Sunday, June 29, 2008

Playing in AVG Free Traffic...

07-06/08 Update: Upon attempting to do a follow-up post seeing if the AVG Free v8 “SP1” build made a difference in LinkScanner Traffic (as AVG reports they have accomplished), I located some serious problems with the data reported. Turns out I had captured all the data from my network monitoring, but I had not selected the actual summary session totals.  So I have gone-back and re-parsed the data below.

While the totals have changed, the overall conclusions did not, and seem to be even more overwhelming in terms of traffic the initial LinkScanner version in AVG Free 8 (b101) generated.

--Claus

So, in the process of doing some last-minute editing and fact-checking for my guest post over at Houston's chon.com (TechBlog: Guest post: Claus Valca's little AVG 8 Free 'problem') I decided I had to independently confirm if a custom removal of the Search-Shield component from AVG Free did in fact remove the LinkScanner traffic.

First: A Quick LinkScanner GSD Post Review

As reported in this post - AVG disguises fake traffic as IE6 | The Register – AVG Technologies continues to tweak its beloved/despised LinkScanner component.

To refresh, this “feature” pre-checks links as you browse to them in your web-browser for malware and other web-ilk. Great idea in theory.  Seeing as IE, Firefox 3.0, and Opera 9.5 already have a similar feature embedded in them to varying degrees, makes perfect sense for AVG to load-down your pc with even more web-security protection.  I can think of several good images but let’s keep the discussion family-friendly.

As AVG Free has hereto-with been a very popular anti-virus solution and loaded on bazillons of pc’s, and seeing how many of these users have already upgraded to version 8.0 and not done the fancy-pantsy CLI “stripped” version install, the Interwebs are now full of AVG’s additional LinkScanner traffic.

The first versions of LinkScanner registered their “pre-visit” click-through event scans as the unique user agent "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)."

Clever folks like the guy over at OSBlues figured out quickly how to filter out that cosmic-noise from web-master logs.  Goodness knows it was giving them fits up to that point.

Now it appears that AVG has jiggered LinkScanner to now also report clicks under the following additional user agents:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)

According to OSBlues, this actually is the same agent profile used by LinkScanner products before they were bought out by AVG Technologies (Grisoft).

That Register article’s Comments on ‘AVG disguises fake traffic as IE6’ are filled with quite a few good perspectives.

OSBlues has also confirmed that AVG says that LinkScanner does at least NOT click Google AdWords. Not clear that other such pay-per-click providers are also spared this noise.

Adam over at OSBlues offers his perspective which provides great insight into the headache this is causing those who depend on web-stats as well as the detective work he did to uncover this trend, and raises a "bandwidth leaching" concern as well.

AVG Destroys Web Analytics « OSBlues

In fact, LinkScanner analyses results from search engines (not just Google) and is browser independent.  This may sound like a good idea from a security point of view, however, from a webmaster/website owner point of view, this is not good at all.

If your site appears well in the search engines, as everyone strives to do, your website is or is going to be hugely affected by this.  Essentially this means, that everytime your site appears in a users results, regardless of whether they click on it, your website logfiles and thefore your statistics will show that person as a real visitor coming to your site.  Now, because the IP address is the users IP address, we can’t filter on that, at first look it would appear we can filter on this useragent, unfortunately I spotted another one

Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)

This one however, is even worst.  This time it’s a legitimate user agent which means you can’t filter it out or rewrite it to another page on your site without the risk of blocking or harming real visitors.  The first user agent is different, due to lack of a space (or plus) between the last semi-colon and the 1813, it doesn’t follow the standard pattern used by Microsoft.

So, we get to crux of the problem, AVG has destroyed web analytics for people who use a logfile analysis tool.  Not only have they done this, they are also wasting our bandwidth and our disk space on servers!

Second: LinkScanner Results on a "real" System.

Now back to the show.

As we have just seen, network traffic is increased at the web-site level due to AVG LinkScanner usage.

In addition, many, many AVG users are fussing about the degraded browsing performance on their PC systems where LinkScanner (Search-Shield / Safe-Surf) components are active. Lots of AVG users.

So Dwight and I confirmed that you do not have to use a command-line installation method to disable the Search-Shield/Safe-Surf ...whatever AVG likes to call it) component.  Question that remained was, did this method effectively remove the LinkScanner activity in AVG Free version 8?

I fired up a "real" XP SP3 image in Virtual PC 2007.  Again, by "real" I mean it is a copy of Dad's old XP system I previously had converted to a VPC image. All the junk that a "normal" user would have is on this test-bed.

I downloaded and unpacked Nir Sofer's freeware packet-sniffer SmartSniff inside that virtual system. There were a host of other packet-sniffing tools I could have used for more detail but I was confident this would give me some quick data that I was looking for. It also was light and fast, perfect for my VPC environment.

I then proceeded to run four packet-capture sessions under two different states of an AVG Free v 8.0 build 101 installation; a "Full" install (with Search-Shield) and a "Custom" install (without Search-Shield).

With Search-Shield Installed...

For the first test I ran Internet Explorer 7 and browsed to Google, then did three searches: TechBlog, Grand Stream Dreams, and Starbucks.

I could see the Safe Search icons loading and being added to the Google results page. All were fine and passed the safe-site test (whew!).

According to SmartSniff, I captured a total of 131 TCP/IP conversations resulting in a total of 173 packets and total size of 14,036 Bytes.

According to SmartSniff, I captured a total of 131 TCP/IP conversations resulting in a total of 5,391 packets and total size of  3,615,873 Bytes.

For second test I closed out IE. Reopened it, browsed to Google, ran a search for Grand Stream Dreams, then clicked the link to fully load my main blog page.

According to SmartSniff, I captured a total of 44 TCP/IP conversations resulting in a total of 31 packets and total size of 25,925 Bytes.

According to SmartSniff, I captured a total of 44 TCP/IP conversations resulting in a total of 1,152 packets and total size of 723,115 Bytes.

Without Search-Shield Installed...

For the third test I reinstalled AVG but this time removed the Search-Shield component in the custom setup wizard.

I again ran Internet Explorer 7 and browsed to Google, then did three searches: TechBlog, Grand Stream Dreams, and Starbucks.

This time I could see no Search Shield icons loading and being added to the Google results page.

According to SmartSniff, I captured a total of 37 TCP/IP conversations resulting in a total of 4 packets and total size of 924 Bytes.

According to SmartSniff, I captured a total of 37 TCP/IP conversations resulting in a total of 699 packets and total size of 229,908 Bytes.

For second test I closed out IE. Reopened it, and again browsed to Google, ran a search for Grand Stream Dreams, then clicked the link to fully load my main blog page.

According to SmartSniff, I captured a total of 11 TCP/IP conversations resulting in a total of 11 packets and total size of 3,200 Bytes.

According to SmartSniff, I captured a total of 11 TCP/IP conversations resulting in a total of 182 packets and total size of 68,054 Bytes.

Amazing!  I was stunned to see it with my own eyes in this very simple test.

That Secret AVG LinkScanner User Agent ...

In addition, I could clearly pick out in the AVG Search Shield enabled captures the following user agent, as being reported in various sources earlier noted in this post:

  • User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

My regular system browser (and non-SafeSearch loads) requests were the following:

  • User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; 1.925)

Again, for side-by side comparisons with/without Search Shield on each set of links:

Set #1 (Google, --> Searches only on following words: TechBlog, Grand Stream Dreams, Starbucks)

a. Total of 131 TCP/IP conversations were captured resulting in a total of 173 packets and total size of 14,036 Bytes.
c. Total of 37 TCP/IP conversations were captured resulting in a total of 4 packets and total size of 924 Bytes.

Difference of 97 extra TCP/IP conversations, 169 packets, and total size of 13,112 Bytes transmitted just by using the LinkScanner Safe Search component.

a. Total of 131 TCP/IP conversations were captured resulting in a total of 5,391 packets and total size of 3,615,873 Bytes.
c. Total of 37 TCP/IP conversations were captured resulting in a total of 699 packets and total size of 229,908 Bytes.

