Few European ATMs upgraded to Windows 7

Few European ATMs upgraded to Windows 7

Summary: A research report indicates that Europe is far behind the US in moving ATMs from Windows XP. Less than 1 percent of ATMs in Europe are running Windows 7.

TOPICS: Security, Windows

A research report from RBR in London shows that 89 percent of European ATMs are still running Windows XP. This is a larger proportion than in the United States, but what is perhaps even more shocking is that eight percent of ATMs are still run operating systems older than XP: Windows NT, Windows 2000, and even OS/2.


The report attributes the lack of movement away from old and unsupported operating systems to a desire for stability on the part of the banks. Instead of upgrading the operating system, which would likely require upgrading a good deal of the computing hardware in the ATM, the banks would rather lock down the devices and practice other risk mitigation techniques.

I discussed this factor in a recent story on the lesser continued dominance of Windows XP in US ATMs. ATMs are isolated on the network and have a well-defined and stable function. They are excellent candidates for lock-down techniques such as software whitelisting and strong authentication for any user access.

An ATM protected in this way, while still at greater risk than one running a modern OS, is still heavily defended against software attack. Getting malicious software to such an ATM and executing it is a daunting task. This is why nearly all attacks on ATMs are physical attacks, such as skimming devices and smash-and-grab of the entire ATM.

Furthermore, as the report notes, many banks have opted to purchase extended support for Windows XP from Microsoft — the report specifically names JP Morgan Chase as one of these banks, but probably all the larger banks have. Such support is expensive and available for a maximum of two years, so banks absolutely need to have a migration plan in place anyway.

Looked at things in this light, banks' lazy attitude towards OS upgrades seems defensible. If ATMs running Windows NT are running without software attack, there's little reason to fear for Windows XP ATMs after today.

Topics: Security, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Europe isn't a country!

    What's with the constant comparison between Europe and America. You wouldn't compare America with Africa, would you?

    Some European countries are near bankruptcy (Greece, Spain, UKRAINE). It's a nonsensical comparison.
    • Some States are near bankruptcy

      your point?

      I thought Detroit and California were bankrupt or on the verge?
    • Meh

      Ukraine isn't part of Europe, the Spanish public debt is at 78.6% vs a USA public debt of 106.5% (cf. wikipedia, List_of_countries_by_public_debt, CIA and IMF average), Greece must be 2% of Europe GDP (aka insignificant), etc.
    • Of course it makes sense

      Economists and marketers do regional studies all the time.
      Larry Seltzer
    • I don't get your comment...

      The European Union has more in common with the United States of America than you might think.

      Although there's no central constitution (it was rejected in 2005), the "Tratado of Lisboa" (Treaty of Lisbon) practically creates a political union while keeping national sovereignties in place. You might even call the UE, United States of Europe, or US 2.0.

      I might understand guys from my homeland (Mexico, a de jure federation, but by de facto centralized) to have trouble comprehending a decentralized state like Europe, but someone coming from America, it troubles me you don't see the resemblance.
  • overkill

    Seems like overkill to put a multiuser multitasking general purpose OS on an ATM if cheaper alternatives exist. Who's going to run MS Office on an ATM?
    As the article implies - how in the world would a virus get into an ATM? The repair guy?
    But there is a real reason to upgrade - some ATMs are painfully slow. But that's likely hardware - not software.
    • Here's one way

      "Hackers in Europe managed to target several cash machines from an unnamed bank earlier last year by infecting them with malware from USB drives."

      • Yep, I've got my USB drive at the ready

        Zogg, Can you please let me know where the average ATM's USB slot is? Here's a hint: LOCKED DOWN! So the "hackers" could just as easily have stolen the money, given their alleged access to the machines.

        There is absolutely no need for any bank to upgrade their ATMs, other than the need that is being pushed by scared customers who believe everything an interested party out to make money will write to scare them.

        I have no idea why ZDNet bothers peddling this garbage.
    • Popularity of an OS makes for cheaper development.

      In the past, several OS had vied to steal market share from the market leader (OS/2), but none had the developer clout like Windows XP. Even Windows CE was rejected by implementers even though it had a cheaper per unit.

      I once saw a demo-sponsored by IBM,ironically-running NextStep. Neatly tucked in the floor was a NeXT Cube which kinda acted as the base for a MegaPixel display tucked inside the ATM chassis. Since the Cube only had one cable between CPU and display, it made for an elegant futuristic enclosure. All the interaction and the money pot was handled by the DSP. I think the whole setup was a post graduate project of sorts. It made for a great photo opportunity for IBM but was not even near production potential.

      Last but not least, companies adopted XP due to IBM's ambiguity with regards to OS/2. Windows XP emerged as an opportunistic alternative that, it seems, was also driven by undecided leadership. Microsoft will suffer more than its costumers by killing XP prematurely.

      "Last I remember most stereos have RCA plugs, but RCA is no where to be found"

      100% LINUX.
  • FUD

    "but what is perhaps even more shocking is that eight percent of ATMs are still run operating systems older than XP: Windows NT, Windows 2000, and even OS/2."

    And most shocking of all is that evidence suggests it doesn't seem to be easy to rob the ATMs despite their old OS.