Slashdot Mirror

← Back to Stories (view on slashdot.org)

95% of ATMs Worldwide Are Still Using Windows XP

Posted by samzenpus on from the if-it-aint-broke dept.

BUL2294 writes "95% of the world's ATM machines are still running Windows XP and banks are already purchasing extended support agreements from Microsoft. (some of the affected ATMs are running XP Embedded, which has a support lifecycle until January, 2016). 'Microsoft is selling custom tech support agreements that extend the life of Windows XP, although the cost can soar quickly—multiplying by a factor of five in the second year, says Korala. JPMorgan is buying a one-year extension and will start converting its machines to Windows 7 in July; about 3,000 of its 19,000 ATMs need enhancements before the process can begin...'"

64 of 346 comments (clear)

  1. Relevant XKCD by iYk6 · · Score: 5, Funny

    https://xkcd.com/801/

    1. Re:Relevant XKCD by Art+Challenor · · Score: 5, Funny

      I was thinking this one: http://xkcd.com/463/

    2. Re:Relevant XKCD by ILongForDarkness · · Score: 2

      Except that the hardware drivers were probably written for windows by developers with windows desktops. That is often the case. So "porting the JVM" probably never came into it. Put a full PC in the box and your drivers don't need to be rewritten (or you have to hire developers that know something different) is probably more like it.

  2. Price? by mriswith · · Score: 5, Insightful

    The cost of the support agreements, would still be less than the replacement of several thousand ATMs and internal systems. There is a reason why people do this, and it's not just lazyniess..

    1. Re:Price? by icebike · · Score: 5, Interesting

      There is a reason why people do this, and it's not just lazyniess..

      Still, you would have thought they would have learned a few lessons by now.

      JPMorgan is buying a one-year extension and will start converting its machines to Windows 7 in July;

      Anything that can run Windows 7 could run linux.
      Anything that can run embedded Windows 7 would have no problem running linux.
      Or OpenBSD.
      You can replace the entire motherboard and processor with something 10 times as expensive as a Raspberry Pi for $350, and still save money over paying Microsoft extensions for every terminal.

      There will be several companies dragged before congress. There have been multi-billion dollar losses. How many times do you have to let hackers make you their bitches before you cry uncle and at least look at a Linux solution?

      --
      Sig Battery depleted. Reverting to safe mode.
    2. Re:Price? by turbidostato · · Score: 4, Insightful

      "The cost of the support agreements, would still be less than the replacement of several thousand ATMs and internal systems."

      It won't. Is this extended support going to avoid XP from being replaced? I bet not. Therefore paying for the extended support *plus* replacing is certainly going to cost more than just replacing.

      "There is a reason why people do this, and it's not just lazyniess.."

      It *is* lazyness.

      The very day they started deploying XP they knew that would come to an end for the very reason they were using a closed-source license-based operating system.

      Paying through the nose now for something they knew it was coming but didn't nothing in time is the very definition of lazyness.

    3. Re: Price? by icebike · · Score: 2

      Why not?
      Nobody has successfully proven a patent infringements in Linux.
      Even Microsoft has given up, and is now a major Linux contributor.

      --
      Sig Battery depleted. Reverting to safe mode.
    4. Re: Price? by fredprado · · Score: 2

      Because the multibillion dollar organization, averse as it may be to risk, is very hard to bully especially when you are trying to patent troll them.

    5. Re: Price? by icebike · · Score: 3, Insightful

      Your spewing FUD.

      Google, Amazon, IBM, and even Microsoft themselves are all HUGE Linux users.
      Big business isn't afraid of Linux.

      --
      Sig Battery depleted. Reverting to safe mode.
    6. Re: Price? by MightyMartian · · Score: 4, Insightful

      What a load of shit. Some of the biggest corporations in the world use Linux.

      IBM demonstrated quite nicely what happens when some patent troll tries to shut down Linux.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    7. Re:Price? by anubi · · Score: 5, Insightful

      This whole affair of what platforms to use puzzles me greatly. I am of the opinion that the selection process has everything to do with politics and little to do with substance.

      I feel a lot of it has to do with a corporate mentality of holding everything blameless with contracts which have to be signed off on before the business will do anything. "Hold Harmless" seems the byword of the day.

      I have tried to use Micrium's uC/OS products, based mostly on their certifications for mission critical affairs such as aircraft and life support . For me, this thing is like a "Super Arduino" for embedded applications.

