FC: China wants virus samples from software firms, by Ted Bridis

[Declan McCullagh <declan@well.com>]

**********

From: "Bridis, Ted" <Ted.Bridis@dowjones.com>
To: "'declan@well.com'" <declan@well.com>
Subject: WSJ
Date: Fri, 30 Mar 2001 08:36:32 -0500

http://interactive.wsj.com/articles/SB985910528688563410.htm

China Is Asking Software Firms
To Provide Samples of Viruses

By TED BRIDIS
Staff Reporter of THE WALL STREET JOURNAL

WASHINGTON -- Security officials in Beijing have been requiring that in
order to sell their products in China, leading antivirus-software companies
must provide samples of destructive computer programs and rogue wiretap
software from their research labs.

Between 1999 and the end of last year, three of the industry's largest
vendors -- Network Associates Inc. and Symantec Corp., both based in the
U.S., and Trend Micro Inc. of Tokyo -- gave the Chinese security ministry
roughly 300 different samples of the most common, malicious software found
on the Internet, in exchange for permission to market their products in
China. The three companies collectively represent nearly 75% of the $1.2
billion world-wide antivirus-software market.

Executives at the three companies said China's Ministry of Public Security,
the nation's principal police authority, told them that they needed virus
samples to independently test the effectiveness of their software products
before they could be sold to consumers.

"We've met with this organization, developed a certain level of trust and
believe they're doing what they're talking to us about," said Vincent
Gullotto, senior director of the research labs at Network Associate's McAfee
Corp. unit in Beaverton, Ore.

Still, the move has raised concerns among some international-trade and
national-security officials here who worry about China developing
information-warfare tools.

Others characterized the request as a potential time-saver for China that
could provide researchers there with insights into developing not just
future viruses but also an increasingly popular class of surreptitious
monitoring software known as "back doors."

It is also possible that the Chinese ministry could be looking to use the
viruses to develop their own antivirus products at the expense of research
done by foreign companies, although the authorities didn't seek access to
the more useful source code that the software companies use to write
antivirus products.

An official at the press office of the Chinese embassy directed calls to its
Commercial Office here. Repeated phone calls to that office weren't
returned. Executives at the three companies said they rejected persistent
Chinese demands for their broader research collections of viruses and other
malicious software.

A fourth company, F-Secure Inc. of Finland, said it negotiated last summer
to let Chinese researchers conduct virus studies at its new laboratory in
Beijing, but declined to surrender the samples directly.

"This is very unusual," said Mikko Hypponen, virus-research manager at
F-Secure. "No other country has anything similar to this."

McAfee President Gene Hodges said that within 90 days of complying with the
Chinese request, his company notified the U.S. government that it had
provided the samples. "No specific concern was expressed" by the government
officials that the company spoke with, Mr. Hodges said. He declined to say
who or which U.S. government department his company contacted.

Meanwhile, experts also were divided about the potential military usefulness
of the common viruses turned over to China. Many of those samples can be
found within rogue virus collections already on the Internet, though others
are more rare. Mr. Gullotto of McAfee estimated that determined Chinese
researchers "might be able to find 80% to 90%" of what the companies
provided, and noted that antivirus software currently protects against those
samples.

Still, the unprecedented request to trade virus samples and other software
programs for market access surprised some researchers at the companies.
Sharing of viruses for research purposes is usually restricted to fewer than
three dozen members world-wide of the loosely organized Computer Antivirus
Researchers Organization. Software firms keep their sample virus collections
-- code zoos -- in secure rooms and on separate computer networks that are
off-limits to all but a handful of experienced employees.

U.S. international-trade and national-security officials expressed
disappointment with the companies' decisions to share any malicious software
with China's government. They noted that the ministry has an intelligence
division, and that China's military is developing a "Net Force" of young
computer experts trained in information warfare. In late 1999, the Chinese
army's official newspaper discussed the need for "software and technology
for Net offensives so as to be able to launch attacks and countermeasures on
the Net."

These same officials said they were somewhat mollified that the software
companies had negotiated to hand over to China only samples of relatively
common viruses, not their more substantial collections of tens of thousands
of dangerous programs. The shared collection was described as easily stored
on a single CD-ROM disk.

"The concept is troubling," said Commerce Undersecretary William Reinsch,
the outgoing head of the U.S. Bureau of Export Administration. "We don't
want to promote or encourage information warfare or the further
dissemination of viruses that even unintentionally could bring down our
systems." He added that the Bush administration may need to consider
restricting in some ways the intentional export of malicious software to
some countries.




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if it remains intact.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------