Difference of 97 extra TCP/IP conversations, 4,692 packets, and total size of 3,385,965 Bytes transmitted just by using the LinkScanner Safe Search component.

Set #2 (Google, --> search and click-through to Grand Steam Dreams)

b. Total of 44 TCP/IP conversations were captured resulting in a total of 31 packets and total size of 25,925 Bytes.
d. Total of 11 TCP/IP conversations were captured resulting in a total of 11 packets and total size of 3,200 Bytes.

That's a difference of 33 extra TCP/IP conversations, 20 packets, and total size of 22,275 Bytes transmitted just by using the LinkScanner Safe Search component to load a single blog main-page.

b. Total of 44 TCP/IP conversations were captured resulting in a total of 1,152 packets and total size of 784,731 Bytes.
d. Total of 11 TCP/IP conversations were captured resulting in a total of 182 packets and total size of 68,054 Bytes.

That's a difference of 33 extra TCP/IP conversations, 970 packets, and total size of 716,677 Bytes transmitted just by using the LinkScanner Safe Search component to load a single blog main-page.

It is simply amazing.  And this was just a very quick browsing exercise.  Those totals will accrue over a long web-surfing exercise.

You just don't really appreciate the LinkScanner traffic impact on the local system until you see it for yourself.

Granted, AVG home-pc users (and others) who have beefy new systems with lots of RAM and high CPU MHz numbers, along with a broadband network connection to the Inter-webs autobahn lanes might not even notice this as an issue. They are probably still tooling along in their S-class workstations, oblivious to this bad behavior.

However the poor AVG Free users who are clueless, and are stuck driving their air-cooled, four-banger "peoples-wagon" PC with low RAM and CPU MHz's and puttering even slower now on the the dial-up access roads probably are miserable and jealous and confused; maybe even worse.

Yeah, I know it's not going to break any banks or probably overload the Inter-tubes, but you can at least get a simple appreciation on just how much network traffic impact might be going on if just a moderate percentage AVG's claimed 70 million AVG users world-wide install AVG Version 8 and enable the LinkScanner technology in it's current form. It certainly is compounding issues with bandwidth usage already on the rise with streaming media files, torrents, and spam.

What next? Will major ISP's seek to add AVG users to the growing list of throttling targets?

OMG!  What would this do for folks whose ISP's are hard at work lobbying for data-download caps for their subscribers?  Comcast Considering 250GB Cap, Overage Fees - dslreports.com

Yikes!

Wouldn't be a shame if a user's AVG Free product pushed them over the limit not due to downloading torrent files, ISO's, or other stuff, but simply for running their security product with LinkScanner enabled?

Am I falling into a falsely alarmist view? Maybe.

Could it be a problem? Certainly.

But it gets even worse...

Third: AVG's LinkScanner Security Technology; A Tool for 3vil?

In working on my guest post I stumbled on a very interesting website.

AVG Watch.org

Some fellow Texans did some great research and found a neat (don't try this at home kiddies) method to use LinkScanner to use AVG's LinkScanner to bomb a website with a simple DoS (denial of service) attack.

Read the post. It is quite good and has some great technical notes and details.

Oh Bother!

Wonder how AVG is going to close this Pandora's Box up.

Ranger(s) Needed?

Now which is more valuable? Keeping Aunt Lilly and Uncle Bob's pc safe from malicious click-to web links? Or denying the 3vil a new and free security tool to lightly-nuke a website?

So in the words of our poor AVG friend michaelhd, is LinkScanner still a "...valuable security tool to protect users while they surf"?  Really?

I suppose the jury's still out, but the court of public opinion seems to be reaching a clear and loud verdict in advance of the final decision outside in the Texas summer heat.

Better call in a Texas Ranger to help guard the defendant.

Hmmm. 70 million users of AVG and the web-masters to boot?

Might want to break the rules and send two Texas Rangers just to be sure the jury gets its opportunity to render a decision first.

Now, where did I put my Stetson.....

--Claus

Remove LinkScanner from AVG simply

In doing research on yet another AVG post, eagle-eyed Dwight Silverman, chron.com TechBlog guru extraordinaire noted to me that when he did a recent install of AVG Free version 8.0 on a family-member's pc he was able to successfully remove the LinkScanner feature fairly simply.

All this without diving into the previously noted command-line argument installation method to accomplish.

So I did some research and it's 100% true!

I fired up a "real" XP SP3 image in Virtual PC 2007.  By real I mean it is a copy of Dad's old XP system I previously had converted to a VPC image. All the junk that a "normal" user would have is on this test-bed.

I removed the AVG Free 7.5 build we had installed on it. Reboot.

Then I downloaded and installed the latest build release (as of this post) version of AVG Free version 8; AVG Free Edition 8.0.101.

Say Good-Bye to AVG LinkScanner/Search-Shield!  (Fresh Install)

1) Fire up the installer and get the setup-wizard going.

2) Click "Next" on the "Welcome to the AVG Free Setup Program" window.

3) Click "Accept" on the "Acceptance Notice" window.

4) Click "Accept" on the EULA page window.

5) A "Checking System Status" operation will run quickly.

6) Now chose "Custom Installation" on the "Select Installation Type" window.

image

7) Enter your user name and click "Next" on the "Activate your AVG Free License"

8) Keep the "Destination Folder" at the default. Click "Next".

9) De-Select the "AVG Search-Shield" tick-box on the "Module Selection" window. Click "Next".

image

10) Take the defaults (if you want) to the "E-mail Scanning" window. Click "Next".

11) Click "Finish" on the "Setup Summary" window.

The installer will run its routines and eventually report (hopefully!) that the install completed!

Note that in my tests, making that choice automatically prevented installation of the AVG Security Toolbar/Yahoo! Search component.  It just wasn't presented as an installation choice and wasn't installed on the system.

Furthermore, when I went into Internet Explorer 7 and checked for Add-ons, nothing related to AVG was seen. 

image

In contrast, when AVG is installed with all the defaults (Search-Shield enabled) and the AVG Security Toolbar  like most home-users are going to blissfully do, you get the following:

image

Note above there are two AVG Security Toolbar components as well as the AVG Safe Search BHO and Shockwave Flash has been installed as well in the process.  

Finally, here is what the the IE Add-ons manager looks like if you choose to install Search-Shield module but not install the AVG Security Toolbar:

image

Firefox is also treated to a similar handling in it's Add-on's module.

image

Say Good-Bye to AVG LinkScanner/Search-Shield!  (Existing Install)

Now, if you have previously installed AVG Free using a prior build or even this one but included the LinkScanner/Safe-Shield component and now you don't want it, just download the latest installer again and follow the steps. The only real difference is you will get the option to "Select Setup Type."

Just keep the radio-button to "Add or remove components" marked and hit "Next."  Then you can jump in to the steps above again at # 7 to finish removing just this component as noted above.  You will also be presented with extra window prompt to keep or remove the AVG Security Toolbar. Your choice.  I personally remove it on my installations.

image

That was pretty easy right? On this XP test bed, no system reboots were required in all the times I did custom install modification after custom install modification to get these screen shots and verify the results.

Questions that Remain...

First, why does the AVG Advanced view (Tools -> Advanced Settings...) after removing Search-Shield still show a LinkScanner component is available.  Probably just a messy GUI programming element that needs to be cleaned up.  (Note: LinkScanner module icon is gone from the module element field in the main window.)

image

Second, why is "michaelhd" noted as being "AVG Team" in this AVG Free Forums notice promising as of June 24th that the upcoming AVG Free 8.0 "Service Pack 1" release going to finally include the ability to do a custom-install "...to de-select the linkscanner component"? 

Ummm. Mike? Who's feeding you this information from within AVG?  Clearly as we see in this post, AVG Free version 8, build 101 already contains this option...although not very clearly to customers.

