95 percent of the world’s ATMs still run Windows XP

Shawn Knight

Posts: 15,256   +192
Staff member

windows atms atm windows xp automatic teller machine

It’s interesting just how many of the world’s important computers still run on ancient software. Case in point – roughly 95 percent of automated teller machines around the globe are powered by Windows XP, an operating system that was released more than 12 years ago.

Considering the fact that Microsoft is set to discontinue support for the aging OS in just a few months, ATMs will need to be updated to a newer operating system in order to avoid security and compliance risks.

According to NCR, the largest supplier of ATMs in the US, most of the 420,000 units operating in the US run the full version of XP. Some use an embedded version that will see support through 2016 but either way you look at it, the industry has been slow to react to XP’s fast-approaching fate.

It should come as little surprise that most machines will eventually move to Windows 7 but don’t expect it to happen soon. According to ATM software firm KAL, only 15 percent of machines in the US will be running Windows 7 by the April 8 cutoff date for XP support.

It’s clear that others will need more time to migrate to a newer operating system and fortunately, there’s an answer. Companies can purchase custom support contracts through Microsoft to keep XP on life support for a bit longer. JPMorgan is reportedly doing just this with a one-year extension as they continue to deploy their Windows 7 solution.

Permalink to story.

 
I'm pretty sure if they've been using XP for this long they'll be ok to continue even if Microsoft doesn't support it anymore. If one breaks and needs support, then go to Win 7.
 
I suspect that most public information systems in use at railway stations and airports have XP. I would hazard a guess that many Point of Sale systems also use XP.

There have been quite a few comments about the Banking industry has been slow to update their IT. They prefer to pay themselves undeserved bonuses.
 
I was surprised to find out that they're not overly expensive machines. Windows 7 Embedded is just $20. And refurbished ATM machines go for about $500. New machines range from $1,000 - $4,000, with the very high end in upwards of $25,000. I guess it's one of those, "If it isn't broke don't fix it" situations.
 
I suspect that most public information systems in use at railway stations and airports have XP. I would hazard a guess that many Point of Sale systems also use XP.

There have been quite a few comments about the Banking industry has been slow to update their IT. They prefer to pay themselves undeserved bonuses.

The company I work for still use DOS at POS, it works quite well for what is used for, I don't see them changing it anytime soon and we make millions in profit a year!
 
Besides potential security risks there is no real reason to upgrade from XP, the machines work fine as it is. I really don't understand the reason software on a machine designed to do one thing and only one thing should ever need upgrading. It's like flashing the firmware on your HVAC system in your house, is it necessary? Not at all. How about the ECU in your car? When is the last time you updated that?
 
Besides potential security risks there is no real reason to upgrade from XP, the machines work fine as it is. I really don't understand the reason software on a machine designed to do one thing and only one thing should ever need upgrading. It's like flashing the firmware on your HVAC system in your house, is it necessary? Not at all. How about the ECU in your car? When is the last time you updated that?

Completely agree with you, and most companies does not want to upgrade, mine still uses XP but started to replace with win7 machines, main reason they upgrade is because of support. But gotta say I can't wait to get my work computer replaced, it's freaking slow and makes my job a lot harder than it has to be.
 
Most companies(large) who still use XP don't use XP like a normal consumer or small business does where they are far more reliant on Mcrosoft for security and buy the basic retail versions of Norton and Kaspersky. Most major corporations have millions dumped into securing the network there systems are on and then adding millions more on top with advance enterprise level security software. I would say there safe to continue to use the software for at least another 2-3 years. I remember XP taking till 2003-2004 to truly get good penetration into large corporations windows 7 will be turning 5 in October so timing seems about right for it to truly start to take over large portions of major corporations systems. At my work everything is XP, but its embedded and again we have millions in our network security and endpoint security.
 
I think Microsoft has announced it will continue to provide anti-malware updates for WinXP for another year.

Still, I imagine the banks aren't too keen to put Win8 on their ATMs and if they put Win7 it will go out of support too soon. Surely there are Linux alternatives available?
 
I have seen some ATM/POS machines crash and you see that it's running XP. I'm surprised that these haven't just switched to a Linux variant though, you would think it would be cheaper and more secure.
 
The reality is, the OS is not very important for a number of reasons such as isolation from the bad, bad world out there. It's the application that does the work. Applications have to be coded in something, and that is where there are problems of long-term support (both human talent and software).

Most computer languages go though a development cycle much faster than the OS does, and desultory attempts to develope software in an OS-independant fashion have been ridiculously shoddy - see Java, HTML etc.

This is where Linux variants fall down, as the few linux-wide programming languages have either the false independance of java etc, or are such arcane languages (e.g. C) that hardly anyone knows them very well.

Like it or not, most big-bank software for interfaces is stuff like Visual Basic, and the real engine behind that is SQL and even Rear-Admiral Hopper's COBOL. Mess with that at your peril !!
 
Last edited:
Yea they have dos at the city of la harbor department. It's called dos/vse on an ibm mainframe, and it came out before mainframes. Natively, it doesn't do any timesharing on a terminal, let alone run on a pc. I wonder why people never adopted ibm mainframe software to pcs. It's all public domain. You can even get the source code, altho IBM never would give me the source code when I had a mainframe. Kind of ruined my business because they only gave me one item of free os software.
 
OK - now the scare tactics have been used to get people's attention - let's look at some facts:

1. The security risks are mainly with PCs and not ATMs. ATMs all work on either a direct connect between the computer at the bank or via a direct, private, vpn network elsewhere. This means that those SCARY security risks are pretty much non-existent. That is why you see the banks being attacked and not the ATMs.

2. All of these ATMs have anti-virus and anti-spyware software on them. These are usually bought as a package with each ATM and they receive regular updates. So just like a lot of computers out there - these run in the background and you never see them on the screen unless the system reboots. Then, if you standing in front of the machine when it reboots you will see the Windows XP logo and will also get to see if any anti-virus or anti-spyware software is loaded into the system tray. But even if there isn't any loaded you go back to #1 above. These things aren't going off across the internet and going to sites they shouldn't, downloading software they shouldn't, and so on.

3. All of these ATMs actually should be running something like Ubuntu Linux. Ubuntu is updated only almost a daily basis and is more or less free. The New York Stock Exchange runs Linux. All of Apple's Macintosh, iPod, iPad, and so on run a version of BSD (which just stands for Berkley System/Standard Distribution) and is a form of Unix just like Linux is a form of Unix. So basically, all of these ATMs should be upgraded to Ubuntu or some other Linux distro and removed as Windows machines altogether. It would save the ATM companies millions or billions, it would save the banking system millions or billions, and it would then save their customers millions or billions. And no - Linux is secure but if it was totally secure - they probably would not issue updates. So just like Apple issues updates because they find security holes - so does Linux, BSD, or any other OS you want to talk about. The main difference is - if you go to Linux you go to a standardized OS that DOES NOT CRASH. The applications might crash - but the OS does not crash. Which means that Linux/Unix is a more secure OS than Windows. Which is why Apple changed over to it from the Macintosh OS (anyone remember MFS and HFS?)

I am sorry if this would mean that Microsoft would lose billions of dollars in revenue each year - but hey - they keep coming out with Operating Systems (OSs) that are just bad. Microsoft itself has repeatedly put into national papers that A)Internet Explorer should not be used as the main browser because it has security holes, B)That Windows Vista was terrible, C)That Windows System 8 was so horrible they were giving everyone a free upgrade to 8.1! You know - after a while you'd think everyone would get the message and switch over to Linux or BSD.

So does that mean that I only use Linux/BSD? No. It doesn't. But I have never upgraded to Vista or System 7. Windows XP was THE smallest version of Windows NT that they came up with. It only needs 128MB of memory to run in. It is very fast. Doesn't require special hardware - but can take advantage of that hardware (ie: Threading). It is only broken in that Microsoft INTENTIONALLY made it so Windows XP can only handle four CPUs at one time. In reality - there is no limit to how many CPUs Windows XP can handle - it is just an artificial limitation put in place by Microsoft. And while it is true XP is an all or nothing OS (ie: Either you are an administrator or a user). System 7 really is still the same way. So is Windows 8! Under Linux you can create groups, low level users, and high level users as well as administrators. It is an entirely different setup.

For my part - I think it is time Microsoft did what Apple did. Dump their OS that has problems and jump on the Unix bandwagon. Then create an interface (usually called a skin) that looks and acts just like Windows does. That's what Apple did. That is what everyone should do. Unix has proven itself to be the winner in the OS wars. Apple is using the stability of Unix to beat Microsoft into the ground. If Microsoft jumped on the band wagon they could keep doing what they are already doing - selling everyone on their other programs. The thing is - they could still sell everyone on their next big OS change - which would be nothing more than a new skin to the Unix OS. I know I would upgrade. After all - there are a lot of pieces of software out there that will allow you to run the older OSs on them - like Virtual Box. You just download and install Virtual Box, install Windows XP, and you are off to the races. Or you install System 7 or System 8 or Windows 98se or Windows 95 or even Windows 3.1. Whatever you want. You want an old CP/M emulator? An Atari emulator? An Amiga emulator? They are all available under Linux or Windows or Macintosh. The thing is - Microsoft would gain one really important advantage by switching to a Unix OS - you only have to maintain one code base. No more one code base per OS. Oh. It would take about ten years to get everyone on board but then things begin being streamlined to just one code base. The skin takes care of how it looks.

