Anti-Virus software for windows server

Paul Syverson syverson at itd.nrl.navy.mil
Mon Mar 22 14:31:15 UTC 2010


More to the point, this is an apples and oranges comparison.
We would like everyone who runs a Tor server to have as secure
a machine as possible. And, for at least those running on some
version of Windows, antivirus software is a significant part of
good security practice.

Voting machines are special purpose: running in a restricted
environment with restricted interfaces to do a restricted set of
operations. And anything they _can_ do should have had a level of
formal verification and testing way beyond what could be applied to
generically available OSes and configurations that most volunteer Tor
operators should be expected to provide.

The point of the XKCD comic is that if a voting machine is being
operated as intended, and that involves using antivirus software at
all, then it looks to be a fundamental failure of the development or
the manufacturer's recommended usage. 

Tor servers should be as secure as they can, but even if that is very
secure, they are run in a much more hostile environment (the internet)
and must be much more accessible than voting machines. Also, they are
run by volunteers on systems that we cannot expect will always have
had the level of careful scrutiny or restriction to minimally
necessary functions before they became Tor servers that we should
reasonably assume our voting systems have had throughout their
lifecycle. In particular, many of them are run on the sort of systems
for which antivirus makes sense. 

We could restrict to just those servers run by vetted operators and
running on a properly stripped down version of say SE Linux deployed
in a verifed configuration that is fully inspected by authorized
personnel. The trouble is that a ten node onion routing network
doesn't actually provide much anonymity protection.

aloha,
Paul

(P.S. To be fair to the voting systems, they have there own harsh
limitations.  E.g., they spend much of their lives locked in a utility
closet or wherever there is space that every municipality can spare
with whatever security that municipality can muster. That would seem
to cry out for designing these systems so that they simply cannot be
susceptible to viruses of the sort that infect much of the internet,
which would actually be the easy part of making them secure. But
getting into the morass that is electronic voting is fortunately not
our problem on this list.  We have our own morasses.)

On Sun, Mar 21, 2010 at 01:20:40PM -0400, krishna e bera wrote:
> Though the comic makes a good point,
> some people are coerced by circumstances into running such software.
> 
> There is Free virus scanner called clamwin http://www.clamwin.com/
> but it can only scan and remove, it does not block activity.
> Since Windows Server users have money for licenses
> most "security" software companies have products for them:
> http://en.wikipedia.org/wiki/List_of_antivirus_software.
> 
> Note that Microsoft recommends not to scan various files:
> http://support.microsoft.com/kb/822158
> (I have seen updates fail due to automatically acting on false positives.)
> 
> 
> 
> On Sun, Mar 21, 2010 at 12:35:54PM -0400, Flamsmark wrote:
> >    [1]http://xkcd.com/463/
> > 
> >    If you administer your server in a reasonable way, you shouldn't need any
> >    antivirus software.
> > 
> >    On 21 March 2010 12:19, Jon <[2]torance.ca@[3]gmail.com> wrote:
> > 
> >      Seems to me I saw in one of the messages awhile back about anti-virus
> >      software for servers. I cant seem to locate it in the archives. What
> >      anti-virus programs are being used for windows servers?
> > 
> >      Specifically, win 2003 or win 2008 ?
> > 
> >      Thanks.
> >      Jon
> ***********************************************************************
> To unsubscribe, send an e-mail to majordomo at torproject.org with
> unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list