Feeds

back to article UK's CASH POINTS to MISS Windows XP withdrawal date

Tens of thousands of ATMs will be running Windows XP long after Microsoft’s deadline to abandon the operating system ahead of a potential hacker storm. Just a third of the UK’s 60,000 ATMs will be upgraded from Windows XP before the end of this year, according to the biggest supplier of those machines - NCR. But it will be 8 …

COMMENTS

This topic is closed for new posts.

Page:

gv

Hmm

"Most customers are looking at this with some reluctance because they don’t appreciate being driven to a decision by Microsoft. They want to work to their own dates."

Maybe they should have thought of that before deciding that it was good idea to use XP as the base for their cash machines.

60
15
Anonymous Coward

Re: Hmm

Explains why so many show spam on-screen and are so unresponsive.

The self service tills are also on XP.

13
2
Silver badge

Re: Hmm

Maybe they should have thought of that before deciding that it was good idea to use XP as the base for their cash machines.

A while back most were running OS/2.

A blast from the past.

Worth a read that article if only for the amusing gems:

"Already there have been four incidents in which Windows viruses have disrupted networks of cash machines running the Microsoft operating system.

But banking experts say the danger is being overplayed and that the risks of infection and disruption are small."

and

"But IBM will end support for OS/2 in 2006 which is forcing banks to look for alternatives."

14
0
Anonymous Coward

Re: Hmm

They got longer support with XP than they would have had with any other realistic OS choice.

nb - don't these ATMs mostly run XP embedded - which is supported for at least another 2 years?

3
1
Anonymous Coward

Re: Hmm

"Maybe they should have thought of that before deciding that it was good idea to use XP as the base for their cash machines."

Well, what other choice was there? OS X? That'd only accept cards from AppleBank and take a 30% cut of any withdrawals.

Linux? Even worse. Can you imagine all those people trying to use a command line to do their business?

> withdraw 100

Error: You have insufficient funds

> sudo withdraw 100

OK

The only choice was, and remains, Windows for ANY device that has to be used by the non-techy general public.

5
23
Silver badge

Re: Hmm

On the other hand, you have exactly the same problems with Linux, for example. How many of the distributions available in 2002 are still getting support today? You'd have to update and test much more regularly with Linux than with XP, 12 years without having to move on...

If they had started using Windows 7 based machines to replace the XP machines back in 2009, then this wouldn't be such a problem and the banks have known since 2010 that they would have to replace the XP machines by now, so if they haven't had a plan in place to replace Windows XP with Windows 7 (or another platform) when repairing or replacing existing terminals (and 100% for new locations), then they only have themselves to blame.

But of course, these machines don't need to be internet connected, they should be running on a separate intranet from everything else, so there shouldn't be a problem, unless somebody hacks the machines locally or can somehow attach to that network segment. Of course the banks are following best practices in security, aren't they?

1
3
Anonymous Coward

Re: Hmm

I was working for a "large bank of Scotland" in 2009 and I'm pretty sure that I say Windows 7 running in our ATM test labs. I didn't deal directly with ATMs, but I worked directly with the guys that did. That said, I know that the problem they had updating from NT4 was mainly down to spec - most of them only had 64 megs of RAM, so couldn't really run XP or later.

0
0

Re: Hmm

Debian; SuSE.

Still run on the same hardware.

4
1
Silver badge

Re: Hmm @AC

Based on the number of people that seem capable of operating phones based on the Linux kernel, I'd say the tailored user interface obviates any concerns about the ability of the man on the street to use the bash/csh/X11/etc/whatever stack usually associated with 'Linux'.

That being said, I suspect Windows was chosen because it comes with good security support most of the time with the cessation of support having been hand waved away. The Linux guys are very good at updating the kernel but then who's responsible for pushing that to the machines? And the XP support period has beaten any of the commercial Linuxes by quite a stretch.