      Business will pay for people to play down everything the "leadership" type does not understand, and personal experience tells me that if I do not recommend Microsoft, I will not get the job. Regardless of my belief and experiences to the contrary. Its been my observation that once one gets high enough in corporate hierarchy, one is forced to play CYA, and the only way to play is find someone else to pin the blame on if things go sour - better yet be able to blame someone big - so the guy who hired them does not take the fall for it.

      There seems to be a trivial amount of effort expended to mitigate the probability of a breach in the first place.

      I am not trying to shill for Micrium - I just like their product and their philosophies of supporting an OS. It is all quite well documented ( link to the book I use all the time ).

      NetBurners run this code. This had been the most robust system I have ever studied, yet I find few people who are willing to let me implement it - and for now it runs on a machine I have for my own edification.

      My own feeling if anyone wants to hack a bank ATM, go for it. No one's responsible, its just another ledger entry to the bank. If the thing gets too out of hand, the government will make it up to them.

      --
      "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]

    8. Re:Price? by afidel · · Score: 2

      Plus the XP part of the ATM has nothing to do with the network, that's all handled by IBM black box crypto modules (or at least it was when I worked as a field tech for Global Services, we could do maintenance work on the PC running the GUI but there was a special group for handling the crypto boxes).

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
    9. Re:Price? by icebike · · Score: 2

      Because data may be data but proprietary protocols are proprietary protocols. If you replace one side with new software, who's going to support the other side?

      Who ever is supporting it now.
      The existing protocols can remain in place. The existing backends can remain in place. Data is Data whether sent by Windows or Linux.

      Were you somehow under the impression that the entire internet was rebuilt specially for you
      each time you got a new computer or switched from Windows to Linux, to Mac?

      --
      Sig Battery depleted. Reverting to safe mode.
    10. Re:Price? by icebike · · Score: 4, Informative

      Banco do Brasil moved to linux ATMs in 2008. IBM backends, Linux ATMs. As has Banrisul, largest southern region bank in Brazil.

      Third biggest ATM country in the world, and you haven't heard of it?

      --
      Sig Battery depleted. Reverting to safe mode.
    11. Re: Price? by icebike · · Score: 5, Informative

      Nice try:

      ORDER granting 829 Stipulation of Dismissal filed by Bedrock Computer Technologies, LLC, Google Inc. The verdict rendered in this matter is VACATED and all claims for relief asserted by Bedrock against Google are DISMISSED with prejudice.

      http://docs.justia.com/cases/federal/district-courts/texas/txedce/6:2009cv00269/116887/830/

      Bedrock also lost to Yahoo and Amazon, over the same patent and they have thrown in the towel.

      --
      Sig Battery depleted. Reverting to safe mode.
    12. Re: Price? by Culture20 · · Score: 3, Insightful

      no one bothers hacking 1000 machines

      They do if
      # eject /dev/cash
      spits out ten $20 bills at a time.

    13. Re: Price? by Hal_Porter · · Score: 2

      Meanwhile less big companies like TomTom get sued for infringement.

      http://en.wikipedia.org/wiki/Microsoft_Corp._v._TomTom_Inc.

      And HTC pay Microsoft a $5 license for every Android device

      http://arstechnica.com/information-technology/2011/10/microsoft-collects-license-fees-on-50-of-android-devices-tells-google-to-wake-up/

      Actually I'm surprised that Google doesn't have a formal license fee for Android. They could charge for a license that they'd guarantee would cover all patents. Some would go on the patents they know the rest would go to fighting patent lawsuits in the future.

      E.g. suppose Google knows that most licensees for Android pay $5 in license fees. They set up Android Licensing Inc which offers a patent indemnity license for say $10 per device. If you pay the license Android Licensing Inc will fight patent violation lawsuits for you. They could build in a patent pooling clause too.

      You'd also be free to take your chances. Of course it's debatable how many Android OEMS would actually go for this. The big ones - Samsung, HTC, Sony etc have already negotiated their own arrangements and would presumably not want to patent pool. The small ones probably take their chances and negotiate licenses as they need to.

      Probably they missed their chance to do this back when Android was announced. If they set it up as an industry consortium with patent pooling and a board of directors that governed the standard they could have done this. Android doesn't actually work like that - Google license the base OS for free but Google Apps are licensed.

      http://source.android.com/faqs.html#how-can-i-get-access-to-the-google-apps-for-android-such-as-maps

      Someone discussed this here

      http://pando.com/2012/01/28/how-google-can-save-android-close-it-license-it-swim-in-the-profits/

      By licensing Android, Google could begin to extract even more money from smartphones--which, I thought, was the whole point of being in business.

