Slashdot Mirror

← Back to Stories (view on slashdot.org)

95% of ATMs Worldwide Are Still Using Windows XP

Posted by samzenpus on from the if-it-aint-broke dept.

BUL2294 writes "95% of the world's ATM machines are still running Windows XP and banks are already purchasing extended support agreements from Microsoft. (some of the affected ATMs are running XP Embedded, which has a support lifecycle until January, 2016). 'Microsoft is selling custom tech support agreements that extend the life of Windows XP, although the cost can soar quickly—multiplying by a factor of five in the second year, says Korala. JPMorgan is buying a one-year extension and will start converting its machines to Windows 7 in July; about 3,000 of its 19,000 ATMs need enhancements before the process can begin...'"

20 of 346 comments (clear)

  1. Price? by mriswith · · Score: 5, Insightful

    The cost of the support agreements, would still be less than the replacement of several thousand ATMs and internal systems. There is a reason why people do this, and it's not just lazyniess..

    1. Re:Price? by turbidostato · · Score: 4, Insightful

      "The cost of the support agreements, would still be less than the replacement of several thousand ATMs and internal systems."

      It won't. Is this extended support going to avoid XP from being replaced? I bet not. Therefore paying for the extended support *plus* replacing is certainly going to cost more than just replacing.

      "There is a reason why people do this, and it's not just lazyniess.."

      It *is* lazyness.

      The very day they started deploying XP they knew that would come to an end for the very reason they were using a closed-source license-based operating system.

      Paying through the nose now for something they knew it was coming but didn't nothing in time is the very definition of lazyness.

    2. Re: Price? by icebike · · Score: 3, Insightful

      Your spewing FUD.

      Google, Amazon, IBM, and even Microsoft themselves are all HUGE Linux users.
      Big business isn't afraid of Linux.

      --
      Sig Battery depleted. Reverting to safe mode.
    3. Re: Price? by MightyMartian · · Score: 4, Insightful

      What a load of shit. Some of the biggest corporations in the world use Linux.

      IBM demonstrated quite nicely what happens when some patent troll tries to shut down Linux.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    4. Re:Price? by anubi · · Score: 5, Insightful

      This whole affair of what platforms to use puzzles me greatly. I am of the opinion that the selection process has everything to do with politics and little to do with substance.

      I feel a lot of it has to do with a corporate mentality of holding everything blameless with contracts which have to be signed off on before the business will do anything. "Hold Harmless" seems the byword of the day.

      I have tried to use Micrium's uC/OS products, based mostly on their certifications for mission critical affairs such as aircraft and life support . For me, this thing is like a "Super Arduino" for embedded applications.

      Business will pay for people to play down everything the "leadership" type does not understand, and personal experience tells me that if I do not recommend Microsoft, I will not get the job. Regardless of my belief and experiences to the contrary. Its been my observation that once one gets high enough in corporate hierarchy, one is forced to play CYA, and the only way to play is find someone else to pin the blame on if things go sour - better yet be able to blame someone big - so the guy who hired them does not take the fall for it.

      There seems to be a trivial amount of effort expended to mitigate the probability of a breach in the first place.

      I am not trying to shill for Micrium - I just like their product and their philosophies of supporting an OS. It is all quite well documented ( link to the book I use all the time ).

      NetBurners run this code. This had been the most robust system I have ever studied, yet I find few people who are willing to let me implement it - and for now it runs on a machine I have for my own edification.

      My own feeling if anyone wants to hack a bank ATM, go for it. No one's responsible, its just another ledger entry to the bank. If the thing gets too out of hand, the government will make it up to them.

      --
      "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]

    5. Re: Price? by Culture20 · · Score: 3, Insightful

      no one bothers hacking 1000 machines

      They do if
      # eject /dev/cash
      spits out ten $20 bills at a time.

    6. Re:Price? by AmiMoJo · · Score: 5, Insightful

      Stop and think what using Linux would mean for them for a moment. They would have to pay hardware manufacturers to provide Linux drivers, or write their own. Those ATM NICs are proprietary and use certified encryption, so it's not even just a case of hacking some code together, it needs expensive certification as well.

      They would also have to employ some experts to do OS level support for them. They are not paying Microsoft for security patches, this is an embedded system. They are paying for technical support when they have issues. That cost would probably be close to what they would have to pay some Linux experts, and they wouldn't have any other company to blame when things went wrong.

