[cmslabstudent] 绿坝-花季护航软件技术分析
- From: Weiguang Chen <chenweiguang82@xxxxxxxxx>
- To: cmslabstudent@xxxxxxxxxxxxx
- Date: Mon, 15 Jun 2009 02:47:36 +0800
绿坝-花季护航软件技术分析 <https://docs.google.com/View?id=afk7vnz54wt_12f8jzj9gw>
绿坝-花季护航软件技术分析(不断更新中)
A Technical Analysis of the 'Green Dam-Youth Escort' Software
协作组编写 A collaborative work
2009年6月 June, 2009
------------------------------
目 录
1. 关于
About<https://docs.google.com/View?id=afk7vnz54wt_12f8jzj9gw#1.%E5%85%B3%E4%BA%8E_About>
2. 目的和功能 Objectives and
functions<https://docs.google.com/View?id=afk7vnz54wt_12f8jzj9gw#2.%E7%9B%AE%E7%9A%84%E5%92%8C%E5%8A%9F%E8%83%BD_Objectives_and_functions>
3. 适用性
Applicability<https://docs.google.com/View?id=afk7vnz54wt_12f8jzj9gw#3.%E9%80%82%E7%94%A8%E6%80%A7_Applicability>
4. 技术架构分析 Technical Framework
Analysis<https://docs.google.com/View?id=afk7vnz54wt_12f8jzj9gw#4.%E6%8A%80%E6%9C%AF%E6%9E%B6%E6%9E%84%E5%88%86%E6%9E%90_Technical_Framework_Ana>
5. 内容检测技术 contents detection
methods<https://docs.google.com/View?id=afk7vnz54wt_12f8jzj9gw#5.%E5%86%85%E5%AE%B9%E6%A3%80%E6%B5%8B%E6%8A%80%E6%9C%AF_contents_detection_meth>
6.
被监控、屏蔽的关键词、URL数据库文件分析<https://docs.google.com/View?id=afk7vnz54wt_12f8jzj9gw#6.%E8%A2%AB%E7%9B%91%E6%8E%A7%E3%80%81%E5%B1%8F%E8%94%BD%E7%9A%84%E5%85%B3%E9%94%AE%E8%AF%8D%E3%80%81URL%E6%95%B0%E6%8D%AE%E5%BA%93%E6%96%87%E4%BB%B6%E5%88%86%E6%9E%90>
7. 用户体验 User
experience<https://docs.google.com/View?id=afk7vnz54wt_12f8jzj9gw#7.%E7%94%A8%E6%88%B7%E4%BD%93%E9%AA%8C_User_experience>
8. 知识产权侵害 Copyright
infringement<https://docs.google.com/View?id=afk7vnz54wt_12f8jzj9gw#8.%E7%9F%A5%E8%AF%86%E4%BA%A7%E6%9D%83%E4%BE%B5%E5%AE%B3_Copyright_infringement>
9. 潜在风险
Vulnerabilities<https://docs.google.com/View?id=afk7vnz54wt_12f8jzj9gw#9.%E6%BD%9C%E5%9C%A8%E9%A3%8E%E9%99%A9_Vulnerabilities>
10. 媒体报道 Media
coverage<https://docs.google.com/View?id=afk7vnz54wt_12f8jzj9gw#10.%E5%AA%92%E4%BD%93%E6%8A%A5%E9%81%93_Media_coverage>
11. 相关文件 Links<https://docs.google.com/View?id=afk7vnz54wt_12f8jzj9gw#links>
------------------------------
1.关于 About
绿坝-花季护航是郑州金惠的"金惠堵截黄色图像和不良信息专家系统"以及北京大正的"花季护航上网管理软件"组合之后的市场产品名。
Green Dam is the informal name given to the combination of two commercial
products: a pornographic image and harmful information blocking system from
Jinhui Technologies in Zhengzhou, Henan province and the Beijing-based
Zhengda Corporation's 'Youth Escort' Internet activity management software.
金惠堵截黄色图像和不良信息专家系统 V2.51
项目总监 赵慧琴 Project Director: Zhao Huiqin
技术总监 周?? Technical Director: Zhou Hui
总设计师 汤怀礼 Chief Designer: Tang Huaili
策划经理 何红杰 Project Manager: He Hongjie
项目工程师 李弼程 ,曹闻 ,彭天强 ,钟声 ,李晓贺 ,李扬 ,李书进黄亮 ,张文中 Project Engineers: Li Bicheng,
Cao Wen, Peng Tianqiang, Zhong Sheng, Li Xiaohe, Li Yang, Zhang Wenzhong
测 试 Mary 马, Sharon 张, 董娟 Beta Testers: Mary Ma, Sharon Zhang, Dong Juan
文 档 张晨民,刘裕 ,Biddle 张 Documentation: Zhang Chenmin, Liu Yu, Biddle Zhang
系统支持 吴朝阳, 宜娟 ,刘移山 ,丁敏 Systems Support: Wu Chaoyang, Xuan Juan, Liu Yishan,
Ding Min
金惠科技 版权 (c) 2005 所有权利保留 Http://www.zzjinhui.com (c)2009 Jinhui Technologies.