2
2
Silver badge

Re: Hmm

Debian and Suse might run on the same hardware, but each release is only supported for a couple of years, which either means they would have been running without security updates for the best part of a decade or the banks would have to retest and roll out complete new versions of the system every few years, that would probably cost more, in terms of manpower, than buying a Windows license every decade or so.

0
0
FAIL

Re: Hmm

To be honest, the OS X quote and Linux jokes were quite funny, but when I read;

>>The only choice was, and remains, Windows for ANY device that has to be used by the non-techy general public.

I realised that you were not joking, just look at the number of Android phones out there and you can see that this is untrue. Open sources and command-lines are available, but you don't have to use them, it's a bit like the gay marriage argument, you can support it without actually having to marry someone of the same sex.

2
0
Anonymous Coward

Re: Hmm

No, Windows is not the only thing that you could use to provide a single UI to the general public.

What particular type of moron or shill are you?

0
0
Anonymous Coward

Re: Hmm

Maybe they should have thought of that before deciding that it was good idea to use XP as the base for their cash machines.

Actually, it was cheaper up-front. Any idiot can install Windows and whip something up in VB6.

And there are plenty of idiots in this world. 90% of PC owners, by the looks of it.

0
0
Bronze badge

Re: Hmm

But support for OS2 didn't end in 2006, EComStation still support it. Maybe that's what MS should do, find a third party who's willing to support XP, sell it to them and let them sort out the mess.

0
0
FAIL

Re: Hmm

That's not true at all.

SUSE offers SUSE Linux Enterprise (Server,Desktop,POS,SAP, etc) with 7 years of support. If you pay extra, it can be supported for up to 10 years. There's even a stripped-down version of SLE for Point-of-Sale machines. See http://www.suse.com/sles

On the free side of things, most LTS/Stable releases should get at least 3 years of security updates.

Check your facts first.

0
0
Silver badge

And Windows7

Will be completely secure will it?

If your infrastructure makes a Win7 machine secure - ie. your ATMs don't

regularly login to facebook - then it will be secure for WindowsXP

13
6
Bronze badge

facebook

ATMs don't regularly login to facebook

OMFG!!!!!!!!!!!!!!!!!!!!! I just dispensed GBP10 ;-) LOL #QE

[like] [comment]

49
0

Are they running on XP Embedded ?

According to Microsoft's own Product Support Lifecycle pages, XP Embedded continues on Extended Support until the first Patch Tuesday in 2016:

http://support.microsoft.com/lifecycle/search/default.aspx?sort=PN&alpha=windows+xp&Filter=FilterNO

Everything else (Home, Media Centre, Tablet, Pro, x64 etc) goes EOL next month.

22
0

Re: Are they running on XP Embedded ?

I would guess not. Using a desktop OS for an ATM does seem a somewhat perverse choice however.

15
0

Re: Are they running on XP Embedded ?

They run XP Pro but under an "embedded" licence.

2
0

Re: Are they running on XP Embedded ?

My thoughts exactly. Surely a device with restricted functionality and a very basic UI shouldn't be running a desktop OS, or even something like XP Embedded. I'd have though something like an ARM microcontroller coded directly in C be up to the job? It'd be far less vulnerable to attack and probably cheaper too.

14
1
Anonymous Coward

Re: Are they running on XP Embedded ?

ATMs do far more under the hood than you think. The UI isn't minimal, it has to be fairly rich these days because it has to comply with the DDA. There are touchscreens, custom printing, cash counting hardware, card readers, hardware encryption modules, sound cards (well, chips), network stacks, loads of stuff. All this stuff has to support remote control and remote update, it's well out of the realm of C coded microcontrollers.

5
18

Re: Are they running on XP Embedded ?

@AC

Not exactly true.

I just finished coding an embedded system with a graphical screen including touchscreen, a full web interface with IP stack, all kinds of special motor control hardware, a full command line interface via USB virtual comm port, and a FAT file system for the SD card. All of this runs on an 8-bit microcontroller with 32KB RAM at 32MHz and fits into about 100K of flash. No OS. All hand coded (a lot of it in assembler).

