Sunday, March 02, 2008

Thoughts on the AVG 8.0 "Toolbar" Francaise...

The Ingredients

  1. Take one trusted and long supported freeware anti-virus scanning product: AVG Anti-Virus and Internet Security.
  2. Add in a new security company purchase: Exploit Prevention Labs.
  3. A table of experienced "pro/semi-pro" computer security geeks and system administrators.

The Preparation

  1. Take the existing AVG Anti-Virus/Internet Security suite product and place in a development bowl.
  2. Carefully fold in the newly acquired LinkScanner product which does "real-time" scanning of web URLS while surfing, providing security alerts against malicious sites and software to the user while they surf.
  3. Place into a 450 degree kiln for several months as you bake your new product.
  4. Let cool in a public beta status.
  5. Serve AVG Internet Security 8.0 to the general public.

The Judgement

Disaster! Seems that some judges bit down on the dish and found a toolbar installation.

Sigh. Another otherwise yummy dish spoiled, yet again.

Hell's Kitchen Post-Mortem

It looks like the key factor here is the integration of the Link Scanner product in the new AVG 8.0 suite. From the product information page:

Internet security with peace of mind

The new web shield checks every web page at the moment you click on the link to ensure you’re not hit by a stealthy drive-by download or any other exploits. All links on search results pages in Google, Yahoo, and MSN are analyzed and their current threat level is reported in real time before you click on the link and visit the site.

Sunbelt Software's Alex Eckelberry picked up on this in a very recent blog post: Sunbelt Blog: More toolbar fun.

His information (and mine) is based on a series of forum threads and his own personal test experience.

During the installation process for AVG 8.0, the user is presented with the option to install the (legitimate) AVG Security Toolbar. The opt-in box is checked by default. Additionally, in a follow-up post-install "AVG First Run Wizard" process (Step 4 of 7) an opportunity is present to change your default search provider to Yahoo!

I confirmed this in my test, and found that the Yahoo! search change checkbox is NOT checked by default.

Once installation in complete, the toolbar appears in both Internet Explorer and Firefox. The feature does include a search field that points to the set search engine as well as the ability to engage "Active Surf-Shield" and "Search-Shield." These features do pre-scanning and validation of URL links on pages against web exploits, phishing/fraud scams, and other threats.

Some report that even if unchecked, they found the toolbar feature installed anyway. Others say it can be uninstalled if it sneaks on otherwise. Apparently Grisoft has had some problem with this in the past.

The AVG Toolbar Briefly Examined


The toolbar contains a few items of note.

First there is a button with the AVG logo. Clicking this generates a drop-down menu with items for Toolbar Info, Launch AVG 8, Options, Update, and Help.


Certainly all handy options to have.

The Options button allows you to customize which buttons you want on the toolbar: Active Surf-Shield, Search-Shield, AVG Info, and "Get More" (grayed out). There are also "Ratings" checkboxes to customize which type of ratings Search Shield will show on search result pages; Safe (green), Questionable (yellow), Risky (orange), and Unknown (gray). The Advanced tab simply allows you to select the protections (via checkboxes) you want to use on the toolbar; AVG Search-Shield or AVG Active Surf-Shield. Kinda repetitious in the option department here.

Toolbar options

The Yahoo! search field is present, do do direct searches of Yahoo!

You have a separator bar to move left/right to give more room for the search form field.

You have a quick-access button to enable/disable the "Active Surf-Shield".

You have a quick-access button to enable/disable the "Search-Shield".

Finally you have a button "AVG Info" that provides web-page links for "Toolbar Info", "About Threats," "AVG News," "Current Threat Level, and "Virus Encyclopedia."


These "quick-links" to anti-virus and web-security items might be useful for research or education by the curious or experienced alike.

Web-surfing seemed to be much slower on my system with these "real-time" surfing shield features enabled. Page loads were delayed quite a bit. But that just might be me. Once I disabled them page loads improved.