All Rights Reserved
1)国家公安部信息安全专用产品销售许可证(XKC30492)National Ministry of Public Safety Information
Security Product Sales License No. XKC30492
2)国家发展和改革委员会批准(发改高技[2004]2040号)列入"重大软件产业化专项",是全国同类过滤产品唯一批准项目 National
Development and Reform Commission Approval (NDRC Circular[2004]#2040) as
"Major Software Industrialization Project", the only approved filtering
software project of its kind nationwide
3)国家科技部(国科发技字[2004]449号)批准为"技术创新基金项目" Ministry of Science and Technology
(MOST Circular[2004]#449) Approval for "technological innovation project
funding"
4)国家信息产业部(信部运[2005]9号)批准为"电子信息产业发展基金项目" Ministry of Industry and Information
Technology (MIIT Circular[2005]#9) Approval for "electronic information
industry development project funding"
国家互联网违法和不良信息举报中心(net.china.cn)唯一正式推荐 Only the China Internet Illegal
Information Reporting Center (ciirc.china.cn) has officially recommended
Green Dam.
第九届中国国际软件博览会荣获金奖 Awarded first prize at the Ninth Chinese International
Software Expo
2005中国郑州先进适用技术交易会金奖 First prize at the 2005 Zhengzhou Advanced Adaptive
Technology Trade Fair
郑州市科技进步一等奖 First prize in technological advancement from Zhengzhou City
金惠公司营销服务中心电话:0371-63697160,63697161 Jinhui Marketing Service Center:
0371-63697160
传真:0371-63697171 Fax: 0371-63697171
2.目的和功能 Objectives and functions
以工信部,教育部,财政部和国务院新闻办为合作伙伴<http://www.lssw365.net/lvhang/index.php/Content/index/pid/1/sort/3/id/512>
,绿坝目前有家庭版 <http://bbs.lssw365.net/lvhang/index.php/List/index/pid/2/sort/6>,
厂商版
<http://bbs.lssw365.net/lvhang/index.php/List/index/pid/2/sort/16>,渠道版<http://bbs.lssw365.net/lvhang/index.php/List/index/pid/2/sort/17>
,网吧版
<http://bbs.lssw365.net/lvhang/index.php/List/index/pid/2/sort/18>以及校园版<http://bbs.lssw365.net/lvhang/index.php/List/index/pid/2/sort/19>
(家庭版与校园版经校验后发现完全一致,没有发现有官员版和五毛版,目前也没有发布人脑版)。With the Ministry of Industry
and Information Technology, Ministry of Education, Ministry of Finance and
State Council Information Department as its partners, Greed Dam currently
offers Family, Commercial, Organization, Internet Bar and Campus Editions.
公开宣称的功能: 针对10-16岁青少年,过滤色情图片、色情内容、暴力内容、过滤反审查软件(例如无界)。
潜在功能:过滤政治内容?
Stated features: To protect minors from age 10-16 through the filtering of
pornographic and violent images and content, also circumvention software.
Latent features: To filter political content?
还有一个绿坝网络版,在 http://www.zzjinhui.com/down/newServerCard.rar 可以下载。
There also exists a Network Edition of Green Dam, which can be downloaded
here <http://www.zzjinhui.com/down/newServerCard.rar> (.rar).
3.适用性 Applicability
虽然产品声明的目标是针对10-16岁青少年,但是产品的约定安装机器并没有选择性,产品缺省假设每台被安装的机器都是青少年使用。目前该产品只提供Windows
版本,对IE、Google Chrome(因为采用了系统的网络设置)有效,对Firefox
无效。软件屏蔽的不良信息包括时政类的不良信息,软件并非采用一般软件的安装方式,对Firefox无效,关闭浏览器及将网址加入黑名单无确认。在IE下
,对明显属于时政类"不良信息"的信息判断不稳定。对色情类"不良信息"的网页判断较准。换成Firefox后,软件没反应。
Current versions only support Windows; effective only when used in
conjunction with Internet Explorer or Google Chrome, it has no effect when
used with Firefox. The harmful information screened by the software includes
politically-related harmful information, and the software relies on
non-conventional methods to install, also ineffective within Firefox,
closing the browser and adding the website address onto a banned list
without confirmation. In Internet Explorer, the software's ability to
classify clearly political content as "harmful information" is unreliable;
for pornographic content, Green Dam is able to make relatively accurate
assessments. When used with Firefox, however, the software shows no
response.
