Windows XP Support to End on April 8; ATMs at Risk

Windows XP Support to End on April 8; ATMs at Risk

windows xp screenshot

Microsoft's XP operating system has been around since 2001, but 29 percent of the world's computers still use it. Among those are about 95 percent of the ATMs in the United States.

The time has come for Windows XP to die, according to Microsoft, so it will be pulling the tech support plug on April 8. While many users will not be affected since they have converted to Windows 7 or Windows 8, it turns out that roughly 29 percent of computers across the world still use the aging OS.

What this means is that, even though the OS will continue working, the lack of security updates and support of Microsoft will leave users more vulnerable to hacking. It will also mean even fewer companies will be making any software that would support XP.

Apparently, the biggest source of concern is that 95 percent of the ATMs in the United States use XP, and only a small number of those -- perhaps 15 percent -- will be able to upgrade by the time Microsoft drops the OS hammer, according to a Bloomberg Businessweek report. Of course, ATM companies have had fair warning, as Microsoft originally wanted to end support for XP back in 2010, but decided to delay its demise.

While upgrading to Windows 7 or 8 is a viable option, not all the machines that currently run XP will be compatible, given their aging hardware. Also, many businesses still running XP (about 6 percent) may not be able to upgrade because of budget constraints, said Scott Dowling, a Microsoft software consultant for En Pointe Technologies. If you are affected, Microsoft has a tool that will help you figure out what your next OS could be. But don't be surprised if a new computer is necessary.

Microsoft may offer custom support for XP that would provide additional security patches, but at a cost. Dowling said early reports say the expense may be cost prohibitive.

Source: CNN Money

Permalink

And this is exactly why a consumer OS should not be used for something so important. THey should be using something made from the ground up or using something proven to be secure that is not going to " go out of support" like open BSD that is secure by default , unlike XP that is not that secure ( don't get me wrong it is not bad considering how old it it but still).

alj:
And this is exactly why a consumer OS should not be used for something so important. THey should be using something made from the ground up or using something proven to be secure that is not going to " go out of support" like open BSD that is secure by default , unlike XP that is not that secure ( don't get me wrong it is not bad considering how old it it but still).

while I do not like your "secure by default" argument (as I think that's a very hypocritical thing to say, since it all depends on what you do with a system), I must of course agree that they should probably take an OS that is not bound to run out of support eventually, has better upgrade possibilities and especially isn't bound to uuuuh..."enterprise level pricing". Also they might be able to save a lot on hardware and power consumption if they go for a more "simple" OS, considering how it just needs to handle ATM stuff.

No matter how much guff we give Microsoft, you have to admit that supporting an OS 13 years old is pretty swell of them.

alj:
And this is exactly why a consumer OS should not be used for something so important. THey should be using something made from the ground up or using something proven to be secure that is not going to " go out of support" like open BSD that is secure by default , unlike XP that is not that secure ( don't get me wrong it is not bad considering how old it it but still).

How secure something is is partly dependent on how many people want to attack it. I would imagine ATM's will always be vulnerable no matter what OS they run because....money.

Has Windows XP really been all that secure in the first place? I don't see April as the magical date that all hackers suddenly figure out how to get into an ATM, just because Microsoft finally turned the dripping water off.

WeepingAngels:

alj:
And this is exactly why a consumer OS should not be used for something so important. THey should be using something made from the ground up or using something proven to be secure that is not going to " go out of support" like open BSD that is secure by default , unlike XP that is not that secure ( don't get me wrong it is not bad considering how old it it but still).

How secure something is is partly dependent on how many people want to attack it. I would imagine ATM's will always be vulnerable no matter what OS they run because....money.

True, but he still has a point.
You shouldn't use consumer operating systems because they have a lot of "features" such a specialized device doesn't need. Having such features increases vulnerability because more features result in a bigger attack surface.

If you have embedded devices, you should go with an operating system based on the BSD or Linux kernels and only have it ship with absolutely necessary software.
That way you increase security by minimizing the attack surface and keeping it simple to maintain.

Alpha Maeko:
Has Windows XP really been all that secure in the first place? I don't see April as the magical date that all hackers suddenly figure out how to get into an ATM, just because Microsoft finally turned the dripping water off.

No, but they won't fix the known ones anymore.
And even worse, the unknown ones.

Honestly, its about freaking time.

Rainforce:

alj:
And this is exactly why a consumer OS should not be used for something so important. THey should be using something made from the ground up or using something proven to be secure that is not going to " go out of support" like open BSD that is secure by default , unlike XP that is not that secure ( don't get me wrong it is not bad considering how old it it but still).

while I do not like your "secure by default" argument (as I think that's a very hypocritical thing to say, since it all depends on what you do with a system), I must of course agree that they should probably take an OS that is not bound to run out of support eventually, has better upgrade possibilities and especially isn't bound to uuuuh..."enterprise level pricing". Also they might be able to save a lot on hardware and power consumption if they go for a more "simple" OS, considering how it just needs to handle ATM stuff.

