Posts by Pat Bitton

AVG's US presence

Just a quick note - the Sana acquisition gives AVG a presence in Silicon Valley; the company has had a US office on the East Coast for a number of years.

Additional comments from Roger Thompson at AVG

For some reason, this information didn't make it into the story:

The change from 1813 to SV1 was part of a planned release. Software can't be changed overnight, but we do have a "hot fix" coming up that will mitigate some of the extra traffic without impeding our ability to protect our users. We're also continuing to gather data, and work with webmasters and analytics folks, and we still enable those webmasters who want to filter our requests out of their results to do so.

In the meantime, the Bad Guys are continuing to improve their ability to mass-hack websites. The problem is incredibly transient, and as fast as websites are cleaned up, others are hacked to replace them. And they're not just minor websites. There are recent examples of security companies, government sites, and banks that have been hacked. Real-time crawling is the best way, from a user protection point of view, to safely discover which websites have poor enough security that they've been nailed.

With Search-Shield, we're not trying to block those websites... that's the job of the Active Surf-Shield component. Search-Shield just shows users which sites they should avoid, on the basis that, if a site's been hacked once, it's typically been hacked multiple times before the hole gets plugged, and some of those other hacks might well contain zero-day exploits. I wouldn't visit any website that we show a red verdict for, except on a goat pc.

Response from AVG

Hi, folks. Pat Bitton from AVG here. This issue has clearly raised some concerns that we had not anticipated, and we acknowledge that we need to do something. Our primary purpose with LinkScanner, as Roger Thompson has pointed out, is to protect users against web-based threats that they cannot see. These threats are also usually invisible to web site operators, who presumably also don't wish to be unwittingly passing infections on to their visitors. This kind of problem can and does affect all types of web sites, big or small, and is extremely transient - which is why we don't use the static database approach cited by some as a viable alternative. Over the next few days, we will be exploring ways in which we can continue to deliver informed protection as unobtrusively as possible without adversely impacting site analytics. Any webmaster reading this post who is interested in working with us constructively to reach this goal is welcome to contact me at pat.bitton(at)avg.com.