* 产品当前支持的兼容性列表*
*Compatibility list of currently supported projects*
* 序号 项目 内容 备注 Sequence / Item / Content/ Notes
*
*操作系统 Operation Systems
*
1 Win98 兼容 不支持屏幕文字监控 1. Windows 98, compatible, text screening not
supported
2 Win2000 兼容 2. Windows 2000, compatible
3 Winxp 兼容 3. Windows XP, compatible
4 Win vista 兼容 安装升级和卸载需管理员身份 4. Windows Vista, compatible, updates and
uninstall can only be performed through User Account Control.
*浏览器 Browsers
*
1 IE6.0/7.0 兼容 1. Internet Explorer 6.0/70, compatible
* 2 Opera 9.5 兼容 2. Opera 9.5, *compatible
* 3 Firefox 2.0 兼容 3. Firefox 2.0, *compatible
* 4 Netscape 9.0 兼容 4. Netscape 9.0, *compatible
5 腾讯TT 3.0 兼容 5. Tencent Traveler 3.0, compatible
6 Maxthon 2.0 兼容 6. Maxthon 2.0, compatible
*办公软件 Office Software*
1 MS Office2003 兼容 1. Microsoft Office 2003, compatible
2 金山WPS 2007 兼容 2. Kingsoft WPS 2007, compatible
3 永中Office2007 兼容 Evermore Office 2007, compatible
*杀毒软件 Anti-virus Software*
1 卡巴斯基6/7 兼容 1. Kaspersky 6/7, compatible
2 瑞星19 兼容 2. Rising 19, compatible
3 江民2008 兼容 3. Jiangmin 2008, compatible
4 诺顿2008 兼容 4. Norton 2008, compatible
5 McAfee2008 兼容 5. McAfee 2008, compatible
4.技术架构分析 Technical Framework Analysis 程序结构 software architecture
绿坝-花季护航"所有的文件都安装在系统目录(%WinDir%和%WinSysDir%
)下,程序菜单没有提供卸载入口,后发现卸载功能在主程序的一个菜单里。在启用"绿坝-花季护航"的图片过滤功能时,软件自动清除的浏览器缓存。
All files within "Green Dam-Youth Escort" are installed to the system
directory (%WinDir% and %WinSysDir%), and while no means to uninstall are
provided in the Applications menu, the option to uninstall can be found in a
menu within the main program. When launching Green Dam's image filtering
function, the software automatically clears the browser cache.
在%WinDir%目录下的xstring.s2g存放着该软件所有文件的安装路径。Within xstring.s2g, located in the
Windows directory, there can be found all the installation paths for all the
program's files.
运行时加载的模块:
驱动: C:Windows\system32\Drivers\mgtaki.sys
服务: C:Windows\MPSvcC.exe
启动项: C:Windows\system32\xnet2.exe
During operation, Green Dam installs the following modules:
Drivers: C:Windows\system32\Drivers\mgtaki.sys
Service: C:Windows\MPSvcC.exe
Launch: C:Windows\system32\xnet2.exe
经鉴定 ,是XDaemon.exe、XNet2.exe、gn.exe三个程序相互保护,防止被删掉和结束进程。
这是一种通常被病毒和流流氓软件所使用的技术。
Following evaluation, three applications, XDaemon.exe, XNet2.exe and gn.exe,
can be seen to be protecting one another, preventing each process from being
deleted or interrupted, a kind of technique used by malware...
绿坝将密码用MD5算法转换后,以文本方式保存在system32目录下的kwpwf.dll文件中。以记事本打开该文件,以"D0970714757783E6CF17B26FB8E2298F"替换其内容后保存,即可将密码恢复为初始密码"112233"。
After Green Dam converts the password using the MD5 algorithm, it saves it
in text format within the kwpwf.dll file located in the C:\WINDOWS\system32
directory. When opened using Notepad, if the content is then replaced with
"D0970714757783E6CF17B26FB8E2298F" and saved, the password can then be
restored to the original "112233".
