Premiere/Diebold: You're Doing It Wrong
from the a-little-Friday-humor dept
Earlier this week, we wrote about Ohio's lawsuit against Premiere Elections Systems -- better known by its previous name, Diebold -- where we noted Premiere's claim that the problems were the fault of antivirus software. That didn't make much sense, as we noted, but Randall Munroe has explained just how ridiculous this is (in a way that only he can) with his latest xkcd comic:Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: e-voting, ohio
Companies: diebold, premiere voting
Reader Comments
Subscribe: RSS
View by: Time | Thread
Alt Text
[ link to this | view in chronology ]
Be Very Afraid
specific purpose, wouldn't it make sense
to harden the system to the point that an
anti-virus program is more of a liability
than any protection it would provide?
I mean it's not like the user is going to be
calling technical support because the latest
video game won't run. I can't fathom why
they'd use McAfee.
If there was any doubt that Diebold, I mean
Premiere, has little concern for accuracy
and security compared to cost and development
time it should be dispelled by now.
[ link to this | view in chronology ]
Re: Be Very Afraid
to harden the system to the point that an
anti-virus program is more of a liability
than any protection it would provide?
This is already the case for 95% of computers already. But so we can all say "we're doing something!", we install a security nightmare on our computers.
Microsoft almost did something smart with vista. They tried to make it so secure that a/v wouldn't work. "Nooo!" cried the masses. They wanted to be able to FULLY compromise their systems with some pathetic excuse for a protective measure.
[ link to this | view in chronology ]
Re: Re: Be Very Afraid
[ link to this | view in chronology ]
Re: Re: Re: Be Very Afraid
a: a virus
b: an anti-virus program
I hope some old guys point has been made.
[ link to this | view in chronology ]
Re: Re: Re: Be Very Afraid
I use both FF and IE. If i don't know the site, its going up in IE first. Only Vista issue I've had is due to faulty sound card drivers, and that is ASUS' fault since those issues are happening on XP for others as well.
[ link to this | view in chronology ]
Re: Be Very Afraid
[ link to this | view in chronology ]
Re: Re: Re: Re: Be Very Afraid
[ link to this | view in chronology ]
Re: Re: Be Very Afraid
[ link to this | view in chronology ]
American voting system
[ link to this | view in chronology ]
Re: American voting system
[ link to this | view in chronology ]
Re: American voting system
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
AV isn't security
Genuine security would be a sincere attempt to stop all virus infections, conventional a/v can't do that and doesn't pretend to, the best commitment I've seen for an a/v vendor responding to a new threat is to have a new signature out within 3 hours of getting the data on the virus, but then of course you still need to distribute the new signature to all the vulnerable computers, so these computers need to be updated very regularly.
With most popular a/v systems you don't get to authenticate the server you download the signatures from, and there is no recognized standard for what constitutes an a/v signature : the signature files could literally contain executable code if the a/v vendor (or some interfering malicious party) wanted it that way.
Then you have all the potential problems with false positives and negatives.... a/v presents more security problems than it solves.
I think we must conclude that a/v is not a security technology in the proper sense and should not be deployed on a sensitive system such as a voting machine (any voting machines whose "security" is enhanced by a/v is clearly not fit for purpose.
[ link to this | view in chronology ]
This may sound paranoid, but "trust me" doesn't cut it when it comes to elections.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Seems to me....
If they're going to go electronic they should be using a custom ROM / ASIC based system. Preferably not x86 (security through obscurity...), and certainly with absolutely NO input/output facilities except whatever (proprietary) port the result information is downloaded off of.
[ link to this | view in chronology ]
Re: Seems to me....
than lashing up what amounts to the guts from
a beige box with some hid and a in a stylish
enclosure. Development cost and/or time to
market would escalate remarkably.
If the specification doesn't demand it (either
explicitly or by performance requirements)
they're not likely to take that route.
[ link to this | view in chronology ]
Diebold ...
video.google.com
movie: Hacking Democracy
[ link to this | view in chronology ]
Then a Virus isn't an issue.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
RE: Anonymous Coward @17:
In the proper functioning of your ballot machine, it shouldn't even be accessible from outside its secure, closed network (if it even is networked).
Diebold, now Premiere, have, for as far as I've equated their name with voting machines, been almost completely transparent in their hubris toward the American electorate.
[ link to this | view in chronology ]
And to why this matters, any system which requries anti-virus software is, by its very nature, insecure. These thigns should be on a close/controlled network with no access to the outside world. Additionally, they should run BSD or Linux since security is such a significant issue.
[ link to this | view in chronology ]
It's not SQL
---
I write pointed political and business short stories at http://klurgsheld.wordpress.com
[ link to this | view in chronology ]
You're Doing It Wrong
[ link to this | view in chronology ]
Welcome your next president...
[ link to this | view in chronology ]
Mcafee
If I was Mcafee and was getting blamed for this, I would want exact details of what happened. This will hurt Mcafee's reputation and if its a load of BS from Diebold, there's a libel issue here.
[ link to this | view in chronology ]
Security through anachronisms
[ link to this | view in chronology ]
[ link to this | view in chronology ]