China orders plug for hole in Green Dam

The Chinese government has ordered the makers of the Green Dam Youth Escort censorware to rush out a patch.

The censorship software has been downloaded over 3.5 million times since August 2008, according to its makers Jinhui Computer System Engineering. However, researchers from the University of Michigan revealed in a paper last week that the program contains gaping security flaws, which could lead to users' systems being compromised, and the creation of a massive botnet.

Jinhui on Monday told the People's Daily, an officially sanctioned Chinese publication, that the company had been ordered by a government agency to produce a patch.

"The Ministry of Industry and Information Technology told us to make the software safer as soon [as] a series of security vulnerabilities were found," said Zhang Chenmin, general manager Jinhui, on Sunday.

The Green Dam software is billed by the Chinese government as a pornography filter, primarily for use in schools.

In their paper, the University of Michigan researchers the software could allow malicious code to be uploaded to a PC, if the user visited a malicious Web site. In addition, they said the filter contains a backdoor that could allow the software's manufacturer or a third party to remotely install malware.

Jinhui plans to take legal action against the University of Michigan researchers for revealing the flaws, Zhang told the People's Daily.

"It is not responsible to crack somebody's software and publish the details, which are commercial secrets, on the Internet. [The researchers] have infringed the copyright of our product," said Zhang.

According to the University of Michigan paper, the Green Dam software includes a number of blacklists from the CyberSitter Web-filter program, which is produced by California-based Solid Oak. On Saturday, the U.S. software publisher alleged that Green Dam features Solid Oak's proprietary code, and said it will seek an injunction to prevent U.S. companies from shipping computers with the filtering software.

Zhang said while there may be similarities in the sites blocked by the two filters, Jinhui had not infringed copyright.

"I cannot deny that the two filters' databases of blacklisted URL addresses might share similarities," Zhang told the People's Daily. "After all, they are all well known international pornographic websites that all porn filters are meant to block. But we didn't steal their programming code."

The software has been mandated by the Ministry of Industry and Information Technology to be pre-installed on all new computers from July 1, while the initiative has been agreed by Lenovo, according to Jinhui.