Those of us "old guys" that grew up coding on 8-bit computers can build real system with very little hardware behind it. These days it seems coders think they need 2GB of RAM and a 3GHz dual core with a full OS to print "hello world"!

An ATM machine could certainly be built with a thin embedded Linux on an ARM processor. Personally I would consider that overkill, but the cost of that kind of platform is so low now, why not?

53
0
Bronze badge

Re: Are they running on XP Embedded ?

ATMs do far more under the hood than you think

I read the OP as meaning something more like a Raspberry Pi than (say) an Arduino. I happened to think the same thing myself when reading the article. Let's go through your complaints ...

UI isn't minimal

So what? You can build a UI in X or on the console. Button presses can be registered directly through GPIO or perhaps that part of the system can communicate over USB (pretending to be a keyboard)

touchscreens

A bit tricky, but I've seen Pis with attached touchscreens.

custom printing

No different from "printing". Hardly difficult.

cash counting hardware, card readers

Which are no doubt separate modules. Pi has several options for communicating with them (USB, SPI, I²C or a bit-banged GPIO interface).

hardware encryption modules

I don't know where these come in, so I can't comment except to say that if they're external devices then the same interface options are available as for cash counting/dispensing and card reader modules.

sound cards (well, chips)

Pi has on-board sound capabilities.

network stacks

Built-in, as is the ethernet port on Model Bs.

has to support remote control and remote update

Last I checked, Pis can run sshd.

it's well out of the realm of C coded microcontrollers.

I suppose it's where you draw the line. Maybe (only maybe) it's more than an Arduino can handle, but I'm sure a Pi is more than enough. I do see some problems with it, but I don't think any of them are insurmountable. For example:

* SD card failure

* not very tamper-resistant (service engineer could swap out SD card or entire Pi easily)

* may need custom circuits (or something like a Gertduino:) to offload some hardware-related tasks (eg, provide an I²C interface for an exotic crypto chip)

Hell, at the price point, you could afford to have several Pi (at least 3) systems all connected internally in a network in the box and build a fault-tolerant, self-checking system. Even accounting for custom hardware, it should totally be possible to build this thing for peanuts compared to the XP boxes. I'd be a lot more confident in the security of the thing, too,

21
1

Re: Are they running on XP Embedded ?

Surely they could go to POSReady 2009 (based on XP Embedded) that is EOL in 2019? NCR do have experience - they supply the company I work for with it.

0
0
Anonymous Coward

Re: Are they running on XP Embedded ?

How do I plug my hardware crypto cards into a rPI, or any other microcontroller come to that?

How do I run a properly secure filesystem on a microcontroller?

How does an rPI (of which I am a big fan) even start to run at the speed required?

Why would I program up a whole load of microcontrollers, or use linux on microcontrollers when I already have the OS and drivers available for Windows (and yes, Linux too, should my bespoke app have been coded for that) on the existing hardware and have the benefit of knowing that all those bits of the software stack will work and I don't have to employ OS/microcontroller specialists in my banking business.

0
9
Silver badge
Thumb Up

Re: Are they running on XP Embedded ?

Those of us "old guys" that grew up coding on 8-bit computers can build real system with very little hardware behind it.

True (and I doff my hat to you for that) but how long does it take you? It's a serious question and I'm not at all trying to denigrate you but I suspect the reason you are in the minority is because your 'modern day' compatriot could build the same thing in less time. It'd need more hardware and resources but that's rarely a problem - they've usually caught up before you've finished the project. Not only in time spent coding but the time required to acquire the required knowledge is an expense. These days the costs tend to be in the wetware/software rather than hardware so for most businesses hand crafted code is just too expensive.

On the plus side of course this all means you probably get paid more than most of us :)

2
2
Bronze badge

Re: Are they running on XP Embedded ?

Just following up on this because I think all your questions are valid.

How do I plug my hardware crypto cards into a rPI, or any other microcontroller come to that?

If it's supplied on a PCI card, then you're probably screwed. I simply don't know what sort of crypto hardware goes into these things. It begs the question, though, of what algorithms the thing is implementing, and whether it's based on open standards or whether it's just provided as a black box by some supplier on a "trust us, it's secure" basis. I think it's been shown time and time again that security through obscurity doesn't work, so if you can't get your supplier to give details of the encryption that's implemented or provide a board that can work over I2C or something else that the Pi/microcontroller can handle then there is something seriously wrong and the question of whether the ATM is built around a PC architecture or not is probably the least of your worries.

How do I run a properly secure filesystem on a microcontroller?

For read-only stuff, microcontrollers can be inherently secure as stuff is stored in ROM. On ARM platforms, there is a thing called TrustZone, that's intended to harden the boot process and make the machine more secure from tampering or running unauthorised code/OS. The Pi doesn't make use of this, as far as I know. It can, however, use the standard Linux crypto modules to provide for transparent encryption of all the filesystems it uses. I'm not too sure how useful this will be in an ATM, say, as opposed to a laptop or desktop PC. For the latter, for the security to be effective, you need a user to enter a password at boot time to access the disk. You obviously can't do that in an ATM that's intended to run unattended. I'm sure there's some way to make this work (such as the service engineer typing in the password after every boot, or some sort of challenge-response protocol done between the ATM and the bank's network where the Pi has to prove that the SD card hasn't been tampered with before getting the token required to securely boot off it---something like that). In any event, I'm not sure how vital boot security is on the machine when a service engineer can probably find ways to subvert it anyway. As for secure storage of logs, you can use the standard encrypted filesystem modules or use public key crypto to store sensitive details (so that the Pi can write the log data, but not read it back).

How does an rPI (of which I am a big fan) even start to run at the speed required?

Sure, why not? I mean, an ATM is basically like a kiosk or vending machine. It only has to handle one transaction at a time, and the UI stuff is pretty simple. Even if you want a complicated, flashy UI, have a look at what the Pi can do with xbmc. It's pretty impressive (and xbmc is a bit of a dog, so you could build something that's even more responsive).

The only (non-user) interface problem that the Pi might have is that it's not real-time, so it's not very suited for communicating with hardware that requires a low-level, bit-banged interface. So that's why I suggested you might need to offload this to a microcontroller or daughter board. (Microcontrollers have features that let you do this a lot easier, by triggering interrupts when interface lines change state, plus they're inherently real-time since they don't run a preemptive OS).

Why would I program up a whole load of microcontrollers, or use linux on microcontrollers when I already have the OS and drivers available for Windows (and yes, Linux too, should my bespoke app have been coded for that) on the existing hardware and have the benefit of knowing that all those bits of the software stack will work and I don't have to employ OS/microcontroller specialists in my banking business.

If you were talking with your banking friends, I don't doubt that this argument would go down quite well, even though I think it's erroneous (for reasons I'll get to anon, anon). This is a tech site. We're encouraged (and encourage others) to think about how things work "under the hood". The fact that you seem to be opposed to this (and don't seem to be giving any technical reasons why the XP solution is "better") is probably why you've been getting so many downvotes.

But anyway, I see two main problems with your argument for sticking with the status quo. First, there's the software side. Granted, if your app is making calls to a proprietary device driver, and you go and change the underlying hardware, then you will need to make changes. But (two big "buts"): (a) your software should already have been written in such a way as to separate business logic from hardware details, so to make it work on the new platform, you should only need to rewrite your interface library, and (b) If you're not writing portable code, then you're doing something terribly wrong, so I assume that porting the business logic won't be a significant problem. I'm assuming that the way you interface the ATM with the outside world is done via text-based command consoles (or similar, like SNMP), so all your external management software should continue to work. If you've got a dependency on something like using Windows RDP to manage the machines, then again, I think you're doing something seriously wrong. (plus: ATMs catching windows malware? wtf?)

Second, on the hardware front, I wonder if your complaint about needing microcontroller specialists is a bit of a red herring? By that I mean, do you actually even have the in-house competence to build and/or tinker with the PC/XP-based architectures that are in the current ATMs? I'm sure that building ATMs is a pretty lucrative business for those engaged in the market, and I also suspect that they simply provide black boxes and the banks have to take it on trust that the internals really work the way they say they do. I may be wrong on that, but even if you do have internal hardware expertise (not just developers that can code to the supplier's APIs) then I don't see how using open, off-the-shelf components (like Pis and Arduinos) is in any way inferior to the PC-like/XP platform.

Since it is a niche market, of course there will be a need for some bespoke (thought not necessarily proprietary) modules, such as for the card reader, though I'm sure there are enough applications for this that there are COTS hardware modules available. In fact, with the exception of your hardware crypto module (which I strongly feel should be based on open, rather than secret, protocols anyway), I don't see why the whole platform shouldn't be based on open, freely-available components. So if you do feel like you need hardware expertise, building the custom boards to connect all of these together should be child's play to any half-way decent electronic engineer. That's why I think that your comments about needing hardware expertise is probably a red herring.

Sorry for the length of the post. I hope my comments were useful :)

1
0

Re: Are they running on XP Embedded ?

@AndrueC

I built this system, working on it part time, in about two weeks. Debugging took another three days. My day job is not embedded programming, this was just a side job. The argument that real code takes too long is just complete BS.

I do Windows development for my day job (and no, the pay isn't that great). I have several friends the are .Net programmers, and I doubt they would write a similar piece of code for Windows that much faster.

My first computer was an Ohio Scientific C1P. It had a 1MHz 6502 and 4K of RAM. I learned to program on this system. These days, new developers learn on Pentium class PCs with gigs of RAM and multicore processors. Younger developers just give me a blank stare when I tell them about my first computer. I still have it, bye the way! I was so excited when I upgraded to an Atari 800. I didn't know what I would do with all of that power!

Bruce

1
0
Silver badge
FAIL

"realised the capital cost of paying for the existing ATMs"

Who the fuck are they joking with ?

Do they really think we're going to believe that those ATMs haven't already paid for themselves a hundred times over ?

An ATM is one less bank teller to employ, is open 24/7, in all weather, all year 'round, especially when the bank tellers are not available. If banks had to employ an actual person for that, it would cost them a lot more.

That investment got its return the year after its installation.

Not a valid excuse. An habitual one, to be sure, since banks are always whining about costly their operation is, but once again the bonuses of top management tell the true story : they're rolling in dough and don't know what to do with it.

They do know what they won't do with it though : use it wisely.

50
5
Silver badge

Re: "realised the capital cost of paying for the existing ATMs"

I came here grinning evilly and planning a series of targetted sploits against XP boxes that could get me free money and ended up upvoting your post instead.

I shall now either mend my ways or wait until the good sense drains away, the project mangler is on my back again and the evil seeps back in.

3
0
Anonymous Coward

Re: "realised the capital cost of paying for the existing ATMs"

I think you're missing the point - I happen to work for a financial institution - and happen to know that we never even break even on our atm's - don't forget that the 40,000 is only the purchase price - it doesn't include the costs of servicing an maintaining the atms. The cost of having a money service company coming out every day to add money, check deposits, process deposits etc all adds up. That doesn't include the back end "switch" and network charges. The atm's need to be connected to an industry standard "switch" and associated networks - otherwise it's nothing but a big computer - and those are in most cases third party systems and have their own share of costs.

The only reason we even put them in is the convenience of our clients - so that they can do banking after hours....

And something that the article also fails to mention is the exorbitant cost that NCR is charging for the upgrades. If the atm can be upgraded (and not all models can) it costs $5000 to upgrade if the main core doesn't need to be replaced. If they need to replace the main core the cost doubles (though why it should double when a decent pc is only 500-600 is beyond me) to $10,000. When you compare this by the number of atm's out there, the costs are huge....add in the costs for the switch providers to certify with the latest version of the software, migrate all the custom screens etc over to the new version and the costs rise even higher....

Having said all of that, it's always bothered me that all atm manufacturers decided to go with windows to as their chosen OS - I have yet to find a single atm manufacturer that provides a full service atm that doesn't run on some flavour of windows....

21
5
Bronze badge

Re: "realised the capital cost of paying for the existing ATMs"

I think you're missing the point:

"The only reason we even put them in is the convenience of our clients - so that they can do banking after hours...."

No, it's so you actually have any customers.

25
2

Re: "realised the capital cost of paying for the existing ATMs"

And having ATMs cuts down on the number of customers coming into the banks' offices, which reduces the number of tellers needed. This saves the banks a lot of money, but apparently they don't factor that into the equation....

19
0
Silver badge

OS/2

I'm guessing banks chose Windows because of their choice of running OS/2 on earlier ATMs. WinNT is after all a breakaway "pirated" OS/2 so it's possible that Windows would be able to run most of the OS/2 software without a problem. Also, at least until Win2000, NT had an OS/2 subsystem and that might help as well.

Me? I would've probably gone down a hardened Linux route, or simply gone down an even safer route with QNX.

4
1
Silver badge
Coat

Re: "realised the capital cost of paying for the existing ATMs"

Joe User

Of course, they don't factor this in. Their calculation only includes costs and profits. Had they ever heard of opportunity costs and hence factoring in risk as well, they propably wouldn't have arrived in the deep shit where they landed.

4
0
Anonymous Coward

Re: "realised the capital cost of paying for the existing ATMs"

"No, it's so you actually have any customers."

Actually, in our case most of our members seem to prefer a live experience. We are actually expanding our teller line in several locations as contrary to popular belief people seem to enjoy talking with people rather than using a machine if at all possible....I know it's a strange concept in this age where young people don't even seem to know what a phone is much less how to actually call a friend....

Whatever it is we're doing, we seem to be doing it right as we're seeing a huge uptake on our services and phenomenal growth as people realize we're not one of the big banks with some unknown shareholders reaping the profits but a credit union that actually shares it's profits back with it's members....

2
0
Anonymous Coward

Re: "realised the capital cost of paying for the existing ATMs"

My account is ATM/internet only. If I walk into a branch ( having driven there because they closed my local one) they won't talk to me. So the ATMs are definitely saving the cost of over the counter services:Otherwise they wouldn't have these ATM only accounts.

3
0
Silver badge
Pint

Re: "realised the capital cost of paying for the existing ATMs"

OK, we can all agree that banks are rolling in dough, especially with all that top heavy QE.

So instead of complaining about Automated Teller Machine suppliers being bloody awful, why not

a) Use your absolutely enormous and all-consuming leverage to tell them you need the product to run on a free, secure, slim OS.. or..

b) Finance a startup that creates the Automated Teller Machine you desire. Heaven knows there are enough people that could use a job about now.

7
0

Re: "realised the capital cost of paying for the existing ATMs"

The cost of the machines ought to be written off as an operating cost, possibly against the marketing budget. Since they are an essential service that any high street bank must run, the cost of running them is automatically covered by the profit made from the customers, many of whom wouldn't look twice at a bank that didn't have them. If the personal banking arm profits, then the machines have done their bit.

They pay for themselves by allowing the bank to continue to have customers, so calculating the pay-back by comparing material outlay to time saved by human tellers and such is immaterial.

'Course, I'm not naive, I know anyone in any kind of management position would look at me like I was insane, but there you go.

1
0
Bronze badge

Re: "realised the capital cost of paying for the existing ATMs"

>but apparently they don't factor that into the equation....

No because it is already factored into the bonus equation...

1
0

Re: "realised the capital cost of paying for the existing ATMs"

Oh come on! The retail banks do nothing for the "convenience of their customers". ATMs are a dirt cheap alternative to tellers and would never have been installed in the first place if it here had not been a bomb proof financial case.

Banking is essentially a very simple business, and current accounts are the simplest bit of all (finding vast fields in the west of Ireland which you can value at the same as Canary Wharf or lower Manhattan is a skill only idiots in Scottish banks mastered).

Annual cost of teller in bank, salary, pension, benefits, training, desk, building, heating, lighting other overheads, maybe 100,000gbp, cost or ATM electricity, gbp 200, maintenance, Gbp500, depreciation, let's be really generous, 5000.

Yeah, it's all about "customer convenience"

6
0
Bronze badge
Trollface

Re: "realised the capital cost of paying for the existing ATMs"

"The only reason we even put them in is the convenience of our clients - so that they can do banking after hours...."

The only reason we even put them in is so we can lay off more front-desk staff and incorporate the money that would have been used for their salary into our executive bonuses fund...

FTFY

3
0
Anonymous Coward

Re: "realised the capital cost of paying for the existing ATMs"

If you work in banking, you have singularly failed to understand it.

You are providing that service to people who are giving your bank a callable loan at well-below the market interest rates that larger enterprises and financial institutions themselves would expect.

0
0
Windows

Applying business logic

"The PCI DSS states operating systems must be protected against known vulnerabilities using vendors’ latest security patches."

Big Banker 1: "But the vendor is no longer producing security patches. Therefore we remain compliant indefinitely."

Big Banker 2: "Great thinking! Large bonuses all round!!"

36
0

Re: Applying business logic

The ironic thing about this is that PCI has all over thier web abuot XP ending, but in none of the docs do the say you lose compliance.

1
0
Silver badge

Re: Applying business logic

That was exactly my thought when it comes to the updates. Technically they are compliant.

Also:

* It's not as if Windows XP will suddenly become more vulnerable than it is now.

* These systems run a modularised version of Windows XP with as much of the crud as is possible uninstalled or, in the worst cases, disabled. I have configured and deployed Windows XP like this as it is rock solid and the number of vectors for external attack is minimal. For example, you're vulnerable on the fundamental IP networking stack and your own application listening on this.

* These systems are individually firewalled to control the incoming and outgoing routes of data.

As for why XP? Because of the ease of development and the advantages a "mature" OS brings when it comes to the level and depth of device drivers. While a more restrictive OS would generally provide more security, given that there could be dozens of printer variants to support, dozens of card readers, dozens of screens and so on, separating the application and the device through the OS is the right way to go.

2
0
Holmes

That's what you get for going with Microsoft

Windows was never intended as an industrial OS (ATM's would probably qualify as industrial, harsh environment, long service life etc)

There are other OS's out there with better security, support and licensing options, and I don't just mean the various flavours of Linux.

But companies like NCR go for windows because there are lots of Dev's out there with windows experience, and the inbuilt UI cuts down on some of the development time. Plus they can now charge their customers for brand spanking new ATM's rather than just upgrading the old ones.

Its the banks own fault for not specifying a more suitable OS and feature roadmap for these devices.. no sympathy at all.. just annoyance that the cost will be passed on to joe bloggs public yet again.

16
2
Silver badge

Re: That's what you get for going with Microsoft

The really stupid part is that those skills are equally valid on Windows Embedded, the unit price for the OS is lower, the maintenance overhead is lower and the support term is longer by at least two years.

But no... a chance to save a quick buck on the original hardware trumps all.

13
0
Anonymous Coward

Re: That's what you get for going with Microsoft

"Windows was never intended as an industrial OS"

Windows CE and Windows XP Embedded would tend to indicate that you don't have a clue what you are taking about...

"But companies like NCR go for windows because there are lots of Dev's out there "

No, they go for the lowest TCO. Money is what matters at the end of the day.

"There are other OS's out there with better security, support and licensing options, and I don't just mean the various flavours of Linux."

Good, because commercial / enterprise Linux is generally worse on all counts there.

1
2

Page:

This topic is closed for new posts.