      Won't licensing Android turn phone makers away from Google's OS? That may have been a worry a few years ago, before manufacturers had committed to the OS. But now Google and major handset makers are stuck on the Android train. They've built their entire businesses around the OS, and many of their customers love it. And, anyway, phone makers know that Android isn't really free in the first place--not to Google and not to handset makers. In addition to the cost of developing the OS, Google has lately been spending billions on patents to protect it. Nearly every handset maker, meanwhile, has signed licensing agreements with Microsoft to settle patent suits. Estimates suggest that each copy of Android costs phone makers $10 to $15 in licensing fees to Microsoft. That's still a bargain--Windows Phone 7 costs $20 to $30 per copy.

      So here's Google's opportunity: It could charge phone makers $10 per Android license, raising the total per-copy cost of Android to between $20 and $25. Sure, Samsung, HTC and others may balk, but what are they going to do about the added cost? Going to Windows would be more expensive and confusing to their businesses. As an inducement, Google could also begin settlement negotiations with Microsoft and other patent litigants to reduce Android's licensing costs. Given all this, phone manufacturers would stick with Android--and Google would make a killing.

      The reason I think they won't do this is that Samsung sell most Android phones. There have always been hints that Samsung would fork Android for its own ends and I think if Google tried to make them

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    14. Re:Price? by AmiMoJo · · Score: 5, Insightful

      Stop and think what using Linux would mean for them for a moment. They would have to pay hardware manufacturers to provide Linux drivers, or write their own. Those ATM NICs are proprietary and use certified encryption, so it's not even just a case of hacking some code together, it needs expensive certification as well.

      They would also have to employ some experts to do OS level support for them. They are not paying Microsoft for security patches, this is an embedded system. They are paying for technical support when they have issues. That cost would probably be close to what they would have to pay some Linux experts, and they wouldn't have any other company to blame when things went wrong.

      I'm not saying Windows is definitely a better solution, but Linux isn't as wonderful as you think either. No matter which one they picked they would have issues, but it an ancient Linux kernel that needs support or an ancient Windows kernel that needs support.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    15. Re: Price? by alex67500 · · Score: 2

      I'm not sure what is funniest. The comment itself, or the fact that it's modded insightful... :-D

    16. Re: Price? by jedidiah · · Score: 2

      > And I guarantee you that each and everyone of the firms you have listed has paid some patent holder licensing fees

      No you can't.

      Even if you could. That only supports the use of Linux by such companies. It means THAT IT'S ALREADY PAID FOR.

      In your rush to make up stupid shit, you failed to think things through.

      --
      A Pirate and a Puritan look the same on a balance sheet.
    17. Re: Price? by jbolden · · Score: 2

      . I'm a little out of date about commercial Linux vendors but as of a few years ago, no commercial Linux distributor offered indemnity because they couldn't.

      Novell (Suse) offers this since 2004
      Oracle since 2006
      Redhat since late 2006

      That being said I don't see the problem with Linux.

    18. Re: Price? by mcgrew · · Score: 2

      Ever heard of a supercomputer? You know, those computers that cost millions of dollars and are the fastest computers in the world? Well, the fastest ten all run Linux. Guess who can afford a computer like that?

      Guess what OS routers are running. Yep, Linux. Guess what Pixar and the other CGI houses use? Linux. Do you think the automakers are using Windows to run simulations??

      The only Windows computers are the little ones sitting on office drones' desks. The big iron mostly runs Linux these days, where it used to be UNIX.

      --
      Free Martian Whores!
    19. Re: Price? by icebike · · Score: 2

      Exactly. They waived any right to appeal, because their patent is going to be invalidated.

      --
      Sig Battery depleted. Reverting to safe mode.
  3. The Market? by Anonymous Coward · · Score: 2, Insightful

    If there is that big of a market why is nobody selling/buying a replacement OS already? Particularly one cheaper than windows.

    1. Re:The Market? by icebike · · Score: 5, Insightful

      Because Microsoft can be sued if they need to?

      Ah, no. Not going to happen.
      Your hardware, you installed the software,
      You managed it for the last 10 years,
      You probably didn't apply patches...

