A University of Michigan report issued this week takes a look at the Green Dam web filtering software that has been mandated by the government of China. Besides its stated purpose of filtering porn, it’s likely that it’s also used to filter political messages; but there’s something beyond that–it could also open the door to creation of more huge botnets.

According to the University report, there are numerous programming errors and flaws in the software, and once it has been installed, it is possible for a botnet operator to create a rogue web site to take advantage of the flaws, and take control of user computers.

There are two major vulnerabilities; the first is in how the software processes the web sites being monitored, and the second is in how it installs its updates. Both flaws allow remote sites to execute arbitrary code. The researchers made it as clear as possible in the report, saying, “Any web site the user visits can exploit these problems to take control of the computer. This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet.” And what’s worse, the flawed software can be used to install malicious software on a computer along with the filter update.

Good work on the part of the University of Michigan researchers, but they missed the mark on one front. Their recommendation that “users protect themselves by uninstalling Green Dam immediately” would be good advice, were it not for the Chinese government’s mandate–users in China have no choice but to run the software. The researchers also conclude that if Green Dam is deployed in its current form, it will “significantly weaken China’s computer security,” and that’s the real heart of the matter here–the deployment is a done deal. And because only one particular filtering product is mandated, there is little incentive to refine the product, and great incentive for abuse.