Sunday, July 06, 2008

AVG Free Version 8 (post-SP1) – Definitely Different!

So, it looks like the Grand Stream Dreams AVG Watch is nearing the end of its current drama run.

On July 2nd, AVG posted notice that AVG 8.0 FREE EDITION (8.0.135 - SP1) was released.

On July 4th, AVG posted notice that AVG 8.0 FREE EDITION (8.0.138) was released.

The SP1 version build took care of a number of issues, most obvious to users probably were the following:

  • Display of the system tray icon representing running scan (that can be paused or stopped from the context menu).
  • Added option to ignore the status of a component via context menu in the AVG main interface: the system tray icon then reports OK status even if a component is in error status.
  • New design of the system tray pop-up window, and more information provided.
  • Improved statistics of detected objects in Email Scanner and resident Shield.
  • Added option of deleting the Resident Shield and Email Scanner history.
  • Improved stability and design of GUI.
  • Fixed problem with inactive components after update.

The 138 build added one more important bug-fix

  • Also it should reduce traffic when LinkScanner is active.

So, what thinks Claus now?

De-selection of LinkScanner component – B-

As the image capture below shows, if you choose to do a “custom" AVG installation, you can rid yourself of LinkScanner.

In AVG Free 8 build 101 (pre SP1) you had the option to uninstall just the AVG Search-Shield component.

In AVG Free 8 build 138 (post SP1) you now have a degree more of granularity. By this you can clearly see you can choose to just not install the Search-Shield component, or you can also opt to not install both the LinkScanner component and the Search-Shield component.

This would have given AVG 8 SP1 better marks, however you still have to know in advance that you don’t want these components and be brave enough to select the “customized” installation from the setup wizard.  Something that most home users won’t do and something AVG doesn’t advise them of in the setup process.

image

Component Reporting Improvements - A

The GUI changes are appreciated and finally bring a consistent feel to the application and its components.

As the image below shows, when you choose to install AVG under a “custom” installation method to not load the LinkScanner component (and/or the email component), you no longer are offered that component item in the Advanced setting component tree.  Certainly nice.

In addition, you now have the ability to “Ignore faulty conditions” for each of the installed components.  This finally allows you to disable a component but not have the system-tray icon for AVG be gray-ed out with a red-exclamation mark. Nice.

image

System Tray Icon Enhancements – A

To be honest, it isn’t exactly fair to compare the system-tray icon for AVG 7.5 to that in AVG 8.

AVG 7.5 had two separate component areas to access; the AVG Free Control Center and the AVG Test Center.  Also included were a link to the AVG Online Services, the ability to close the Control Center window, and a check for updates.

image

AVG 8 unifies all the features in a single window view.  So users of the earlier version will indeed be shocked to see the right-click context list very sparse now by comparison.  Options remain the same from earlier version 8 choices; open User Interface, Update now, and exit.

It feels like you are getting less than in 7.5 but that really isn’t the case.  If anything, the only thing I guess I would like to see added here is a link to quick-launch the Advanced AVG Settings window. That’s it for me.

2008-07-06_085424

AVG Free 8 (SP1) does now add a 2nd system-tray icon to show scanning state.  This is appreciated as it will key users in to the fact that a scan is running on their system. It also adds some scan-function controls to the right-click context menu allowing easy pausing / resuming / canceling of scans.

image

image

image

These are all helpful improvements.

LinkScanner Improvements – A

I have to begrudgingly hand it to AVG.  They seem to have remarkably improved the local client-side impact and performance of LinkScanner in the post-SP1 builds of AVG Free version 8.

That doesn’t say anything about the impact it still might be having on web-masters, nor that it still generates much more network traffic with it installed than without.

However, it has clearly been improved.

When I last looked at the traffic generated by AVG’s original deployment of LinkScanner, I was really shocked to see the toll it took on a local system in terms of network requests and data moved. (Playing in AVG Free Traffic...Updated). I did find some errors in my first post, so if you have read it before, go back and find the changes.  Here is a summary:

Again, for side-by side comparisons with/without Search Shield on each set of links:

Set #1 (Google, --> Searches only on following words: TechBlog, Grand Stream Dreams, Starbucks)

a. Total of 131 TCP/IP conversations were captured resulting in a total of 5,391 packets and total size of 3,615,873 Bytes.
c. Total of 37 TCP/IP conversations were captured resulting in a total of 699 packets and total size of 229,908 Bytes.