绿坝的通过网络自动更新
<http://www.zzjinhui.com/softpatch/>,同目录下里面还包含一张美女图<http://www.zzjinhui.com/softpatch/Image0.jpg>不知是何用意。在经过网络用户的分析后,发现
http://www.zzjinhui.com/softpatch/kwupdate.dat此文件和屏蔽关键词和URL有关。有2个相关IP:211.161.1.134和;
203.171.236.231,其中第二个IP指向
河南省郑州市景安计算机网络技术有限公司。(zzidc.com.cn)----(已失效)
Green Dam updates automatically online, and the update address is:
http://www.zzjinhui.com/softpatch/; found therein is a pretty woman picture
http://www.zzjinhui.com/softpatch/Image0.jpg although its purpose is
unknown. Following analysis by Internet users, it was discovered that the
file http://www.zzjinhui.com/softpatch/kwupdate.dat is related to the
filtering of keywords and URLs. Connected to that are two IP addresses:
211.161.1.134 and 203.171.236.231; the second of the IP addresses belongs to
Zhengzhou Giant Computer Network Technology Co. Ltd. in Henan province. (
zzidc.com.cn) - (unavailable since yesterday)
5.内容检测技术 Content detection methods
图像过滤 Image filtering
图像检测进程从待检图像队列中获取图像数据,先归一化图像尺寸,然后分离肤色区域和非肤色区域,在对肤色区域关系进行分析后去除干扰,提取区域的特征送入已训练SVM分类器。当图像被检为色情图像后送入人脸检测器,若人脸不是主要部分便确定为色情图像。这套算法的主要问题是,色情图像的识别严重依赖于肤色和肤色形状;而最后使用人脸检测加权判定也只是手工打补丁避免出现大幅人脸识别为色情图像问题的办法,且经验权值可靠性缺乏验证。
The process of image detection begins when visual data is obtaining as the
image is in queue to be screened, first normalizing the image's size, then
separating areas of skin tone from those without skin tone; analysis of the
relationship between areas of skin tone is followed by removal of noises,
then extraction of the area's characteristics, which are then input into a
trained SVM classifier. Once the image has been deemed pornographic it is
sent to a human face detector; if a human face is not the primary component,
the image is then classified as pornography. The main problem with this
algorithm is that recognition of pornographic images relies heavily on skin
color and shape, and the final use of a human face detector in a weighted
judgment is only a manual patch aimed at preventing the problematic
occurrence of large faces being identified as pornography, but also the
reliability of empirical weighting lacks verification.
从XFImage.xml可观察到,绿霸使用了OpenCV的haar分类器进行人脸检测。绿霸附带的cximage.dll、CImage.dll、xcore.dll和Xcv.dll也来自OpenCV的库文件。都反映出绿霸主要使用了OpenCV来进行图像方面的处理。不过就像一般国产软件的做法,绿霸大概也无视了OpenCV的BSD许可证。
From XFImage.xml it can be observed that Green Dam uses OpenCV's Haar
classifier in undergoing human face detection. Included with Green Dam,
cximage.dll, CImage.dll, xcore.dll and Xcv.dll, also library files from
OpenCV. This all suggests that Green Dam primarily uses OpenCV to process
images. However, as is done with much of domestic Chinese software, Green
Dam has disregarded OpenCV's BSD license.
金惠公司承诺图像检测正检率>90%,误检率<7%,而检出率 = 正检率*色情图像比例 + (1 -
误检率)*(1-色情图像比例),在色情图像占1%时,检出率为93%。
Jinhui Corporation has committed to an accurate image detection rate of
higher than 90%, and a false detection rate of less than 7%, with the
detection rate=accurate detection rate*proportion of pornographic
images+(1-false detection rate)*(1-proportion of pornographic images); with
1% of images being pornographic, the detection rate would be 93%.
文字过滤 Text filtering
对政治性内容的分析,包括法轮功内容的过滤,使用了北京大正语言知识处理科技有限公司提供的文字过滤引擎HncEng.exe、HncEngPS.dll、SentenceObj.dll,数据文件HNCLIB/FalunWord.lib
中还包含以UTF-32LE编码的除法轮功外大量政治和色情有关的词汇。
An analysis of political content, including the filtering of Falun
Gong-related content, shows that used is Beijing Dazheng Language Technology
Co. Ltd.'s text filtering engine, HncEng.exe, HncEngPS.dll and
SentenceObj.dll, and within data file HNCLIB/FalunWord.lib, in UTF-32LE
code, aside from Falun Gong there can also be found a large glossary related
to political and pornographic content.
