
How to beat AVG's fake traffic spew - lurkage
http://www.theregister.co.uk/2008/07/02/linkscanner_fake_traffic_temporary_fix/
======
jrockway
Is this really as an important issue as The Register is making it out to be?
So the user fetches your page without looking at it. That's how the web works.
Bandwidth, at least with my host, is nearly free... so who cares. Your ads and
javascript-based analytics aren't being hit, so it shouldn't be affecting your
monetarily. And even if it is, this is how the web works. Clients can do
whatever they want. They can scan your page for malware, they can not display
it, or they can download it over and over for no reason.

~~~
jm4
I agree. At most I think it could be argued that what AVG does is impolite
client behavior. Do enough people even use this product that it's is a problem
to begin with? This isn't much different than all those web accelerators that
were popular a few years ago and I don't remember anyone griping about those
taking up bandwidth. This whole thing seems like a non-issue.

I also wonder if the people talking about filtering or redirecting this AVG
traffic are some of the same people clamoring for net neutrality. Granted,
this is a little different because we're not talking about filtering at the
ISP level, but keep in mind this effectively degrades the quality of a product
that someone has paid for. If this was being done by Comcast or Time Warner
we'd be raising bloody hell.

------
jws
Personally, I use the web server hits to let me know what people are
interested in. I don't burden my users with javascript analytics.

For the moment I can just drop all the data from IE6 users, but if AVG is
serious about this they will have to start randomizing their signature or it
won't work.

AVG is a robot. They should use the robot exclusion protocol and clearly
identify themselves in their user agent string.

~~~
jm4
My understanding is that the whole point of this feature is to identify bad
sites. It defeats the whole purpose of the feature if it identifies itself as
a robot and site owners can easily filter or redirect the traffic.

~~~
jws
It depends on the site. A non-malevolent site that has malware injected into
its HTML will still be caught. The content won't get a chance to see the
identification.

A malevolent site can just track their mechanism and work around it, like not
showing malware to IE6 users unless they ask for the content a second time in
quick succession. (Might not work, I don't know if the AVG copy gets cached.
One would hope it doesn't for the sake of sites that do browser sniffing.)

