[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) FC: China wants virus samples from software firms, by Te

------- Forwarded message follows -------
Date sent:      	Mon, 02 Apr 2001 19:24:29 -0400
To:             	politech@politechbot.com
From:           	Declan McCullagh <declan@well.com>
Subject:        	FC: China wants virus samples from software firms, by Ted Bridis
Send reply to:  	declan@well.com


From: "Bridis, Ted" <Ted.Bridis@dowjones.com>
To: "'declan@well.com'" <declan@well.com>
Subject: WSJ
Date: Fri, 30 Mar 2001 08:36:32 -0500


China Is Asking Software Firms
To Provide Samples of Viruses


WASHINGTON -- Security officials in Beijing have been requiring that
in order to sell their products in China, leading antivirus-software
companies must provide samples of destructive computer programs and
rogue wiretap software from their research labs.

Between 1999 and the end of last year, three of the industry's largest
vendors -- Network Associates Inc. and Symantec Corp., both based in
the U.S., and Trend Micro Inc. of Tokyo -- gave the Chinese security
ministry roughly 300 different samples of the most common, malicious
software found on the Internet, in exchange for permission to market
their products in China. The three companies collectively represent
nearly 75% of the $1.2 billion world-wide antivirus-software market.

Executives at the three companies said China's Ministry of Public
Security, the nation's principal police authority, told them that they
needed virus samples to independently test the effectiveness of their
software products before they could be sold to consumers.

"We've met with this organization, developed a certain level of trust
and believe they're doing what they're talking to us about," said
Vincent Gullotto, senior director of the research labs at Network
Associate's McAfee Corp. unit in Beaverton, Ore.

Still, the move has raised concerns among some international-trade and
national-security officials here who worry about China developing
information-warfare tools.

Others characterized the request as a potential time-saver for China
that could provide researchers there with insights into developing not
just future viruses but also an increasingly popular class of
surreptitious monitoring software known as "back doors."

It is also possible that the Chinese ministry could be looking to use
the viruses to develop their own antivirus products at the expense of
research done by foreign companies, although the authorities didn't
seek access to the more useful source code that the software companies
use to write antivirus products.

An official at the press office of the Chinese embassy directed calls
to its Commercial Office here. Repeated phone calls to that office
weren't returned. Executives at the three companies said they rejected
persistent Chinese demands for their broader research collections of
viruses and other malicious software.

A fourth company, F-Secure Inc. of Finland, said it negotiated last
summer to let Chinese researchers conduct virus studies at its new
laboratory in Beijing, but declined to surrender the samples directly.

"This is very unusual," said Mikko Hypponen, virus-research manager at
F-Secure. "No other country has anything similar to this."

McAfee President Gene Hodges said that within 90 days of complying
with the Chinese request, his company notified the U.S. government
that it had provided the samples. "No specific concern was expressed"
by the government officials that the company spoke with, Mr. Hodges
said. He declined to say who or which U.S. government department his
company contacted.

Meanwhile, experts also were divided about the potential military
usefulness of the common viruses turned over to China. Many of those
samples can be found within rogue virus collections already on the
Internet, though others are more rare. Mr. Gullotto of McAfee
estimated that determined Chinese researchers "might be able to find
80% to 90%" of what the companies provided, and noted that antivirus
software currently protects against those samples.

Still, the unprecedented request to trade virus samples and other
software programs for market access surprised some researchers at the
companies. Sharing of viruses for research purposes is usually
restricted to fewer than three dozen members world-wide of the loosely
organized Computer Antivirus Researchers Organization. Software firms
keep their sample virus collections -- code zoos -- in secure rooms
and on separate computer networks that are off-limits to all but a
handful of experienced employees.

U.S. international-trade and national-security officials expressed
disappointment with the companies' decisions to share any malicious
software with China's government. They noted that the ministry has an
intelligence division, and that China's military is developing a "Net
Force" of young computer experts trained in information warfare. In
late 1999, the Chinese army's official newspaper discussed the need
for "software and technology for Net offensives so as to be able to
launch attacks and countermeasures on the Net."

These same officials said they were somewhat mollified that the
software companies had negotiated to hand over to China only samples
of relatively common viruses, not their more substantial collections
of tens of thousands of dangerous programs. The shared collection was
described as easily stored on a single CD-ROM disk.

"The concept is troubling," said Commerce Undersecretary William
Reinsch, the outgoing head of the U.S. Bureau of Export
Administration. "We don't want to promote or encourage information
warfare or the further dissemination of viruses that even
unintentionally could bring down our systems." He added that the Bush
administration may need to consider restricting in some ways the
intentional export of malicious software to some countries.

--- POLITECH -- Declan McCullagh's politics and technology mailing
list You may redistribute this message freely if it remains intact. To
subscribe, visit http://www.politechbot.com/info/subscribe.html This
message is archived at http://www.politechbot.com/

------- End of forwarded message -------