Fight against China's Web filtering software grows

A U.S. company that says the filterware copied its code has ordered Lenovo, HP and others not to distribute it

A U.S. company that says its code was copied by a Chinese Internet filtering program has ordered more PC makers not to distribute the Chinese software.

Solid Oak Software has sent cease-and-desist orders to Lenovo, Acer, Gateway, Sony and Toshiba, following similar orders sent to Hewlett-Packard and Dell earlier this week, Solid Oak spokeswoman Jenna DiPasquale said in an e-mail Thursday.

The move added pressure over intellectual property theft to concerns that the Web filtering software, called Green Dam Youth Escort, could be used to bolster China's censorship of the Internet.

China last month ordered PC makers to distribute Green Dam with all computers sold in the country after July 1. The program blocks both pornography and some political content, including Web sites that mention Falun Gong, the spiritual movement banned as a cult in China. China has said the program is meant to protect children and can be disabled or uninstalled.

Solid Oak last week found that the Chinese software used code written in the proprietary format used by CyberSitter, the company's online content filter targeted at parents, DiPasquale said. The Chinese program contained blacklists and files apparently obtained from CyberSitter, according to a report by researchers at the University of Michigan.

An update distributed through the Chinese program has since disabled the copied blacklists, but the version available for download online does not yet reflect the changes, the researchers said in an addition to their report yesterday.

No one at the main company that developed Green Dam, Jinhhui Computer System Engineering, was immediately available for comment.

Solid Oak has not yet heard back from the PC makers it contacted, DiPasquale said. Its next steps could include seeking a U.S. court injunction to stop the companies from distributing Green Dam in China, she said.

An HP spokeswoman said the company is seeking more information regarding Green Dam in cooperation with the Information Technology Industry Council (ITI), a U.S. trade group. She confirmed HP had received Solid Oak's cease-and-desist order, but declined to comment further on its response.

Lenovo said it is closely monitoring developments involving Green Dam and will continue to obey the law in the countries where it does business.

Industry groups including the ITI have called on China to reconsider requiring distribution of the software, and Chinese state media yesterday said foreign companies might not be able to comply with the mandate on time.

"All domestic PC makers are ready to include the software by July 1, but some foreign PC makers, such as Dell, might not be able to meet the deadline," the China Daily quoted an unnamed official as saying.

Chinese Internet users have also filled Twitter streams and online forums with opposition to Green Dam.

Programming errors that left Green Dam vulnerable to some attacks have been patched since the University of Michigan researchers revealed them last week, their updated report says.

But a properly designed IP (Internet Protocol) address could still take control of a user's computer through holes that remain in the patched program, the report says.

The researchers again advised uninstalling the program, calling it unlikely that all of its security problems could be fixed before the deadline for its distribution with PCs.

One patch also updated Green Dam's help file with a license statement for OpenCV, an open source computer vision package developed by Intel, the report said. Green Dam's image recognition tool for pornographic images draws on the package, according to the report.

Earlier versions appeared to violate OpenCV's license by leaving out its text, the report said.

A Chinese foreign ministry spokesman defended China's support for the program and declined to answer a question on its use of copied code at a press briefing Thursday.

"China has the responsibility and the obligation to protect its youth from violation by harmful online information," the spokesman said.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityChinaSolid Oak Software

More about AcerDellGatewayHewlett-Packard AustraliaHPIntelITILenovoSonyToshiba

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Owen Fletcher

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts