it doesn't come with Safe Surf for free.
http://free.grisoft.com/ww.download-avg-anti-virus-free-edition
Nice, you only think you're protected for free.
"draw your own conclusions from why they feel the need for anonymity."
I feel it needs pointing out, since its probably not obvious.
A lot of us who work in the corporate environment are careful about where our Name/Email Address/etc are left out on the 'net because they get picked up by corporate security subcontractors who do routine searches for stuff relating to their employees. At my last job, I got warned because my email address flagged up on the php bug database. Yes its shit, but its either be careful or potentially lose all 'net access altogether.
No its not default browser behaviour, but then AVG is not a browser - its a plugin.
Apart from browsers, how many 'internet accelerator' packages are out there? Some of those use pure compression, but how many run a local proxy with premptive caching?
How many dodgy software vendors actually give a feck about RFCs anyhow?
OK listen up retards, I'm not going to tell you again and if you don't respect my authoritah it's your own stupid fault.
My site has been fooling AVG LinkScanner for a month by serving it a dummy file, and getting the nice green star every time. I could serve a drive-by download to anyone who uses this piece of crap (and that means you).
My site logs are full of the IP addresses of identifiable AVG users and I can turn them into a target database in seconds. I could sell that database to a scammer if I could find one who didn't have their own already.
You morons are lucky I am such a nice guy.
LinkScanner is not just useless, it's a security risk.
"Most AVs have to wait until the nasty has been downloaded before they can then detect and deal with it. In the modern threat landscape, that's like saying we wait until the burgulars are in the house before trying to throw"
What a bunch of ******. In ANY facility requiring some sort of security what you do is setup a "buffering zone" where you can stop and check whatever is trying to go through. Could be the reception desk in the entry room, could be the armed guard at the front door, could be the "double door" thing banks seem to like. And yes, the right, real world way of doing it works quite well.
What LinkScanner is doing is picking people out on the street, dragging them into the "buffering zone", doing a forced strip search and then kicking them out again. All this just in case they had any intention of getting in... Even if common sense (wont even invoke statistics) tell you 90% have no intention of ever getting in...
Man from mars... because he's lucky that martians dont have to put up with this kind of nonsense...
Yes it does check the links on paid ads. Our company has very specific and detailed tagging on ad links, and we've seen a dramatic increase in those, from just this particular user agent. Very oddly though, a lot of that traffic is from Google advertising, and clicks reported by Google have *not* been going up. So either they're in cahoots, or are filtering on the fly, which they also do for other traffic.
Our company relies mainly on 'Net advertising, and on the metrics to analyze performance. To those of you who denigrate that, pooey! No different than other advertising & measurements for companies, in fact normally more reliable... until now.
One RewriteRule coming right up.
Minus several million for the thoughtless execution. A good idea, done badly.
@john
"Webmasters may find it more palatable to only be scanned if the web visitor is actually going to visit the website."
No shit, Sherlock. :) This should be the default behavior.
@Gordon
"If your machine/bandwith cant support this, then you would probaly have problems with browsing anyway, sort your own house out first."
Oh really, I should, should I? Are you going to personally convince Verizon to roll out DSL in my rural neck of the woods, even though most of the rednecks in a 10 mile radius of me probably don't even OWN a computer and it makes no business sense for them to do it just for little old me? Let me know how *that* goes, I'll buy you all the beer you can drink for a year if you can pull that one off. Seriously.
Besides, I generally have no problem with browsing on my sucky dialup, as long as I don't try to visit 10 sites ALL AT ONE TIME!! The sites which overburden me with flash and needless Javascript lose my business anyway, their loss, not mine.
"All this will mean is that MAYBE coders will actually reduce the shit on entrance pages for thier sites, speeding things up in general for everyone else."
I'm all for this, of course. :) But it won't happen. Most web "designers" are stuck in cloud-cuckoo land and forget that most people aren't in fact connected to their server by gigabit ethernet links.
@conan
"If you're a webmaster, then you're making some content freely available on the internet to anyone who asks for it."
And if I can't afford to put that content up because of rising bandwidth costs, then it goes away, or I have to splatter the site with annoying ads to try to generate more revenue. Everyone loses, assuming my content was worth visiting.
@ Eric Cartman
You perfectly illustrate the Cartman's-ass-sized hole in this security idea. Serve up nice, safe content to the scanner, and nasty evil shit to the actual browser. Job done, score 1 for the bad guys.
Not wanting to criticise without trying, I've downloaded this and done a little checking. Sure enough, on a typical google search, you get a little AJAX-looking progress circle next to each link - these gradually turn to green ticks after a few seconds, and yes, this also happens on sponsored links.
However, do a search for the stuff that's likely to host malware - in my case, i chose the word "warez" - and only a few entries show the AJAX progress circle. All the bad ones immediately have a big red cross next to them. Combined with the fact that, during installation, AVG asks for permission to update Grisoft with information about the threat levels of sites you visit, and the logical conclusion is that Grisoft are maintaining a database of known bad sites, and is using its userbase to do the data mining for them.
Unfortunately, it seems that while they gave the bad guys a bandwidth break by blacklisting them for some unknown period of time, the good guys get scanned every time. Which seems to me like a very poor scenario indeed.
My approach to dealing with this is to cancel my Adwords account, and advise Google of my reasons for doing so. If enough advertisers hit Google in the pocket, I suspect they'll look at addressing this on behalf of *their* customers.
Yes, its lame, fortunately my bullshit detector kicked in when offered the option to not install Linkscanner (I always do a custom install...)
Having inspected my logfiles after seeing this thread I can observe that Linkscanner will scan the same file 5 times, even if its the same user doing the search, eg., they search and are shown a link to my site, they ignore it but Linkscanner downloads and scans it anyway, they search again, and again are shown my link, so Linkscanner downloads and scans it again, etc etc!
I could easily block this with my referrer spam filter, which would solve the skewed stats problem. I'm not actually worried about bandwidth, but I DO want my server to be quick... so pointless automated traffic does deserve a plonk ...
I host several popular large files on my site, these are constantly searched and are thus being hammered.
So the new advice to all my customers, cos I do freelance support, is to hold off on the new AVG for as long as possible. I give the same advice to Windows users...
Poor old AVG though. Their acquisition was a lemon. And they put the ex-boss of the lemon company in charge of their technical dept. Oopsie....
I use 8.0 as I have the last several versions. I have modest specs, ~2 ghz AMD/1g ram, cable internet. I most definitely use google for every search. I seem to either get 0 results, or several hundred thousand. When I get a pagefull, it is likely that as far as google is concerned, any of the top 10 sites probably claims to have the content I seek. If AVG can tell me 6 of them are 'suspicious', I only have to look at 4 of them to find the one containing what I'm after (hopefully). No speed difference in my case, other than I didn't waste my time trying to go to dodgy sites on the off chance that was where I looking to go.
But I would never (OK, maybe once) search for a site I visit often, once you're there, you poke it onto favorites and use your own link. No search engine, no linkscan, no traffic, no harm to any of your favorite sites, like the old vulture.
If it doesn't scan until I click, it costs me my time. Which is ALWAYS more valuable to me than your goofy web pages content, your revenue stream, your bandwith, etc.
Webmasters have proven they are not in control of their content. Furthermore, they may be diligent, and their site might indeed be a wonderful thing. However, as a user, from my viewpoint, they are 1 of thousands of hits on my search. I don't know them from Jack, and Google will spit out anything, why would I trust them BY Default? Nothing more to me at this point, unless and until I choose to give them my money. If I have a tool that saves my time & meets my needs to pre-test their site's integrity BEFORE I consider clicking, they need to adapt or close.
If you want to block me - Rock on I don't need you. More and more AV products are going to offer this valuable service. In 6 months you'll be explaining to your 'advertisers' why you are blocking all their potential customers. I've never understood advertising anyhow. When the ads come on TV, mysteriously the volume increases 25%. So I mute for 2 minutes 6 times an hour. I might listen if they didn't go out of their way to offend. We are big (and getting bigger) users of VMware, and it has nothing to do with their advertising on this site or any other. It's all about VMware's awesomeness. When I go to the store, I already know what I want, I get it and get out. Isn't this normal behavior for 90% of males? So tell me again how advertising generates sales?