Difference of 97 extra TCP/IP conversations, 4,692 packets, and total size of 3,385,965 Bytes transmitted just by using the LinkScanner Safe Search component.

Set #2 (Google, --> search and click-through to Grand Steam Dreams)

b. Total of 44 TCP/IP conversations were captured resulting in a total of 1,152 packets and total size of 784,731 Bytes.
d. Total of 11 TCP/IP conversations were captured resulting in a total of 182 packets and total size of 68,054 Bytes.

That's a difference of 33 extra TCP/IP conversations, 970 packets, and total size of 716,677 Bytes transmitted just by using the LinkScanner Safe Search component to load a single blog main-page.

It is simply amazing.  And this was just a very quick browsing exercise.  Those totals will accrue over a long web-surfing exercise.

So I went back and repeated the experiment to see what had changed and what had improved.

Note: totals will be different as test-pages used have changed content slightly since last testing.

This time I used a Virtual PC session using the IE Developer’s VHD for XP Pro – IE7 offered by Microsoft.  I first ran a capture with no AVG installed, then with AVG Free 8 (build 101) with a default (Linkscanner) installation, then a capture with AVG Free 8 (build 138) with a default (Linkscanner) installation.  I deleted all the browsing elements (history, cache, cookies, etc.) between each capture.  Network data captured using Nir Sofer's freeware packet-sniffer SmartSniff as I did last time.

For the first test session (3-Searches Test) I ran Internet Explorer 7 and browsed to Google, then did three searches: TechBlog, Grand Stream Dreams, and Starbucks.

For second test session (GSD Load Test)  I closed out IE. Reopened it, and again browsed to Google, ran a search for Grand Stream Dreams, then clicked the link to fully load my main blog page.

No Linkscanner at all

  • a. 3-Searches Test: According to SmartSniff, I captured a total of 18 TCP/IP conversations resulting in a total of 127 packets and total size of  92,668 Bytes.
  • b. GSD Load Test: According to SmartSniff, I captured a total of 50 TCP/IP conversations resulting in a total of 312 packets and total size of  297,257 Bytes.

Linkscanner performance AVG Free 8 – pre SP1 build 101

  • c. 3-Searches Test: According to SmartSniff, I captured a total of 145 TCP/IP conversations resulting in a total of 3,387 packets and total size of  3,964,779 Bytes.
  • d. GSD Load Test: According to SmartSniff, I captured a total of 116 TCP/IP conversations resulting in a total of 1579 packets and total size of  1,753,862 Bytes.

Linkscanner performance AVG Free 8 – post SP1 build 138

  • e. 3-Searches Test: According to SmartSniff, I captured a total of 20 TCP/IP conversations resulting in a total of 192 packets and total size of  94,916 Bytes.
  • f. GSD Load Test: According to SmartSniff, I captured a total of 49 TCP/IP conversations resulting in a total of 450 packets and total size of  507,275 Bytes.

It shows a remarkable performance improvement.

Test Comparison Conversations Difference Packets Difference Total Data Size Difference (Bytes)

c - a

127

3,260

3,872,111

e - a

2

65

2,248

d - b

66

1,267

1,649,627

f - b

-1

138

210,018

The totals in purple show the differences measured between surfing with the old LinkScanner version and surfing with no LinkScanner installed.

The totals in blue show the differences measured between surfing with the post SP1 LinkScanner version and surfing with no Link Scanner installed.

Granted there still is an impact on network traffic generated in using LinkScanner, but it is much, much, much improved over the older version.

In fact, it is so significant, I would now likely leave it installed on family and friend’s systems if they are not very Web-threat sophisticated.

I still personally am leaving it off my own systems.  But that is now a much more difficult position to support in terms of local network traffic impact.

Granted, these tests were done in a very controlled environment and may not be fully representative of “real-world” usage or performance on other systems.

Still, it is very striking and suggests that AVG has taken the criticisms of its AVG LinkScanner technology and implementation to heart.

Scanning Performance - A+

Finally, one last charge lodged against AVG Free version 8 is that the scans are much slower and take much longer to complete than in AVG Free version 7.5.

Again, using a Virtual PC session using the IE Developer’s VHD for XP Pro – IE7 offered by Microsoft, ran three tests using first a default installation of AVG Free 7.5 (build 524), a default install of AVG Free 8 (build 101) with a default installation, then a default installation of AVG Free 8 (build 138) with a default installation.

What I measured was the time to default-scan the entire system, the number of objects scanned, and the number of threats/warnings found. 