      No way that ever gets a dime out of Microsoft in court.

      --
      Sig Battery depleted. Reverting to safe mode.
    2. Re:The Market? by camperdave · · Score: 3, Insightful

      Banks wouldn't sue in a case like this. Banks would go to the government for a bailout.

      --
      When our name is on the back of your car, we're behind you all the way!
    3. Re:The Market? by jones_supa · · Score: 2

      Actually all those things have seen massive improvements in Windows 6.x.

  4. should have gone with a browser... by johnjones · · Score: 3, Insightful

    I never understand why ATM's dont use HTML/SVG and then the OS is replaceable as a browser is the interface and a HTTP server security is well understood and network security would be part of a core competency

    thoughts ?

    john jones

    1. Re:should have gone with a browser... by dantotheman · · Score: 3, Funny

      Maybe they do now, but the ATMs in question are so old they are running a 12 year old OS. Do you happen to remember the state of HTML and web browsers 12 years ago? I'll give you a hint. They certainly didn't support SVG then.

      HTML/SVG tend to be sandboxed to some extent... ditto for JavaScript... how do you propose your HTML based ATM interact with the card reader, cash dispenser, receipt printer or deposit slot?

      ATMs are more than just a touch screen with a UI.

      ActiveX controls running in IE 7

      shiver...

    2. Re:should have gone with a browser... by ixidor · · Score: 2

      right but thats the point, if the core app is html based any os should work. stick some linux or bsd on there to talk to the network card.

    3. Re:should have gone with a browser... by sjames · · Score: 2

      I'll bet the Windows7 install disk doesn't come with drivers for that crazy hardware either. If you're going to have to write the drivers anyway, the crazy hardware doesn't affect your OS choice.

    4. Re:should have gone with a browser... by Artifakt · · Score: 3, Informative

      On some designs, a 16 key pad has extra pinouts which were originally intended to drive the circuits for Dual Tone Multi Frequency signalling built in (think of AT&T). These don't drive tone generators in ATMS, but they may reliably put out a square wave 1/2 second long pulse while the main pinouts are outputting a pulse of the length the finger stays on the key.
              On other designs, it has sensors to disable signaling when temperatures get above a certain value (think of the anti-fire security common on elevator keypads - this gets used on some 16 key designs because they also get used in door security systems, rather than them commonly being used in elevators, or people really worrying that an ATM on fire may start spewing money).
              Some designs used to incorporate the very same additional chipset used in soda machines so the owner could put those into maintenance modes (see "hacking coke machines"), and they let the ATM service tech run diagnostics by entering a reserved pin number or longer sequence, but I'm not sure if any of those last are still in use.
              There are rumors of radio frequency signalling built in, and sometimes actually used to get the pad signal to the servos it controls when the physical mounting for the ATM is in a sufficiently awkward location. I don't think those rumors are likely, but I wouldn't just assume they are completely bogus either. Alternately, I suspect the parent poster may be referring to various claims that the pads can be used to scan fingerprints and even to tell a live finger from a severed one, but these last are certainly urban legends.

      --
      Who is John Cabal?
    5. Re:should have gone with a browser... by sjames · · Score: 2

      ATMs are a bit of a rarefied field. There's not a lot of vendors and there' not a lot of customers, but the customers that are there are large volume. If JPMorgan et. al. say Linux drivers or else, they get Linux drivers.

  5. Obvious choice I think by Mateo_LeFou · · Score: 5, Funny

    Windows XP is the only operating system stable & secure enough to handle sensitive transactions such as cash dispensing.

    --
    My turnips listen for the soft cry of your love
    1. Re:Obvious choice I think by wvmarle · · Score: 2, Insightful

      Well, in a way you may be right. WinXP is so old and so well understood now, that pretty much all possible attack vectors are known and can be defended against. Knowing your enemy is important.

      Can't say that much of other OSes, like Linux or Win7. They are not as well known by ATM builders. And that's just the OS, not the software running on it and doing the actual work (interfacing with the user, with the bank, dispensing the money, etc), which would have to be rewritten from scratch (all of it, including the UI the drivers) if moving to Linux or BSD, and would need at least thorough testing if deployed on a newer version of Windows, with the drivers possibly needing a rewrite.

  6. Windows.. by nurb432 · · Score: 4, Insightful

    Is a bad choice anyway. Not just a Microsoft bash, but aside from all the security issues, windows is XP is a desktop platform, not a OS to be putting on dedicated devices ( even the so-called embedded version really isn't any more appropriate for this, don't let the marketing folks fool you )

    An ATM should be running off a custom embedded OS targeted for this purpose, not a commodity OS.