Third, how do I know these steps alone removes LinkScanner from the system?  Stay tuned for my next post. It's a doozie!

--Claus

Saturday, June 28, 2008

Variations on a Theme called Firefox

Theme in this case being related to "a common idea” like in music or literature rather than a GUI based design applied to the browser….

Almost at the bottom of my link-post bucket…bear with me.

Firefox 3.0 Location Bar Fiddling and “OH!” its called the “Site Identity” button?

Turn Firefox 3’s Location Bar Yellow at https:// URLs – Lifehacker tip.

I did this trick and liked it quickly. Basically you can mess around with the address bar to make the full bar turn yellow again in Firefox 3.0. This behavior was modified a bit in Firefox 3.0.

To accomplish this trick I added the following code to my userChrome.css file located in my profile’s chrome folder:

#urlbar[level] .autocomplete-textbox-container {
background-color: #FFFFB7 !important;
}

Of course if  you want a different color, insert the hex-code color of your choosing.

While I was at it, there were a bunch other cool tips in the comments. I added this one as well to my userChrome.css file to remove the “star” bookmarking icon.  I never use that sucker.

#star-button {
display: none !important;
}

Visualize blue https sites in Firefox 3 in a better way – gHacks blog.

Yep. Now that we got done messing up a perfectly good address bar, Lets much it up more!

This tip from Martin at gHacks only requires the changing of a value in the about:config settings. Much easier if you don’t want to fiddle in the userChrome.css file.

Just go to about:config and find the browser.identify.sll_domain_display key.

0 is the default, 1 also colors the top-level domain, 2 colors the whole domain and displays the address as colored in the favicon area..

Confused? Check out the gHacks post then pop over to the Browser.identity.ssl domain display - MozillaZine Knowledge Base article for more details.

Finally the color distinctions are described a bit in this Mozilla Firefox 3 Released – MozillaZine article:

The site icon to the left of the Location bar is now the Site Identification button. While previous versions of Firefox concentrated on informing users whether their connection to a website was encrypted or not, Firefox 3 tries to focus more on who runs the site. When visiting a secure site, the Location bar no longer turns yellow and shows a padlock icon (though this is still present in the Status Bar). Instead, the Site Identity button turns blue (yellow was judged to no longer be a good color as Internet Explorer 7 uses it to mean a suspected phishing website) and clicking it will reveal the domain name of the site and who supplied the security certificate.

However, if the has a newer Extended Validation certificate (see https://www.paypal.com/ for an example), the Site Identity button will turn green and display the name of the organization that runs the website. Clicking on the button will display not only the domain name of the site and certificate issuer but also the name and location of the who runs the site. Internet Explorer 7 and Opera 9.5 already support Extended Validation certificates.

Firefox 3 is also more strict about denying access to secure sites when the site's configuration is not quite right (for example, if the certificate presented does not match the domain name). To improve usability, all secure site errors are now displayed in the content area (like connection errors) rather than popping up modal dialogs.

See also this blog post at dria.org offered by commenter Scott Walsh Firefox 3: Site Identification button to get into more details on this thing I used to consider just a favicon in Firefox 3.  Now I now better!  This post is very detailed and nuanced. Great stuff to review for Firefox heads.

So now you have…

  • a yellow (or whatever color you picked) full address bar color to clearly alert you to the presence of a secure address,
  • a blue “Site Identity” button (favicon) coloring to also indicate a secure website,and displaying the full domain address of the site,
  • a green “Site identity” button color to indicate a secure website using the newer “Extended Validation” certificate is present and in use, and
  • a gray “Site identify” button color for sites offering no identity information at all—which is most websites you come across.

Want to mess around even more? Fine.

9 tweaks for Firefox 3’s location bar - Mozilla Links

Have at it!

Full Screen Display Repairing

When Firefox 3.0 came out they really made the “F11” full screen feature work. It now removes the tab bar, location bar, and status bar.

If that’s too much real-estate for you, then follow this easy gHacks tip: Change Firefox 3 Full Screen Mode

Just find the about:config key browser.fullscreen.autohide and toggle it to “false” to put things right again.

More details here: Browser.fullscreen.autohide - MozillaZine Knowledge Base

Disappearing Favicons in Firefox 3

As I have mentioned, Right now (until Weave is released in final form) I’m managing my Firefox 3.0 bookmarks again by shuffling an exported bookmark file back and forth between systems.

It works pretty well.

However I noticed that sometimes my bookmark favicons disappear and I have to revisit the site to re-load them. And sometimes they just refused to re-display at all.

Strange.

So I set out on a search to fix them.

I found a lot of great information and tips regarding favicon behavior;

Manually refresh favicon.ico files in Firefox 3 - Tim Dupree - tdupree.com. This fascinating technique involves using the SQlite Manager Add-on for Firefox to explore the places.sqlite database file. It was really fun. Anyway, you find the favicon reference file, delete the BLOB data field linked. Then close out the database and close Firefox. When relaunched, visit the site again and the bookmark favicon should refresh. Only in my case, it did not.

Hmm.

Next I found these mozillaZine forum posts:

Make Firefox 3 Beta NOT update favicons... • mozillaZine Forums

Favicons in bookmarks - How to get rid of them? • mozillaZine Forums

Yeah, crazy right? Read stuff on how not to do what you are trying to fix and then do the opposite.

Despite also not helping me with my problem, they again provided great background information into the inner workings of the Mozilla favicon handling.

Finally I found this great page: GrApple - Aronnax`s Firefox Themes.

It has a hack to change the RSS feed indicator in your Firefox address bar. Neat.

Also, a hack to modify the favicons in the search field and one for the favicons in the bookmarks toolbar.

I added the last to in to my userChrome.css file as well.

Still didn’t help me. I could see the favicons in their teasing beauty in the now correctly named “Site Identity” button field but many wouldn’t update in the corresponding bookmark icon, while others would.

Finally I did some plain and simple Southern ‘spearmint’n:

Clearing the cache, cookies, and history didn’t help.

So I tried dragging a new bookmark in next to the non-updating one. It worked.

After some more work I’ve decided that if you have changed the “name” property of the bookmark to a custom one in Firefox 2.0, then imported them over into Firefox 3.0 some time in the past, it would preserve the favicon on that system. But when you then copy that bookmark JSON file over between systems, something breaks and the icon can not re-update again.

So I had to rebuild all of those I found that wouldn’t update automatically by clicking them and loading the page. Once so replaced, they seem to re-update fine when clicked after swapping between profiles.

Anyway, I’ve got all my favorite and most used ones updated now. It will be a while before I can work through all the more buried ones I have.

Sage Returns – A Bit Too Late to the Dance?

I’m an evangelist now for NewsFox, the greatest RSS feed reader Add-on for Firefox ever.

Then recently folks decided that my former favorite RSS feed extension Sage was dead so they resurrected it in Sage-Too. Nicely done.

I guess someone got their feelings hurt (or simply were prodded into action) as now the Sage team has now released Sage again now compatible with Firefox 3.0.

Sage 1.4 Released: Sage Blog – lists lots of fixes.

Sage 1.4.1 Released: Sage Blog – few more fixes.

Now downloading at this Sage Install link.

Me? Too much water has flowed under the bridge. I’m sticking with NewsFox.

To Tweak or not to Tweak…That is the Color Question

BoingBoing picked up a blog post regarding a tiny not well known about:config change that just might better render color images in Firefox 3.0.

Color management tweak in Firefox 3 – BoingBoing

Upside? Colors “might” be more vibrant and rich.

Downside? Browser performance might take a hit and most image files don’t contain the extra data needed to take advantage of this tweak. Also, it might mess with your color-optimized monitor if you are a graphic designer and fiddle with these things as well for picture-perfect rendering.

I tried it, Couldn’t see much of a difference either way so I went back to the default.

More details? Ask and you shall receive!

