Premiere/Diebold: You're Doing It Wrong

from the a-little-Friday-humor dept

Earlier this week, we wrote about Ohio's lawsuit against Premiere Elections Systems -- better known by its previous name, Diebold -- where we noted Premiere's claim that the problems were the fault of antivirus software. That didn't make much sense, as we noted, but Randall Munroe has explained just how ridiculous this is (in a way that only he can) with his latest xkcd comic:
Voting Machines


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    ChurchHatesTucker (profile), Aug 15th, 2008 @ 6:37pm

    Alt Text

    "And that's *another* Crypto conference I've been kicked out of. C'mon, it's a great analogy!"

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymouse of Course, Aug 15th, 2008 @ 6:57pm

    Be Very Afraid

    Seeing that a voting machine serves a highly
    specific purpose, wouldn't it make sense
    to harden the system to the point that an
    anti-virus program is more of a liability
    than any protection it would provide?

    I mean it's not like the user is going to be
    calling technical support because the latest
    video game won't run. I can't fathom why
    they'd use McAfee.

    If there was any doubt that Diebold, I mean
    Premiere, has little concern for accuracy
    and security compared to cost and development
    time it should be dispelled by now.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    some old guy, Aug 15th, 2008 @ 7:05pm

    Re: Be Very Afraid

    wouldn't it make sense
    to harden the system to the point that an
    anti-virus program is more of a liability
    than any protection it would provide?


    This is already the case for 95% of computers already. But so we can all say "we're doing something!", we install a security nightmare on our computers.

    Microsoft almost did something smart with vista. They tried to make it so secure that a/v wouldn't work. "Nooo!" cried the masses. They wanted to be able to FULLY compromise their systems with some pathetic excuse for a protective measure.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    bobbknight, Aug 15th, 2008 @ 7:44pm

    Re: Re: Be Very Afraid

    No matter Vista is totally compromised now any ways so it's ok to want AV now. It may help.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Mike42 (profile), Aug 15th, 2008 @ 8:46pm

    Re: Re: Re: Be Very Afraid

    Here's a quiz: This program constantly uses large amounts of RAM, CPU time, and interferes with other applications. It also constantly uses bandwidth contacting a host computer. Is it:

    a: a virus
    b: an anti-virus program

    I hope some old guys point has been made.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Vince, Aug 15th, 2008 @ 9:10pm

    American voting system

    I hope we all know that these machines and their flaws exist solely (and have been designed this way) specifically to manipulate votes to install a president of private choosing. democracy is a made-up word; it has no meaning nor would it exist if it did, especailly not in america where the law is in corporate hands.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Aug 15th, 2008 @ 9:13pm

    I love xkcd. I immediately though of Techdirt when I saw this comic earlier.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Aug 15th, 2008 @ 10:27pm

    Props to xkcd's copyright/use model. Think you'd get away with putting a Peanuts cartoon in line with your article?

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    mightymaz, Aug 16th, 2008 @ 3:32am

    AV isn't security

    I'm surprised that you all seem to accept that a/v is some kind of security technology when it plainly isn't.

    Genuine security would be a sincere attempt to stop all virus infections, conventional a/v can't do that and doesn't pretend to, the best commitment I've seen for an a/v vendor responding to a new threat is to have a new signature out within 3 hours of getting the data on the virus, but then of course you still need to distribute the new signature to all the vulnerable computers, so these computers need to be updated very regularly.

    With most popular a/v systems you don't get to authenticate the server you download the signatures from, and there is no recognized standard for what constitutes an a/v signature : the signature files could literally contain executable code if the a/v vendor (or some interfering malicious party) wanted it that way.

    Then you have all the potential problems with false positives and negatives.... a/v presents more security problems than it solves.

    I think we must conclude that a/v is not a security technology in the proper sense and should not be deployed on a sensitive system such as a voting machine (any voting machines whose "security" is enhanced by a/v is clearly not fit for purpose.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Aug 16th, 2008 @ 7:27am

    What worries me is that in the AV software we have another company running closed-source software on the voting machine. Who is to say that the AV company isn't interfering with the election results?

    This may sound paranoid, but "trust me" doesn't cut it when it comes to elections.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    CIxelsid, Aug 16th, 2008 @ 10:28am

    xkcd is always brilliant.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Nick, Aug 16th, 2008 @ 10:53am

    Seems to me....

    that voting machines are too general use. If I understand correctly, they are just commodity PC's running windows (or linux?)!

    If they're going to go electronic they should be using a custom ROM / ASIC based system. Preferably not x86 (security through obscurity...), and certainly with absolutely NO input/output facilities except whatever (proprietary) port the result information is downloaded off of.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    ME, Aug 16th, 2008 @ 11:29am

    Diebold ...

    Elections systems are rigged this is how they do it...
    video.google.com
    movie: Hacking Democracy

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Overcast, Aug 16th, 2008 @ 12:25pm

    The voting machines shouldn't even be on a Network.

