RSS Alerts
Green Dam purports to protect PCs, but may do exactly the opposite, say researchers.

Share

More services

Related Links

Related Stories

  • Gumblar malware attack sweeps web
    A modified attack that alters Google searches is taking the web by storm according to security researchers, who have identified more malware domains being used in the attack.
  • Pentagon security cleared worker charged with cyber espionage
    A US defense worker who had a Pentagon security clearance has been charged with providing classified information to Chinese officials.
  • RSA: Lumension and Microsoft ink whitelisting deal
    Endpoint security company Lumension teamed up with Microsoft at the RSA show to launch a software whitelisting service. The move, which sees the companies sharing information about legitimate software applications, lends increasing credence to the idea that blacklisting malicious software by signature is becoming less tenable as the number of malware variants increases.
  • Congress concerns over China cyberwarefare program
    A Congressional Panel of six Democrats and six Republicans has concluded that China has developed a highly sophisticated cyberwarfare program and is ramping up its capacity to penetrate US computer networks.
  • Malware protection before infection
    A US Department of Homeland Security-funded research program will help deliver Endeavor Security’s new method of targeting botnet and malware attacks before hosts are infected.

Top 5 Stories

News

Chinese computer protection system against malware insecure, say researchers

16 June 2009

Researchers at the University of Michigan have criticized an alleged initiative by the Chinese government to protect the public's computers from malware, arguing that it creates significant vulnerabilities on users' machines.

'Green Dam' is a software program allegedly soon to be mandated by the Chinese Government. It will have to be installed on all computers sold in the country, according to press reports, and is designed to protect them from malware infection.

However, researchers Scott Wolchok, Randy Yao, and J Alex Halderman say that within 12 hours of testing, they uncovered vulnerabilities that could allow any website to compromise a visiting computer loaded with the software.

"After only one day of testing the Green Dam software, we found two major security vulnerabilities. The first is an error in the way the software processes web sites it monitors. The second is a bug in the way the software installs blacklist updates. Both allow remote parties to execute arbitrary code and take control of the computer," said the report.

In the first instance, a function that checks URLs against a blacklist is subject to a buffer overflow error. In the second, the filter files that it installs to update its list of banned sites can be corrupted by an attacker impersonating the update server - or by the original authors of the software. A corrupted file could again cause a buffer overflow error that could allow arbitrary code to be run on a machine.

The malware code can be removed by those who have the administrator password, said the researchers, although it does leave some log files on the system that can reveal users' activities.

"The software makes extensive use of programming techniques that are known to be unsafe, such as deprecated C string processing functions including sprintf and fscanf," said the researchers. "These problems are compounded by the design of the program, which creates a large attack surface: since Green Dam filters and processes all Internet traffic, large parts of its code are exposed to attack."

This article is featured in:
Application Security • Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012