Firefox 3: Color profile support (oh the pretty, pretty colors) – Dria.org blog

Firefox 3: Tweak Firefox to Display Richer Colors – Lifehacker blog

Gfx.color management.enabled - MozillaZine Knowledge Base

The Bits that Remain

Firefox Add-ons Site Gets Advanced Search – CyberNet news – I’m personally really loving the new advanced search feature in the Mozilla add-ons site.  You can really drill down the searches now. Saves me a bunch-load of time.

Yes, Firefox does Phone Home Everyday – CyberNet News. No real surprises here. I knew at least about some of the add-on checks for updates, browser updates check, and the download of the Google malware-attack-site file data.

Connections established on startup – Firefox - MozillaZine Knowledge Base. Even better details on those web-processes started in Firefox at launch.

Downloading JSON and JavaScript in extensions – MDC – don’t know why but I just simply found this an interesting read.

Quite a performance tonight!

--Claus

AVG Free v 8 SP1 and More LinkScanner Details

First things, first.

The AVG Free v 8.0 SP1 Watch Continues…

I, like many other hard-core (boneheaded?) AVG Free version 8 users are holding out hope against hope that the upcoming AVG Free version 8.0 “Service Pack 1” release will help resolve many of the issues we have been railing against, including among other things

  • Improved performance,
  • Cleanup of the AVG system-tray icon for user-disabled modules (no ugly icon!),
  • Ability to optionally not-install the LinkScanner component,
  • Maybe show that a scan is in progress by changing the system tray icon like in version 7.5,
  • A more useful right-click menu to the system-tray icon for AVG v 8.

Customer’s of the paid version of AVG version 8.0 did see release and upgrade of their software to this so-called “SP1” version this past week.

This SP1 version is being listed as 8.0.131. So that is likely the release version free users need to be keeping an eye out for as well.

We now have semi-exciting word from the AVG Free Forums from AVG team-member “michaelhd”:

NEW IN AVG FREE 8.0 (SP1)

Posted by: michaelhd - AVG Team (IP Logged)

Date: June 24, 2008 09:18AM

AVG Free SP1 is due for release in the next few weeks (mid july or earlier).
It will be a standard update to existing AVG Free 8.0 installation - no need to install new build.

It will have option in custom install screen to de-select the linkscanner component.

We hope that this new option gives our valued customers the "choice" that they have requested. Those who have experienced genuine problems with web surfing speed can de-select the linkscanner.

However the default "standard installation" will continue to install this valuable security tool to protect users while they surf.

Edited 1 times. Last edit at 06/24/08 08:15PM by BIG AL 43.

Certainly that is good news, especially the ability to “deselect the linkscanner.”  Note however,  michaelhd clearly mentions that it will continue to be installed by default.

Sigh.

If posters to this Wilders Security Forums thread are accurate the new AVG Free 8.0 SP1 version will bring the following additional enhancements and features:

Fixes and Improvements included in this update:
- Remake of internal communication to eliminate undesired program status appearance (hibernation, sleep mode, cold restart, ...).
- Display of the system tray icon representing running scan (that can be paused or stopped from the context menu).
- Added option to ignore the status of a component: the system tray icon then reports OK status even if a component is in error status.
- New tab added for the rootkit findings in the scan results overview.
- System restore point is created before launching a program update.
- Added new option verifying the ADMIN Server connection in the program's advanced settings.
- Improved EML file processing including scanning of user mailboxes.
- RAM requirements optimization.
- Improved statistics of detected objects in Email Scanner and resident Shield.
- New design of the system tray pop-up window, and more information provided.
- To eliminate AVG collisions with OS, only minimum drivers are installed in safe mode; then it is possible to launch on-demand scanning from the command line only, and a new GUI dialog has been added to ease the scan configuration.
- Added option of restoring a file from the Virus Vault to the original folder even if the folder has been removed.
- Added option of deleting the Resident Shield and Email Scanner history.
- Improved stability and design of GUI.
- Improved GUI accessibility (using keyboard).
- Fixed problem of GUI compatibility with some screereaders, e.g. JAWS.

See also: AVG 8.0.130??? - Wilders Security Forums

My advice here is if you are still using AVG Free version 7.5, stick with it a bit longer until this new AVG Free version 8.0 “SP1” build comes out and has been reviewed at large. If things look good after that point, make the jump to upgrade.  If not, stick with AVG Free 7.5 for a bit longer or until AVG Free version 8.0 “SP 3" comes out or you find another freeware A/V solution.

Special thanks to DougCuk and Ron Schenone for their ongoing work giving me tips pointing to these AVG Free 8.0 nuggets.

AVG’s LinkScanner Continues to Frustrate and Morph

As reported in this post - AVG disguises fake traffic as IE6 | The Register – AVG Technologies continues to tweak its beloved/despised LinkScanner component.

To refresh, this “feature” pre-checks links as you browse to them in your web-browser for malware and other web-ilk. Great idea in theory.  Seeing as IE, Firefox 3.0, and Opera 9.5 already have a similar feature embedded in them to varying degrees, makes perfect sense for AVG to load-down your pc with even more web-security protection.  I can think of several good images but let’s keep the discussion family-friendly.

As AVG Free has hereto-with been a very popular anti-virus solution and loaded on bazillons of pc’s, and seeing how many of these users have already upgraded to version 8.0 and not done the fancy-pantsy CLI “stripped” version install, the Interwebs are now full of AVG’s additional LinkScanner traffic.

The first versions of LinkScanner registered their “pre-visit” click-through event scans as the unique user agent "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)."

Clever folks like the guy over at OSBlues figured out quickly how to filter out that cosmic-noise from web-master logs.  Goodness knows it was giving them fits up to that point.

Now it appears that AVG has jiggered LinkScanner to now also report clicks under the following additional user agents:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)

According to OSBlues, this actually is the same agent profile used by LinkScanner products before they were bought out by AVG Technologies (Grisoft).

Yikes! Sort some of those out between “real” and “AVG bot” clicks.  Good luck.

That Register article’s Comments on ‘AVG disguises fake traffic as IE6’ are filled with quite a few good perspectives.

OSBlues has also confirmed that AVG says that LinkScanner does at least NOT click Google AdWords. Not clear that other such pay-per-click providers are also spared this noise.

Bonus AVG Links

Here is a quick link to an AVG 8.0 HOT TOPICS FAQ with some useful product information including (currently) the following topics:

  • Updating your AVG to the latest version
  • How to install AVG 8.0 over AVG 7.x or AVG Free
  • LinkScanner - what is it?
  • AVG uses too much memory and slows down computer
  • AVG Security Toolbar - what is it?
  • Slow opening of websites on Windows Vista
  • AVG Toolbar error in Mozilla Firefox

And this AVG 8.0 NEWS FAQ link repeats those and currently provides other new ones:

  • Gaming mode
  • How to migrate AVG Admin 7.5 to AVG 8.0 Remote Administration
  • AVG Security Toolbar - how to delete history
  • How to disable AVG temporarily
  • AVG 7.x to AVG 8.0 reinstallation process was aborted. What to do now?

Finally, in one of those this an answer to my speculation as to maybe not wanting to do a clean-install/upgrade of AVG 7.5 to AVG 8.0 in order to preserve some preferences was found.

Note:
It is not possible to automatically transfer your settings from AVG 7.5 to AVG 8.0, due to major changes in the program function. In case you are using AVG Firewall, only basic rules will be copied to the new AVG 8.0 Firewall configuration.

So armed with that information, I still personally recommend first uninstalling AVG Free 7.5 first, rebooting, then installing the AVG Free 8.0 version next.  But an “in-place” upgrade should work without issue.

--Claus

Manually Update AVG Free 7.5

The AVG Free saga continues.

When we last stepped into the theatre with our popcorn and refreshing soda-fountain beverage in hand, it appeared quite clearly that AVG Free would and/or would not stop the automatic updating component of the AVG Free 7.5 builds after June 25th.  Customers using the AVG “Paid” versions of 7.5 would continue to get updated through the end of December.