    Then a Virus isn't an issue.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    gnob, Aug 16th, 2008 @ 12:35pm

    It's funny how the comments always drift. If a virus can get to a voting machine, you have more serious problems than removing it. Yet we're reading about the relative security of antivirus software.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Mark, Aug 16th, 2008 @ 4:23pm

    Re: Re: Be Very Afraid

    That "Noooo!" you heard was the antivirus market screaming and crying, with out the paranoia of you getting a virus what do you think they could sell you?

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Aug 16th, 2008 @ 9:55pm

    i dont get it

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Nate, Aug 17th, 2008 @ 5:12am

    RE: Anonymous Coward @17:

    If you're being sincere, hopefully this helps clear up the issue a bit: in the same way your kid's teacher wearing a condom in class would be unsettling (and indicative of him doing something he shouldn't be in class), an antivirus program running on your voting machine is indicative of it doing something it shouldn't, either -- encountering viruses.

    In the proper functioning of your ballot machine, it shouldn't even be accessible from outside its secure, closed network (if it even is networked).

    Diebold, now Premiere, have, for as far as I've equated their name with voting machines, been almost completely transparent in their hubris toward the American electorate.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    warpsix, Aug 17th, 2008 @ 8:12am

    Re: American voting system

    For the "republic" for which it stands, only the ignorant call this a democracy

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Aug 17th, 2008 @ 8:31am

    Re: Re: Re: Be Very Afraid

    Funnily enough, I've yet to hear of a case where on Vista with IE7 protected mode someone got a virus. They always seem to have turned off IE7 protected mode or used FireFox instead when they get a virus.

    I use both FF and IE. If i don't know the site, its going up in IE first. Only Vista issue I've had is due to faulty sound card drivers, and that is ASUS' fault since those issues are happening on XP for others as well.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous of Course, Aug 17th, 2008 @ 8:43am

    Re: Seems to me....

    Exactly so! But it's a different skill set
    than lashing up what amounts to the guts from
    a beige box with some hid and a in a stylish
    enclosure. Development cost and/or time to
    market would escalate remarkably.

    If the specification doesn't demand it (either
    explicitly or by performance requirements)
    they're not likely to take that route.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Computer Bob, Aug 17th, 2008 @ 9:24am

    Re: Be Very Afraid

    So do you also use any Internet security hardware and/or software with Vista at all? If so, what?

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Anonymous Coward, Aug 17th, 2008 @ 5:46pm

    Watch that video Hackign Democracy linked above. The stupid things are windows 98/2k boxes and all election results are stored in a seemingly unsecured SQL database. The guy can run a quick sql query and change the outcome of the election. Crazy shit.

    And to why this matters, any system which requries anti-virus software is, by its very nature, insecure. These thigns should be on a close/controlled network with no access to the outside world. Additionally, they should run BSD or Linux since security is such a significant issue.

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    Nick Burns (profile), Aug 17th, 2008 @ 8:49pm

    You're Doing It Wrong

    Call me naive, but how did this meme originate?

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    P. Orin Zack, Aug 17th, 2008 @ 10:21pm

    It's not SQL

    Would that they did use an SQL database. Unfortunately, it's Microsoft Access, which is a toy, as far as real databases go. Still, a voting machine has no business being on a network, and therefore there is absolutely no reason to have an AV program running on it. Of course, if you take what they are doing as for a reason, I would have to conclude that they know full well that the idiots who will be sneaking in to mess with the election results are sloppy enough that they could be introducing a virus when they load those illegal updates in the dead of night.

    ---
    I write pointed political and business short stories at http://klurgsheld.wordpress.com

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Anonymous Coward, Aug 18th, 2008 @ 2:52am

    Welcome your next president...

    Jeb Bush! Thats whats going to happen!

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Dave, Aug 18th, 2008 @ 5:53am

    Re: Re: Re: Re: Be Very Afraid

    If you depend on IE and Vista to protect you then you will be very disappointed. As a dedicated linux user, even I use tools other than a "secure" OS and a "secure" browser to protect myself.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Josh, Aug 18th, 2008 @ 7:20am

    Mcafee

    While its certainly possible that an antivirus program could cause something like this, does anyone else really think this is actually likely? Did this happen as Diebold/Premiere claims, or is it just yet one more lie from a corrupt company?

    If I was Mcafee and was getting blamed for this, I would want exact details of what happened. This will hurt Mcafee's reputation and if its a load of BS from Diebold, there's a libel issue here.

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Yer doin' it weird!, Aug 19th, 2008 @ 7:59am

    Security through anachronisms

    You want security & a fancy computerbox counting votes? Use a VAX 11/780. Give voters only a dumb vt100 terminal, with NO WAY to break out of the voting software. That pretty much kills any hope of the machine getting a virus, especially one designed to compromise M$ based systems. To make it more cryptic, use DECNET to network anything that needs outside communications.

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Anonymous Coward, Sep 4th, 2008 @ 4:40pm

    Re: American voting system

    Remind me...how do you spell "paranoid" again? I was going to look it up in the dictionary, but thought that I might be manipulated by the Webster's corporation...

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    Mitch, Dec 21st, 2009 @ 8:14am

    If you are talking from a marketing perspective, then they are doing it right. Think about it. IS there a single antivirus company who would not love to have their brand plastered all over every voting machine. "Brand X, keeping your vote safe this election year>' It's brilliant!

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This