95% of ATMs Worldwide Are Still Using Windows XP

← Back to Stories (view on slashdot.org)

95% of ATMs Worldwide Are Still Using Windows XP

Posted by samzenpus on Thursday January 16, 2014 @12:59PM from the if-it-aint-broke dept.

BUL2294 writes "95% of the world's ATM machines are still running Windows XP and banks are already purchasing extended support agreements from Microsoft. (some of the affected ATMs are running XP Embedded, which has a support lifecycle until January, 2016). 'Microsoft is selling custom tech support agreements that extend the life of Windows XP, although the cost can soar quickly—multiplying by a factor of five in the second year, says Korala. JPMorgan is buying a one-year extension and will start converting its machines to Windows 7 in July; about 3,000 of its 19,000 ATMs need enhancements before the process can begin...'"

5 of 346 comments (clear)

Min score:

Reason:

Sort:

Price? by mriswith · 2014-01-16 13:02 · Score: 5, Insightful

The cost of the support agreements, would still be less than the replacement of several thousand ATMs and internal systems. There is a reason why people do this, and it's not just lazyniess..
1. Re:Price? by anubi · 2014-01-16 15:56 · Score: 5, Insightful
  
  This whole affair of what platforms to use puzzles me greatly. I am of the opinion that the selection process has everything to do with politics and little to do with substance.
  
  I feel a lot of it has to do with a corporate mentality of holding everything blameless with contracts which have to be signed off on before the business will do anything. "Hold Harmless" seems the byword of the day.
  
  I have tried to use Micrium's uC/OS products, based mostly on their certifications for mission critical affairs such as aircraft and life support . For me, this thing is like a "Super Arduino" for embedded applications.
  
  Business will pay for people to play down everything the "leadership" type does not understand, and personal experience tells me that if I do not recommend Microsoft, I will not get the job. Regardless of my belief and experiences to the contrary. Its been my observation that once one gets high enough in corporate hierarchy, one is forced to play CYA, and the only way to play is find someone else to pin the blame on if things go sour - better yet be able to blame someone big - so the guy who hired them does not take the fall for it.
  
  There seems to be a trivial amount of effort expended to mitigate the probability of a breach in the first place.
  
  I am not trying to shill for Micrium - I just like their product and their philosophies of supporting an OS. It is all quite well documented ( link to the book I use all the time ).
  
  NetBurners run this code. This had been the most robust system I have ever studied, yet I find few people who are willing to let me implement it - and for now it runs on a machine I have for my own edification.
  
  My own feeling if anyone wants to hack a bank ATM, go for it. No one's responsible, its just another ledger entry to the bank. If the thing gets too out of hand, the government will make it up to them.
  
  --
  "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
2. Re:Price? by AmiMoJo · 2014-01-16 22:13 · Score: 5, Insightful
  
  Stop and think what using Linux would mean for them for a moment. They would have to pay hardware manufacturers to provide Linux drivers, or write their own. Those ATM NICs are proprietary and use certified encryption, so it's not even just a case of hacking some code together, it needs expensive certification as well.
  They would also have to employ some experts to do OS level support for them. They are not paying Microsoft for security patches, this is an embedded system. They are paying for technical support when they have issues. That cost would probably be close to what they would have to pay some Linux experts, and they wouldn't have any other company to blame when things went wrong.
  I'm not saying Windows is definitely a better solution, but Linux isn't as wonderful as you think either. No matter which one they picked they would have issues, but it an ancient Linux kernel that needs support or an ancient Windows kernel that needs support.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Re:Windows.. by Em+Adespoton · 2014-01-16 13:15 · Score: 5, Insightful

An ATM should be running off a custom embedded OS targeted for this purpose, not a commodity OS.
It is... it's called XP Embedded, as outlined in the summary. And yes, bank machines were a major target during XP Embedded's design phase.
Of course, it would make MORE sense to use an embedded OS where the banks/ATM manufacturers have full access to the source.
Re:The Market? by icebike · 2014-01-16 13:43 · Score: 5, Insightful

Because Microsoft can be sued if they need to?

Ah, no. Not going to happen.
Your hardware, you installed the software,
You managed it for the last 10 years,
You probably didn't apply patches...
No way that ever gets a dime out of Microsoft in court.

--
Sig Battery depleted. Reverting to safe mode.