    --
    ---- Booth was a patriot ----
    1. Re:Windows.. by Em+Adespoton · · Score: 5, Insightful

      An ATM should be running off a custom embedded OS targeted for this purpose, not a commodity OS.

      It is... it's called XP Embedded, as outlined in the summary. And yes, bank machines were a major target during XP Embedded's design phase.

      Of course, it would make MORE sense to use an embedded OS where the banks/ATM manufacturers have full access to the source.

    2. Re:Windows.. by erice · · Score: 4, Insightful

      Is a bad choice anyway. Not just a Microsoft bash, but aside from all the security issues, windows is XP is a desktop platform, not a OS to be putting on dedicated devices ( even the so-called embedded version really isn't any more appropriate for this, don't let the marketing folks fool you )

      An ATM should be running off a custom embedded OS targeted for this purpose, not a commodity OS.

      Who is going to write, maintain, and keep secure this custom OS?

      The trouble with custom embedded OS's is that, in spite of the best intentions to limit their scope, they almost always need more features than can be written from scratch by a small team and be obviously secure. So they port code from more commodity OS's. Due to limited resources, the code in the embedded OS tends to fall behind. The porting effort can introduce bugs too that are non-obvious to the guy doing the port because he doesn't fully understand what he is porting.

    3. Re:Windows.. by Kjella · · Score: 2

      Of course, it would make MORE sense to use an embedded OS where the banks/ATM manufacturers have full access to the source.

      OS/2 had its heyday in the early 90s, ATMs used it way into the 2000s.
      XPe had its heyday in the early 00s, ATMs are using it way into the 2010s.
      Embedded Linux has its heyday now in the early 10s, draw your own conclusions.

      ATM vendors are extremely conservative, they tend to use platforms others already think are obsolete. They'll come along eventually, it's not like the cell phone market where you can flip the market upside down in 2-3 years.

      --
      Live today, because you never know what tomorrow brings
  7. yes, but... by Anonymous Coward · · Score: 5, Funny

    "95% of the world's ATM machines are still running Windows XP

    Yes, but what about the *automatic* ATM machines? Those are the ones I most am concerned about.

    1. Re:yes, but... by CBravo · · Score: 2

      Those with LCD displays or with those old CRT tubes?

      --
      nosig today
  8. Go to 8 by cosm · · Score: 5, Funny

    To hell with 7. Please put Windows 8 on the ATMs instead! I already love how ATMs do a wonderful job of selecting the wrong option for me after finally getting the card to take, only to then take me into the Spanish menu, spitting out a receipt, and then not accepting my card again while the line forms behind me! Metro can only enhance this lovely experience! Hell, add a kinect to it so when I flip it a golden salute it recognizes my input and doubles the ATM fee! Gotta keep up with the bank's great customer service these days!

    --
    'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
    1. Re:Go to 8 by CannonballHead · · Score: 4, Insightful

      Actually, how would Metro be a bad thing? This is pretty much exactly what Metro is meant for - one application, completely full screen, used with a touch screen ...

  9. Let's go one better... by djbckr · · Score: 2

    Is the dispensing software is written in Java? Half kidding, and wondering at the same time.

    1. Re:Let's go one better... by Anonymous Coward · · Score: 4, Informative

      I worked for an ATM software development shop called Phoenix Interactive. The software we wrote was mostly C++, with some C mixed in to deal with updating the main software. The main ATM manufacturers (Diebold, Wincor, NCR) all only create Windows drivers (or did, 10 years ago when I worked there). The OS is locked down hard, while you may see the occasional blue screen, even if you had a keyboard plugged in you would not be able to stop the software from running or move it to the background without triggering a restart and a tamper alert back to the bank. Windows can be locked down just as well as Linux, it's just a royal pain in the ass to do so.

  10. Re:Isn't this headline kinda weird by egcagrac0 · · Score: 2

    I see more ATMs running Windows 2000 than Windows 95.

    I think Windows 98 and OS/2 still have a comparable market share, however.

  11. I throw this out there often by TheRealMindChild · · Score: 5, Interesting

    As someone who has worked with Diebold, they have never have more than 3 programmers and they only use and have ever used Visual Basic. This is why their ATMs (and voting machines) are required to run Windows.

