Security company AVG is upgrading a component of its antivirus software so as not to place an undue traffic load on the Web sites it scans.
The company has already released a patch for LinkScanner, part of its Anti-Virus Free Edition 8.0, and will release a patch for the paid versions of the software on Tuesday, said Lloyd Borrett, marketing manager for AVG in Australia and New Zealand.
The behavior of AVG’s LinkScanner caused much animosity toward the Czech-based company, including a Web site dedicated to the issue, despite the popularity of its free security software.
Web site owners complained LinkScanner was hitting their sites repeatedly, using up the bandwidth they paid for and causing their Web analytics programs to suddenly record high numbers of visitors. AVG acquired LinkScanner’s maker, Exploit Prevention Labs, in December 2007.
LinkScanner has a feature called Search-Shield. When a person uses a search engine, Search-Shield checks the results returned by downloading and scanning the web pages indexed, and warning the user if a site contains a security threat.
But Search-Shield’s scan is recorded by many Web analytics programs as a visitor. Worse yet, Web site owners complained that Search-Shield presented itself to Web sites as Microsoft’s Internet Explorer 6 browser, making it difficult to filter AVG scans from legitimate visitor traffic in their logs.
LinkScanner masked itself as IE 6 so as to not tip off bad Web sites to a scan, since malware writers have been known to engineer Web sites to behave differently depending on a user’s IP address or the browser they are using.
Search-Shield will no longer scan every result in the way that caused traffic numbers to skyrocket, Borrett said.
Anti-Virus Free Edition 8.0, released in April and the first one to incorporate LinkScanner, has been downloaded millions of times, according to AVG’s Web site. The current trouble apparently wasn’t unexpected, just not so soon, according to a statement on the site.
“Because of the unique nature of our technology — we scan web links before our customers open them to ensure they are safe — we anticipated that we would see a spike in the number of sites that were analyzed, however, we underestimated the popularity of our product and the resulting number of verdicts that came back to us,” the statement said. “As a result, we did not anticipate seeing the volumes we have seen in two months for another 24 to 36 months.”
Borrett said he didn’t how LinkScanner has been fixed, but that it may no longer scan every result, instead checking the search query results against a blacklist, or a list of known bad sites.