China Orders Patches to Planned Web Filter
BEIJING — A designer of Internet filtering software that is required to be preinstalled on computers sold in China has been ordered by the Chinese government to fix potential security breaches, according to a report Monday in China Daily, the official English-language newspaper. The official order is an indication that the government still supports use of the program despite heated debate over it.
The proposed software, called Green Dam-Youth Escort, has come under attack from many computer users in China for both political and technical reasons. Critics say that although the Chinese government insists the software will be used only to block access to pornographic Web sites, the software’s actual use will be to block sites with political content, like those that discuss the Tibet issue or the crackdown during the 1989 Tiananmen Square protests.
The government says all computers sold in China after July 1 must have the software installed. Some computer experts who have studied the software said last week that the software is so flawed that it can allow hackers to monitor a user’s Internet activity, steal data or plant viruses. One expert, J. Alex Halderman, a computer science professor at the University of Michigan, has posted on the Internet a report on its vulnerabilities.
Rather than agreeing to scrap the software altogether, the Chinese government has responded to the technical criticisms by ordering that the potential security breaches be eliminated.
“The Ministry of Industry and Information Technology told us to make the software safer as soon as a series of security vulnerabilities were found,” Zhang Chenmin, the general manager of Jinhui Computer System Engineering, which helped design the software, told China Daily.
Mr. Zhang acknowledged that the software had systemic flaws that would allow hackers to attack computers that used the program, “just like any other software of this type.”
Mr. Halderman said last week that it had taken only a few hours for him and his students to infiltrate a computer loaded with Green Dam and force it to crash. A skilled hacker could take over the computer to mine personal data or hitch it to other infected machines in a malevolent network, he added.
Debate about the software exploded on the Internet last week as Chinese “netizens” learned more about the software requirement issued by the Ministry of Industry and Information Technology. China Daily reported Monday that surveys done by four of China’s most popular Web portals showed that four in five netizens would not use the software or would have it uninstalled.
Early reports had indicated that the government might simply require Green Dam to be included on a CD packaged with new computers. But it became apparent last week that the government was insisting that all computer makers pre-install the software by July 1.
Foreign computer makers learned of the requirement three weeks ago and have been asking the Chinese government to reconsider the rules.
Meanwhile, Solid Oak Software, a company based in Santa Barbara, California, has accused the designers of Green Dam of stealing programming code from a piece of software developed by Solid Oak that blocks Web sites deemed to be pornographic, violent or offensive. Solid Oak says that some of the “blacklist” files used by Green Dam had been originally developed for its program, which is called Cybersitter.
“I cannot deny that the two filters’ databases of blacklisted URL addresses might share similarities,” Mr. Zhang was quoted as saying in China Daily. “After all, they are all well-known international pornographic Web sites that all porn filters are meant to block. But we didn’t steal their programming code.”
By: EDWARD WONG