I guess it could be done using some combination of first placing into every HTTP header: "Refresh: 2;URL=htpp://www.grisoft.com/", which would then allow a piece of Javascript on the web page up to 2 seconds to figure out if the visitor is a real browser (maybe even including some DOM checks too), and then acting accordingly (ie: sending the user to a page without the redirect header). If AVG's http fetcher doesn't execute the Javascript or fails to pass the browser test, then it gets redirected back to AVG's site because of the HTTP header.
Convoluted? Yes. Will it work? It should, unless AVG decides to implement a full Javascript engine and DOM stack in their http fetcher. Also, the initial re-direct doesn't have to go to Grisoft, it could go each time to a randomly selected site from a list of their competitors <evil grin>.
I think AVG is really playing with fire, it's really only a matter of time before things like this start popping up as defense mechanisms.
Convoluted? Yes. Will it work? It should, unless AVG decides to implement a full Javascript engine and DOM stack in their http fetcher. Also, the initial re-direct doesn't have to go to Grisoft, it could go each time to a randomly selected site from a list of their competitors <evil grin>.
I think AVG is really playing with fire, it's really only a matter of time before things like this start popping up as defense mechanisms.