      I'm not saying Windows is definitely a better solution, but Linux isn't as wonderful as you think either. No matter which one they picked they would have issues, but it an ancient Linux kernel that needs support or an ancient Windows kernel that needs support.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  2. The Market? by Anonymous Coward · · Score: 2, Insightful

    If there is that big of a market why is nobody selling/buying a replacement OS already? Particularly one cheaper than windows.

    1. Re:The Market? by icebike · · Score: 5, Insightful

      Because Microsoft can be sued if they need to?

      Ah, no. Not going to happen.
      Your hardware, you installed the software,
      You managed it for the last 10 years,
      You probably didn't apply patches...

      No way that ever gets a dime out of Microsoft in court.

      --
      Sig Battery depleted. Reverting to safe mode.
    2. Re:The Market? by camperdave · · Score: 3, Insightful

      Banks wouldn't sue in a case like this. Banks would go to the government for a bailout.

      --
      When our name is on the back of your car, we're behind you all the way!
  3. What about OS/2? by Anonymous Coward · · Score: 1, Insightful

    It seems every article that mentions OS/2 makes mention of how entrenched it is in ATMs...

  4. should have gone with a browser... by johnjones · · Score: 3, Insightful

    I never understand why ATM's dont use HTML/SVG and then the OS is replaceable as a browser is the interface and a HTTP server security is well understood and network security would be part of a core competency

    thoughts ?

    john jones

  5. Windows.. by nurb432 · · Score: 4, Insightful

    Is a bad choice anyway. Not just a Microsoft bash, but aside from all the security issues, windows is XP is a desktop platform, not a OS to be putting on dedicated devices ( even the so-called embedded version really isn't any more appropriate for this, don't let the marketing folks fool you )

    An ATM should be running off a custom embedded OS targeted for this purpose, not a commodity OS.

    --
    ---- Booth was a patriot ----
    1. Re:Windows.. by Em+Adespoton · · Score: 5, Insightful

      An ATM should be running off a custom embedded OS targeted for this purpose, not a commodity OS.

      It is... it's called XP Embedded, as outlined in the summary. And yes, bank machines were a major target during XP Embedded's design phase.

      Of course, it would make MORE sense to use an embedded OS where the banks/ATM manufacturers have full access to the source.

    2. Re:Windows.. by erice · · Score: 4, Insightful

      Is a bad choice anyway. Not just a Microsoft bash, but aside from all the security issues, windows is XP is a desktop platform, not a OS to be putting on dedicated devices ( even the so-called embedded version really isn't any more appropriate for this, don't let the marketing folks fool you )

      An ATM should be running off a custom embedded OS targeted for this purpose, not a commodity OS.

      Who is going to write, maintain, and keep secure this custom OS?

      The trouble with custom embedded OS's is that, in spite of the best intentions to limit their scope, they almost always need more features than can be written from scratch by a small team and be obviously secure. So they port code from more commodity OS's. Due to limited resources, the code in the embedded OS tends to fall behind. The porting effort can introduce bugs too that are non-obvious to the guy doing the port because he doesn't fully understand what he is porting.

  6. Re:Go to 8 by CannonballHead · · Score: 4, Insightful

    Actually, how would Metro be a bad thing? This is pretty much exactly what Metro is meant for - one application, completely full screen, used with a touch screen ...

  7. Re:Global Financial Collapse by roc97007 · · Score: 4, Insightful

    Actually, that doesn't worry me nearly as much as Windows for Warships.

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
  8. Re: Wow. by VTBlue · · Score: 2, Insightful

    Most people who comment on Microsoft stories here are clueless about the company's product portfolio, customer base, policies, and competitive status. Not saying that you're one of them though >:)>

  9. Re:Obvious choice I think by wvmarle · · Score: 2, Insightful

    Well, in a way you may be right. WinXP is so old and so well understood now, that pretty much all possible attack vectors are known and can be defended against. Knowing your enemy is important.

    Can't say that much of other OSes, like Linux or Win7. They are not as well known by ATM builders. And that's just the OS, not the software running on it and doing the actual work (interfacing with the user, with the bank, dispensing the money, etc), which would have to be rewritten from scratch (all of it, including the UI the drivers) if moving to Linux or BSD, and would need at least thorough testing if deployed on a newer version of Windows, with the drivers possibly needing a rewrite.

  10. Re:Let me laugh even harder... by Anonymous Coward · · Score: 2, Insightful

    They booted those systems off USB in order to rob them.

    If you give somebody physical access to hardware that will boot off arbitrary media, it doesn't really matter what the underlying OS is. It's not because they were running XP, it's because they had USB.