Welcome to WebmasterWorld Guest from 54.146.248.111

Forum Moderators: Ocean10000 & incrediBILL

Message Too Old, No Replies

Register Scolds AVG For Generating Fake Traffic As Link Malware

Webmasters Complain AVG Debilitating Traffic Analytics

     

Samizdata

8:52 pm on Jun 13, 2008 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



In an otherwise interesting article about AVG LinkScanner the author spectacularly misses the point that because it can easily be identified it is worse than useless as a security tool.

But he does tell malware infested drive-by download sites how to fool it.

[theregister.co.uk...]

...

Scarecrow

11:01 pm on Jul 5, 2008 (gmt 0)

10+ Year Member



If I thought there was any chance at all that they set up a DNS system that could not only handle every Google link from 20 million customers, plus do a lookup for a hit in their own database, I'd spend 30 minutes reinstalling the thing I installed earlier today and run Wireshark at the same time. But I don't think there's any chance at all. What are the odds that they're doing this, based on everything we've seen from them lately?

Mokita

11:07 pm on Jul 5, 2008 (gmt 0)

5+ Year Member



Scarecrow wrote:
... I'd spend 30 minutes reinstalling the thing I installed earlier today and run Wireshark at the same time.

That has already been done. If you are interested, have a look here for the results:

[forums.whirlpool.net.au...]

incrediBILL

11:20 pm on Jul 5, 2008 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



It's always been my impression that the anti-virus market is based about 90 percent on lies.

I have lots of contact with malicious files so the threat is very real, those aren't lies. The problem I have is the false sense of security some products give when I have live samples that pass those products with flying colors, that's where my concerns lie with AV products.

Anyway, let's not hijack the thread on this topic as I have way more to say on the topic than is appropriate for this thread, maybe some other day...

Back OT, the AVG spokespeople claim this code will go into the live updates in a few days so we should be seeing a decline in hits to our sites soon.

Not much we can do at this point other than sit back and wait a week and see what happens but all indications are that the webmasters are going to win one for a change.

tangor

11:24 pm on Jul 5, 2008 (gmt 0)

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



I hope so...however, AVG lost me as a user today. Their update turned my personal PC into a slow dog, and five of my eight clients also experienced the same problems...2 to 7 minutes for webpages to load over broadband services. Uninstalled, runs great! Bare nekkid at the moment, but I'd rather be that and productive than waiting for whatever it is that AVG is doing NOW...

g1smd

2:28 am on Jul 6, 2008 (gmt 0)

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



They say they are issuing a new version on July 9th.

It is possible that the new version issued yesterday is just an interim version with chunks of code commented out to stop the DDOS of sites - and that the next version will have the new true workings inside.

[edited by: encyclo at 12:50 pm (utc) on July 6, 2008]
[edit reason] member request [/edit]

Scarecrow

3:22 am on Jul 6, 2008 (gmt 0)

10+ Year Member



I think g1smd is right. And the July 9 fix in the commercial version will most likely be a scan after the click but before it is rendered by the browser, by way of interception with a pop-up. Unfortunately for AVG, it's not as impressive as all those green checkmarks lighting up on the screen.

They will have to overhaul their public relations hype about LinkScanner, because it will no longer do real-time scanning of all links. This is important, it seems to me. If you say you're scanning all the links but your aren't, then there is a potential liability issue. If a paying customer gets infected after clicking on a green checkmark, they would have a much stronger case if all the green checkmarks are meaningless at that point. If AVG actually fetches and then fails to detect, they're off the hook -- no court would expect a virus detector to work all the time. But if they don't fetch and the user interface says that they did, that will not fly in court.

Any way you look at it, LinkScanner is a bust. There's been a lot of hype since AVG acquired LinkScanner last December, and now those seven months of solid hype are a huge headache for them. It will be interesting to see how they handle this.

By the way, I looked at the Wireshark data that the Aussie did for whirlpool.net, and I didn't see any DNS lookups other than the lookups that were done locally. I'll recheck it using my own computer if anyone claims that AVG is using their own servers for anything apart from package updates and downloads.

I believe it's legit to require full disclosure from AVG at this point. My goal is to put the lid on this coffin of mass page fetches by anti-virus dot-coms, in a manner that insures that no dot-com ever tries anything as disruptive as this ever again.

incrediBILL

5:25 am on Jul 6, 2008 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Unfortunately for AVG, it's not as impressive as all those green checkmarks lighting up on the screen.

I think there's some misunderstanding here because those GREEN checkmarks will still happen from what I've read ala McAfee's Site Advisor from a stale database.

If your site hits a vulnerability while downloading it, it'll probably post that info to AVG to update their database, but the LinkScanner will be dead technology.

Which brings up two things:

A) Will the free version supply Surf Safe now that Search Safe is neutered and,

B) Has anyone seen AVG posting a wanted ad for a new CTO?

[edited by: incrediBILL at 5:26 am (utc) on July 6, 2008]

System

5:44 am on Jul 7, 2008 (gmt 0)

redhat



The following message was cut out to new thread by incredibill. New thread at: search_engine_spiders/3691977.htm [webmasterworld.com]
11:46 pm on July 6, 2008 (PST -8)

incrediBILL

7:49 am on Jul 7, 2008 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



It looks like we've won the battle so I've split the post-mortem discussion into a new thread and closed this thread.

Go here to find out how this story ends:
[webmasterworld.com...]

This 219 message thread spans 8 pages: 219
 

Featured Threads

Hot Threads This Week

Hot Threads This Month