从数据文件HNCLIB/FalunWord.lib中分析出来的关键词列表 <http://filetwt.com/f/bn734dm89h>;
更完整的解析出的关键词 <https://docs.google.com/View?docid=d7w7twp_977hcmc35g3>。
(典型关键字包括,"法轮功","六四","天安门","江泽民",等)
UMich的团队报告 <http://scott.wolchok.org/greendam.html>
通过反向工程解出了绿霸安装在system32下的若干dat加密文件的解码方式 <http://scott.wolchok.org/gddec.c>
,经过解码发现多数dat文件来自美产过滤软件CYBERsitter的关键字列表(
在解密后的csnews.dat中发现了CYBERsitter的Readme内容原封不动地拷贝下来<http://initiative.yo2.cn/archives/640704>
),另外几个dat文件(xword?.dat)则主要包含关于色情、政治和法轮功的词汇。
A team from the University of Michigan has reverse-engineered and decoded
the encrypted dat files installed by Green Dam to the system32 directory,
finding that many of these encrypted files appear to be banned keyword lists
from the US-made CYBERsitter censorware circa 2006, and other files of
interest include several dat files which contain sexual and political terms,
as well as others related to Falun Gong.
应用程序屏蔽 Application screening
* 对应用程序使用时间的控制 Regarding control over application usage time
*
金惠公司称,绿霸可以禁止各种网络游戏(如征途、魔兽世界)、聊天(如QQ、MSN)等程序,定制黑白名单过滤实效更强,阻断以代理服务器或代理类软件而躲避网址屏蔽的匿名浏览(如自由门)
* (金惠堵截黄色图像及不良信息专家系统FAQ-20080520)*。
Jinhui claims that Green Dam can disable kinds of online game, instant
messager with customizable blacklists and whitelists for effectiveness,
meanwhile block some anonymous browsing proxy software such as FreeGate.
在system32中的filtport.dat 文件 ,默认内容是FreeGate/8567/tcp
Urf/9666/tcp,推测就是对自由门和无界软件进行屏蔽的配置文件。
两个进程:xdaemon.exe和xnet2.exe,进入无界页面会.....
Screening of anticircumvention software, such as FreeGate. In system32 there
can be found a filtport.dat file whose default content reads: FreeGate/8567/tcp
Urf/9666/tcp. Two processes, xdaemon.exe and xnet2.exe, upon entering FreeGate
will......
控制技术 Controlling techniques
金惠公司称,绿霸软件能够控制未成年人上网、QQ、MSN及游戏的时间,避免过度沉溺于网络,有效戒除网瘾(谈判响应书);Jjinhui claims
that Green Dam can controls the time minors spend online, using QQ or MSN,
and playing games; by preventing overindulgence of the Internet, Green Dam
effectively eliminates Internet addiction.
应用程序监控 Application monitoring
经过测试,发现如果在记事本或者WordPad中输入任何"法轮功"字样,都会关闭应用程序,但是在绘图板和MSN中输入这些字则不会有反应,这也说明其程序的不完备性。
Testing has shown that if any word resembling "Falun Gong" is entered into
either Notepad or WordPad, the application will shut down; however, typing
the same characters into Paint or MSN Messenger bears no response,
illustrating the incompleteness of the the program.
部分反编译的内容发现有多种应用程序是其监控的对象。
A segment of decompiled content shows the extent of the Green Dam's
monitoring.
00468940 .wow.exe.魔兽世界....yaho
00468980 omessenger.exe..雅虎通..wangwang.exe....阿里旺旺....start.exe...
004689C0 网易POPO....网易popo....uc.exe..新浪UC..新浪uc..icq.exe.ICQ6....
00468A00 icq6....skype.exe...Skype...skype...eph.exe.e话通...doshow..msnm
00468A40 sgr.exe.MSN.msn messenger...qqgame.exe..QQ游戏..qq游戏..qqchat.e
00468A80 xe..QQ聊天室....qq聊天室....qq.exe..QQ..qq2.bitbomet.exe....BitC
00468AC0 omet....bitcomet....
从injlib.exe中(偏移地址0x89e8)提取出的字串,反映出一部分可能受监控的程序:
Possibly monitored programs (found in injlib.exe, offset 89e8H):
editplus.exe uedit32.exe emeditor.exe wordpad.exe notepad.exe wps.exe
wpp.exe et.exe powerpnt.exe frontpg.exe excel.exe msaccess.exe outlook.exe
winword.exe mailmagic.exe popo.exe
qqmail.exe aixmail.exe imapp.exe incmail.exe msimn.exe dm2005.exe
foxmail.exe googletalk.exe miranda32.exe imu.exe ypager.exe tmshell.exe
start.exe uc.exe icqchatrobot.exe qq.exe msnmsgr.exe gsfbwsr.exe
greenbrowser.exe touchnet.exe theworld.exe maxthon.exe ttraveler.exe
netscp.exe ge.exe firefox.exe opera.exe netcaptor.exe myie.exe iexplore.exe
mmc.exe regedit.exe taskmgr.exe mpsvcc.exe
xdaemon.exe
xnet2.exe
几乎市面上所有常见文本编辑工具(EditPlus, UltraEdit, EmEditor)、办公软件(WPS三部件,MS
Office系列)、邮件客户端、IM客户端、浏览器都会受到监视。
It seems that nearly all text editors on the market (EditPlus, UltraEdit,
EmEditor), office software suites (WPS, MS Office), e-mail clients, instant
messaging clients and browsers, are being monitored.