    --

    "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
  12. Re:Wow. by roc97007 · · Score: 2

    Yeah, there must be, oh, thousands of ATMs out there.

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
  13. Re:Global Financial Collapse by roc97007 · · Score: 4, Insightful

    Actually, that doesn't worry me nearly as much as Windows for Warships.

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
  14. Re:What about OS/2? by Anonymous Coward · · Score: 5, Interesting

    OS/2 was entrenched. The ADA a couple of years ago declared that all ATMs must have blind support. That meant adding sound. The OS/2 machines could in the main not support that service and as such were retired. It was a field day for NCR, Hyosung and Diebold with hundreds of thousands of new ATMs being purchased. These new ADA compliant ATMs were replaced mostly by Windows XP driven ATMs, with the promise that the ATMs could be upgraded to Windows 7 when it became necessary.

    I have only been working with Diebold, but they are refusing to hire sufficient (or maybe any idk) additional hands to deal with the necessary surge in maintenance to upgrade to Windows 7.

    All that being said, the XP ATMs are perfectly safe. They are behind some rather crazy firewalls. It would be rather difficult to get into them to take advantage of any potential problem. (The issue for the bank / ATM driver / card processor not being the loss of the cash, but rather the loss of the customer information.)

    Hmmm. Better post this anonymously.

  15. OS/2 Warp by transporter_ii · · Score: 3, Informative

    [O]verall, OS/2 failed to catch on in the mass market and is little used outside certain niches where IBM traditionally had a stronghold. For example, many bank installations, especially Automated Teller Machines, run OS/2 with a customized user interface.

    http://en.wikipedia.org/wiki/OS/2

    --
    Doctors destroy health, lawyers destroy justice, universities destroy knowledge, religion destroys spirituality
  16. Re:Global Financial Collapse by Anonymous Coward · · Score: 2, Informative

    Actually, that doesn't worry me nearly as much as Windows for Warships.

    You jest but the US Navy was (is?) using Windows as the OS for drive-by-wire hovercrafts. One bluescreened and ran out of control in San Franscisco.

    ~Demonoid Penguin (moderating)

  17. Why XP? by ukoda · · Score: 2

    Yes, I am a Windows hating Linux user but the question is serious, not flame bait, why would they chose XP in the first place and why have they not moved to something else in the last decade?

    With real cash at stake I would have probably started with a minimal BSD OS and just added the minimal graphics, comms and I/O libraries needed to support the main application. I'm sure others here have their own ideas of the best OS, most excluding Windows?

    1. Re:Why XP? by tftp · · Score: 5, Informative

      why would they chose XP in the first place

      XP was a very good choice compared to Linux as it was 12 years old. Cost of Windows ($50 per copy?) was entirely immaterial. The important things were maturity, support, features, and toolchain. Linux in the year 2000 was light on those. Where in Linux's Event Viewer is the Security Log? How many objects can be audited in Linux? In NT - a lot, and it all was available immediately. In the toolchain department even today autotools give you a horrifying experience compared to MSVC.

      Developers of ATM took the most complete foundation for their work (the OS) and then added what was custom. If they started with Linux, or BSD, or DOS, they'd have to add far more - and the more you write yourself the more you have to maintain. If they started with Linux that would be kernel 2.0.x - and today we are on 3.x, with gigabytes of patches applied to libc and other essential components of the system. It would be extremely difficult to upgrade and maintain.

      and why have they not moved to something else in the last decade?

      Who is going to pay money for fixing what isn't broken? It's not broken even today, that's why they want to keep the machines running. It's pretty expensive to send engineers to tens of thousands of ATMs to upgrade them, since doing it remotely might be too scary. The hardware also probably went through ten revisions, so each ATM runs its own set of drivers that were customized to the hardware that is installed. Your upgrade task would require you to support all that old hardware - and that is a dead end job. Better to just keep the thing running until it falls apart, and then replace it.

  18. Re:RELEVANT SIMPSONS by ackthpt · · Score: 2

    Ah, a good old Nelsoning is hard to top.

