A disaster in the making: 95% of ATMs still run Windows XP

A disaster in the making: 95% of ATMs still run Windows XP.

-- Tom

 

Yeah, right, because Windows XP was made yesterday and it will be insecure from tomorrow.

I'm amazed, though, that these machines run XP and not some linux custom made distro. Also, do they really use XP or some stripped XP custom made system by Microsoft? I can't really imagine an ATM with 2+ GB space and more than 512 RAM which the XP required to actually work without a flow.

 

They follow a simple philosophy, if it works, do not fix it. But it is not like its IT fault, they would surely installed Linux or 8, but managers would ask, how much would it cost?
Linux is not as free you might imagine, yes you can install Linux for free, but in a corporate sphere, you have to think about maintenance and deployment and well Linux is 1%.

XP is actually the best Windows ever, even though Microsoft tries to denies it, instead of being proud on it. You can run it on 128MB without problems, you just need a good memory managment software like CachemanXP or Cleanmem, if you use nLite it is unbeatable, I got its RAM usage as low as 40MB and Windows Folder had 400MB only.

 

I worked at a bank, directly with the ATMs. I won't go into details because that just wouldn't feel right, but, yeah, they were running XP. They were largely unpatched, and I mean that in a very very serious way - we aren't talking a week behind updates, we are talking a year.

They are networked.

They have significant attack surface in kernelmode drivers, exposed easily to attackers.

And I can say the above and still be leaving out the really bad stuff.