[Fwd: Re: MS?]

[Lou Puls <lpuls@xxxxxxxxxxxxx>]

Paul Tiger wrote:

From:        "Paul Tiger" <tigerp@xxxxxxxxx>
Date:         Sat, 10 Apr 2004 11:05:59 -0600
To:             <cvv-discuss@xxxxxxxxxxxxxxxxx>

Paul Tiger <tigerp@xxxxxxxxx> wrote:

>> Thread name change ---

Lou - you've mentioned MS software a number of times.  While there are 
systems using MS as an OS there isn't anyone here that I know of that is 
pushing MS.  We've all be pushing Linux or something open.  I like BSD. 
<<

I too like Linux (and I've used several flavors over the last six years 
or so at the level of being a determined, patient and stubborn user of 
applications, not by any stretch as a systems guru).  However I am not 
so much biased toward a particular open system as the (long-term) basis 
of a trustworthy voting system, but rather that we first not have an 
UNtrustworthy system in the short-term that may well become long-term, 
and second that then Boulder County can have the opportunity to consider 
open software that MIGHT develop into a trustworthy voting system. 

My main concern is what we here in Boulder County are evidently facing, 
which is the Hart InterCivic voting system - which (however 
well-intentioned and impressively developed IMHO) is entirely based on 
MS-Windows software:  its operating system, its server system, its 
drivers and applications, its linkage to the Sequoia registration 
database, its linkage to independent "failsafe" triple-storage, and its 
linkage to web-based updating.

>> You've made such a big deal out of your issue with MS (and I don't 
disagree with the premise) that I am guessing that you are addressing 
some specific system by some certain maker.  Who & What are you 
directing these comments toward and in relation to?
<<

I do think it's a "big deal" because I have seen the results of costly 
MS-Windows malware disasters on clients and related enterprises (large 
and small vendors, law firms, multinational corporate and govenment 
databases) as well as at a news-observer level watching world-wide 
disasters on millions of desktops and servers affecting vital 
infrastructure at many levels, whether financial systems churning 
trillions of dollars in speculative derivatives, or entire regional 
networks of energy generation and distribution. 

As far as specific systems of applications, I have long considered, for 
example, the desktop MS Office Suite to be in general inferior for my 
own needs to several alternatives, such as Open Office, and which more 
and more is handling most of my MS-dependent client needs.  The two XP 
desktops which I am forced to maintain, under firewall-security with 
automated updating, are almost entirely directed at coping with 
interoperation and conversion for clients - I do virtually nothing 
myself using MS applications.  However desktop MS Office seems largely 
irrelevant with respect to voting machines - it's the MS operating 
system and server software, and voting-related applications that are of 
real concern.  The perpetually reported MS defects whose patches are 
appallingly late (seven months recently), unpatched (currently at least 
eight security-critical defects) or never patched (thousands of Windows 
2000 defects - mostly minor, some critical) are NOT indications of a 
trustworthy business model for something as prime time as a voting 
system, again however well designed (but closed) the Hart InterCivic 
applications may be.

>> One thing that I would like to address about MS boxes is that if you 
don't connect them to the internet it's going to be pretty difficult to 
have any of the exploits that we know about damage those systems. As it 
stands currently, no one is connecting balloting machines to the 
internet. There is no reason to do this, and the way in which things are 
set up at our clerk's office it would be an physical and logical 
impossibility.
<<

I don't agree that the MS boxes do not need to be connected to the 
internet.  There is no timely and responsible way that I know of to 
update the frequent RELEASED patches without connecting to the 
Internet.  Users must trust that Microsoft itself knows best how to 
install the updates that they themselves must generate, so online 
installation is virtually mandatory to verify all the incredibly 
Byzantine dependencies.  However even some Redmond servers, 1100 in one 
campus building alone, could not be fully verified in time last summer 
to avoid many being crashed by malware.  The Catch 22 for a voting 
system is that the system must be isolated at certification from any 
modem, wireless, or other network linkage to the outside world, yet 
still be a trustworthy system.  It is highly unlikely that just the 
KNOWN required eight patches will be available before certification, 
much less that ANY of the inevitable FUTURE reported defects will have 
patches available and installed (by Internet) and recertifiable.  
Updating a certified system without recertification would be 
irresponsible, because it must be verified that the update was indeed 
properly installed and was indeed the genuine and secure update, not a 
malware counterfeit downloaded from a fake MS website, as is now 
occurring more often.