    --

    A feeling of having made the same mistake before: Deja Foobar
  19. Re: Wow. by VTBlue · · Score: 2, Insightful

    Most people who comment on Microsoft stories here are clueless about the company's product portfolio, customer base, policies, and competitive status. Not saying that you're one of them though >:)>

  20. JP Morgan by Nethead · · Score: 3, Interesting

    About two years ago I was a field tech and would get service calls to JPMS. Most of the time it was just to move fax machines around or to make a jack live. Sometimes it was to try to get a PC to boot. There is SO much legacy cruft in the boot image of a JPMS desktop that it can take three boots just to get the damn thing stable. Some of the boot code even flashes by "DOS TCP/IP 1.0" as it goes by. They have decades of cruft to dig through to get those things anywhere modern. I have pity for the admins trying to roll this out, I really do.

    On the other hand that damn image is used by hotshot investment brokers to transact multi-million dollar trades everyday. That image is a lot of their "secret sauce" that they use to make a shit load of cash. It's a tool that has made them trillions. I can see why they don't want to fuck with it. They would gladly have me hang around for a day at a few hundred dollars an hour (not that I was seeing 20% of that) just to make sure the hotshot could do his job. The hotshot's downtime cost them thousands of dollars an hour. Imagine having to roll out an image to 1000 hotshot desktops and have it fail for even a day.

    That's a lot of incentive to keep the boat from rocking, whatever the cost.

    Remember that a lot of that legacy code is interfacing with mainframes that are running code before the advent of PCs.

    --
    -- I have a private email server in my basement.
  21. Let me laugh even harder... by Anonymous Coward · · Score: 5, Informative

    All that being said, the XP ATMs are perfectly safe. They are behind some rather crazy firewalls.

    Nope.

    http://www.extremetech.com/extreme/173701-atms-running-windows-xp-robbed-with-infected-usb-sticks-yes-most-atms-still-run-windows

    And another successful attack vector using Plotus http://www.atmmarketplace.com/article/221087/Mexican-ATMs-fall-prey-to-new-cyberattack

    Successful malware attacks (both gaining access to the local cash and screen scraping and keystroke recording of customer information) through ATMs have been going on since 2008 and Diebold would most certainly be well aware of this, even if they are choosing not to bring it to your attention.

    1. Re:Let me laugh even harder... by Anonymous Coward · · Score: 2, Insightful

      They booted those systems off USB in order to rob them.

      If you give somebody physical access to hardware that will boot off arbitrary media, it doesn't really matter what the underlying OS is. It's not because they were running XP, it's because they had USB.

  22. Comment removed by account_deleted · · Score: 5, Funny

    Comment removed based on user account deletion

  23. Not just ATMs.... by ub3r+n3u7r4l1st · · Score: 3, Interesting

    Went to a hospital a week ago that was newly opened late last year. All workstations are the Lenovo all-in-ones with the Windows 8 sticker on it. Guess what operating system they are running on now .... Windows XP Professional (at least that's what the screen saver said.)

    I saw an IV infusion pump being rebooted by a nurse. I hear the famous chine of Windows XP shutting down.

    --
    New Economic Perspectives
  24. Re:What about OS/2? by paugq · · Score: 2

    No, sound support is not reason enough. OS/2 ATMs in Spain have blind support, including sound.

  25. Re: I think I understand now by dbIII · · Score: 2

    Come on now. I don't need to read any Alex Gabbard derived propaganda (Oak Ridge administrator who wrote the "terrorists can build nukes out of fly ash" bullshit that kicked it all off) and neither do you. You can look at a reliable source of where coal came from to see how stupid the suggestion is. You can then look up the composition of the most radioactive coal on the planet and calculate how many hundreds of thousands of tonnes you would need to extract enough material to get the famous "banana dose". You can then consider the average, and see that it's actually less than average background radiation due to being made of mostly very old organic material with isotopes of half lives that mean very little remains after millions of years. The impurities after that are really just sand, so obviously you end up with something containing small amounts of sand so significantly less radioactive than sand.
    The very funny thing is that you and I are far more radioactive than fly ash. You have either been conned or are lying to push an agenda and taking advantage of the younger readers here that cannot see your various piles of bullshit for what they are.
    I don't see why we should let such misleading rubbish go unchallenged. It's supposed to be a technical discussion site after all. We are not supposed to mislead the kiddies for some sort of political end.

  26. Give Linux some time. by LubosD · · Score: 2

    I work for one of the major ATM vendors in the world and replacing Windows with Linux has become one of the top priorities across the whole portfolio (which is now a lot of other things than just ATMs). The reason are obviously the costs associated with Windows licenses. And why are the ATMs and other hardware still running Windows? Old and *very* messy codebase that is hard to port to Linux. But it's getting there.