Ciao!
 
Guest, I completely buy your argument about Unix as an underlying OS for everything, but as I mentioned in my post#14, the bigger problem is the application development language(s). What exactly is the application language of Apple for example?

I consider that the problems of converting/rewriting all the hundreds of thousands of bits of software out there to run happily on a new OS is a fundamental impossibility. So your suggestion, sadly, will never happen.
 
Last edited:
Just seen on the news that Lloyds Bank and affiliated banks have had a system failure preventing people from using their payment and credit cards. This is not the first time this has happened in the UK. A few months ago I could not use my payment card in a supermarket. It cannot be a coincidence that a number of commentators have accused the banking industry of failure to invest in new computer technology.
 
To the best of my knowledge, the true problem is not so much lack of investment in new technology, but basic incompetence in operating the 'old' technology.

For example, the previous breakdown in 2013 was, as I understand it, down to issuing software updates to the office systems (I.e. COBOL on mainframes), which were not fully tested. Incorrect version control was mentioned. This is a massive problem of lack of documentation, lack of change control, changes being entrusted to overseas programmers with no real understanding of how the systems work, and so on for an extensive list of failures.

That this can be labelled 'lack of investment' is possible, but it is more sensibly attributed to poor formal control systems and disposing of older, experienced staff without lengthy training and handover to new staff.

Just poor management in fact.

PS info just released - the weekend ATM problems assigned to 'server failure' and only affected about 50% of ATMs. Seems reasonable, but what happened to the 'fail-over' capability that should make this kind of thing virtually impossible? Servers for critical applications are supposed to be linked with a backup which watches for a heartbeat signal to stop, and instantly takes over. Sounds more like a digital infrastructure problem to me. Hear about the switching centre for London underground railway that accidentally got filled with tons of quick-setting cement last Thursday ? ATM hiccup was a fairly similar event I would guess.
 
Last edited:
To the best of my knowledge, the true problem is not so much lack of investment in new technology, but basic incompetence in operating the 'old' technology.

For example, the previous breakdown in 2013 was, as I understand it, down to issuing software updates to the office systems (I.e. COBOL on mainframes), which were not fully tested. Incorrect version control was mentioned. This is a massive problem of lack of documentation, lack of change control, changes being entrusted to overseas programmers with no real understanding of how the systems work, and so on for an extensive list of failures.

That this can be labelled 'lack of investment' is possible, but it is more sensibly attributed to poor formal control systems and disposing of older, experienced staff without lengthy training and handover to new staff.

Just poor management in fact.

PS info just released - the weekend ATM problems assigned to 'server failure' and only affected about 50% of ATMs. Seems reasonable, but what happened to the 'fail-over' capability that should make this kind of thing virtually impossible? Servers for critical applications are supposed to be linked with a backup which watches for a heartbeat signal to stop, and instantly takes over. Sounds more like a digital infrastructure problem to me. Hear about the switching centre for London underground railway that accidentally got filled with tons of quick-setting cement last Thursday ? ATM hiccup was a fairly similar event I would guess.
Saw the pictures of the equipment room in concrete. Really pleased I no longer commute to London. Clearly the banking industry see IT as one of those annoying backroom functions. It reminds me of Railtrack who decided to concentrate on commercial property and ignored the engineering. It proved to be their downfall as their engineering projects were so badly managed. It bankrupted them (bit like the Banks) but the Government did not bail them out.
 
Those girls at my bank are running XP on their PCs. I found that funny considering Windows 7 out there. They have more PC crashes under XP. Printer issues also.
 
Most all Banks Systems use XP for a reason That is Windows 7 and all others have more sercurity leaks then XP. Fact and besides most all Banks use some form of Linux Platform due to the easy of XP is most capible to work with. And most of the Banks Software dont work with Windows Vista,7,8 and up. Which means to order to upgrade to Windows 7,8,8.1 they would have to get their software developers to fix all the issues. I have an XP machine and I use it in a lab to hack all the other Windows platforms. Vista I can break the kernel in just a few minutes same with 7 and windows 8. All Microsoft with always support XP under Enterprise License Agreement. Thats why we pay so much for the Enterprise.
 
Back