AVG LinkScanner – just say no!

Written by Haydn Williams

In the past, I’ve used the free version of AVG anti-virus on a variety of machines both at home and at work. It always worked well, and was updated frequently. However, it’s now on my List Of Things I Shouldn’t Use.

The latest and greatest paid-for version of the software includes a feature called LinkScanner. This is designed to prevent infected websites installing malware on users’ machines. A noble cause, but the manner in which it’s carried out seems a little over-zealous. Basically, when a page is loaded, the LinkScanner feature will visit every link on the page and check whether it’s classed as an infected malware site or not. It doesn’t matter whether you subsequently click those links or not, they are all visited as soon as you open the original page. That means that every site linked to from that page has to serve up a page, using up bandwidth and costing them money, and also registers a page ‘hit’. This is despite the fact that, in reality, no-one has really visited the page or seen it. If you’re like me and have Google set to return 200 results at a time, then 200 websites will get these fake hits and bandwidth use for a non-visit.

Increased traffic on Wikipedia Watch (Copyright Wikipedia Watch 2008)

This has been spotted by The Register, OSBlues, and Wikipedia Watch, all of whom noticed funny things going on with their web stats, i.e. massively increased hit numbers to pages which shouldn’t really be getting them. There’s plenty more information and linkage on the OSBlues post.

One original fix was to redirect traffic based on the User Agent, but AVG have now altered the User Agent of LinkScanner to match IE6. That means there’s no way to differentiate between real people and traffic from AVG’s LinkScanner. They say that’s because they’re trying to simulate real user clicks as closely as possible to try and detect fraud. However, it’s causing headaches for people left, right and centre as it messes up their web stats and chews through their bandwidth. AVG have stated that you “can’t make an omlette without breaking eggs”, but this seems completely excessive. There are currently 20 million users of AVG 8, with a further 50 million on version 7 with a potential upgrade to version 8. 

I can see what AVG are trying to do, but I don’t believe it’s fair for them to foist this onto webmasters without any kind of get-out clause. We should be free to manage our servers and bandwidth as we wish, and to monitor our users effectively, and for LinkScanner to masquerade as a normal user is out of order. Some users are already turning off LinkScanner and urging others to do so. Others are advising how to install AVG without the LinkScanner component (see comments here). Personally, I won’t be touching AVG again, and will be advising all my friends who have it to either remain on v7, or to switch to Avast!

EDIT: It appears AVG have seen sense.