Granted, if 8.0 has a negative impact on your system, don't load it. But don't not protect yourself or waste your time because it might cause a webmaster to have to become efficient.
Granted, 1 AVG rep has told the webmasters the same thing I do, but Pat did come forward and request constructive assistance. Software doesn't write itself the instant a desire is discovered. Give the man a break. 70,000 computer's aren't P0wning your website with bot attacks because AVG are protecting people FOR FREE for years. Try looking at ALL sides.
The valid concern raised is my traffic is being recorded as going somewhere I didn't go. I have a question for Pat/AVG. Since my browser didn't go there, there souldn't be any residue in my browser, cache, tempfiles, cookies etc. So any half-way decent computer forensics would indeed show that my AVG went to the site, not my browser, correct?
Also, it's my impressions most bad stuff comes from ads, which change every view. So the pre-scan can clearly give false info in 'real time'. But something is better than nothing until someone convinces me otherwise.
P.S. as a disclaimer giving insight on my particular thought processes. I don't have a cell phone because I refuse to pay money for a service that only works some time, until I can get money back for when it don't. And I voted for Ron Paul in the primaries. And DSL providers should all be sued for using the term 'broadband' in association with their services.
I have to post anonymously to say what I'm going to say... or lose my job. I'm with a company that hosts dozens of sites for many of the biggest companies in the world. Like others in this sort of "overview" position have reported, we saw a big spike in page views recently and at first blamed spambots.
For the user-agents that belong to AVG, I see a thousand IP addresses, 20 million page views and 30,000 visitors over the last couple of months... nearly all bogus. That's not a double-digit percentage of our traffic, but it means something... and like it or not, our clients want to pay when *real* people using their sites, not link checkers. It appears to me that in some cases, LinkScanner is generating a new visitor cookie for each pageview. Plays havoc with the metrics that justify the very existence of the sites we operate (which, FYI, are not advertising-based).
I'm most annoyed at the stupidity of the approach. If there's a benefit beyond slightly faster page loading (because it was pre-screened), it's invisible to me.
As for you analytics-haters... TINSTAAFL.
> RewriteCond %{HTTP_USER_AGENT} ;1813\)$
> RewriteRule ^.*$ http://www.grisoft.com/ [R,L]
>
> This of course will redirect all hits from this rouge user
> agent to Girsoft's own servers.
Actually, on my Apache, it shows a 302 "Moved Temporarily" message. It does NOT redirect the user, they must click. Also from this I assume that the traffic will still be logged locally, thus not solving the skewed stats problem.
What the rewrite rule does do is kill the bandwidth problem.
Test the rewrite rule as follows:
curl -A "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)" http://www.yourdomain.com/
When you use CURL it doesn't follow redirects by default like a browser does unless you use the -L option for location hints.
Learn to use CURL as follows:
curl -L -A "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)" http://www.yourdomain.com/
Then CURL will work as expected and you can see that the rewrite works as well.
n00bs, sheesh.
you forgot
site:free.grisoft.com
so the revised steps would be something like:
1. Google preferences -> Number of Results = 100
2. Google search: "site:free.grisoft.com site:grisoft.com ANYWORDHERE"
3. Search
4. Control/shift-click the 2 3 4 5 6 7 8 9 10 Google pages in new tabs/windows
5. Repeat until bored
---------------------------------------------------
then again using
site:riaa.org or site:mpaa.org
might be funny too :-)
"Actually, on my Apache, it shows a 302 "Moved Temporarily" message. It does NOT redirect the user, they must click."
