There’s been much made of the revelation that Diebold voting machines run an install of McAfee Anti-Virus, and that it’s caused trouble with the voting software.
The arguments against it typically boil down to:
* Your voting machines shouldn’t be use for anything else
* Your voting machines should be secured against anybody installing software on it
* You can’t verify the operation of MAV so it could possibly tamper with votes
* You should be running an operating system which is not so easily infected
Those arguments all have merit, but skip the fundamentals – the software image on a voting machine should not be running on read/write media, that is hard drives. If that basic criteria isn’t met, AV software might actually be a good idea, but missing the fundamentals is no excuse for dirty hacks.
I build my first appliance computer that could run from a CD in a CD-ROM drive in 2002. It’s neither new nor a difficult concept. When you need things to be secure, in that case under HIPAA regs, in this case for votes, you mount your media device (hard drive, flash memory, etc) with the ‘noexec’ flag, and then no software installed on the read/write media can be run from that media. Since you can’t write to the CD, software can’t be run from there either. You provide a stripped down OS image to make doing any more than the minimum very difficult, certainly requiring physical access to the machine.
This isn’t to say your machine shouldn’t be kept secure – of course it should, and the BIOS needs to be correctly configured (many of you know the security problems with certain BIOS configurations) – but read-only media and a good Q/A process obviates the need for anti-virus software. Certainly some software selection choices can make this difficult, but any good architecture starts with the requirements and works towards software selection, not the other way around. Assuming good security is a requirement.