Major flaw in AVG8, it's slowing down the internet! Don't use it!

Learn about Computer Security Other Security Products
1

Just read this story on slashdot.org first:
AVG Fakes User Agent, Floods the Internet - Slashdot

Basically because AVG since version 8 has taken it on themselves to scan every link in the user’s browser before they even click anything (it’s called Linkscanner), as a result AVG users have been generating a lot of unnecessary traffic. Just imagine doing a google search and AVG downloading the 20+ websites google is linking to rather than just the one you click on.

I’d say if there ever was a good time for the upgrade to CPF3, Comodo Integrated Security to be released, now is the time.

PS: for Melih, read this post: AVG Fakes User Agent, Floods the Internet - Slashdot
/. seems like a great place to start promoting your A-VSMART technology because apparantly they are unaware of it.

2

I heard about this. I haven’t used AVG in over 3 years and never intend on it. I love my NOD32. Avast is a better free choice over AVG.

3

From AVG 7.5 to 8 it is one step down not up I have disabled linkscanner and webshield waiting for CAVS3 to be released.
Dennis

4

That’s insane, like the page prefetch Firefox extension. In my book that’s illegal. :-TD >:(

5

I have been hearing nothing but bad reports about AVG in the last six months or so. While I have never used AVG,
I have had friends that have used it and they used to be happy. But still, in the AV product market, the best performance is only to be found in a few of the paid AV’s and no full featured freeware AV has ever been in what I would call the top tier of AV performance. And sadly unlike the firewall market where the best product, IMHO, is Comodo3, and thus freeware tops the list.

And in many ways, the AV avast freeware and the AVG freeware versions were very similar in terms of virtues and detection rates. But the key word is WERE in the past tense. And not only that, both AVG and Avast as freeware
versions were full featured AV’s and in terms of freeware, they both used to lead the freeware class. Out preforming many paid AV’s but still not quite the equal of paid AV’s like Kaspersky, NOD32. and Antivirus. Nor are the paid versions of AVG or Avast much better in terms of performance.

But AVG, for whatever reasons, has really taken itself out of the AV market in MHO. First, the freeware version has opted to become not full featured and hence crippleware. Because after 30 days, the prescanning of incoming email stops. Thus putting AVG on the same footing as the Avira antivirus personal freeware version. But AVG can’t
come close to competing with the much better Avira in terms of performance. Second, AVG 8 has gone the bloatware route without gaining any performance to justify it. I am also hearing reports that AVG is not compatible with firefox3 to go along with just a flood of negative reports on many forums.

Meaning Avast is now, IMHO and also backed by testing organizations, the best full featured freeware AV and Antivirus personal edition freeware, is the best preforming AV even though it lacks incoming email prescanning. IMHO, the choice is now depending on how much a given user needs incoming email scanning if they want a freeware AV.

The sad implication is what happens if Avast, due to lack on paying subscribers, is forced to to go the AVG route,
and it least drop some of its full features to get more to pay?

But I am eagerly awaiting any comodo entry in to the possibly freeware AV market. But before I make any decisions, I will have to see the unbiased tests to show comodo can run with the performance leaders.

6

Osage said: “and no full featured freeware AV has ever been in what I would call the top tier of AV performance.”

Not Quite your stance on the Avira forums I thank.

7

Why even bother with websites and email scanners… they are just a marketing ploy. I’m probably going to get some response to this to let me try to explain.

With a websheild on, Try to download Eicar. Get’s deleted
With a websheild off, Try to download Eicar. Get’s deleted

With email scanner on, Download an attachment. Now read the email scanning, the file has been scanned.
With email scanner off, Download an attachment. Now read the real time scanning, the file has been scanned.

They are just more un-needed services that are eating at your CPU.

8

AVG 8 is worse then AVG 7.

More bloated, More Heavy, Looks prettier but under-the-hood isn’t a good sight. Reminds me of Vista. IMO…

Josh

9

Kyle is correct in writing—I’m probably going to get some response to this to let me try to explain. So I will try to have a go at it, but I do like the Kyle disclaimer, I too am not a computer tech but this is my basic forum understanding.

But in terms of the active antivirus class in general, some versions lack email prescanning. And citing a non malicious test virus like Eicar is a very poor comparison with the active antivirus programs that have email preascanning.

An active antivirus that has email prescanning should detect the virus as the email is coming in and before it is opened. Be the virus somewhere in the email itself, or in an attachment, and the better ones will detect it even if its comes a a zipped file. And way BEFORE you can even think of opening the email, the active AV will have stopped and prevented the threat.

