China's Green Dam-Youth Escort censorship initiative is facing hurdles as some schools and Internet cafes either don't have the software or have uninstalled it.
Initially required for all new PCs when it was introduced in June, the Chinese government revised its mandate in August and effectively lifted the burden on PC makers to package the so-called content-filtering software in computers. However, the highly controversial software is still required to be installed in PCs used in schools and public places, including Internet cafes.
Green Dam is one of many tools the government uses to control Internet content.
Read more of "Green Dam enforcement watered down" at ZDNet Asia.
The Chinese government may be waving a white flag in response to all the criticism of its Green Dam filtering software.
Beijing won't force the widespread installation of the Internet filtering program on PCs and other consumer products, China's industry minister, Li Yizhong, said Thursday, according to a report in The Wall Street Journal.
The Green Dam interface. (Credit: University of Michigan)
In June, China said it would require that the Green Dam software be installed on all computers sold in the country by both domestic and foreign manufacturers. Since later that month, China has been delaying a permanent decision on whether to demand the software be preinstalled on all PCs.
According to the Wall Street Journal story, Li said that the intention was for the software to be installed voluntarily by individuals or their parents. He stressed that the program is intended to protect children from pornography and other harmful content and that attempts to politicize the issue or "attack China's Internet management system" are fanciful and irresponsible, the Journal reported.
China will still move forward with installing Green Dam in schools and Internet cafes across the country.
Since China announced the requirement of Green Dam, the software had been criticized on several fronts, putting pressure on the Chinese government to re-examine its decision.
In addition to protecting children from pornography, the filter was seen as a further attempt at censoring content objectionable to the Chinese government, also creating potential trade barriers and other headaches for PC manufacturers.
Experts also said the program is poorly developed and unsafe and would leave PCs vulnerable to hackers. One exploit popped up in late June that would allow attacks on computers outfitted with Green Dam.
China has indefinitely delayed enforcement of a requirement that PC makers preinstall Green Dam-Youth Escort software that experts believe would have screened not just Internet pornography but also some online political content.
Green Dam allows users to specify categories of sites to block.
(Credit: University of Michigan)The reprieve, announced by China's Ministry of Industry and Information Technology, according to reports in The New York Times and the Associated Press, came just one day before the preinstallation rule was to go into effect.
But thus far the reprieve appears temporary: the ministry said the delay will give computer makers more time to comply with the rule, and the government also will continue to equip school and cybercafe computers with the software, according to the New York Times report.
Experts have warned that the Green Dam software poses security risks, and last week, the U.S. Trade Representative protested that Green Dam violates World Trade Organization rules
PC makers had been cagey about their plans to comply with the rule to install the software. Technical and other objections must be weighed against business concerns, and China is a large and growing market. Companies that deal directly with Internet content have been in the hot seat for years, and Google has had to wrestle with new Chinese censorship requirements this month.
The content-filtering software the Chinese government wants installed on all PCs sold in that country beginning next week was poorly developed and puts users at risk of having their computers compromised, a security expert who examined the code said on Thursday.
The Chinese government is requiring that all PCs include the Green Dam-Youth Escort software to block pornography, but it also blocks access to content related to violent computer games, illegal drugs and political speech, said Ben Feinstein, director of research at SecureWorks, a managed security service provider.
Critics are worried that the Chinese government could use Green Dam, a free download, to block all kinds of content and monitor online activities of users, as well as worried that the software could allow for a massive botnet to be created, either by cybercriminals or the Chinese government itself.
Feinstein and colleagues at SecureWorks' Counter Threat Unit examined the Green Dam code earlier this month and found that it uses a variety of unsafe programming practices that have been banned at Microsoft and other U.S. companies, he said.
An example is the use of Strcpy, or string copy, a library function in the C programming language that copies memory from one buffer to another, according to Feinstein. If the copied string doesn't fit in the destination buffer, it will overwrite memory and can be used in a buffer overflow attack.
"This software appears to be of low quality and to have not been developed with a secure methodology," Feinstein said. "It likely suffers from a whole host of problems."
The way Green Dam is designed to inspect all Internet traffic coming into and going out of a PC means more parts of the code are exposed to potential attack compared with programs that are more limited in scope and process less data, he said.
In addition, having the software on all PCs in China, as mandated, would create a huge install base and be an attractive target for attackers who could attack millions of computers by targeting just this one program, Feinstein said.
China historically has censored the Internet using filters on the network, blocking access to pages that deal with politically sensitive subjects like Tiananman Square, Falun Gong, and Tibet. Installing filtering software on the end-user computers will make it easier to block content than doing it in the network, according to Feinstein.
"You get efficiencies of scale if you push the filtering down to the end point rather than inspect huge Trans-Pacific pipes entering and leaving your country," he said. Green Dam was published by Jinhui Computer Systems Engineering, which is run by a former officer of the Peoples' Liberation Army, he added.