I don't know why you have to click. 302 temporary redirect should not require this. And I did test the rule logic with an actual web browser, it auto redirected and I didn't have to click any thing. You could use a permanent redirect by changing the last line to:
RewriteRule ^.*$ http://www.grisoft.com/ [R=301,L]
Infact I think I am going to make that change my self, if linkscanner uses normal conventions it should cache this redirect and reduce the number of repeat requests to my server. I've notice linkscanner will scan the same page several times in a row, from the same IP, with in a short period of time (say 30 min). Which of course is extremely annoying and lame.
"Also from this I assume that the traffic will still be logged locally, thus not solving the skewed stats problem."
I use AWStats, and by default it doesn't count redirects as page hits. So by doing this redirect we have solved our stats skewing problem. Most other stats programs let you define new robots or ignore certain user agents, so you should be able to fix your stats that way. The fact that it is still wasting log space and stats processing time is annoying, but less critical than the wasted bandwidth and stats skewing.
Hopefuly enough people are redirecting this crap back at Girsoft that perhaps now they will finaly pull the plug on this thing. How ever if they retaliate by changing the user agent string then they are asking for an all out arms race against us network admins. We will not tolerate our servers being abused like this. Plus there is of course the potential for legal action, ISPs and data centers do not take kindly to their networks being abused!
Road kill, because that's what it is!
Oh, no wait, don't bother answering that 8-)
I would feel very sorry for people if they didn't have a useable alternative operating system that had better default user access controls and did not have junk such as Active X.
Oh well each to his own ... good luck losing CPU and bandwidth to pointless technology.
If I were Grisoft I would change the functionality to combine a default database of known infected sites and use that to mark the search results with a cross for bad ones and a question mark for unknown ones (no extra hits on sites required) and then only apply the linkscanner technology when the user actually clicks on the link and block it if it finds a problem and then add it back to user's copy of the database and send an update to Grisoft so it can be double checked and added to the default list that everyone downloads periodically. All automated and Grisoft could even offer webmasters an alerting function which would allow them to get an email if their site is marked as infected. Grisoft can automate the removal of sites that are now okay to visit and the user's database gets reset whenever a new database update is downloaded from Grisoft.
"The thought of Google scanning web sites makes me scared. Google is already a pre-AI...now you're asking them to give it an indexing mechanism. That is to say, MEMORY."
My calculator is also a pre-AI, *and* it has a memory (until I hit MC).
Scary stuff.
BTW Google already has an indexing mechanism ... that's how their "web search" feature works ...
Sorry, but there has never been a guarantee that the connection logs on web servers should show what the user his/herself clicked upon. It's just that up until now that's been a (semi-)reasonable assumption.
The latest AVG spoils the fun for advertising sellers... tough! Get over it. Things change. Find another metric if you have to.
In the future browsers may walk web page links and pre-cache them for the user in case they need them... should this be banned as well just because the content providers find it inconvenient? After all, the person browsing the site is the customer and the service provider the vendor and the old mantra is "the customer is always right" after all.
OK retards I can't be bothered with you any more but my mom insisted that before I go I answer a point from one of the AVG fanboys (who is presumably one of her regular customers).
"The task for us is to assist AVG to fix this challenge!"
Many have tried and been met with arrogance and unbelievable ignorance.
AVG went ahead and handed a database of their customers to the enemy.
NOBODY can help them now.
Small? I knew AVG 8 was forked when I saw it was a 52M download, up from 12M for 7.5. They are obviously headed down the bloatware road, creating a beast the complexity of Norton which will leave the same trail of destruction.
It was nice knowing you AVG, you were once small and elegant, version 7.5 showed the writing on the wall, and version 8 is full on bloatware.
Right surname for a complete plank
I do agree that this is wrong and that it needs to be stopped but I have to ask you a couple of questions:
1) Why do you feel the need to keep using the term 'retard', by the use of this term you are obviously demonstatrating an elementary knowledge of the subject you comment upon and so feel the need to insult your fellow raaders who probably know more about the subject than you ever will.
2) Who in their right mind has a static IP for a home connection unless you are operating a server of some sort, if you are you should be booted from your connection and forced to rent a server in a data centre and pay for the bandwidth like professionals have to in my opinion.