Again, as these "security suites" have lots of running "real-time" processes, they may end up coming into conflict with other security items installed on a user's system; anti-malware programs, HIPS scanning programs, firewalls, etc. The combined weight of these might bring an otherwise good system down to a crawl, not necessarily a fault of AVG as many other vendors do the same thing. End users just need to be careful and consider all the programs they have running and the conflicts and resource fights that might develop and impact their system, based on their choices.

Claus's Thoughts

I am all for extending secure and safe web-browsing to the masses to prevent exploits and malware from hammering down a user's pc.

In fact, by a brilliant coincidence, I just posted some great free resources on this this weekend: Pre-Scanning of URL Links for Safe Web Surfing. Talk about timing.

Firefox 3.0 will incorporate this feature as well (in two parts) guarding against "attack sites" and "phishing" exploits: Firefox 3 Security Blocker: Going In Deep. Even Internet Explorer 7 incorporates some degree of web-site validations (against phishing) if so enabled.

So it looks like this will be new trend in system and browser security. Bully-good!

However, like most of the forum posters, the whole integration of a search engine into a toolbar (or use of a toolbar) seems a bit, well, icky to me.

Here's the rub,

For years I have been getting very good at what I do manually removing malware and adware installations from our enterprise-wide workstations due to the existence of malicious or just plain crappy and nuisance inducing toolbars. At best they are feature rich for users and provide an enhanced browsing experience; at worst they divert web-surfing to affiliated pages and spew pop-ups, monitor surfing habits, and may even download malware.

I even began collecting specific utilities to deal with these things: BHODemon, CastleCops - CLSID BHOList ToolbarList, and ToolbarCop, to name just a few.

Now today I have much more sophisticated collection of utilities and techniques to use in removal of these things, but still, there are too many out there causing pain for end users for me to feel comfortable with ANY toolbar.

Bill Pytlovany of the fantastic WinPatrol software pondered the sirens' call to bundle a toolbar with his product: Bits from Bill: Would you like Toolbar with your Software Order?

Does Grisoft get any data from the surfing habits and web-check results based on browsing? Yes, but optionally.

As I was testing an installation of AVG 8.0, during the "First Run Wizard", Step 3 or 7, "Reporting of exploited websites to AVG: Allow reporting of exploited websites to AVG" appeared.

Help us identify new online threats:

Allow us to automatically receive a small amount of information about malicious websites that you may encounter online, so that we can provide better protection to all our users.

We value your privacy, and we never collect your personal data.

[checkbox enabled by default] Yes, I wish to enable reporting to AVG of exploited websites.

Privacy Policy Statement

I don't know. A reading of that policy (link above is active) seems detailed enough. However, even if it is "scrubbed" of personal identifying data, that could be quite a collection of data; anyone still remember the last AOL search data fiasco? AOL's Pandora Project...Sweet!

I don't even use the Google Toolbar, despite the wonderful features it really could provide as one of a few "legitimate" browser toolbars (IMHO).

So when a trusted, security geared product goes this route and bundles an albeit legitimate toolbar with it's product, naturally, expect a flood of complaints and boos from the crowds in the stands.

I don't know if Grisoft will offer this "feature" in its AVG Free 8.0 release (coming 2nd quarter of 2008, maybe).

If it does, I'll pass and skip this feature.

But I remain ambivalent on the whole thing. For my in-laws and parents who are not web-savvy, this really is a great tool to keep them safe. Many thousands and more users who surf the web really could benefit from this toolbar and similar products that provide real-time web-scanning and alerts against malicious URL links and pages.

A safer web for them is a safer web for all of us.

And maybe any revenue Grisoft earns from the Yahoo! (or whatever) search affiliations might help underwrite the provision of an overall improved free AVG anti-virus product for the masses.

So as a sysadmin and security-minded pc geek, me no likey this recipe. Judges say "Your 'OUT', Auf Wiedersehen."

As the first-line support-desk for my extended family members...Judges say, "Please sir, can I have some more?"

I'll just have to remember to brush my teeth, gargle with mouthwash, and take a shower with Lava brand soap when I get back home.


No comments: