Security company AVG is upgrading ts anti-virus software to avoid placing an undue traffic load on the websites it scans.
The company has already released a patch for LinkScanner, part of its Anti-Virus Free Edition 8.0, and will release a patch for the paid versions of the software tomorrow, said Lloyd Borrett, marketing manager for AVG in Australia and New Zealand.
The behaviour of AVG's LinkScanner caused much animosity toward the Czech-based company, including an anti-AVG website despite the popularity of its free security software.
Web site owners complained LinkScanner was hitting their sites repeatedly, using up the bandwidth they paid for and causing their web analytics programs to suddenly record high numbers of visitors. AVG acquired LinkScanner's maker, Exploit Prevention Labs, in December 2007.
LinkScanner has a feature called Search-Shield. When a person uses a search engine, Search-Shield checks the results returned by downloading and scanning the web pages indexed, and warning the user if a site contains a security threat.
But Search-Shield's scan is recorded by many web analytics programs as a visitor. Worse yet, Web site owners complained that Search-Shield presented itself to webstes as Microsoft's Internet Explorer 6 browser, making it difficult to filter AVG scans from legitimate visitor traffic in their logs.
LinkScanner masked itself as IE 6 so as to not tip off bad websites to a scan, since malware writers have been known to engineer Web sites to behave differently depending on a user's IP address or the browser they are using.
Search-Shield will no longer scan every result in the way that caused traffic numbers to skyrocket, Borrett said.
Anti-Virus Free Edition 8.0, released in April and the first one to incorporate LinkScanner, has been downloaded millions of times, according to AVG's website. The current trouble apparently wasn't unexpected, just not so soon, according to a statement on the site.
"Because of the unique nature of our technology -- we scan web links before our customers open them to ensure they are safe -- we anticipated that we would see a spike in the number of sites that were analysed, however, we underestimated the popularity of our product and the resulting number of verdicts that came back to us," the statement said. "As a result, we did not anticipate seeing the volumes we have seen in two months for another 24 to 36 months."
Borrett said he didn't how LinkScanner has been fixed, but that it may no longer scan every result, instead checking the search query results against a blacklist, or a list of known bad sites.