Today is June 28th and as of this post, I can confirm with my own systems that AVG Free 7.5 servers are still funneling automatic virus file signatures to users via the automatic update mechanisms.

So where does that leave AVG Free users of 7.5?

Confused as ever.  What did you expect?

So, thanks to several kind requests in the comments of a GSD AVG post from “Grateful Granny” I’m sharing a method to manually download and install your AVG 7.5 DAT file signatures into your Windows system if you are running AVG Free 7.5.

This might be useful information to know if AVG does eventually decide to turn off the automatic update spigots for AVG Free 7.5 users, but continues to publish them for it’s paid version customers.

So without further delay--lest AVG changes something on me--here we go.

How To Manually Update AVG Free 7.5 Anti-Virus Signatures

For these steps I'm using AVG Free Edition 7.5.524 on a Windows XP system. Link is to FileHippo an alternative download site I’ve used and trusted for years.

1.  Go to the following official AVG site link and download the following update file: AVG Free V 7 Priority updates.  The current link file you are looking for is called “IAVI: / 1523.”  It's the bottom one and the numbers in the name will change as it gets updated. A few days ago it was listed as  “1521”. The trick is to check the date column and try to snag the most current one. Should be updated daily but you might want to do this every few days if not daily. Make a note where you saved the downloaded file.

image

2. On your computer, launch either the AVG Free Test Center or Control Center from the right-clicking the AVG system tray or browsing for AVG in the Program Files location in the Start menu.

image

3. Find the "Check for Updates" button on either AVG program window and click it to launch.

image

4. In the pop-up window, DESELECT the "do not ask for update source next time..." checkbox. You will probably need to be manually updating them from here on out once the auto-update servers get turned off for AVG 7.5 and this will keep you from getting error messages. Until then you can leave it checked if you want to.

5. Click the "Folder" button at the bottom of that dialog window.

image

6. Browse to the location where you saved the BIN file you downloaded in step 1 then click OK. If everything is good, AVG should find the "New Update File".  This is why I like to save my update files directly to the desktop. It’s easier to find them quickly in the browser tree.

image

7. Click "YES" to update AVG Free.

image

8. The file will be unpacked and the AVG updater window should kick off like before.

image

9. When done, it will give a report that it was done successfully.

image

You have now manually updated AVG version 7 to to the latest virus signature files!

image

Easy-Peasy!

This works (for now) on both XP and Vista system running AVG 7.5 Free.

Feel free to delete the BIN update file from your download location if you wish. No need to keep it around if you got a good update applied.

My advice to AVG Free 7.5 users is to continue letting AVG 7.5 Free auto-update the signature updates as long as they keep coming this way…who knows maybe everyone will get lucky and the auto-updates won’t turn off for the AVG Free 7.5 version until after December 2008 as well.  Just don’t hold your breath for that.

However, if you want to practice using this method, have at it.  If you try it on a system with auto-updates enabled and current, the only thing that will happen when you get to step seven is that it will report that the file is already the most current.

Cheers!

--Claus

Visual Joys

image

I got a new set of eyeglasses this week.

I've been fussing about apparent chronic eye-strain in my left eye and finally got to the family ophthalmologist for a checkup. The whole process took about an hour to complete.

Turns out it has been almost three years since my last vision checkup. I had to look up that post on my Blackberry to verify the date during the office checkup. Wow.

Good news was that my eyes are 100% healthy outside of the ocular performance.

I was told that the Rx I had been issued by a last-minute optometrist during my last visit was a bit too strong. So he dialed back the strength in one eye a bit and boosted in in my left eye a tad, also tweaking the astigmatism adjustment in it a bit as well.

I had to pick out my new frames by myself this time. After about twenty minutes of looking through the selections at the local mom-and-pop optical store we love and use in town I went with the very first set of frames I picked up; Adidas's "Inspired full rim model a787" in brown.

They look quite sporty yet refined. I went with the full-rim this time as these are very sturdy and rugged feeling, but the modern style compliments my personality and lifestyle pretty well.

Lavie and Alvis loved them.

There is a bit a curvature to the lenses in a wrap-around style and optically it is taking my eyes a bit of time to adjust, but now-where near the issues I encountered with my last sets.  These frames also have a polarized sunglass clip that I got allowing me to cut-down on the price of getting a 2nd pair of Rx sunglasses.

My left-eye still feels a bit strained but considering it's been working overtime for the past three to six months, and I still have to adjust to these new optics, I can see much better now right out of the box.

Visual Linkfest

Welcome to A Moment of Luxury - Lavie and I have started watching this new PBS series. The host, William Stubbs, turns out to be a local Houston boy and has a very pleasing presentation of his style. Yes, it is about interior decorating primarily but it is very classy and enjoyable. He reminds us of a mix of Lavie's dad and her uncle.

Flickr: Lost America's Photostream - there are some wicked-awesome visual treats in this flickr collection. Great colors and lighting at night for abandoned Americana materials and locations.

I found this King Kong NY wallpaper over at Social Wallpapering that has become my favorite Vista widescreen notebook wallpaper of the moment. It's a graphic from the King Kong movie and the colors and patterns work great for me for the sparse icons I have on it. Still looking for something for the dual monitor desktop....  I also like this wallpaper Heritage Flight 2 especially for the colors of the P-51 Mustang. However the colors of the buildings in the background are too vivid so I will have to do some color work to mute them out a bit first.

BLDGBLOG has had a number of great posts lately:

BLDGBLOG: Buildings and books - from whence I found the Lost America's photostream on flickr.

BLDGBLOG: Sounding Rooms - which essays on hidden rooms and the mysteries they bring to mind.

BLDGBLOG - bonus: this mini-post links to a public-domain book Secret Chambers and Hiding-Places by Allan Fea which provides some creepy and fun stories on hidden rooms. Oldie but goodie!

Arch Daily - Really neat new architectural blog that has loads of stunning modern designs. Lots of great supporting images with the posts.  Every day a new post comes up it is a joy.  I want to be an architect in another life. One of my college buddies played on the UH football squad and was in the College of Architecture program. He was always working on these models. Quite the contrast the big stocky football player and his delicate construction-board design models..Sample post: The Barn House / Buro II.  I love it!

Kong - freeware - For some reason this post has a Kong undercurrent. Kong is a freeware online/offline overhead shooter game with spectacular play and visuals.  Really fun. I spotted this one over in a review at freewaregenius.com. Seems to play well on our laptop/desktop systems.

--Claus

New Toys for Google Blogger in Draft

Now that most all of my posting to Blogger is done via the latest Windows Live Writer - Technical Preview release version, I rarely stop in at Google Blogger at all.

My blog template is also a custom job, so I don't do much now that I have it like I want it.

However, Google continues to refine its Blogger platform and there have been some exciting changes just announced.

Updates and Bug Fixes for June 26th - Blogger in Draft blog

Let’s lead off with the quick stuff:

  • Google Gadget integration continues to improve, with better editing of gadget preferences.
  • The new look for the Dashboard has seen a handful of tweaks, including a new button style that we’re trying out and, by popular demand, the “show all blogs” toggle is now sticky.
  • The subscribe page element has been published to WWW.
  • We’ve added a “Make Blogger in Draft my default dashboard” to the Blogger in Draft dashboard, so now you don’t have to remember to type “draft.blogger.com” instead of “www.blogger.com.”
  • So you can easily keep up with the news, we’ve added this blog as a tab on the Blogger in Draft Dashboard.
But that’s not what you came here for. You wanted this:
  • Webmaster Tools Verification. Turn this on to automatically add and verify all your blogs on Google’s Webmaster Tools.
  • Star ratings. Add a 0–5 star rating control to the bottom of your posts so that your readers can rate them.
  • Import / export of blogs. Back up all of your posts and comments to one Atom XML file on your computer, and import your posts from one blog to another.
  • Embedded comment form. By incredibly popular demand, we’ve brought the comment form to your blog’s post pages, with support for Google Account and OpenID authentication.
  • New post editor. We’ve completely revised the post editor, bringing in drag-and-drop image placement and better HTML handling.

