AVG LinkScanner
Interview with Lloyd Borrett
With criminals and hackers targeting more and more people on the Internet, browsing the Internet has become the next big threat. Originally viruses and Trojan horses were the main concerns; however the threat landscape has considerably changed since the conception of the internet.
As viruses’ targeted information on the computer, criminals have now targeted other vulnerabilities such as online identify theft which may include banking and credit card details.
Thankfully companies such as AVG continue to address these threats and their latest venture into this territory is AVG LinkScanner which scans websites in real-time, ensuring that they are safe to use. Best of all, this product is free to users and Impulse Gamer went one on one with Lloyd Borrett from AVG (AU/NZ) about this protection technology and the future of the Internet.
[Impulsegamer] Thanks for being part of this interview Lloyd and for the uninitiated, could you please tell us a bit about AVG and how you became part of this company?
[LB] AVG Technologies, formerly Grisoft, was founded in 1991. The company focuses on providing home and business computer users with effective protection against computer security threats.
AVG (AU/NZ) distributes the AVG security products to the Australian, New Zealand and South Pacific markets. I joined AVG (AU/NZ) as the Marketing Manager in October 2007 to raise the awareness of AVG beyond its traditional “AVG Free” reputation.
[Impulsegamer] How did AVG come up with the idea of LinkScanner?
[LB] AVG Chief Research Officer and expatriate Australian, Roger Thompson recognised a few years ago that the cyber criminals were fast moving into using the web as their primary distribution mechanism for viruses and other malware, drive-by downloads and other stealthy web threats.
The cyber criminals hack into existing web sites and either put their exploits on the hosts pages, or embed links to their own poisoned web pages. Any type of web site can be affected, from a small business to a government department to a major brand-name company. If a user simply visits one of these poisoned web pages they don’t even need to click on anything to get into real trouble, to lose their credit card details, their ID or other valuable information or files. Today, 95% of online threats are web-based and cannot be stopped with anti-virus software alone.
Roger realised that the blacklist/database based safe search and surf approach being worked on by other security vendors wouldn’t, by itself, work effectively against this problem. Relying on information about a web site’s relative safety days or weeks in the past cannot protect users against threats that remain in one place for less than 24 hours. Thus LinkScanner was developed to provide a real-time safe search and surf protection solution.
[Impulsegamer] Why is this product being offered free to users?
[LB] AVG believes that every computer user has the right to basic security protection, regardless of their ability to pay. Over 80 million users are already protected by AVG products. They use AVG Anti-Virus Free Edition, or have opted for the enhanced protection of the paid AVG products. These AVG users have been protected by AVG LinkScanner since the introduction of the AVG 8.0 product range in March 2008.
Now AVG LinkScanner is being made available to the users of other security software products, to provide them with the same enhanced protection against online threats. AVG LinkScanner runs smoothly alongside other major brands of security software. Now any PC user can surf and search the web with confidence and without fear of losing their ID, bank account information, credit card details, valuable file and information to cyber criminals.
[Impulsegamer] Tell us a bit about the features of LinkScanner?
[LB] AVG LinkScanner provides a two-layered approach to your safety online.
The LinkScanner Search Shield component scans your Google, Yahoo! and Microsoft search results and places a safety rating next to each link, so you know where it’s safe to click.
When you click on any link to load a web page into your IE6, Firefox 2 or later browser, or enter the URL into the browser address bar, the LinkScanner Active Surf Shield component scans the web page for exploits. If the page is poisoned, it warns you not to open it. This happens so quickly that you won’t even notice it.
The fact that AVG LinkScanner works in real-time makes it unique. The software doesn’t just rely on “blacklists” of sites that have previously been poisoned, but instead checks for active threats right at the time you try to view the web page.
It’s not just when you click on links in your browser that AVG LinkScanner protects you. When you click on a bookmark, links in e-mails and instant messages, your browser is asked to load the web page. AVG LinkScanner then checks the web page for exploits.
[Impulsegamer] How is this software product different from Symantec’s version?
[LB] All of the safe search and surf solutions I know of from other security vendors are almost purely blacklist/database based. They are not real-time solutions.
Consider this. On any given day, some two million web pages are poisoned with hidden threats. The AVG researchers are seeing some 200,000 to 300,000 new web sites being created every day to host web threats. And 60% of those web sites are active for less than one day. 80% are active for less than 10 days. The highly transient nature of those threats makes real-time link scanning crucial. No blacklist based solution can keep up-to-date with this volume of exploited web pages, especially given the highly transient nature of the problem.
Unlike other solutions, AVG LinkScanner analyses individual pages on a web site to generate a rating for those pages. Imagine that one or two pages on a vast site like Facebook or MySpace are being used to spread malware. If a safe-surfing solution only rates entire sites based on what it finds on a couple of pages, a bad rating on those one or two poisoned pages would result in blocking users’ access to all of their friends’ pages on that site. AVG LinkScanner only blocks the poisoned pages, while they are poisoned.