You're asking an impossibility. A software developer is not going to provide eternal support for an OS so long as a business exists unless they can charge a considerable amount for said support which will increase as time goes on and companies move on. The support costs on most OSes is relatively inexpensive at the enterprise level which means software developers must get their funding from future releases.

Second, an Operating System can't keep perpetual support and better upgrade possibilities as when new hardware designs and subsequent firmware are released the OS will crap out when it's implemented. XP for example cannot natively recognize the SATA format or USB 3.0 as it came out after the OS was released. Current hardware systems that have Win 7 or Win 8 installed by default do not have the work around that earlier systems did to handle SATA so trying to install XP is an exercise in frustration. Implementing such compatibility into an OS is not simply patched in, it requires a rework at the kernel level to do so which means rebuilding the OS. It's far cheaper to get an OS already designed around the new hardware and firmware than to commission a rebuild of the current OS.

Finally, it doesn't just need to handle ATM stuff. Those ATM's are still linked into the branch's local network which are linked into the bank's full network. Those systems need to be able to talk to each other which means that the entire network would need to be ensured to be compatible. It's several million to do OS replacements on ATM's to get them to remain compatible with banks or several hundred million to modify the bank's network to accommodate the ATM's OS.

The only way your idea would even come close to working is if the entire bank's network never did hardware upgrades which is impossible as it would require hardware manufacturers to set aside a large portion of their production facilities to keep making the legacy equipment. That's not going to happen without some substantial profit which isn't there.

It's easy to suggest they they go with a "perpetual OS", but quite impossible to execute when you think about it.

WeepingAngels:

alj:
And this is exactly why a consumer OS should not be used for something so important. THey should be using something made from the ground up or using something proven to be secure that is not going to " go out of support" like open BSD that is secure by default , unlike XP that is not that secure ( don't get me wrong it is not bad considering how old it it but still).

How secure something is is partly dependent on how many people want to attack it. I would imagine ATM's will always be vulnerable no matter what OS they run because....money.

True but you should always try to minimise the risk, no system is 100% secure but using a 13 year old OS whose design is inherently insecure is not the best idea. ANd why do they need a full desktop OS that is just building more doors into the system you must close. When not have a system with less doors to secure in the first place ?

RA92:
No matter how much guff we give Microsoft, you have to admit that supporting an OS 13 years old is pretty swell of them.

They do it just because they were never able to provide another OS that could fulfill the role that WinXP had, honestly after the disaster that was Vista i expected them to develop another monolithic OS designed for people with low budgets and aging computers, maybe just a WinXP update. But they came up with Win7 and they left their original customers to rot; the people that helped Microsoft to become monopoly that it is today by buying their excellent OS.
On a unrelated note; MS also eliminated their 10 years support clause, so expect them to start shutting down their online services whenever they want to even if it is just as soon as the 8th gen finishes. (it has already started; Windows Live is shutting down).

alj:

WeepingAngels:

alj:
And this is exactly why a consumer OS should not be used for something so important. THey should be using something made from the ground up or using something proven to be secure that is not going to " go out of support" like open BSD that is secure by default , unlike XP that is not that secure ( don't get me wrong it is not bad considering how old it it but still).

How secure something is is partly dependent on how many people want to attack it. I would imagine ATM's will always be vulnerable no matter what OS they run because....money.

True but you should always try to minimise the risk, no system is 100% secure but using a 13 year old OS whose design is inherently insecure is not the best idea. ANd why do they need a full desktop OS that is just building more doors into the system you must close. When not have a system with less doors to secure in the first place ?

Well obviously it wasn't a 13 year old OS when they started using it. I would imagine that it's cheaper to buy XP than to contract someone to make a OS for you. It's like saying "Why doesn't Pepsi make their own trucks instead of buying Ford and Chevy trucks to make deliveries?"

My example is based purely upon me seeing a Pepsi delivery truck just now.

Last year I worked at a city hall, for IT

All of the city hall's workstations ran on XP

...and they knew quite well of the impending XP support shutdown. And they dreaded it.

Why?

Because 9 out of 10 clerks and other city hall employees were not computer super users... most of them only know how to use their outlook (and then barely so... IT support is often asked how one attaches files to an email) and their one work-related program, if they have any - plus of course the basics of Word.

To this end: Upgrading all the workstations to win8 would, from a technical standpoint, be easy. It could be done overnight.

But to train a lil over three thousand city hall employees, plus the five thousand 'external users' (city hall's computer systems is what ALL county government systems run on, so schools, sanitation, libraries...) to use the new interface?

Oh and never mind that the city council itself would be PISSED if they suddenly couldn't figure out how to use their own computers - oh, and they can tell you "Roll that shit back, this new stuff is crap" and you have to do it.

This is why IT dreaded having to upgrade from XP. Of course, back then 8.1 hadn't really been announced yet - but even with that out now I've heard of people having trouble getting the 'new' start menu working properly...

So ya... that's why they're sticking to XP

Fairly sure this article is missing some quotation marks.

In the UK a mojority of self-service scheckouts in various supermarkets appear to run Windows XP. I believe all the Tesco DotCom (The pickers who shop for you for thier home delivery service) hardware run a variant of XP also.

It's funny how stupid smart people can be.

EDIT: Oh yeah. There are also large parts of the front-end of the NHS that are still using XP. I once had to watch two secretaries (whose ward my grandmother was dying upon) try and work out why they couldnt access the computer. The screen resolution was wrong.

I would have done it for them, but I would have run the risk of being arressted to trying to access confidential medical information, no doubt.

webkilla:
Last year I worked at a city hall, for IT

All of the city hall's workstations ran on XP

...and they knew quite well of the impending XP support shutdown. And they dreaded it.

Why?

Because 9 out of 10 clerks and other city hall employees were not computer super users... most of them only know how to use their outlook (and then barely so... IT support is often asked how one attaches files to an email) and their one work-related program, if they have any - plus of course the basics of Word.

To this end: Upgrading all the workstations to win8 would, from a technical standpoint, be easy. It could be done overnight.

But to train a lil over three thousand city hall employees, plus the five thousand 'external users' (city hall's computer systems is what ALL county government systems run on, so schools, sanitation, libraries...) to use the new interface?

Oh and never mind that the city council itself would be PISSED if they suddenly couldn't figure out how to use their own computers - oh, and they can tell you "Roll that shit back, this new stuff is crap" and you have to do it.

This is why IT dreaded having to upgrade from XP. Of course, back then 8.1 hadn't really been announced yet - but even with that out now I've heard of people having trouble getting the 'new' start menu working properly...

So ya... that's why they're sticking to XP

Heh, try doing the upgrade during operational hours when they can do work not reliant on the computers. Not only do they still have to be trained and the "roll it back" garbage (which often times means putting all the hardware you just took out back), you get the fun of being expected to do this WHILE doing the install work. Yup, they expect you to install it, train them, and then if they don't like it after ten minutes to put the old stuff back all at the same time...

Is it any wonder when I was asked to make a computer fail catastrophically I told the pleb that if he survived I didn't do the job right?

ATMs run XPe the embedded edition, support has already been extended until 12th January 2016.

Heh in the news article about Japan's ATM's being at risk I said the Us would be in the same boat and here we are reading the same thing about the US.
My money is on Windows 7 being the next system, most businesses are moving to Win 7 and none will move to the failure of 8

What amazes me most is that the companies haven't prepared even though microsoft revealed it's plans to sack support for twindows xp way back in 2008. They had 6 years to upgrade. Bloody incompetent fools and of course it's going to be microsofts fault.

Look. Microsoft. All you need to do is let people pay you a reasonable amount every year, say 30 like an Xbox live subscription per license and those businesses/ individuals who still want to use XP will keep you well supported.

Upgrading ATM machines would be a MASSIVE pain for the banking industry and might discourage them from ever running a windows product on them again. If costs are not TOO prohibitive I'm sure most people will be happy to take out some kind of security subscription.

Batweb:
ATMs run XPe the embedded edition, support has already been extended until 12th January 2016.

Indeed. Almost all ATMs and POS terminals that are full sized computers run XP Embedded Edition since the computer is small and dedicated to one specific task, which will be supported to that date. What worries me is what about the few ATMs and POSes that for some reason have full XP editions. I know the place I worked for years ago had touch panels POSes running XP Pro. They at least might have upgraded to 7 since the office machine went to 7 right before I left.

RicoADF:
Heh in the news article about Japan's ATM's being at risk I said the Us would be in the same boat and here we are reading the same thing about the US.
My money is on Windows 7 being the next system, most businesses are moving to Win 7 and none will move to the failure of 8

I don't know if M$ is gonna even sell Win 7 to any businesses besides OEMs for new machines in the near future. I can't even find a like on M$.com to buy Win 7 retail. But they could give a discount on 8 to upgrading devives like kiosks, ATMs, and POS terminals. Win 8's UI controls like shite, but is great under the hood. They only issues that could come up is driver based since all of those things have a custom UI that replaces the Windows GUI, so no one trying to get cash late at night has to worry about figuring out live tiles while watching their backs for muggers. M$ just needs to suck it up and realize people don't like Win 8's GUI and don't want to pay for it when XP and 7 were kiss ass compared to any else M$ ever did.

Just off the top of my head, I remember two businesses I've worked at or visited a few years back. Both had a computer with DOS 6.22, one running printer software and the other running some ancient CNC program database.

Those two machines are rather ancient by todays standards, but they were still fit for purpose so I wouldn't at all be surprised if they were still using them today. In fact, many (most?) old factory machining equipment simply cannot work together with modern operating systems because nobody has written new drivers for them.

I can see the point with the ATMs, of course. Those things kinda need to have top-of-the-line security to prevent haxxoring, but I seriously doubt this will be an issue for us normal folks who use XP for older machines.

If you're using it out of habit on your gaming rig, however... You probably should've made the switch already.

ATMs use Xp here as well, i saw them crash and restart actually (not to mention when i saw people fixing them later in standart XP interface). so i guess whoel world is in the same boat here.
I got XP at work here too, and they recently "upgraded it", thought mostly rolled back to older version actually. i got no administration proviledges here and no idea what they plan to do, probably nothing, thought our system here is a mix of all kind of OS from XP to 8. it seems that they upgrade it one by one eventually. i hope im going to end up with 7 in the end, i dont like 8 at all.

Hairless Mammoth:
[I don't know if M$ is gonna even sell Win 7 to any businesses besides OEMs for new machines in the near future. I can't even find a like on M$.com to buy Win 7 retail.

thats because microsoft no longer officially sell win 7, because hurr durr how dare you buy superior 7 instead of 8.

alj:
And this is exactly why a consumer OS should not be used for something so important. THey should be using something made from the ground up or using something proven to be secure that is not going to " go out of support" like open BSD that is secure by default , unlike XP that is not that secure ( don't get me wrong it is not bad considering how old it it but still).

there is no software ever created that does not go out of support. Nor is there anything that is secure by default. your asking the impossible. at best they could create their own OS that would be much harder to crash due not being like others, but whos going to afford that?

AzrealMaximillion:
Honestly, its about freaking time.

as a person who still thinks XP was the best OS to come from microsoft i got to say no, its not.

LordLundar:
sata and USB 3.0

well there is a SATA driver that can launch before XP install and install with it and that seems to be a nonissue from my experience. USB 3.0 would be hard on XP but its not that widely used now, onyl recently we started seeing prebuilt PCs with USB 3.0 ports, so it will take a few years till it will be in daily usage.

webkilla:
snip

would ugprading to windows 7 be an option? the interface is almost identical and it will run all of their usual applications, so it wouldnt be that hard to reteach them there.

Mahha:
What amazes me most is that the companies haven't prepared even though microsoft revealed it's plans to sack support for twindows xp way back in 2008. They had 6 years to upgrade. Bloody incompetent fools and of course it's going to be microsofts fault.

your meant to say companies only look at short term and forget long term planning? who would have thought....

Scrumpmonkey:
Look. Microsoft. All you need to do is let people pay you a reasonable amount every year, say 30 like an Xbox live subscription per license and those businesses/ individuals who still want to use XP will keep you well supported.

Upgrading ATM machines would be a MASSIVE pain for the banking industry and might discourage them from ever running a windows product on them again. If costs are not TOO prohibitive I'm sure most people will be happy to take out some kind of security subscription.

according to our local banks, a single ATM costs around 500.000 LTL in upkeep (~200.000 USD) per year. thats for 1 machine. so a 30 extra fee wouldnt be that big of a deal, this plan could work. or, you know, a 200 dollar fee for new OS.

lancar:
In fact, many (most?) old factory machining equipment simply cannot work together with modern operating systems because nobody has written new drivers for them.

i can attest to that whe i had to upgrade a machine from windows 8 to windows 7 because the hardware that it was connecting to didnt understand what is win 8. the machine in question is electrical boxes, you know, the ones that you see standing beside supermarkets providing them power ect.

Strazdas:

Snip - on question about government computers just upgrading to Win7

Win7 is on the chopping block next.

I doubt it'll last ten years - Microsoft simply wont allow such potential for income via basically forcing upgrades at regular intervals down our throats to not happen.

I just hope - for the same of IT departments everywhere - that Win9 comes with a 'non-touch' version for simple, traditional office use. You really don't need a touchscreen for processing government forms or managing building schematics in autocad.

Just switch to Linux, I'm sure the old hardware can handle one of its versions.

 

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here