From this I divided the number of objects scanned by the the time to scan (converted into seconds) to arrive at what I coined the “Scan Speed Ratio” for each build.

Results below

AVG 7.5.524
Time to Scan whole system  12m 38s
Objects scanned  20,278
Threats 0
Note: AVG Free 7.5 does not include scanning for malware files.

  • Scan Speed ratio:  20,278 / 758 = 27.38 f/s

AVG 8.0.101
Time to Scan whole system 25m 45s
Objects scanned 266,565
Threats 0
Warnings 12 (cookies)

  • Scan Speed ratio:  266,565 / 1545 = 172.53 f/s

AVG 8.0.135
Time to Scan whole system 24m 36s
Objects scanned 265,906
Threats 0
Warnings 12 (cookies)

  • Scan Speed ratio:  265,906 / 1476 = 180.15 f/s

In these tests on my particular platform, AVG 8’s “Scan Speed” ratio performance is out-of bounds above that of AVG 7.5.  And the post SP1 build is a bit faster than the pre SP1 build version.

Notice also the number of objects scanned.  Remarkable.  Clearly this is due to the inclusion of the malware signatures in Version 8 builds that were not a component of AVG 7.5.

Also worth noting is that while the time to scan a system doubled between version 7.5 and version 8, the number of items covered in the scan went up by over 13 times!  Wow.

So there is some truth to the fact that scans now take almost twice as long to run in the Version 8 builds, but the file-scan coverage is much deeper and expansive.

Final Thoughts

Upon a deeper look at AVG Free 8, I must say that version 8 is clearly superior to version 7.5 both in terms of features offered and performance.  The recent release of AVG Free version 8 (SP1) builds also brings remedy to the weight of LinkScanner protection.

In my current mind, AVG Free version 8 provides enhanced, improved, and unexpected gains over its younger brother.

There are some places that still need work, but over-all, it is a strong contender in the ranks of free anti-virus software for Windows users. 

It isn’t perfect and depending on each user’s individual system and needs subjective and objective performance may vary from those I observed in these tests.

For kicks I compared the scan results in my own Vista system logs and found that while AVG Free version 8 took almost three hours (Yikes) to do a scan, the average “Scan Speed Ratio” I attained was still a very respectable 150’sh files/second.

In my next post, I will even submit, that AVG Free Version 8 (post SP1 builds) might be the best in that class.

AVG Anti-Virus Free Version 8 (Post SP1 builds)now Recommended for most users.

--Claus

Bonus Material:

More links on the LinkScanner Saga from a Web-master headache perspective:

2 comments:

Anonymous said...

The 138 build isn't scanning websites the way you suggest. It's not even going to the websites listed in the search engine links. All it's doing is a DNS lookup on those URLs. When you mouseover the green checkmark, it says it scanned the site, and it shows the IP address it got from the DNS lookup and how many seconds it took, but it didn't go to the site itself. It's a trick. I suspect your local DNS provider isn't too happy about this.

Claus Valca said...

@ Anonymous - Thanks for the comment. I appreciate it.

I don't think I actually made a statement in this post about "what" LinkScanner was actually doing (DNS lookups now versus the prior prefetching behavior).

What I was trying to capture in the measurements is that this new "method" of LinkScanner behavior seems to be much less burdensome on the local user's browsing experience...assuming they have done a default install of AVG Free 8...than in the pre 138 build releases (which was horrible!).

I'm not defending AVG's LinkScanner product here at all. In fact, I still recommend doing a custom install and leaving it off...and using some other methods for more secure web-browsing and poisoned URL avoidance.

I still think LinkScanner has a long way to go, or that AVG should pull it entirely until they come up with a better solution that helps the user but doesn't hurt either the web-masters/bandwidth/DNS lookup sources. As you pointed out, the DNS folks are the next group that should raise the alarms.

I personally use OpenDNS for our home network configuration, set at the router level. Works great and provides a nice measure of seamless security protection against phishing sites. Coupled with Firefox 3.0's protection (+NoScript) and all the other piles of stuff (A/V, A/M, firewall, HIPS, etc.) I feel pretty secure on our home systems browsing the web. Don't really have a need for full real-time linkscanning while I browse.

While LinkScanner's new form is certainly "friendlier" I really doubt that it now provides much "protection" and web-surfing safety to even bother. Turned out to be a real debacle for AVG.

If I misunderstood your comment, please let me know.

-Cheers!