Some clarity
- Most (there are some exceptions) ATMs run Windows XP Pro not embedded.
- Many are moving to Windows 7
- These ATMs have most Windows services disabled and most common desktop attack vectors aren't available (no outlook, web browsing etc).
- Windows is the platform of choice because it has an abstraction layer called XFS that gives a standard interface to the underlying devices so (theoretically) one ATM application can run on any vendor's ATM. This isn't going to change any time soon.
- These ATMs also have virus scanners installed - which can cause more problems than they solve because they're not designed for an 'unattended' environment where the user can't babysit them.
- The most prepared banks have fit for purpose security products installed which are designed for ATMs and include AV, HDD encryption, firewalls, whitelisting, USB device control/blocking etc
- A different OS won't add much more (if any) security beyond what is already available to the banks today.
Biting the hand that feeds IT
