Beasley, Allen, Crow, Methvin, Portis & Miles, P.C.

This morning, I stumbled across another interesting “feature” of AVG Anti-virus Free.  404 hijacking.  By default, AVG watches for 404s and when it sees one, it redirects you automatically to a generic AVG search page.

The problem here is that most webmasters have custom 404s that provide the visitor with alternate pages based on the error.  For instance, if we see that someone searched for “laywer” we may ask, are you looking for our “lawyers” and provide them with a link to the lawyer directory.  If we predict that they followed an old link, we may direct them to the search page.

The other issue here is that every one of the “suggestions” that AVG provides is a paid listing!  So, unless you are paying for kewords similar to the word that triggered the 404, the visitor will find your competition instead.

AVG claims that their 404 redirect is meant to help you find what you were looking for.  Yeah right!

If you happen to mistype an address to a web page or try to go to a website that does not exist, AVG provides you with a redirect page that is meant to help provide you some suggestions to the actual webpage or information you were trying to find, including a Yahoo search box to help you search for what you are looking for.

Below is a screenshot of AVG’s 404 page.

Clicking any of the “related search categories” returns results only from Yahoo’s paid listings.

Likewise, searching for a keyword phrase returns only results from Yahoo’s paid listings, even if the search query would have ranked #1 in the free listings.

As you can see below, a search for “beasley allen law firm” from the AVG 404 page returns only paid results, which in this case means the user gets nothing.

Searching the same keyword phrase (”beasley allen law firm”) on Yahoo, Google, MSN correctly return Beasley Allen Law Firm as the #1 result in the organic listings.

Jason sent me a link the other day to warn about an issue with AVG new Search-Shield “feature”.

According to AVG’s website…

The new web shield checks every web page at the moment you click on the link to ensure you’re not hit by a stealthy drive-by download or any other exploits. All links on search results pages in Google, Yahoo, and MSN are analyzed and their current threat level is reported in real time before you click on the link and visit the site.

The problem with Search-Shield is that in order to work as advertised, AVG has to scan each and every search result that is displayed. This will cause a huge increase in traffic to millions of websites, even if the user never clicks on a search result.

To add insult to injury, AVG has disguised their software to mimic Internet Explorer 6 (IE6) traffic. So not only are webmasters forced to deal with the increased bot traffic from AVG’s software, now they have no way to tell fake traffic from legitimate users.

Daniel Brandt, who runs Wikipedia Watch, estimates that Surf-Shield traffic to the site has outstripped legitimate clicks by nearly ten times. In this graph, the pink line represents suspected Surf-Shield scans, the blue line legitimate clicks:

Today I began scanning through our log files looking for any suspicious traffic spikes that could be attributed to the AVG software. I found nothing out of the ordinary, so I decided to conduct a little experiment.

I downloaded and installed the free version of AVG Anti-virus (v8.0.138) on a test box. I then SSH’d into our web server and sat on the access log watching for incoming traffic, and searched for “southern injury lawyer“.

Our website, (www.southerninjurylawyer.com) came up in the search results with an icon next to it signifying that AVG had scanned the website and that it was “safe to proceed to this page.”

The problem is that AVG did NOT scan the website as claimed (see below). Matter of fact, AVG never touched the website that it claimed was safe.

Am I missing something here? I just don’t understand how AVG can scan the website without any trace in the access logs. So, what has your experience with AVG been?