PCWorld Canada
June 12, 2009
Internet filtering software that China plans to distribute nationwide blocks content related to a spiritual movement banned in China, despite government claims that the software targets only porn. A flaw in the program could also be used to pull user PCs into botnets, researchers say.
The program automatically closes a browser window when it detects Chinese words related to Falun Gong, according to a keyword blacklist decrypted and posted online Thursday in a report by researchers at the University of Michigan.
Falun Gong, a meditation practice, was banned in China as a cult ten years ago after mass gatherings by followers in Beijing stoked government fear.
China this month ordered PC makers to include the porn filtering software, called Green Dam Youth Escort, either pre-installed or on a CD-ROM with all new computers sold in the country from July 1.
The move has raised concern among PC makers and rights groups that the program could be used to block other Web sites as well, but China has insisted the software targets only "harmful" information like porn and violent content. A Chinese Internet official called filtering porn the "only purpose" of the program, according to the state-run China Daily.
Visiting Chinese sites dedicated to Falung Gong with the filter active confirmed the program's response. A pop-up message notifies the user that the information is "harmful" and closes the window. It does the same thing when it detects a small number of political keywords revealed in the University of Michigan report, including "evil Jiang Zemin," a negative reference to China's former president.
Bryan Zhang, manager of Jinhui Computer System Engineering, the program's main developer, said he did not know its keyword blacklist included non-pornographic terms. Jinhui developed the program's image filtering tool, which blocks Web sites when it detects pornographic pictures. Dazheng Human Language Technology, which contributed the program's language filter, declined to comment.
The security of the program could also be an issue. A specially crafted Web address could overrun the buffer the program uses to process URLs, redirect users to malicious sites and take over their computers, according to the U.S. researchers. That control could be used to drag computers into a botnet, steal personal information or send spam, the report said.
The researchers took less than 12 hours to uncover the flaw and other "serious security vulnerabilities due to programming errors," the report said. While those flaws could be easily patched, extensive rewriting would be needed to remove all of the program's problems, it said.
The software can be turned on or off by users with the parental control password, but uninstalling it does not remove all log files of user activity, according to the report.
Jinhui's Web site became inaccessible this week after foreign industry executives and Chinese Internet users protested the move to distribute the software.
China is also working to place the software on all computers in Chinese schools.
http://www.pcworld.ca/news/article/d494112ec0a8000601b38815486cef0b/pg0.htm