The Star Ratings is cute, but GSD is going to pass on this for now.

The Embedded Comment Form feature does intrigue me. I don't think I am going to go through the work of trying to add it to my custom template just yet (more work required) but it does look to be like a feature I will want to go with down the road.

Importing and Exporting of a Blogger blog will be a very appreciated feature when rolled out. For now I just use a special bookmark in Firefox to pull all of my posts up at once in a browser session and just save the page to my drive. This method looks to be faster and more flexible.

Finally, as I mentioned, I use Windows Live Writer as my blog posting platform of choice. I might use the Blogger post editor for a quick change on the fly but I almost never touch it. I do expect these changes to make it more useful in the control area. It includes improved image handling, improved raw-HTML behavior, you can modify the compose behavior options with more granularity, link editing is simplified, Safari 3 is now fully supported, preview mode has been improved, and placeholders are now added for <object> tags in compose mode.

My biggest headache is that the last time I went into the regular Blogger post editor on line it would not display the editor correctly in Firefox 3.0 or Opera. I had to revert over to IE 7 to do what I wanted to do.  Egads!  Hope this new draft version fixes some of those issues as well.

Also worth checking out is Google Code's announcement of a new interactive version of their Blogger JavaScript Developer's Guide.

With this tool, Blogger users can modify and execute JavaScript code directly in their browser to see what will result. Great for pre-testing changes.

Announcement: Official Google Data APIs Blog: New Blogger Interactive Developer's Guide

Keep blogging!

--Claus

The Opera House and its Bouncer

The Opera browser has remained one of my favorite alternative browsers.

Sure Mozilla’s Firefox web browser remains my favorite one, by pure fact that I can customize the heck out of it with a collection of add-ons that leverages the power for all the things I do on the web, but Opera is fast, slick and sexy.

If Internet Explorer is the family sedan, then Firefox would be a green-version of a Range Rover Sport while Opera would be the Lotus Elise kept around for pure fun.

The Opera Desktop Team has been hard at work making additional refinements to their newest browser release version of 9.5.  It is pretty hard to ignore. Certainly it performs circles around Apple's Safari beta for Windows and even beats out Firefox 3.0; although that probably isn't difficult to do with all the add-ons that quickly get piled onto Firefox.

Opera 9.51 RC 2 – fixes some security status items, a Yahoo! Mail crash problem, other crash event triggers and style-sheet loading.

Opera 9.51 RC 1 – fixed drag/drop tab problems, menu rendering over at deviantart.com, display of new feed additions.

In addition, I’ve done some more reading and this Washington Post Security Fix blog by Brian Krebs offers great insight into Opera’s approach to browser-based malware/website blocking.

Opera 9.5 Offers Anti-Malware Protection - Security Fix

Firefox 3.0 operates its “phishing/attack-site” blocking by currently downloading a sqlite url file list periodically from Google’s servers.  It cross checks links against this and presents intercept-alerts to the user if a match is found. It’s not foolproof, but a good start. For more information see this GSD post Small Steps by Google...Big Help in Firefox 3.

Anyway…according to Brian’s post, Opera uses an on-line tie-in to Haute Secure’s black-lists.

Each time you browse to a new link, Opera will send a micro-packet (less than 1 kb) to Haute asking for a cross-check. If no match is found, the link is loaded. If so, then it is blocked with a warning. This packet traffic is flowing back and forth to the host sitecheck2.opera.com.

Haute uses its own proprietary collections from internal research and indexing efforts but also supplements that information from Google, Spamhaus, and Phistank.com.

Sending a packet check constantly to Haute might raise privacy concerns. Haute responded in the post comments that they do not send or collect any personally identifiable information nor store it.

Antibozo commented that he ran some detailed behaviour monitoring tests. Very interesting stuff. There was an interesting detail observed. “Every page loaded is checked” isn’t exactly accurate.  What antibozo found was that only the primary domain address was checked and it wasn’t rechecked on subsequent same-session visits in the browser. Results of packet response are indeed cached per domain for each session to improve performance as confirmed in the post comments by Opera Software representative Christer Mjellem Strand.

I don’t know the methodology of site indexing but it is conceivable that a site domain could be legitimate but a sub-domain or page could have been seeded with malicious content, thus allowing the user to browse onto the page unaware.

More “official” details on Opera’s browsing protection feature: Opera Fraud Protection

As with Firefox 3.0’s anti-phishing and “attack-site” protection, the similar features in Opera can be manually turned off in the options.

Finally, tests that Brian did by purposely browsing to pages of known malicious content found a poor blocking rate. Hopefully that detection rate will improve as Haute and the other Opera partners in this area continue to refine and expand their lists.

Certainly interesting information and I appreciate Brian, Christer, and antibozo's work in teasing it out.

--Claus

New and Improved Freeware

Here’s hoping that this weekend will present a more relaxed schedule for Claus.

I’ve built up quite a collection of links and topics to post on.

Alvis will be heading off to a church-sponsored camp in North Carolina for the next week so both girls are working hard to collect needed supplies and get everything crammed in the travel-bags.

Hopefully that means I can seclude myself away from the hustle and bustle and enjoy some quiet-time on the keyboard and Inter-tubes.

Quite a lot of my favorite freeware programs have seen updates this past week. Here’s a roundup.

FreeCommander

FreeCommander – freeware - is a dual-pane file-management utility for windows.  There are a lot of great and free file-managers out there.  However this gem keeps rising to the top of my pile.  I use it constantly throughout the day and find myself lost without it. The latest version 2008.06 brings a host of improvements and refinements. The toolbar has been modernized, there is now a built-in FTP tool, and some more bugs have been squashed.  Portable on USB.  Very highly recommended.

Sysinternals

Process Monitor v1.35 – freeware – Updated version fixes a bug that broke action on Windows 2000 systems.  V1.34 just before it added in the ability to filter on result values. A very handy feature.

NirSoft Madness!

I don’t know when Nir Sofer finds the time to sleep.  Take a gander at this list of new and improved utilities from a Windows utilities provider on par with Sysinternals itself.

NirSoft Utilities Panel – webpage – just mouse over the listed items and quickly find the current version and last update of the focused utility.

MozillaHistoryView – freeware – Updated versions now support Firefox 3.0 and earlier versions. Lets you view the history files of sites visited by the Mozilla-based browsers, as well as significant data on each URL history item.

MozillaCookiesView – freeware – Updated version now supports Firefox 3.0 and the cookies.sqlite file.  Sweet!  I find this tool much easier to use to help me manage and remove nuisance cookie crumbs from my Firefox browser than the embedded tool in Firefox proper.

RegDllView – freeware – Updated version lets you delete items now. Use this utility to view and manage the registration and association of DLL, OCX, and EXE files.  Use with caution!

DeviceIOView – freeware – New tool that allows you to monitor the data transfer between a software/service and the device driver. Pretty cool and useful for diagnostics work.

CurrPorts – freeware – Updated version fixes compatibility issues under Vista non-admin accounts.  I use this tool to look for network connections and the process that is responsible for them.  Very useful when tracking down malware or bad-software behavior.

NK2View – freeware – Updated versions fix a bug and adds an additional CLI option. Use to maintain, edit, and audit Outlook’s auto-complete address store known as the NK2 file.

VideoCacheView – freeware – Updated version now able to extract flv files from the Windows temp folder.  This is a great tool to extract web-video files you have watched and save them for long-term keeping and enjoyment.

Spybot Search and Destroy News

Spybot-S&D 1.6, beta 2 - Safer Networking Forums

The team over at Spybot remain hard at work on the next pre-cursor to Spybot S&D 2.0.

This interim version beta release brings on some more fixes and tweaks. Do a custom install using the wizard to install along side the current release version if you want.  My tests and usage of these beta versions has been highly positive. Scan times are remarkably improved! 

