PC Makers Face Looming Chinese Spyware MandateBy Ericka Chickowski | Print
Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame
Security concerns arise about the Green Dam spyware with only a week until the deadline for PC makers to install it on China-bound units.
With less than a week remaining before PC makers are required to install censorship software on all units headed to China, industry insiders are simultaneously skittering to prep units for distribution while also seeking other avenues to potentially convince the Chinese government to change its mind on the mandate at the 11th hour.
Known as Green Dam Youth Escort, the spyware program in question is being foisted on the PC industry by the Chinese Ministry of Industry and Information Technology (MII). Last month the communist government bureau released the mandate that the Internet filtering program be bundled on all newly sold PCs in the country starting July 1 in order to protect China’s youth from pornography. However, analysis of the program has shown that it blocks much more than Internet pornography. Green Dam also enables the Chinese to crack down on web surfing to sites the government views as subversive.
The security community has also found that the program is deeply flawed, and could potentially threaten the global Internet community once hackers start taking advantage of the program’s vulnerabilities to take control of the millions of PCs burdened with Green Dam’s damaged code.
Last week, three scientists from the Computer Science and Engineering Division at the
The University of Michigan released a condemning analysis of Green Dam that detailed numerous vulnerabilities found after reviewing the software for only 12 hours. As report authors put it, their findings are likely "just the tip of the iceberg."
"We examined the Green Dam software and found that it contains serious security vulnerabilities due to programming errors. Once Green Dam is installed, any web site the user visits can exploit these problems to take control of the computer," the University of Michigan report reads. "This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet. In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process."
The looming Green Dam deadline once again puts the technology industry in a pickle when it comes to marketing to the Chinese people. According to a report from the Chinese firm CCID Consulting released in February 2009, PC sales rose 9.6 percent last year. The market segment accounted for 32 million units moved and $23.61 billion in total sales. While that adds up to tremendous opportunity for manufacturers and distributors, they must pay to play in the Communist sandbox.
The U.S. Department of Commerce also stepped up to the plate yesterday in defense of the American PC industry, warning China that it believes the mandate is against World Trade Organization rules.
"China is putting companies in an untenable position by requiring them, with virtually no public notice, to pre-install software that appears to have broad-based censorship implications and network security issues," U.S. Secretary of Commerce Gary Locke said in a statement.
In regard to Green Dam, the cost comes in the form of the logistical nightmare of rolling out bundled units under strict time contstraints as well as the ethical dilemma of aiding and abetting censorship.
Industry officials are working furiously to push back on the Chinese policy. In a statement released jointly by the Information Technology Industry Council, the Software & Information Industry Association, the Telecommunications Industry Association and TechAmerica, officials said they, "urge the Chinese government to reconsider implementing its new mandatory filtering software requirement and would welcome the opportunity for a meaningful dialogue. We believe there should be an open and healthy dialogue on how parental control software can be offered in the market in ways that ensure privacy, system reliability, freedom of expression, the free flow of information, security and user choice.