A Programmer's Dream

Take a Vitamin C; All Your Virus Metrics Belong to AVG

Posted by Stephen Wrighton on 17 Nov 2008

Steve Wiserman over at IntelliAdmin.com has an article talking about the recent AVG Anti-virus screw up concerning Windows XP and User32.dll.

In it, he asks the following two questions:
This makes me ask a few questions. First, how can they determine which customers are affected. Secondly how can they tie that to contact information?
Reasonable questions, and while I don't know for certain that this is how AVG has accomplished this task, here's two possible way that it could be done.

First, AVG talks to it's parents servers. We knows this because it updates itself, and it checks to see if you are running a valid license. Is it so unbelievable that they are pushing up metrics on what viruses are being caught as well? At that point it's a simple matter of connecting a installation license with the associated email address.

Second way is to push down an update to the application which checks to see if said file was stuck into quarantine or cleaned and then toss up a messagebox displaying the upgrade offer.

Now, why do I think those two ways are possible? It's simple, as a user of the software I read the EULA.
6. Miscellaneous.

a. Notice. AVG Technologies may deliver any notice required by this Agreement via pop-up window, dialog box or other device, even though you may not receive the notice unless and until you launch the Software. Any such notice will be deemed delivered on the date AVG Technologies first makes it available through the Software, irrespective of when you actually receive it.

b. Privacy.

i. You acknowledge that AVG Technologies collects certain information regarding the users of the Software, including certain personally identifiable information. You hereby consent to AVG Technologies' collection and use of such information, and agree that AVG Technologies' collection and use of such information will be governed by AVG Technologies' Privacy Policy, currently published at www.avg.com, as AVG Technologies may revise the same from time to time.
Bloody annoying things they are, but they do tell you all sorts of interesting tidbits of information about the software and what it does. Either way of discerning who was troubled by the screw up by AVG is well within their "rights" according to the EULA.

Amusing what you learn when you read those evil things, eh?

Tweet me @kidananubix if you like this post.