网络监控 Internet monitoring
金惠公司在文档中称,"绿坝"通过Winsock2的SPI接口获取发送和接收的数据,对这些数据进行分析,获取HTTP数据,将HTTP协议数据解析后,经过URL检测器,不良URL检测器和关键字检测器后,根据检测结果决定是否需要使用图像检测器,通过图像检测将新发现的不良网址提供给系统管理员。
In documentation, Jinhui claims that "Green Dam" utilizes the Winsock2 SPI
port to obtain data from both sender and recipient, and through analyzing
these data, obtains http data. Having obtained http data protocol and run
through a URL detector, a harmful URL detector and a keyword detector, Green
Dam decides based on those results whether or not image detection is needed,
and through image detection, addresses of websites containing harmful
information are delivered to system management.
6.被监控、屏蔽的关键词、URL数据库文件分析 Analysis of the library files involved in
monitoring or screening keywords and URL data
现放出来自直接解密安装路径下的 .dat 文件的关键字列表,并稍加解说
wfile.dat - http://privatepaste.com/450zZe32hn
这个文件说明了过滤文件类型
TrustUrl.dat - http://privatepaste.com/4c0Q3tzzb0
信任网址。这些网站毫无疑问都是老大哥信得过的。值得全球站长屏蔽这些网站。这是滤霸软件中最有价值的一份列表
vgamfil.dat - http://privatepaste.com/1auoil5bP2
所谓"暴力"游戏类。都有屏蔽了什么游戏呢?Quake,Quake2,Quake3,你们PLA训练用的counter-strike.net,F22
Raptor,古墓丽影(这也算暴力类?),古墓丽影II,星际争霸(暴力类?我看是"封建迷信"吧?),暴雪母公司activision.com,
duke4.com,万年跳票的dukeforever.com,ff8online.com,half-life.com,stormtroopers.com
,unreal.org等等。建议大家以后只打清廉战士。
chtfil.dat - http://privatepaste.com/32hbY5XUgy
屏蔽了AOL,AIM,Yahoo,MSN
csnews.dat - http://privatepaste.com/bb1RyuqiVu
这个文件是最喜剧的,滤霸抄袭美国人的过滤库就算了,还很临时工的把cybersitter别人的readme文件一起抄过来了
entfil.dat - http://privatepaste.com/bd0qklsJuD
娱乐类过滤。这里屏蔽了BSG和Firefly的scifi.com
,StarTrek.com,StarWars.com,这样Geek四大剧就被围剿得一个不剩了。另外southpark、pokemon、xfiles和BritneySpears也是监视关键字。
blizzard.com暴雪公司官方网站被屏蔽
finfil.dat - http://privatepaste.com/b414bkBNPv
金融类过滤。包括华尔街时报www.wsj.com,www.ft.com,www.sec.gov等
fmfil.dat - http://privatepaste.com/3d114bf1mD
电子邮件监控。hotmail.com,gmail.com,甚至www.mail开头的都会受到特别关注。
fshrfil.dat - http://privatepaste.com/b8kPPu9ZiV
文件共享监控。监控市面上几乎所有的P2P客户端和软件。gnutella, bearshare, emule, wrapster,
scourexchange, imesh, audiogalaxy, kazaa, filesharing, morpheus, limewire,
javalimewire, gnutella, wrapster, scourexchange, shareaza, kazaalite,
bittorrent, azureus
gdwfil.dat - http://privatepaste.com/49ftIfdRqJ
屏蔽了amazon.com,还有这款山寨软件的祖宗cybersitter*.com,download.windowsupdate.com,
liveupdate.symantec.com,symantec.liveupdate.com,microsoft.com,symantec.com,
windowsupdate.com,zdnet.com
。也就是说安装了某软件,Windows的补丁和杀毒软件升级,要么被监控,要么就被直接屏蔽了。有人说这个文件是白名单,请问在同一个列表里的
amnesty.org,virgin-boys,porno-free.net这些东西也可能是白名单吗?
imgfil.dat - http://privatepaste.com/cehwHinyM0
这里屏蔽了很多图片类网站,只要URL包含下列字符就会像GFW一样被RST,例如google.ca/image,google.com/image
,当然还有Yahoo的yahoo.com/image,还有视频搜索屏蔽searchcat=vid,video.search.yahoo。请问老大哥究竟有什么见不得人的东西要把图片和视频搜索统统屏蔽呢?
mp3fil.dat - http://privatepaste.com/f0uBTti5uh
mp3类。封杀了一些MP3共享软件,例如gnutella, bearshare, wrapster, scourexchange, imesh,
audiogalaxy, kazaa, filesharing, morpheus, limewire, gnutella, wrapster,
scourexchange
wrestfil.dat - http://privatepaste.com/eapAh32NC8
摔跤类。主要是WWE美摔之类的被屏蔽了。没有屏蔽K1,说明的确是抄袭cybersitter
pkmon.dat - http://privatepaste.com/580KvOFYV4 (POKEMON!)