Those AV’s that lack the email prescanning will wait until the email is opened, and then should, QUICKLY detect any malicious viruses. The point being, how quick is quick? Because in that small gap in time before the active antivirus can react and basically say, eeek its a virus, stop it, there are some are forms of viruses that can beat your AV to the punch, and in a matter of mere millisecond it can install, and then start executing its program to shut down your AV, shutdown your software firewall, and then start merrily downloading all kinds of malware. Not to be an alarmist, these type of exploits are rare, but they do exist and are documented on various reputable security forums.

But if you happen to download Eicar in an email with a non prescanning AV, its will execute nothing giving your active AV infinite time to react.

10

Main reason I use web based email and not POP3. Yahoo email now scans all files with Norton 09 before you can open them. Then on top you still your own av.

11

Hey osage,

Realtime scanner scans the file as soon as it is accessed, a virus coming through an email would be scanned by the realtime scanner anyway, it’s being written on your disk.

Example, I’m guessing you have CPF3 D+, when you finish downloading a file D+ will ask you if Firefox is allowed to add a new file, (the one you downloaded). It will then be scanned. There are alot of viruses on Limewire\frostwire etc…if you have Avast! turn your P2P sheild off… it will still detect and remove it… and it’s saving you resource usage…

12

If you use NOD32 it has an active mode to filter web browser or any other program.

13

AVG 8 is also not bug free more like a Beta makes you wonder if they tested it.
One bug during scan pause then stop without restating now after I scan it takes 100% cpu have to reboot.
Waiting for CAVS3 please soon.
Dennis

14

I’ve never seen the point in email scanning because of what Kyle says.

No, it is not a race against time. An AV will have a global hook installed, what means that Windows won’t process the file until the AV is done scanning it:

A hook is a point in the system message-handling mechanism where an application can install a subroutine to monitor the message traffic in the system and process certain types of messages before they reach the target window procedure.
15

To Japo,

  1. What I posted is my general understanding of things, you post that a global hook will always get around that possibility and I am not sure you are 100% correct in stating a global hook is impossible to get around.

  2. We must always realize we are competing with very smart and devious people, namely the people who write malware, and they keep refining their wares until they can successfully penetrate our defenses. The less devious
    capture enough PC’s to keep them busy because the security clueless are in almost infinite supply.

  3. To a certain extent, there are other things besides AV global hooks that can prevent new unknown software from executing and comodo3 is one of them. But perhaps another good defense is using an non administrative account with a full software restriction policy.

16

Osage… You can’t sort of compare an AV to D+ in a certain sense…

Before a program is allowed to run it as asked by D+
Before a program runs it is scanned by the av…

17

CFP works by means of Windows global hooks too. :wink:

But perhaps another good defense is using an non administrative account

Certainly. :-TU

18

To Japo and Kyle,

I do not want to either appear totally dogmatic or deny what you are saying about the possible invulnerabilities of
global hooks, the main points I am trying to make is that one loses some prevention element when your AV lacks email prescanning. So in that sense, the bad guy actually get inside your computer and enjoys a certain brief moment of freedom it would not otherwise have. I just think that AV users should be aware of the possibilities even if the risks may be minor or debatable. If nothing else, if it can’t execute it may use the time to hide.

In my case I use Avira personnel but let another computer with email prescanning catch the family email to hedge that bet.

But I think the point is especially valid now with AVG 8, because, like avira personal, after 30 days, the AVG8 freeware edition loses its email prescanning. And then compareded to avira personal, its same features but AVG8 has decidedly poorer detection compared to Avira. Leaving Avast, IMHO, as the best FULL featured freeware AV.
But still, Avast also does not equal Avira in detection rates which is borne out by unbiased testing organization fact.

So it seems to me the freeware AV choices are NOW further limited. Choose Avira for the best detection in the active AV freeware class, or choose Avast if you feel you need email prescanning. But if nothing else, AVG8 has nothing remaining to offer to that freeware AV choice and they have taken themselves out of the running.

In terms of the future, a new company, Rising seems to show promise but are not up to Avast yet according to the test results I have seen. And of course, Comodo Cavs3 may be in the near AV future, but again, I want to see
the unbiased test results.

19

Apparently the AVG problem is being “fixed” in the next few days.Also i realised today that “All applications” in Defence+ has three Windows hooks,did it used too?

Matty

20

Don’t worry Osage, I haven’t said anything is invulnerable–I wouldn’t know. :a0