More to the point, this is an apples and oranges comparison. We would like everyone who runs a Tor server to have as secure a machine as possible. And, for at least those running on some version of Windows, antivirus software is a significant part of good security practice.
Voting machines are special purpose: running in a restricted environment with restricted interfaces to do a restricted set of operations. And anything they _can_ do should have had a level of formal verification and testing way beyond what could be applied to generically available OSes and configurations that most volunteer Tor operators should be expected to provide. The point of the XKCD comic is that if a voting machine is being operated as intended, and that involves using antivirus software at all, then it looks to be a fundamental failure of the development or the manufacturer's recommended usage. Tor servers should be as secure as they can, but even if that is very secure, they are run in a much more hostile environment (the internet) and must be much more accessible than voting machines. Also, they are run by volunteers on systems that we cannot expect will always have had the level of careful scrutiny or restriction to minimally necessary functions before they became Tor servers that we should reasonably assume our voting systems have had throughout their lifecycle. In particular, many of them are run on the sort of systems for which antivirus makes sense. We could restrict to just those servers run by vetted operators and running on a properly stripped down version of say SE Linux deployed in a verifed configuration that is fully inspected by authorized personnel. The trouble is that a ten node onion routing network doesn't actually provide much anonymity protection. aloha, Paul (P.S. To be fair to the voting systems, they have there own harsh limitations. E.g., they spend much of their lives locked in a utility closet or wherever there is space that every municipality can spare with whatever security that municipality can muster. That would seem to cry out for designing these systems so that they simply cannot be susceptible to viruses of the sort that infect much of the internet, which would actually be the easy part of making them secure. But getting into the morass that is electronic voting is fortunately not our problem on this list. We have our own morasses.) On Sun, Mar 21, 2010 at 01:20:40PM -0400, krishna e bera wrote: > Though the comic makes a good point, > some people are coerced by circumstances into running such software. > > There is Free virus scanner called clamwin http://www.clamwin.com/ > but it can only scan and remove, it does not block activity. > Since Windows Server users have money for licenses > most "security" software companies have products for them: > http://en.wikipedia.org/wiki/List_of_antivirus_software. > > Note that Microsoft recommends not to scan various files: > http://support.microsoft.com/kb/822158 > (I have seen updates fail due to automatically acting on false positives.) > > > > On Sun, Mar 21, 2010 at 12:35:54PM -0400, Flamsmark wrote: > > [1]http://xkcd.com/463/ > > > > If you administer your server in a reasonable way, you shouldn't need any > > antivirus software. > > > > On 21 March 2010 12:19, Jon <[2]torance...@[3]gmail.com> wrote: > > > > Seems to me I saw in one of the messages awhile back about anti-virus > > software for servers. I cant seem to locate it in the archives. What > > anti-virus programs are being used for windows servers? > > > > Specifically, win 2003 or win 2008 ? > > > > Thanks. > > Jon > *********************************************************************** > To unsubscribe, send an e-mail to majord...@torproject.org with > unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/