Researchers at the University of Michigan issued a report two weeks ago that found two major security vulnerabilities in Green Dam that could allow someone to remotely take over a computer running the software. The software was later updated and patched, according to an update to the report issued a week ago, however the researchers said they had discovered an additional security hole that remained unfixed.
Separately, a security researcher said he had released on a public Web site an exploit for a buffer overflow that remained unpatched in the Green Dam update.
An exploit for a flaw in censorware mandated by the Chinese government has been made publicly available for download on the Internet.
The buffer overflow flaw exists in the latest, patched version of Green Dam, 3.17, according to security researcher "Trancer," who claims authorship of the attack code.
"I wrote a Metasploit exploit module for Internet Explorer, which exploits this stack-based, buffer overflow vulnerability in Green Dam 3.17," Trancer wrote in his Recognize-Security blog. "I've tested this exploit successfully on the following platforms: IE6, Windows XP SP2, IE7, Windows XP SP3, Windows Vista SP1."
The attack code, which has been posted to the Milw0rm Web site for proof-of-concept exploits, has been circulating in the wild for a week, according to security consultant and ZDNet blogger Dancho Danchev.
The Chinese government has ordered Green Dam censorware, billed as a pornography filter, to come preinstalled on all PCs sold in the country beginning July 1. Jinhui Computer System Engineering, which produces the software, patched Green Dam after a team from the University of Michigan exposed a buffer overflow flaw in it.
Last week, the researchers said in an addendum to their original paper that despite this patch, the software remains vulnerable to buffer overflow attacks, which indicates that Green Dam's security problems "run deep."
Green Dam intercepts Internet traffic using a library called SurfGd.dll. Even after the patch, SurfGd.dll still uses a fixed-length buffer to process Web site requests, the researchers explained. Malicious Web sites could overrun this buffer to take control of the execution of applications on a target computer.
"The program now checks the lengths of the URL and individual HTTP request headers, but the sum of the lengths is erroneously allowed to be greater than the size of the buffer," wrote the researchers. "An attacker can compromise the new version by using both a very long URL and a very long 'Host' HTTP header. The pre-update version, 3.17, which we examined in our original report, is also susceptible to this attack."
Green Dam is also vulnerable to a blacklisting flaw, identified by University of Michigan researchers Scott Wolchok, Randy Yao, and J. Alex Halderman, which could allow third parties to upload malware via an innocuous-seeming update.
Western security experts have greeted the censorware with criticism. Bruce Schneier, BT's chief security technologist, told ZDNet UK the software could allow the creation of a massive botnet, either by Web criminals or even by the Chinese government. "Suddenly you have an army of a couple of billion computers," said Schneier. "This should worry all of us."
Tom Espiner of ZDNet UK reported from London.
Experts have warned of serious security flaws in the Chinese government's censorship software, which could open the door to hackers creating huge botnets.
Programming errors in the Green Dam Youth Escort software, which the Chinese Ministry of Industry and Information Technology said Tuesday must be preinstalled on all new computers in the country, are at the root of the flaws, according to experts from the University of Michigan.
This message pops up on PCs when the Green Dam software spots banned phrases.
(Credit: University of Michigan)"Once Green Dam is installed, any website the user visits can exploit these problems to take control of the computer," wrote the university's researchers. "This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet." The warning came in a paper published Thursday by researchers Scott Wolchok, Randy Yao, and J. Alex Halderman.
The Green Dam software filters content by blocking URLs and Web site images and by monitoring text in other applications. The filtering blacklists include both political and adult content.
The researchers said that after only one day of testing Green Dam, they discovered programming errors in the code used to process Web site requests. These would result in buffer overrun conditions on all computers running the software, they said.
"The code processes URLs with a fixed-length buffer, and a specially crafted URL can overrun this buffer and corrupt the execution stack," said the researchers. "Any website the user visits can redirect the browser to a page with a malicious URL and take control of the computer."
The researchers built a proof-of-concept program to demonstrate the flaw and said it would crash any computer running Green Dam.
In addition, Green Dam can be used to install any other program on a computer, via a blacklist vulnerability. This problem would allow Green Dam's makers, or a third-party impersonating them, to execute arbitrary code and install malicious software on the user's computer, after installing a filter update.
Chinese government news agency Xinhua reported that Jinhui Computer System Engineering, which developed Green Dam, had said the software was not spyware. "Our software is simply not capable of spying on Internet users, it is only a filter," Jinhui is quoted as saying.
The Xinhua article did not address whether the filter itself could be used to upload spyware.
The University of Michigan researchers recommended that anybody running Green Dam uninstall the software immediately. However, according to a translation of feedback on Jinhui's user forum, teachers and educational establishments have no choice but to use the software.
"Let me say something here," wrote one teacher. "We were forced to install the software. So I have to come to this website and curse. After we installed the software, many normal websites are banned."
Currently, Green Dam is only optimized for Microsoft's Internet Explorer browser, according to leaked technical specifications posted on the Wikileaks website.
Tom Espiner of ZDNet UK reported from London.
- prev
- 1
- next
