The Wall Street Journal obtained a copy of a notice from China’s Ministry of Industry and Information Technology that indicates the government’s desire to bundle a software agent (Loretta Chao, “China Squeezes PC Makers,” 8 June 2009, page A1) with every personal computer sold in China which will block access to objectionable websites. According to the report, the software, called “Green Dam-Youth Escort,” is developed by Jinhui Computer System Engineering Co., which has partnerships and agreements with the Chinese government, and company and government officials say that the program poses no additional risks to users and hasn’t caused problems on test systems. The New York Times adds that the vendor’s website claims 3.2 million downloads of the software and that Chinese PC manufacturers have agreed to install the agent on PCs they sell domestically. That website, which offfers the software for download, also has a bulletin board that, according to the Times, had reviews from users claiming that the software did not block some pornographic material or slowed down their PCs. Many of those messages were deleted hours later.

Ignoring the political and free-speech debates surrounding this reported move (the notice has not been publicly circulated or announced by the Chinese government), there are a few inherent flaws with this attempt to block “objectionable” content. As any student of information security knows, you can never guarantee absolute security, only find a balance between security risks and availability. Applying Occam’s Razor makes the question “How do you bypass such a requirement?” a rudimentary exercise:

• Purchase a non-Windows machine (the software agent is only designed for the Windows operating system)
• Build your own PC (how could hard drive manufacturers load the agent without Windows being pre-installed?)
• Format the hard drive and install a retail copy of Windows (unless the government forces Microsoft to integrate the software agent with all copies of Windows)
• Swap the hard drive and install a retail copy of Windows (same stipulations as above)
• Format the hard drive and install a modified copy of Mac OS X or another OS (e.g. Linux)
• Delete or uninstall the software agent (a company official, Zhang Chenming, told the Times that the agent could be deleted or temporarily turned off, adding that “a person can still use this computer to go to porn”)
• Toss the CD with the software agent (the Times and WSJ mention the agent possibly being included on CD rather than preinstalled)

I don’t doubt that there are some smart people working inside the Ministry for Industry and Information Technology. The implementation of this notice is not about fixing a technological loophole in the full-size “Great Firewall,” which can be bypassed with a bit of research. When the vendor admits the software is easily deleted or turned off, and when there are so many simple workarounds, any claim that the software will satisfy those crying “think of the children” and shield those inside China from pornography is dubious.

What is frightening from an information security perspective is the risk that such a software agent poses. We know that malware frequently filters victims’ Internet access, preventing them from accessing the websites of anti-virus and anti-spyware vendors. If the software is closed-source — and I have seen no mention of the code being open-source — then there is no definitive way to audit every bit of functionality. If the software has an update mechanism, it has the potential to be hijacked — imagine someone poisoning a major Chinese DNS server so that a malicious person could serve a tampered update. If vulnerabilities exist in the software, which is designed to work in a network environment, imagine the possibilities of remote attacks — for instance, a buffer overflow leading to a DoS or, even worse, remote access and/or privilege escalation.

It would be interesting to see an industry expert’s analysis of the software program. To the vendor’s credit, it is impossible to test a Windows program on every possible combination of hardware (compared to software for Mac OS X, where the available hardware configurations are much more limited) and it is very possible that the negative comments on the bulletin board were from politically-motivated users. However, for this kind of a program, it isn’t hard to imagine how it could result in system instability.

Again, while there are very obvious political and free-speech issues involved, I am trying to approach this from a technology perspective.