[Dailydave] China's security problem with pirated software

Dave Aitel dave at immunityinc.com
Tue Sep 22 09:42:12 EDT 2015


So we have a lot of customers in China and we've gone to visit them in
Beijing and Shanghai and I will say that one of the issues with Chinese
security is the Great Firewall. I think if you have not tried to do
business inside China it is rather a hard thing to believe, because
words don't do the experience inside China justice.

While on the face of it, a giant filtering engine can be quite useful
for security (especially if you define it, as most Governments do, in
"securing" the delicate minds of your populace from horrendous thoughts
from the wider world) a speedbump of extraordinary size has security
downsides.

To wit, when sitting in the office of our main CANVAS reseller, we could
not download CANVAS sales videos faster than 1KB/sec. Our policy when
visiting China is to bring with us all sales videos and materials that
we could possibly need on a thumb drive because even getting access to
our website for a PDF may be impossibly slow.

SILICA requires VMWare to run, and when we asked one of our partners (a
major Chinese company you would have heard of even here) to download
VMWare Player (which is free) he immediately reached out to one of the
Chinese pirate sites to grab an old copy of cracked VMWare Workstation.
He was not wrong: Actually browsing to VMWare.com itself would have
taken literally forever, even though he is connected at his desk to one
of the fastest networks on Earth.

I understand that from the Chinese Govt's perspective it would be better
if the entire Internet was duplicated within mainland China where they
could manage it. But this is unrealistic, even for China. What it's done
instead is force a universal culture of pirated software EVEN FOR FREE
DOWNLOADS. Basically nothing software related is up to date. You know
how in the US we lament when a company is a couple months out of date on
patches and your Vulnerability Management report is full of horrible
Orange and Red marks to enforce updates? That's not even an option in
Chinese terms.

In summary: Not only is the recent XCode hack going to happen again and
again, it is in some ways a uniquely Chinese problem and allows them to
pressure Apple and similar companies to put infrastructure inside China
to solve, which is Interesting.

-dave


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20150922/e7e150ce/attachment.sig>


More information about the Dailydave mailing list