文件名就很?濉U夥菝?单貌似过滤了一些anime和manga
sporfil.dat - http://privatepaste.com/e20QeOlezv
体育类过滤。屏蔽了www.nba.com和wnba.com,还有其他的太多了。。。
--------------------分割线--------------------
下面的.dat文件内容,几乎都来自cybersitter,山寨程度可见一斑
wfileu.dat - http://privatepaste.com/9c0oaeS0i1
这个网址就是cybersitter的升级地址了,居然还保留了。你说滤霸这软件山寨不山寨?
wzfil.dat - http://privatepaste.com/170Epo2wTZ
游戏破解
adwapp.dat - http://privatepaste.com/aey5BIlkyx
adult类网站过滤(严格)
adwfil.dat - http://privatepaste.com/091MdBUyDv
adult类网站过滤
lgwfil.dat - http://privatepaste.com/a1ndIrVvEn
同志类网站,不熟悉,不评价。
iawfil.dat - http://privatepaste.com/951A0xSKW2
非法类。照抄cybersitter的名单
auctfil.dat - http://privatepaste.com/f20vFALQPl
bnrfil.dat - http://privatepaste.com/76uATdcCsN
屏蔽广告
bsnlst.dat - http://privatepaste.com/b6tJvZlQJN
cultfil.dat - http://privatepaste.com/dc1NtZn183
文化过滤,包括GeorgeKing,scientology,ChurchOfSatan一类的。还是抄袭cybersitter
gblfil.dat - http://privatepaste.com/53CXciru9I
貌似是赌博类。
gnfil.dat - http://privatepaste.com/c6lU71HHUT
枪支类。
hatfil.dat - http://privatepaste.com/1005oQLOJv
种族仇恨类。
jbfil.dat - http://privatepaste.com/7d1cmQ7bdW
招聘类。
movfil.dat - http://privatepaste.com/99cMT8Xjyr
电影类
nvgamfil.dat - http://privatepaste.com/9aYQOBgQoU
又一个游戏类过滤。nv game filter.dat?
perfil.dat - http://privatepaste.com/7driTj667b
sex类过滤
picsfil.dat - http://privatepaste.com/34TI4cSbZE
popfil.dat - http://privatepaste.com/c10gAsIEuq
广告弹窗类过滤
psyfil.dat - http://privatepaste.com/ae0GA79ZFm
封建迷信和超自然类过滤。
swfil.dat - http://privatepaste.com/aeSIsoDlKd
盗版软件过滤。
tafil.dat - http://privatepaste.com/26FTx1Dfjz
酒精类过滤。抄袭cybersitter的名单
tapfil.dat - http://privatepaste.com/ae0UoosGMk
纹身类过滤。
viofil.dat - http://privatepaste.com/f79OiqXC6J
暴力自杀类。
7.用户体验 User experience
通过实际测试和用户反馈,发现绿坝的宣称功能的实现能力并不强,却没有避免在各个层面添加很多没有宣称的功能。部分用户的使用体验和讨论:Through
testing and user feedback, it has been noted that Green Dam's ability to
achieve its stated function is in fact not that strong, and has not avoided
including many additional undisclosed functions situated at various levels.
Here is a sample of some users' user experiences and discussion:
- http://blog.sina.com.cn/s/blog_4b862d070100doj4.html
- http://club.cat898.com/newbbs/dispbbs.asp?BoardID=1&id=2853590
- http://www.meirendaddy.com/blog/?p=404
- http://tieba.baidu.com/f?kz=591097210
8.知识产权侵害 Copyright infringement 绿霸受到以下指控:
1. 违反BSD许可证在软件中使用OpenCV库
2. 将OpenCV的算法和技术用于申请专利
3. 抄袭美产过滤软件CYBERsitter的关键字列表(猜测应该还有更多代码抄袭)
证据请见前。
Green Dam is subject to the following accusations:
1. Violation of the BSD license through the software's use of the OpenCV
library
2. Use of OpenCV algorithms and technology in a patent application
3. Plagiarizes the keyword list from American filtering software
CYBERsitter (alongside speculation of further code plagiarism)
9.潜在风险 Vulnerabilities
后门:
绿霸本身的安全性就有很大疑问,这样一款小公司开发的软件很容易存在安全漏洞,一旦被黑客发现,则所有安装绿霸的电脑都成为黑客的"肉鸡",如果其安装量大的话,完全有可能重演"暴风影音断网"的事件。
Backdoor: The security of Green Dam itself is highly doubted; software
developed by companies as small as this can easily contain security leaks
which, once discovered by hackers, then compromise all computers having
installed Green Dam. Given sufficiently high usage, Green Dam could easily
lead to another "Baofeng" incident.
