Security Holes Found In Chinese Blocking Software

The “Green Dam” software that the Chinese government wants installed on every PC sold in China by July 1 has remotely exploitable security vulnerabilities, as well as censorship software that blocks more than just adult content, according to researchers at University of Michigan’s Computer Science and Engineering Division.

On the university’s site, the researchers posted remarks about their initial examination of the software.

“We examined the Green Dam software and found that it contains serious security vulnerabilities due to programming errors. Once Green Dam is installed any Web site the user visits can exploit these problems to take control of the computer,” they wrote.

“This could allow malicious sites to steal private data, send spam or enlist the computer in a botnet. In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process.”

Reuters reported on 8 June that the Chinese government told PC makers they must install or provide a CD of the Green Dam software, made by the Jinhui Computer System Engineering Company, with the purpose of “preventing harmful information on the Internet from influencing and poising young people.”

“Green,” in Chinese, refers to Internet use that’s “free from pornography and other illicit content,” according to Reuters.

The researchers write that the Green Dam software filter works in three ways. It uses an image filter, which reportedly flags large areas of human skin tone, though it can distinguish close-ups of faces; a text filter, which blocks out blacklisted words; and a URL filter that filters Web sites also based on what the researchers call “whitelist and blacklist files.”

They report that the blocked content extends beyond just adult material and includes references and sites relating to Falun Gong, the meditation- and exercise-based Chinese discipline that the Chinese government has banned.

“When Green Dam detects these words, the offending program is forcibly closed and an error image… is displayed,” wrote the researchers.

Jinhui’s founder has downplayed the software’s role, telling Reuters that the software can be deleted or uninstalled. The Michigan researchers, however, found that even when deleted, “it fails to remove some log files, so evidence of users’ activity remains hidden on the system.”

They continued, “In light of the serious vulnerabilities we outlined above, the surest way for users to protect themselves is to remove the software immediately using its uninstall function.”

U.S. technology advocate groups have urged the Chinese government to reconsider its stance, though to date it has not. Could these new findings be enough to prompt a change?

“It depends on how much face the Chinese government has invested in the project,” Charles King, a principle analyst with Pund-IT told eWEEK.

“In the past there have been any number of unsuccessful policies that continued simply because to retreat would have been a tacit admission of failure.”

However, King said, “The weaknesses that the University of Michigan found in Green Dam suggests that it’s fundamentally flawed. Then again, those same problems offer the Chinese government a chance to say, ‘Well, we’ll get back to you a little later with this… ‘”