>>Win 2K Pro is pretty stable.
<<

Hmmm ... really?  Here's one recent example extracted from Information 
Week, 13 April, 2004:

"Microsoft Releases A Bevy Of Security Updates; Four security bulletins 
address more than 20 specific software security holes, and three of the 
four are rated as critical."
" ... The flaws affect virtually every major Windows operating system 
currently supported: Windows NT Workstation 4.0, Windows NT Server 4.0 
(including the Terminal Server Edition), Windows 2000, XP, as well as 
Windows Server 2003.  One of the critical bulletins, MS04-13, also 
affects versions of the company's desktop operating systems Windows 98, 
SE, and Windows Millennium Edition ..."

>>You sound to me like someone who has had difficulty applying patches 
for MS and your response is that it shouldn't be used at all.  Am I even 
close?  MS doesn't make it easy for end users, because they want you to 
pay geeks like me that they trained for a few grand to do their dirty work.
<<

The difficulty is with MS - they install the patches automatically (when 
they are finally issued, usually very late or often too late). 
Personally (i.e. at my laptop) I have happily avoided all recent MS 
malware-interaction by using a dual-boot Mac/Linux to interface with the 
MS/NT/XP-dependent/dominant world of clients and enterprises - except 
for those interoperability and conversion issues, which is enough of a 
challenge for my strictly user-level of ignorance.   I would not trust 
any Linux nor OSX nor BSD nor any other current flavor of open source 
code without completely open, security-targeted, election-specific 
certification.  For the fall election, we may have to deal with Windows 
XP,  which is widely agreed to have hundreds of thousands of (mostly 
syntax) defects.  We can only hope that the vast majority of those 
defects are indeed minor and can be handled by rebooting away the 
Blushing-Bill Blue Screen of Death, but many of these thousands of 
defects are security-critical and are found only by experience and 
end-result testing.  It is estimated by XP-loving security experts* to 
have a highly conservative 1 security-related defect for each 10,000 
lines of code among its some 45 million lines of initial code.  That's 
at the least 4500 attackable defects (mostly undiscovered, hence yet 
unpatchable) that must have a patch to ever justify calling XP an 
election-trustworthy OS.  I submit no army of geeks with proprietary 
access will ever be paid to examine all 45 million line-by-line.  [*See 
e.g. Malware by Ed Skoudis, Prentice Hall 2004.]

>>MS isn't the only thing that has exploits and has been hacked.  Pick 
any one of your favorite open source OSs and we can find a laundry list 
of exploits that have been created and implemented. If UNIX and Linux 
were so rock solid, then why would CU have a specific group of people 
who spend their waking hours finding a defeating hackers on such systems?
<<

It's certainly true that Unix-type and any other OS is susceptible (even 
my laptop PPC has at least seven long known/patched defects) to errors 
in coding and hence to malfunction and malware attack.  But only open 
software can be available to the level of scrutiny that MIGHT someday 
result in a trustworthy digital voting system - it could be that it will 
never be either rock-solid or even practical enough to develop such a 
system.  I think a reasonable comparison is OSX versus MS/NT/XP during 
the last year - the relatively open OSX has not had nearly the level of 
digital devastation associated with it that Balmer/Billware has.  Within 
the last year MS has indeed carried out a major change in attitude 
toward quality and security - which might somewhat improve "Longhorn" 
whenever it appears - but we have to deal with the present and past 
software and its defects in the November election.

-----Original Message-----
From: Lou Puls [mailto:lpuls@xxxxxxxxxxxxx]
Sent: Friday, April 09, 2004 11:57 AM
To: cvv-discuss@xxxxxxxxxxxxxxxxx
Subject: Re: "Luddite" hand counting

[|>] snip
Let's discuss the merits of such issues and not fritter away energy on 
minor detail.  How about some balanced, constructive views on why this 
highly vulnerable, defective (MS-Windows) software should be acceptable 
for such an important civic function?  With the digital talent
represented in this group, credible legal action could still be mounted 
to stop it down and allow recountable paper ballots of record - but only 
if this group takes a firm stand on the obvious.
[|>]