Green Dam breached, patch-up in progress
By Cui Jia (China Daily)
Updated: 2009-06-15 07:21
The developer of a porn-filtering software has been ordered to rush software patches to address security problems which have cropped up.
"The Ministry of Industry and Information Technology told us to make the software safer as soon a series of security vulnerabilities were found," Zhang Chenmin, general manager of the Zhengzhou-based Jinhui Computer System Engineering Co, told China Daily Sunday.
The firm developed the Green Dam-Youth Escort porn-filtering software, which will have to be installed on all computers sold in the country from July 1. The software has been downloaded 7.17 million times from the company's website up to last month, and 2.62 million computers in schools across the country have installed it.
Zhang admitted that hackers could attack Internet users through the software due to systemic flaws, "just like any other software of this type".
"We are specialists in producing Internet filtering software rather than security."
The company's programmers are working non-stop in collaboration with domestic anti-virus program experts, such as Ruixing, to develop software patches that can be downloaded for free, Zhang said.
"If Green Dam-Youth Escort is widely installed in its current form, it will be a disaster for computer security in China," J. Alex Halderman, assistant professor of electrical engineering and computer science at University of Michigan, told China Daily Sunday.
Halderman said hackers could exploit the software to take control of users' computers, and steal private information and monitor the user's activities. They could also use the compromised computers to attack other computers, websites, and network infrastructure, he said.
"Anyone can exploit the security flaws we discovered to remotely monitor the user's activity," said Halderman. "We have tested attacks that allow someone to see what is on the user's screen or make remote copies of the user's files."
This problem seems to be a result of programming errors rather than a deliberate design choice, according to Halderman.
Zhang did not want to comment on the blacklisted terms as the list was provided by Beijing Dazheng Human Language Technology Academy Co, the co-developer of the software. The latter, which is responsible for the text filtering function, could not be reached Sunday.
The Halderman report also said that a number of pornographic URL addresses that Green Dam blacklisted were taken from the CyberSitter program developed by California-based Solid Oak Software.
Soon after the report was published, the California company claimed Green Dam contains stolen programming code, AP reported.
"I cannot deny that the two filters' databases of blacklisted URL addresses might share similarities. After all, they are all well known international pornographic websites that all porn-filters are meant to block," Zhang said. "But we didn't steal their programming code."
Zhang expressed anger at Halderman's report. "It is not responsible to crack somebody's software and publish the details, which are commercial secrets, on the Internet. They (the professors) have infringed the copyright of our product.
"I think the negative comments and attacks on Green Dam are intentional," Zhang said, adding his company plans to take legal action against the professors.
More than four in five netizens said they will not use the Green Dam software or will have it uninstalled, according to online surveys conducted by sina.com, netease.com, sohu.com and QQ.com, China's most popular web portals.