因为绿坝软件本身的多种不完善性,可能会导致客户端正常软件功能的失效(例如,关闭没有保存的正常工作文档而不提示保存)。
Given the many different imperfections in the Green Dam software, it's
possible that Green Dam will cause normally-functioning client software to
malfunction (for example, work not being saved during shutdown, or no
reminder to save).
因为该软件所有技术参数的设置,都基于科技人员本人对于什么是色情图片的假设。这些假设反而强化了色情的窠臼和性/别不平等,对青少年不利。
Because settings for the software's technical specifications have all been
based on a technician's assumption of what constitutes pornography, these
assumptions only further reinforce patterns in pornography, of gender
inequality, detrimental to children.
*10.媒体报道 Media coverage
* *(可能不属于技术分析报告,仅作参考)
(possibly off-topic, for reference only)
*
1.
中国收紧互联网控制<http://chinese.wsj.com/gb/20090608/chw085100.asp?source=whatnews>(华尔街日报)
2. 工业和信息化部文件 <http://blog.sina.com.cn/s/blog_4a60f29e0100dluv.html>
3.
下月起新售个人电脑将预装上网过滤软件<http://tech.163.com/09/0609/03/5BB9USTI000915BD.html>(网易科技)
4.
"绿坝・花季护航"上网管理软件试用测评<http://news.66wz.com/system/2009/06/09/101258543.shtml>
5. 外交部发言人反驳"你有孩子吗?"
<http://news.ifeng.com/mainland/200906/0609_17_1195649.shtml>
6. "绿坝"为何遭质 <http://www.caijing.com.cn/2009-06-09/110181748.html>疑 (财经网)
7.
上网过滤软件绿坝官网遭黑客攻击无法访问<http://tech.sina.com.cn/it/2009-06-09/21083163804.shtml>(新浪科技)
8. "天涯上的五毛党评论<http://www.tianya.cn/publicforum/content/free/1/1587887.shtml>
"
9. 天空软件站上的五毛评论<http://www.skycn.com/comment/comment.php?softid=46657&page=2>
10. 绿坝软件的五大法律障碍 <https://docs.google.com/View?id=dggh5mp6_129fwcxpncw>
11.
*绿坝响应书上的隐身人:金惠是如何盗卖军队研究成果牟利的<https://docs.google.com/View?id=dggh5mp6_127c5nwpzcq>
*
11.相关文件 Links 绿坝与政府的谈判响应书:
https://wikileaks.org/wiki/Chinese_Green_Dam_Falun_Gong_related_censorship_keywords,_June_2009
"绿坝--花季护航"使用全攻略
http://tech.techweb.com.cn/redirect.php?tid=387273&goto=lastpost
有人对与此软件有关的大正公司的一些文件进行了分析。
通过对ST771.rar<http://www.hncit.com/update/ST771.rar><http://www.hncit.com/update/>
的分析,对ST771.rar\ST771\package2中
hncldata_mdb.zip\L:\HncProjects\版权\检测版\升级包制作工具\2007.1.15\标准检测版\programfiles\hncldata.mdb进行分析后可以得到
网址黑名单
<http://paste.ubuntu.org.cn/15292>。在北京大正语言知识处理科技有限公司网站上还可以找到未加密的关键词文件<https://docs.google.com/Doc?docid=dczkbptk_0ffc2hvc9>:
测试版中的色情关键词
<https://docs.google.com/View?id=ah27xz4pbz6s_22cgwh6xf7>;非色情关键词<https://docs.google.com/View?id=ah27xz4pbz6s_24c6dw27g6>
;上级部门指示 <https://docs.google.com/View?id=ah27xz4pbz6s_25fpx2qkhp>。
Edit this page (if you have
permission)<https://docs.google.com/Doc?tab=edit&dr=true&id=afk7vnz54wt_12f8jzj9gw>
|
Google Docs -- Web word processing, presentations and
spreadsheets.<https://docs.google.com/>
Other related posts:
