Saturday, June 20, 2009

Sunbelt: Green Dam = Spyware

Via Sunbelt Blog -

Sunbelt Software has added detections to its products to find and remove Green Dam-Youth Escort, the Internet filtering (and spyware) software that the Chinese government requires on all new computers sold in the country after July 1.

We classify it as a surveillance tool with a rating of “moderate risk” and we recommend that CounterSpy™ and VIPRE® users quarantine it.

We’re going to be reading a lot about Green Dam-Youth Escort in coming weeks (months? years?) The government of China mandated that it be installed on new machines to protect its citizens from obscene and harmful content. Computer users are allowed to uninstall it.

The Chinese Ministry of Industry and Information Technology bought the rights to the application for one year through a no-bid $6 million purchase from Jinhui Computer System Engineering Co. of Zhengzhou. Jinhui also stands to make a mountain of money after one year since users will be required to pay for updates. It was estimated recently that there are 253 million Internet users in China.

Most observers assume it also is to prevent Chinese Internet users from seeing content critical of the government. The Chinese government already operates a “Great Firewall” to filter Internet content (including politically sensitive sites) but it can be bypassed.

Politics aside, there are some serious problems with Green Dam:
-- It has the capacity to monitor keystrokes.
-- It logs the URLs of sites the user has attempted to reach.
-- It uses unencrypted data transfer from clients to company servers.
-- OpenNet Initiative said Green Dam can monitor activities in addition to Web browsing and can shut down applications.
-- The black-list update process is vulnerable to compromise
-- Exploit code has been posted that compromises Internet Explorer on computers running Green Dam. It uses a stack overflow in the browser process triggered by an overly long URL. It works on Microsoft’s latest Vista operating system too.
-- Solid Oak Software Inc. of Santa Barbara, Calif., is bringing a legal action in China, claiming that Jinhui used code from its CyberSitter filtering software. Jinhui denies the allegation.

There have been reports from testers that Green Dam slows browsers and doesn’t filter properly. It uses color-tone filtering to spot pornographic images, but there are reports that it misses images of dark-skinned people and mistakenly filters images of pigs.

The Green Dam black list

Bloggers familiar with China who have read through the Green Dam black list of words to be filtered found that it contains about 2,700 words related to pornography and about 6,500 “politically sensitive” words.

The political blacklist includes:

June 4th (Date of military attack on Tiananmen Square protestors that left 2,500 dead)
essence (?)
fallacies and heresies

The porn-related words include:

Cat-III (Hong Kong film industry “adult” rating)

And, nobody-knows-what, maybe a typo or a new euphemism for a sex act:

Fanyu (originally a little known word found in a few Buddhist scriptures)

For more, see here.
Or here.

Exploit code here.

No comments:

Post a Comment