One of the AVG components that is probably least understood and causes most confusion is LinkScanner. What does it do? Does it scan webpages, compare URLs against some blacklist, ask the cloud, or what? Actually it partially does all of these things, but the most important piece is the first one.

As you may know, there are currently around 30,000 new viruses and other malware hitting antivirus researchers’ labs each and every day. And most of them spread via the web. The web is really the primary ‘attack vector’ – or distribution medium – for modern malware. But for all these viruses, there are just a few hundred ways for them to attack your computer – infecting your system without you knowing it – either by misusing some bug in the operating system or by using some tricks to persuade you to install the malware (you can read about some of the most interesting tricks in Roger Thompson’s blog). This is the aspect of malware detection that LinkScanner is based on. It scans web page content as that content is delivered to your computer and identifies delivery mechanism patterns that indicate potential malware delivery. When it identifies something suspicious, it blocks that page. The beauty of this approach is that LinkScanner does not have to know the virus itself – it blocks the attack no matter what new malware the page is trying to deliver to you! This way, even new variants of rogue spyware products, fake codecs and other similar ‘tricks’ cannot harm your computer. LinkScanner is installed on the network layer, intercepting all web traffic regardless of which browser you use and detecting threats before the browser sees anything. That makes it even more effective.

Some people think that, if they use a blacklist of “known-bad” web sites, they are safe and don’t need LinkScanner. Unfortunately, they are wrong. Most web threats are served from web sites that exist for less than one day – and often for only a few hours. Even more sneakily, some infected web pages serve malicious content only to certain site visitors, for example only users from particular areas. The bad guys will try anything to avoid detection. But since LinkScanner evaluates the real content of the web page right when it is delivered to your computer, it cannot be tricked in this way. Yet another reason to use

Another LinkScanner myth is that some people think it actually visits the web page to scan it, which would enable it to be easily identified by malicious code on the web page and spoofed. This is also not true – LinkScanner is installed on the client computer and scans incoming traffic. So the web request comes from the browser and LinkScanner only monitors what has been delivered. There’s no additional traffic and no way for the malware to tell if the client has LinkScanner installed or not.

As you can see, LinkScanner is pretty powerful technology. With modern threats, one technology and one protection layer is not sufficient; LinkScanner serves as a very solid extra layer in the overall AVG security system.

How AVG LinkScanner® works