Windows XP Support to End on April 8; ATMs at Risk

John Keefer

Devilish Rogue
Aug 12, 2013
630
0
0
Windows XP Support to End on April 8; ATMs at Risk



Microsoft's XP operating system has been around since 2001, but 29 percent of the world's computers still use it. Among those are about 95 percent of the ATMs in the United States.

The time has come for Windows XP to die, according to Microsoft, so it will be pulling the tech support plug on April 8. While many users will not be affected since they have converted to Windows 7 or Windows 8, it turns out that roughly 29 percent of computers across the world still use the aging OS.

What this means is that, even though the OS will continue working, the lack of security updates and support of Microsoft will leave users more vulnerable to hacking. It will also mean even fewer companies will be making any software that would support XP.

Apparently, the biggest source of concern is that 95 percent of the ATMs in the United States use XP, and only a small number of those -- perhaps 15 percent -- will be able to upgrade by the time Microsoft drops the OS hammer, according to a Bloomberg Businessweek report [http://www.businessweek.com/articles/2014-01-16/atms-face-deadline-to-upgrade-from-windows-xp]. Of course, ATM companies have had fair warning, as Microsoft originally wanted to end support for XP back in 2010, but decided to delay its demise.

While upgrading to Windows 7 or 8 is a viable option, not all the machines that currently run XP will be compatible, given their aging hardware. Also, many businesses still running XP (about 6 percent) may not be able to upgrade because of budget constraints, said Scott Dowling, a Microsoft software consultant for En Pointe Technologies. If you are affected, Microsoft has a tool [http://windows.microsoft.com/en-us/windows-8/upgrade-assistant-download-online-faq] that will help you figure out what your next OS could be. But don't be surprised if a new computer is necessary.

Microsoft may offer custom support for XP that would provide additional security patches, but at a cost. Dowling said early reports say the expense may be cost prohibitive.

Source: CNN Money [http://money.cnn.com/2014/01/29/technology/enterprise/windows-xp/]

Permalink
 

alj

Master of Unlocking
Nov 20, 2009
335
0
0
And this is exactly why a consumer OS should not be used for something so important. THey should be using something made from the ground up or using something proven to be secure that is not going to " go out of support" like open BSD that is secure by default , unlike XP that is not that secure ( don't get me wrong it is not bad considering how old it it but still).
 

Rainforce

New member
Apr 20, 2009
693
0
0
alj said:
And this is exactly why a consumer OS should not be used for something so important. THey should be using something made from the ground up or using something proven to be secure that is not going to " go out of support" like open BSD that is secure by default , unlike XP that is not that secure ( don't get me wrong it is not bad considering how old it it but still).
while I do not like your "secure by default" argument (as I think that's a very hypocritical thing to say, since it all depends on what you do with a system), I must of course agree that they should probably take an OS that is not bound to run out of support eventually, has better upgrade possibilities and especially isn't bound to uuuuh..."enterprise level pricing". Also they might be able to save a lot on hardware and power consumption if they go for a more "simple" OS, considering how it just needs to handle ATM stuff.
 

RA92

New member
Jan 1, 2011
3,079
0
0
No matter how much guff we give Microsoft, you have to admit that supporting an OS 13 years old is pretty swell of them.
 

WeepingAngels

New member
May 18, 2013
1,722
0
0
alj said:
And this is exactly why a consumer OS should not be used for something so important. THey should be using something made from the ground up or using something proven to be secure that is not going to " go out of support" like open BSD that is secure by default , unlike XP that is not that secure ( don't get me wrong it is not bad considering how old it it but still).
How secure something is is partly dependent on how many people want to attack it. I would imagine ATM's will always be vulnerable no matter what OS they run because....money.
 

Alpha Maeko

Uh oh, better get Maeko!
Apr 14, 2010
573
0
0
Has Windows XP really been all that secure in the first place? I don't see April as the magical date that all hackers suddenly figure out how to get into an ATM, just because Microsoft finally turned the dripping water off.
 

LordLundar

New member
Apr 6, 2004
962
0
0
Rainforce said:
alj said:
And this is exactly why a consumer OS should not be used for something so important. THey should be using something made from the ground up or using something proven to be secure that is not going to " go out of support" like open BSD that is secure by default , unlike XP that is not that secure ( don't get me wrong it is not bad considering how old it it but still).
while I do not like your "secure by default" argument (as I think that's a very hypocritical thing to say, since it all depends on what you do with a system), I must of course agree that they should probably take an OS that is not bound to run out of support eventually, has better upgrade possibilities and especially isn't bound to uuuuh..."enterprise level pricing". Also they might be able to save a lot on hardware and power consumption if they go for a more "simple" OS, considering how it just needs to handle ATM stuff.
You're asking an impossibility. A software developer is not going to provide eternal support for an OS so long as a business exists unless they can charge a considerable amount for said support which will increase as time goes on and companies move on. The support costs on most OSes is relatively inexpensive at the enterprise level which means software developers must get their funding from future releases.

Second, an Operating System can't keep perpetual support and better upgrade possibilities as when new hardware designs and subsequent firmware are released the OS will crap out when it's implemented. XP for example cannot natively recognize the SATA format or USB 3.0 as it came out after the OS was released. Current hardware systems that have Win 7 or Win 8 installed by default do not have the work around that earlier systems did to handle SATA so trying to install XP is an exercise in frustration. Implementing such compatibility into an OS is not simply patched in, it requires a rework at the kernel level to do so which means rebuilding the OS. It's far cheaper to get an OS already designed around the new hardware and firmware than to commission a rebuild of the current OS.

Finally, it doesn't just need to handle ATM stuff. Those ATM's are still linked into the branch's local network which are linked into the bank's full network. Those systems need to be able to talk to each other which means that the entire network would need to be ensured to be compatible. It's several million to do OS replacements on ATM's to get them to remain compatible with banks or several hundred million to modify the bank's network to accommodate the ATM's OS.

The only way your idea would even come close to working is if the entire bank's network never did hardware upgrades which is impossible as it would require hardware manufacturers to set aside a large portion of their production facilities to keep making the legacy equipment. That's not going to happen without some substantial profit which isn't there.

It's easy to suggest they they go with a "perpetual OS", but quite impossible to execute when you think about it.
 

alj

Master of Unlocking
Nov 20, 2009
335
0
0
WeepingAngels said:
alj said:
And this is exactly why a consumer OS should not be used for something so important. THey should be using something made from the ground up or using something proven to be secure that is not going to " go out of support" like open BSD that is secure by default , unlike XP that is not that secure ( don't get me wrong it is not bad considering how old it it but still).
How secure something is is partly dependent on how many people want to attack it. I would imagine ATM's will always be vulnerable no matter what OS they run because....money.
True but you should always try to minimise the risk, no system is 100% secure but using a 13 year old OS whose design is inherently insecure is not the best idea. ANd why do they need a full desktop OS that is just building more doors into the system you must close. When not have a system with less doors to secure in the first place ?
 

WeepingAngels

New member
May 18, 2013
1,722
0
0
alj said:
WeepingAngels said:
alj said:
And this is exactly why a consumer OS should not be used for something so important. THey should be using something made from the ground up or using something proven to be secure that is not going to " go out of support" like open BSD that is secure by default , unlike XP that is not that secure ( don't get me wrong it is not bad considering how old it it but still).
How secure something is is partly dependent on how many people want to attack it. I would imagine ATM's will always be vulnerable no matter what OS they run because....money.
True but you should always try to minimise the risk, no system is 100% secure but using a 13 year old OS whose design is inherently insecure is not the best idea. ANd why do they need a full desktop OS that is just building more doors into the system you must close. When not have a system with less doors to secure in the first place ?
Well obviously it wasn't a 13 year old OS when they started using it. I would imagine that it's cheaper to buy XP than to contract someone to make a OS for you. It's like saying "Why doesn't Pepsi make their own trucks instead of buying Ford and Chevy trucks to make deliveries?"

My example is based purely upon me seeing a Pepsi delivery truck just now.
 

webkilla

New member
Feb 2, 2011
594
0
0
Last year I worked at a city hall, for IT

All of the city hall's workstations ran on XP

...and they knew quite well of the impending XP support shutdown. And they dreaded it.

Why?

Because 9 out of 10 clerks and other city hall employees were not computer super users... most of them only know how to use their outlook (and then barely so... IT support is often asked how one attaches files to an email) and their one work-related program, if they have any - plus of course the basics of Word.

To this end: Upgrading all the workstations to win8 would, from a technical standpoint, be easy. It could be done overnight.

But to train a lil over three thousand city hall employees, plus the five thousand 'external users' (city hall's computer systems is what ALL county government systems run on, so schools, sanitation, libraries...) to use the new interface?

Oh and never mind that the city council itself would be PISSED if they suddenly couldn't figure out how to use their own computers - oh, and they can tell you "Roll that shit back, this new stuff is crap" and you have to do it.

This is why IT dreaded having to upgrade from XP. Of course, back then 8.1 hadn't really been announced yet - but even with that out now I've heard of people having trouble getting the 'new' start menu working properly...

So ya... that's why they're sticking to XP
 

Me55enger

New member
Dec 16, 2008
1,095
0
0
Fairly sure this article is missing some quotation marks.

In the UK a mojority of self-service scheckouts in various supermarkets appear to run Windows XP. I believe all the Tesco DotCom (The pickers who shop for you for thier home delivery service) hardware run a variant of XP also.

It's funny how stupid smart people can be.

EDIT: Oh yeah. There are also large parts of the front-end of the NHS that are still using XP. I once had to watch two secretaries (whose ward my grandmother was dying upon) try and work out why they couldnt access the computer. The screen resolution was wrong.

I would have done it for them, but I would have run the risk of being arressted to trying to access confidential medical information, no doubt.
 

LordLundar

New member
Apr 6, 2004
962
0
0
webkilla said:
Last year I worked at a city hall, for IT

All of the city hall's workstations ran on XP

...and they knew quite well of the impending XP support shutdown. And they dreaded it.

Why?

Because 9 out of 10 clerks and other city hall employees were not computer super users... most of them only know how to use their outlook (and then barely so... IT support is often asked how one attaches files to an email) and their one work-related program, if they have any - plus of course the basics of Word.

To this end: Upgrading all the workstations to win8 would, from a technical standpoint, be easy. It could be done overnight.

But to train a lil over three thousand city hall employees, plus the five thousand 'external users' (city hall's computer systems is what ALL county government systems run on, so schools, sanitation, libraries...) to use the new interface?

Oh and never mind that the city council itself would be PISSED if they suddenly couldn't figure out how to use their own computers - oh, and they can tell you "Roll that shit back, this new stuff is crap" and you have to do it.

This is why IT dreaded having to upgrade from XP. Of course, back then 8.1 hadn't really been announced yet - but even with that out now I've heard of people having trouble getting the 'new' start menu working properly...

So ya... that's why they're sticking to XP
Heh, try doing the upgrade during operational hours when they can do work not reliant on the computers. Not only do they still have to be trained and the "roll it back" garbage (which often times means putting all the hardware you just took out back), you get the fun of being expected to do this WHILE doing the install work. Yup, they expect you to install it, train them, and then if they don't like it after ten minutes to put the old stuff back all at the same time...

Is it any wonder when I was asked to make a computer fail catastrophically I told the pleb that if he survived I didn't do the job right?
 

Batweb

New member
Sep 21, 2011
1
0
0
ATMs run XPe the embedded edition, support has already been extended until 12th January 2016.
 

RicoADF

Welcome back Commander
Jun 2, 2009
3,147
0
0
Heh in the news article about Japan's ATM's being at risk I said the Us would be in the same boat and here we are reading the same thing about the US.
My money is on Windows 7 being the next system, most businesses are moving to Win 7 and none will move to the failure of 8
 

Mahha

New member
May 20, 2009
105
0
0
What amazes me most is that the companies haven't prepared even though microsoft revealed it's plans to sack support for twindows xp way back in 2008. They had 6 years to upgrade. Bloody incompetent fools and of course it's going to be microsofts fault.
 

Hairless Mammoth

New member
Jan 23, 2013
1,595
0
0
Batweb said:
ATMs run XPe the embedded edition, support has already been extended until 12th January 2016.
Indeed. Almost all ATMs and POS terminals that are full sized computers run XP Embedded Edition since the computer is small and dedicated to one specific task, which will be supported to that date. What worries me is what about the few ATMs and POSes that for some reason have full XP editions. I know the place I worked for years ago had touch panels POSes running XP Pro. They at least might have upgraded to 7 since the office machine went to 7 right before I left.
RicoADF said:
Heh in the news article about Japan's ATM's being at risk I said the Us would be in the same boat and here we are reading the same thing about the US.
My money is on Windows 7 being the next system, most businesses are moving to Win 7 and none will move to the failure of 8
I don't know if M$ is gonna even sell Win 7 to any businesses besides OEMs for new machines in the near future. I can't even find a like on M$.com to buy Win 7 retail. But they could give a discount on 8 to upgrading devives like kiosks, ATMs, and POS terminals. Win 8's UI controls like shite, but is great under the hood. They only issues that could come up is driver based since all of those things have a custom UI that replaces the Windows GUI, so no one trying to get cash late at night has to worry about figuring out live tiles while watching their backs for muggers. M$ just needs to suck it up and realize people don't like Win 8's GUI and don't want to pay for it when XP and 7 were kiss ass compared to any else M$ ever did.