Unless you have an intelligent comment to make, why don't you refrain from posting or go and post on a forum that welcomes idiotic comment and childish insults.
"In the future browsers may walk web page links and pre-cache them for the user in case they need them... should this be banned as well just because the content providers find it inconvenient?"
No, it shouldn't be done because it's a stupid idea. I'm sorry but the Internet is still limited in bandwidth in a number of ways. As an engineering community we do not need to be designing things that waste bandwidth by pre-loading content that may never get used. This is a problem for EVERYONE one, not just the content providers. Pre caching data is a waste of the end users bandwidth, and raises security and privacy concerns as pointed out by many on this forum.
Some people on here have complained about marketing people tracking your browsing habbits. And I agree with some of you, to an extent. I do not like cookies and java stuff being used to track my browsing. How ever as a server admin there is no reason I shouldn't know who is visiting my sites. And as a end user I also find this acceptable that when I visit a web server they know my IP and can track page loads. For a long time we have had a nice arrangement were HTTP clients properly annouce them selves to HTTP servers, and by filtering out rouge agents we can get fairly reliable stats as to how often and by who our sites are being viewed. If you as an end user want to change that relationship it is simply going to result in more of the things we both don't like, tracking cookies and java silliness.
Now, to those of you who are concerned about privacy and marketing, I say this. Using linkscanner will actually allow site owners to get even MORE marketing metrics about users! If I wanted to I could use the hits from the linkscanner user agent to track how many times my sites are being seen on search engine results, and also how many times that turns into a visit from an actual user. So now I know about your browsing habbits with out you having even visited my site! Perhaps some of you need to rethink your support of pre caching and linkscanner style activity...
"After all, the person browsing the site is the customer and the service provider the vendor and the old mantra is "the customer is always right" after all."
You're assuming an aweful lot here. First of all no, the customer is rarely right when it comes to the computer industry. We are talking about a group of people who the majority of them don't even know what the right mouse button is for (ok, bad example for Macs I know). And if you are the customer, I just prooved you wrong in my previous statement, so what does that say about you as a customer? Plus alot of us also run non commercial or non profit sites, where ad dollars are NOT paying for the content and the site owners are burdening the entire cost to bring content to people FOR FREE. Why should they get screwed like this just because Girsoft wants a marketing edge? That is completely unacceptable...
The bottom line here people is that there are some unwritten rules on the Net that you just don't break. It's called common courtesy. If someone leaves a bowl of candy out that says "Take One Free", you take ONE! If you get caught taking more than one then don't be surprised when you get a swift kick in the ass!
Still road kill.
"Who in their right mind has a static IP for a home connection "
Many cable broadband customers have IPs that stay the same for months or even years. I've only had 4 IPs in the last 8 years, the same with most other cable broadband customers I know.
But it's nice to know we're not in our right mind and you're such a genius.
I would advise you to respect Cartman's authoritah.
Many home broadband packages assign a static IP whether you request one or not, and dynamic IPs are not necessarily as dynamic as they sound - it is not uncommon to keep the same one for months on end, especially if you use a router. Who in their right mind uses a USB modem these days?
Blaming the customer for having "the wrong sort of connection" is not an option for AVG. It doesn't matter whether the number of customers put at risk is 200 or 2 million, AVG is sxupposed to be a security company and to know about these things.
Which they clearly don't.
You are also forgetting that LinkScanner identifies itself when it arrives at a site anyway and can be fooled on the spot - so even if you change your IP every five minutes you are screwed.
And if you think that AVG changing the user-agent will solve that particular problem, you are wrong. The version of LinkScanner they paid Roger Thompson so much for doesn't use it and is just as easy to fool, as are all similar products.
LinkScanner is dead in the water, and AVG may soon be joining it.
AVG8, even without Linkscanner active, appears to be a resource hog. On my portable (old slow and cheap) I've gone back to AVG7.5, which I know doesn't drag the machine down to near-death. AVG 7.5 has a specific setup option which forces a slow, less resource-hungry, scan.
I'm still looking at options for the longer term, but AVG8 is looking like the Windows Vista of anti-virus software.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