No support quite yet for Firefox 3.0, but it may be coming soon in the follow-on beta/RC version.  A demonstration/preview “sample feature” download to apply immunizations to Firefox 3.0 does exist: Check out this forum thread and look at the bottom for the ZIP file. Follow instructions.

Alter Ego – SN is working on a method to run single (web-activity related) applications under another user account (one with lower rights for security).  Shortcuts are replaced and point to the new profile. Clever idea. ZIP file download is posted in the thread. They also offer an animated overview.  More related forum topics here.

The Spybot “next” posts link to a number of additional teases about upcoming feature add-ins. Not real sure what will be seen but it’s sure to be good when done.

Odd’s and Ends

Magical Jelly Bean Keyfinder v2.0.1 – freeware – Got Keys? Yes, many A/V apps love to alert on this and similar tools as PUP’s (potentially unwanted program) since they could be used to “steal” keys from users. However, Windows administrators and FSSS’s (Family System Support Specialists) often know that before you nuke a Windows system and reload it, you better record the existing license keys first, just in case uncle Bob finds he has lost that Windows XP setup key after all. MJBK is one of the best there is.  This version allows saves under a CSV format and additionally supports Office 2007 and Vista. You can also do a Load Hive to pull the data off a dead system’s drive. Glorious!

Revo Uninstaller Freeware – freeware – There are a bunch of Freeware Software Uninstallers out on the web for admins to use, all much better than the Windows Add/Remove Programs item.  While Revo is not my primary third-party uninstall tool, it does bring a number of great features to the table and is well-recommended for home users looking for something faster and more powerful than what comes with Windows by default.  I really like Revo as well in that they offer not just the standard installable version but a USB portable version as well. The latest version (1.71) brings a bug fix on top of numerous improvements seen in v1.70.

CCleaner – freeware – Updated version 2.09.600 now fully supports IE 8.0 beta and Opera 9.5 browsers for cleaning. There have been some memory handling updates for better performance and some GUI changes and tweaks.  Always my preferred temp-file cleaning tool. Don’t stop on their main download page. Hop over to their other builds link and consider the USB portable version or the “slim” version as well.

AM-DeadLink – freeware – The latest version 3.2 was actually updated back in Feb 08. I’ve loved this tool for a long time as it is the premier tool for looking for duplicate and dead bookmark links in your browser. Unfortunately it doesn’t (yet) support Firefox’s 3.0 version which maintains bookmarks in the sqlite format. Hopefully that will be coming soon.

Portable Start Menu – freeware – another tool from the maker of AM-Deadlink.  This one offers to run off USB stick or the local drive and create a mini-start menu launcher. Other apps like this exist (PStart for example) and I’ve got quite a collection waiting for a post of their own. What makes this particular version nice it that it can auto-scan a drive/folder source for .exe files and automatically add them to the list. Worth checking out.

--Claus

Sunday, June 15, 2008

Sun setting on Father’s Day Bliss

ChillnGrill

Thank you girls for this special day.  It doesn’t get much better than this!

I’m proud to be your father, Alvis.

And blessed to have you, Lavie, as my bride and Alvis’s mother.

Love you girls!

--Claus

Grisoft…Please stop the madness!

Madness One – When will AVG Free Version 7.5 End?

When is the fan favorite freebie going away?

Unfortunately there doesn't yet seem to be a clear answer.

AVG 7.5 - The Real Ending Date Is ? ~ The Blade by Ron Schenone, MVP

According to information in that post, the AVG Free v7.5 version may stop automatic updating by December 31st, 2008 (per a Free Forum moderator).

According to information in that post, the AVG Free v 7.5 version may stop automatic updating by June 25th, 2008 (per the Grisoft support and marketing).

Now, there has also been some suggestions on the net that the Free version will stop getting updates at the June date but the paid version may continue getting updates until the December date.  That makes a bit of sense to me.

If this is true, the next question that comes up to me is how long will Grisoft continue publishing AV DAT files that be used to manually update the product?

If the "automatic updates" get turned off but Grisoft continues to offer them for its paid customers, I'm betting die-hard 7.5 fans can continue it on life-support by manually downloading and installing the DAT files for a bit longer (December 2008).

Here's a link to them via Grisoft's official Download update (AVG 7.5) web-page.

Your mileage may vary….

Madness Two – AVG Linkscanner: Friend or Foe? Yes.

I’ve been fussing about AVG’s LinkScanner component of AVG Free version 8 for a while now.

Good in theory…weak in delivery.

As such, I’ve been strongly recommending that AVG Free version 8.0 users pass on these features (unless the users are just completely naive for web-dangers).

Comments in one or two of my AVG posts have touched on this component as well:

As a side note - I noticed a slight confusions in some of the posts regarding the LinkScanner technology. I think that Roger Thompson's blog provides some really interesting information about exploits and the necessity to protect while browsing

--Karel Obluk (AVG)

I get the Linkscanner feature.

Your FAQ also does a great job summarizing it: AVG Free FAQ's #1338 I had previously posted a link to it in one of my posts.

Yes, Roger Thompson's blog (and many others like it) point out the hazards that lurk behind many innoculous-appearing web-links. It takes a second to click but hours to clean and recover a system after a bad jump. Many (but not all) geekier-minded security folks already are cautious and security minded with link-hopping. However, as I have said before in my posts, a great many home-users are not so sophisticated and would find great-benefit in the LinkScanner feature of AVG v8.

The biggest hurdle for the rest of us is convincing us 100% that web-surfing performance is not impacted at between using/not using LinkScanner. And that AVG isn't doing any "data-collection" based on those checks...regardless if it is anonymous or not. Current discussion and comments from "power-users" is that they don't want to see a tool-bar, that LinkScanner feature does take a toll on system and web-surfing performance, and that for many folks, it is more of a burden than help.

--Claus Valca (me!)

I came across your website while Googling for a way to uninstall SafeSearch.
Being on a capped plan, I watch my downloads closely. After installing AVG Free 8.0, I noticed that my downloads had increased quite a bit, and I suspected that Safe Search was the culprit.

My suspicion stems from the fact that while SafeSearch is working out the safety rating for each link, my download indicator keeps flashing, which it never did as much with the previous version

I have just uninstalled SafeSearch, so it's a bit early to say if my suspicions are correct, but I would be interested to know if other users have similar suspicions.

--Albert

@ Albert:
The LinkScanner indeed appears to be the cause for increased download size. I captured some of the traffic caused by LinkScanner with Ethereal and found that on various links (especially links to forum pages) the LinkScanner gets mislead and downloads megabytes of data. I first thought I was botted or had a trojan, but it clearly seems to be the LinkScanner. The worst thing about it is that even if you change websites after having made your search, AVG continues to analyze these links, which can consume a significant amount of your bandwidth. The only way to stop these downloads is then to quit your browser. BAD! DISABLE!

-- Anonymous 

To install without "AVG Toolbar" and "LinkScanner".

=> avg_free_stf_*.exe /NOAVGTOOLBAR /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch

I can understand what AVG Technologies (formerly Grisoft) was trying to do in theory. Its just that the implementation is problematic! :(

--aussiebear

So while these running comments have been going on in light of installation and PC end-user side performance versus the Greater Good™ of web-surfing safety I hadn’t even considered a far more dark-side of LinkScanner:  web-traffic and page analytics.

I first got wind of this via a small link inclusion in Dwight Silverman’s Saturday TechBlog post.

That linked to this Register article: AVG scanner blasts internet with fake traffic.

Six months ago, AVG acquired Exploit Prevention Labs and its Linkscanner, a tool that automatically scans search engine results before you click on them. If you search Google, for instance, and ten results turn up, it visits all ten links to ensure they're malware free.

Then, in late April, AVG rolled Linkscanner into its anti-virus engine, which has about 70 million active users worldwide. The company estimates that 20 million machines have upgraded to the tool's new incarnation, AVG version 8, and this has already cooked up enough ghost clicks to skew traffic not only on The Reg but any number of other sites as well.

