该报告建议所有已安装"绿坝-花季护航"的户立即卸载,以保护计算机的安全.该报告的结束语强调,如果把"绿坝-花季护航"的目前这个版本普遍安装到betway必威体育官网 的计算机上,将会严重影响betway必威体育官网 的计算机安全.而厂家生产出安全补丁或发布新的版本需要大量的时间来反复验证和测试.由于betway必威体育官网 政府要求普遍安装"绿 坝-花季护航"的日期是7月1日,厂家已经没有时间在此日期前推出安全补丁或发布新的版本了.
由于时间仓促,笔者就不全部翻译原文了.原文的链接在这里:
http://www.cse.umich.edu/~jhalderm/pub/gd/
.以下是英文原文摘要:
Analysis of the Green Dam System Censorware
Scott Wolchok, Randy Yao, and J. Alex Halderman
Computer Science and Engineering Division
The University of Michigan Revision 2.4 - June 11, 2009
Summary We have discovered remotely-exploitable vulnerabilities in Green Dam, the software reportedly mandated censorship by the Chinese government. Any web site at Green Dam user visits can take control of the PC.
According to press reports, China will soon require all PCs sold in the country to include Green Dam. This software monitors Web sites visited and other activity on the computer and blocks adult content as well as politically sensitive material.
We examined the Green Dam and software found that it contains serious security vulnerabilities due to programming errors. Once Green Dam is installed, any web site the user visits can exploit these problems to take control of the computer. This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet. In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process.
We found these problems with less than 12 hours of testing, and we believe they may be only the tip of the iceberg. Green Dam makes frequent use of unsafe and outdated programming practices that likely introduces numerous other vulnerabilities. Correcting these problems will require extensive changes to the software and careful retesting. In the meantime, we recommend that users protect themselves by uninstalling Green Dam immediately.