There was a recent study of about 33,000 web sites infected with malicious code. A competing product to AVG LinkScanner, regarded by many as the leading safe search and surf protection solution, only flagged 1.26% of the web sites as dangerous. LinkScanner blocked well over 90%. Now every PC user can have the superior, real-time protection of AVG LinkScanner for free.
Some of the other security vendors are playing up the reach of the “user community” they have established to help compile the database for their blacklist based safe search and surf solutions. Well AVG LinkScanner has as extensive a “neighbourhood watch” approach and it’s been operating for five years. Roughly 40% of AVG users opt in to provide information back to AVG Labs. There are more than 80 million AVG users. One in eight web users come across a poisoned page at least once a month.
This user input increases the ability of AVG LinkScanner to provide relevant protection to users — putting the protection focus on where users actually go and when they go there, rather than trying to map and secure the entire Internet. AVG’s LIVE Intelligence Network has focused solely on this area of evolving threats through the combined resources of:
-
a global team of expert human researchers and a network of ‘hunting pots’
-
an intelligent filter for known and suspected threat distribution sites and mechanisms
-
automated threat encounter feedback, ensuring focus on real-world threats that affect real users
AVG LinkScanner aggregates intelligence gained through these channels, correlates it in real time, and integrates it back into the threat analysis process to continually improve user protection.
So just some other security vendors, AVG uses a neighbourhood watch approach to improve the quality of the AVG LinkScanner safe search verdicts. But unlike the others, AVG also feeds the changes in exploits into the detection methods used by AVG LinkScanner to provide real-time safe surf analysis of web pages. Running AVG LinkScanner will protect users against new as well as existing forms of social engineering trickery.
[Impulsegamer] Will this be built in to your future AVG products?
[LB] The patent pending AVG LinkScanner technology has been built in to the AVG Anti-Virus and Internet Security software solutions since March 2008.
[Impulsegamer] Social networking sites like Facebook and MySpace have become hugely popular with a variety of users, how does LinkScanner distinguish between a malware infected page as opposed to a non-malware infected page?
[LB] In simple terms, AVG LinkScanner looks at the code and content of the web page for the various exploit techniques used to distribute malware via web site pages. It also checks if the links on the web page are pointing to web pages that are known to be poisoned, or on web sites known to host poisoned pages. Exploits are usually distributed through a network of Internet-connected computers. The originator of the exploit will place the code on a server with the sole purpose of distributing that exploit as widely as possible as quickly as possible. Thus if AVG LinkScanner examines a web page you’re trying to visit and picks up links to the hosting computers, web sites and web pages used to deliver exploits, it knows something is likely to be amiss.
At the more technical level, your browser is a data and code rich environment with a socket tunnel through your firewall that’s used for sending and receiving data. Thus it’s the point of entry into your system for any downloaded code. AVG LinkScanner monitors your socket-level traffic for exploits, closing the socket when an exploit is detected so that it can’t enter your PC.
[Impulsegamer] Before the Olympic Games in China, a “bogus” website was created to sell fake tickets, would LinkScanner have stopped this?
[LB] These web pages used social engineering exploits to trick people into buying what they thought were legitimate tickets. The web site pages weren’t being used to distribute malware by way of web exploits and drive-by downloads. Thus the real-time AVG LinkScanner safe surf technology would see the web site as safe. However, once such web sites are flagged as using social engineering trickery by AVG’s user community and/or researchers, then such web sites are added to AVG LinkScanner’s list of bad web sites. From then on, AVG LinkScanner warns users about the web sites.
[Impulsegamer] Is www.impulsegamer.com a safe site?
[LB] Maybe, or maybe not! AVG LinkScanner currently says the pages on Impulse Gamer are okay. But I wrote this at 3:30 p.m. on Wednesday 22 April 2009. Any time in the period since then a cyber criminal may have hacked the site, or just one web page, and put an exploit there. The bad guy may be turning the exploit on and off, so that it’s only active when your site receives its peak traffic. This is the problem that the real-time protection of AVG LinkScanner solves.
Bad guys may have put posts into the Impulse Gamer forum with links to poisoned web pages. Or purchased adverts on the Impulse Gamer web site that link through to poisoned web pages. So your web site would still be technically “safe”, but it wouldn’t be safe for your users. Some blacklist based solutions may eventually flag the Impulse Gamer web site as unsafe. Would they be right or wrong? And at what point in time would they be right or wrong? Would they be right an hour after your webmaster cleaned up any such problems?
With AVG LinkScanner you know you are safe because the web page is checked for these issues right at the time you try to load it.
[Impulsegamer] What do you believe are the biggest threats to being online?
[LB] The biggest threat online is that it’s now cyber criminals that are behind most security threats today. They want your money. It’s not about hackers “having fun” anymore. It’s about bad people trying to rip you off. Or they obtain your personal information and steal enough bits of your identity so that they can rip others off.
Online gamers are a prime target for identity thieves. Game account details are worth money and are often sold on the online black market by the bad guys. Digital worlds grow their own economies and virtual currencies are converted into real money and back. It’s only natural that the digital profits are targeted by cyber criminals.
The cyber criminals are patient and clever. They don’t necessarily try and get all of the information they need in one hit. They’ll get one piece here, another there, and compile a dossier. Once they have what they need, the trouble begins.
[Impulsegamer] Do you feel safe using the Internet for online banking and purchases?
[LB] Yes, most of the time. However, I only do online banking from PCs I’ve setup and maintain, from known secure locations. I wouldn’t use an Internet Cafe, a friend’s PC, or a public Wi-Fi connection to do online banking. But that’s just what I’m comfortable with. I don’t need to do online banking very often, so I can arrange to do it from safe systems in secure locations. While I know I can be just as safe in other circumstances, I simply don’t need to go there.
I often buy stuff online. (Maybe that’s why I need a 40 foot shipping container to store my overflow stuff!) But if there is something suspicious about the web site, I check it out in more detail. If I still think it’s potentially dodgy, I don’t buy from that web site.
[Impulsegamer] What strategies do you suggest to people to protect themselves from these threats?
[LB] When I’m online, I’m always protected by AVG Internet Security 8.5. This is the most comprehensive security suite solution available from AVG and includes AVG LinkScanner, plus AVG Identity Protection. In other words, I have in place the best security software protection available. Interestingly, most AVG customers feel they same way. The majority of customers buy the full protection of AVG Internet Security 8.5, rather than other less comprehensive product offerings.
Plus I keep everything up-to-date. The AVG software checks for definition and program updates every four hours. The operating system software on all of the PCs I use is kept fully patched and up-to-date, as are utilities (PDF reader, media player, other ‘plug-ins’) and software applications. The Conficker worm succeeded in getting onto so many PCs simply because they weren’t kept up-to-date. One of the most successful worms still infecting PCs was created six years ago, six month after Microsoft provided a security patch for the problem. People think they’re up-to-date, but when you check you find many aren’t. Is yours?
Also, I know a thing or two about staying safe online. I’ve been a computer user/programmer/systems programmer/IT manager/web developer for more than 35 years and I’ve educated myself about the sort of exploits and traps out there. Even a great security solution like AVG Internet Security 8.5 can’t protect me if I’m stupid enough to respond to social engineering exploits.
You don’t even consider looking into offers for penis or breast enlargement products, medications, online gambling, file sharing etc. You don’t win lottery draws you didn’t even enter. You’re not going to inherit a fortune from some benefactor or long lost distant relative. If what is being offered is too good to be true, then pass on it. Don’t buy anything from any business that thinks spam e-mail is a legitimate marketing tool.
In other words, use a common sense approach to shopping online, just as you do when deciding to purchase in a brick and mortar store.
[Impulsegamer] As the threat landscape have changed so much, what do you believe the next threat will be?
[LB] AVG researchers are constantly looking into this issue and introducing new ways to tackle the various new types of threats.
One of the biggest issues in recent times has been the sheer volume of new threats, the number of threat vectors and the performance hit introduced when you try to protect people.
The AVG Labs see some 40,000 to 50,000 new malicious files per day, plus 200,000 to 300,000 new poisoned web sites per day. Yet there are only about 700 or so exploits that are typically used. So it’s an intelligence test. Do you deal with the volume of the threats, or the nature of the threats?
In practice, to provide the best protection you do both. You have multiple layers of protection, each layer using different combinations of protection technologies. Then you fine tune the protection layers so that they all work efficiently together, maximising protection and minimising system impact and overheads.
Consider the AVG Firewall. This is one of the protection layers in AVG Internet Security 8.5. It’s designed to run in conjunction with all of the other protection layers in that product, including Anti-Virus, Anti-Spyware, Anti-Rootkit, Resident Shield, E-mail Scanner, Anti-Spam, Web Shield, LinkScanner, Identity Protection etc. Thus AVG Firewall doesn’t have to duplicate the protection functionality provided by those other protection layers. If you were to turn off all of those other layers of protection and compare AVG Firewall by itself against some standalone firewall product, it would probably compare poorly. But turn all of the layers on and run AVG Firewall the way it’s intended to be used, then it’s a far better solution. (By the way, AVG Firewall has a gaming mode feature.)
Running separate standalone anti-virus, anti-spyware, anti-rootkit, anti-spam, firewall, identity protection, plus safe search and surf solutions will introduce far more overheads and problems than running a comprehensive, full suite solution where the individual layers are engineered to work properly together. This is the primary reason as to why people are increasingly choosing to buy full suite solutions like AVG Internet Security 8.5.
But that’s looking at threats just one way. There are other ways to look at it.
Mac users like to think they don’t need any protection against cyber criminals. But the bad guys are now waking up to the fact that the Mac user base is now a significant enough proportion of the marketplace. Plus Mac users are vulnerable because they think they’re safe. They’re an easy target for the bad guys. So in recent times we’re seeing an increase in attacks aimed at Mac users.
[Impulsegamer] Where can our readers get more information about LinkScanner and AVG products?
[LB] The standalone version of AVG LinkScanner is available online at http://linkscanner.avg.com.
Information about the full range of AVG home and business security solutions is online at http://www.avg.com.au. Plus we have more than 2200 resellers in the region.
[Impulsegamer] Thanks for your time and all the best for LinkScanner