Adam Beale, who runs a UK-based internet consultancy, says that across his small stable of clients, traffic has spiked as much as 80 per cent on some sites. And this is more than just an inconvenience. After all, sites live and die by their traffic numbers. And net resources aren't free.

"Although [the AVG Linkscanner] might be good for the security of users, it's a real pain for website owners and webmasters," Beale tells us, having blogged about this growing problem. "It's causing people to think their traffic is increasing, costing those who pay for bandwidth, and wasting disk space with large amounts of unnecessary lines in log files."

One of his clients, Beale says, normally pulls in 140GB of bandwidth a month, and for June, he predicts a 5 per cent jump.

When we spoke to AVG chief of research Roger Thompson earlier this week, he was unaware of these issues. But he defended the role of Linkscanner, which he designed while serving as CTO of Exploit Prevention Labs.

"There's so much hacking activity going on the web. The only way to really tell what's there is to go and have a look," he told us. "I don't want to sound flip about this, but if you want to make omelettes, you have to break some eggs."

Ron Schenone’s post AVG LinkScanner Causes More Problems picked up that one and led me to one “discoverer” of this new headache caused by AVG; Adam over at OSBlues.

His perspective provides great insight into the headache this is causing those who depend on web-stats as well as the detective work he did to uncover this trend.

AVG Destroys Web Analytics « OSBlues

In fact, LinkScanner analyses results from search engines (not just Google) and is browser independent.  This may sound like a good idea from a security point of view, however, from a webmaster/website owner point of view, this is not good at all.

If your site appears well in the search engines, as everyone strives to do, your website is or is going to be hugely affected by this.  Essentially this means, that everytime your site appears in a users results, regardless of whether they click on it, your website logfiles and thefore your statistics will show that person as a real visitor coming to your site.  Now, because the IP address is the users IP address, we can’t filter on that, at first look it would appear we can filter on this useragent, unfortunately I spotted another one

Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)

This one however, is even worst.  This time it’s a legitimate user agent which means you can’t filter it out or rewrite it to another page on your site without the risk of blocking or harming real visitors.  The first user agent is different, due to lack of a space (or plus) between the last semi-colon and the 1813, it doesn’t follow the standard pattern used by Microsoft.

So, we get to crux of the problem, AVG has destroyed web analytics for people who use a logfile analysis tool.  Not only have they done this, they are also wasting our bandwidth and our disk space on servers!

Adam has come up with a LogParser solution for filtering out much of the background noise this security add-on has created on the web: More AVG & LinkScanner Information « OSBlues

Even more from Adam here: Using LogParser With Awstats To Filter AVG Spam « OSBlues

At first the initial comments from Grisoft as quoted in The Register article comments seemed a bit distant and out-of-touch.  Donna’s SecurityFlash posted a followup comment from Grisoft that seemed to warm to the idea of working collectively with wise web-Jedi Masters to come up with a secure but harmonious solution.

Response by AVG regarding Linkscanner on AVG products – Donna’s SecurityFlash

Hi, folks. Pat Bitton from AVG here. This issue has clearly raised some concerns that we had not anticipated, and we acknowledge that we need to do something. Our primary purpose with LinkScanner, as Roger Thompson has pointed out, is to protect users against web-based threats that they cannot see. These threats are also usually invisible to web site operators, who presumably also don't wish to be unwittingly passing infections on to their visitors. This kind of problem can and does affect all types of web sites, big or small, and is extremely transient - which is why we don't use the static database approach cited by some as a viable alternative. Over the next few days, we will be exploring ways in which we can continue to deliver informed protection as unobtrusively as possible without adversely impacting site analytics. Any webmaster reading this post who is interested in working with us constructively to reach this goal is welcome to contact me at pat.bitton(at)avg.com.

Indeed Adam at OSBlues soon posted that he had been directly contacted by Pat Bitton looking to work with him (and others) to solve this issue: Contact from AVG  « OSBlues.

So there may yet be hope.

Maybe.

However while this may remedy the web-traffic garbage in web-master logs, it may not address the complaints about the traffic generated by AVG Version 8 users (Free/paid) on their own machines by the product.

Me? I’m passing and not installing this component on my system nor am I recommending others install it on theirs at this time.  It might indeed protect users from malicious and hostile web-sites, but if they toss out A/V-A/M protection after getting so frustrated with that class of product due to this component, I think that would be even worse.

Adding Insult to Injury: AVG Style

False positives seem to be a hallmark of anti-malware products. The real test is the frequency and seriousness of the false-positives found by an A/V product.

Grisoft’s AVG Free line has, in my experience, generated more than their fair share. That said they have always been fast to respond to fixes and have even included an “imbedded” method of reporting and submission for testing to the Grisoft labs in their AVG version 8 product.

Only this week their false-positive net bagged a biggie: SpywareBlaster.

I’ve long encouraged folks to use this free for personal use product to help insulate their system from web-based malware threats. It works by “…blacklisting the CLSID of known malware programs, effectively preventing them from infecting a protected computer.” Wikipedia. It also can block traversal to websites known to seed malware on systems as well as block tracking cookies.

Awesome and beneficial product.

Only somehow it recently managed to get classified as a threat by AVG. Specifically the sbautoupdate.exe component.

AVG False-Positive Detection on SpywareBlaster – Donna’s SecurityFlash

Fortunately, the crack-team of false-positive AVG checking specialists quickly corrected the issue and posted new DAT files to take care of the problem.

[Resolved] AVG False-Positive Detection on sbautoupdate.exe – Wilders Security Forum

Whew!

Like they Grisoft really needed that headache added to the mix.

AVG 8.0 SP1 – More tidbits in the kibble bowl

Good news is that based on this forum thread still crawling along, some other issues with AVG Free Version 8 might be resolved in the upcoming (mid June?) SP1 release of AVG Free v8.

When is the next version of AVG 8.0 coming out? -- Wilders Security Forum (thanks for the lead Ron!)

(if hbkh’s information is accurate…)

AVG 8.0 VERSION DESCRIPTION
===========================
Product: AVG Internet Security
Version: 8.0 (build 111) - SP1
FIXES & IMPROVEMENTS
====================
- Remake of internal communication to eliminate undesired program status appearance (hibernation, sleep mode, cold restart, ...).
- Display of the system tray icon representing running scan (that can be paused or stopped from the context menu).
- Added option to ignore the status of a component: the system tray icon then reports OK status even if a component is in error status.
- New tab added for the rootkit findings in the scan results overview.
- System restore point is created before launching a program update.
- Added new option verifying the ADMIN Server connection in the program's advanced settings.
- Improved EML file processing including scanning of user mailboxes.
- RAM requirements optimization.
- Improved statistics of detected objects in Email Scanner and resident Shield.
- New design of the system tray pop-up window, and more information provided.
- To eliminate AVG collisions with OS, only minimum drivers are installed in safe mode; then it is possible to launch on-demand scanning from the command line only, and a new GUI dialog has been added to ease the scan configuration.
- Added option of restoring a file from the Virus Vault to the original folder even if the folder has been removed.
- Added option of deleting the Resident Shield and Email Scanner history.
- Improved stability and design of GUI.
- Improved GUI accessibility (using keyboard).
- Fixed problem of GUI compatibility with some screereaders, e.g. JAWS.

From what I can tell from this thread, the Beta is out for private testing, but not yet released. Maybe it will be coming by mid-to-end June. Maybe. Word is that beta testing wraps up June 16th so if no majors are found, maybe a bit after that?

The forum also had a post showing that the defs in the version they were using were finding false-positives on yet another good pc system security company’s product: Prevx.

Sigh…

Haven’t I heard a quote that goes something like “Hope Springs Eternal” ?

Oh, my bad…it’s just those crazy brain compounds at work.

I must carry a higher dose in my brain than most….

We will see.

The AVG Free version 8 train-wreck watch continues….

--Claus