Your bank will pay Microsoft to keep running its ATMs


Recommended Posts

atm-windows-xp-martin-maciaszek-flickr.j

 

 

Believe it or not, roughly 95 percent of ATMs in the world are still running Windows XP -- and that's about to become an expensive problem. Machine designer NCR says that only a third of banks will upgrade their ATMs to a newer OS before official XP support ends on April 8th, leaving many institutions little choice but to pay Microsoft for an extended contract if they still want support. At least some banks plan to update, but they're facing both technician backlogs and steep transition costs; estimates suggest the big UK firms might pay up to ?60 million ($100 million) each to make the leap. Whether or not your bank joins the modern era, you shouldn't be surprised if you end up footing some of the bill.

 

 

Source: http://www.engadget.com/2014/03/14/atm-windows-xp-costs/

 

Link to comment
Share on other sites

their own damn fault.

I don't see how, some are in inaccessible places, and the cost to overhaul them has to be taken into account also

 

(no I'm not stalking you, and no, that isn't a hockey mask and chainsaw behind my back..............)

Link to comment
Share on other sites

I don't see how, some are in inaccessible places, and the cost to overhaul them has to be taken into account also

 

(no I'm not stalking you, and no, that isn't a hockey mask and chainsaw behind my back..............)

 

now they have to overhaul them AND pay MS more money just to maintain the old stuff. Microsoft announced the death of XP multiple times already, it's plainly obvious that XP is well past their shelf life and will EOL, yet they all just sat on their butts twiddling their thumbs.

Link to comment
Share on other sites

wouldnt it just make sense and be cheaper to just upgrade what can be upgraded to windows 7 professional and run the craptastic ATM software in XP compatibility mode?

Link to comment
Share on other sites

I don't see how, some are in inaccessible places, and the cost to overhaul them has to be taken into account also

 

(no I'm not stalking you, and no, that isn't a hockey mask and chainsaw behind my back..............)

If they're inaccessible then they couldn't refil them with money ;)

Sure there's a cost to upgrade them, but that cost is always there so the options are either to wait and scramble to update, or be proactive about it.

Link to comment
Share on other sites

wouldnt it just make sense and be cheaper to just upgrade what can be upgraded to windows 7 professional and run the craptastic ATM software in XP compatibility mode?

I'm pretty sure ATM's run Windows Embedded. It's all a matter of the banks ordering the new software package from the ATM vendor (ie. NCR) and getting it installed.
Link to comment
Share on other sites

Banks should be forced to upgrade these things, whether they want to or not. Security is far more important than saving a little bit of money.

Link to comment
Share on other sites

Banks should be forced to upgrade these things, whether they want to or not. Security is far more important than saving a little bit of money.

Newer != more secure...

Link to comment
Share on other sites

I work in a large software and hardware company and we see it on a daily basis that companies does not want to upgrade to new OS versions even when they are using versions that we dont support anyway. They are just used to those versions, they have very few issues/bugs and are not willing to upgrade.

Link to comment
Share on other sites

I don't think switching from XP is necessary for an ATM.

These devices run a specific service that reduces the number of possible attack vectors. People don't use these machines to browse the web with IE6 or download the latest cracked Photoshop 16 torrent. You basically can't run anything aside from the ATM's GUI unless you physically compromise the hardware (and that's platform agnostic).

Attacks against an ATM are primarily hardware-based and are yield-limited by the cash capacity of the ATM. The device is hardened to accept only limited input into one interface via a numeric keypad and maybe 8 additional keys. Accounts are typically compromised when a thief records a user's card and PIN information, and the methods for doing so are OS-independent (hardware skimmer/fake card swipe/keypad). The weakness on the ATM side itself is the user, who has to provide their information to an unauthenticated piece of hardware.

Link to comment
Share on other sites

I wonder if some version of Linux would be safer for an ATM ...

Hit or miss, security track record is no better than other OS's when it comes to vulnerabilities, Linux distros also half a shelf life and then stop receiving support, paid support is still expensive, the cost to redo everything for an entirely different OS, etc.
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.