Few European ATMs upgraded to Windows 7

Summary:A research report indicates that Europe is far behind the US in moving ATMs from Windows XP. Less than 1 percent of ATMs in Europe are running Windows 7.

A research report from RBR in London shows that 89 percent of European ATMs are still running Windows XP. This is a larger proportion than in the United States, but what is perhaps even more shocking is that eight percent of ATMs are still run operating systems older than XP: Windows NT, Windows 2000, and even OS/2.


The report attributes the lack of movement away from old and unsupported operating systems to a desire for stability on the part of the banks. Instead of upgrading the operating system, which would likely require upgrading a good deal of the computing hardware in the ATM, the banks would rather lock down the devices and practice other risk mitigation techniques.

Latest review

HTC One M9 hands-on: Improved craftsmanship, camera, and HTC Sense are compelling

Matthew spent over 24 hours using the new HTC One M9 and it exceeds the emotional appeal of the M7. HTC improved where it needed to and the One M9 is sure to be a popular phone.

I discussed this factor in  a recent story on the lesser continued dominance of Windows XP in US ATMs . ATMs are isolated on the network and have a well-defined and stable function. They are excellent candidates for lock-down techniques such as software whitelisting and strong authentication for any user access.

An ATM protected in this way, while still at greater risk than one running a modern OS, is still heavily defended against software attack. Getting malicious software to such an ATM and executing it is a daunting task. This is why nearly all attacks on ATMs are physical attacks, such as skimming devices and smash-and-grab of the entire ATM.

Furthermore, as the report notes, many banks have opted to purchase extended support for Windows XP from Microsoft — the report specifically names JP Morgan Chase as one of these banks, but probably all the larger banks have. Such support is expensive and available for a maximum of two years, so banks absolutely need to have a migration plan in place anyway.

Looked at things in this light, banks' lazy attitude towards OS upgrades seems defensible. If ATMs running Windows NT are running without software attack, there's little reason to fear for Windows XP ATMs after today.

Topics: Security, Windows


Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.