OpenIDWhy run Windows on an ATM?
So you’re writing the software for an ATM. It needs to display something pretty on the screen, control the hardware that serves out the money and talk securely to your central servers. It also needs to be stable, secure, reliable and allow remote administration. Why on earth would you choose Windows as the operating system?
Check out this article on The Register: Nachi worm infected Diebold ATMs. This just beggars belief. How a Windows worm spread on to a network with ATMs connected to it is beyond me—even if you take in to account employee laptops plugged in behind the firewall it’s still incredible that the ATMs weren’t on their own separate secure network.
Here’s the best bit:
Billett defended the company’s patching process, which he said involves testing each new bug fix, and deploying at a wide variety of institutions with a mix of network architectures. “A lot of those machines actually have to be visited by a service technician” to be patched, said Billett. “Our experience in the past is we are able to turn those around in one or two days.”
What do you have to do to patch these things, plug in a keyboard and mouse?
Scott - 26th November 2003 06:42 - #
Diebold, the makers of the ATM machine discussed in your blog, has also been in the news recently because they are also the makers of the Electronic Voting Machines used in the US
Check out Electronic Voting Debacle for the commentary.
Kayode Okeyode - 26th November 2003 09:15 - #
Well, I would have assumed that many ATM's used VLAN's though it makes total sense how the worm managed to propagate and flood the wire once it was introduced. Also I would have assumed they used telnet to do ATM patching; though it seems not.
Robert Wellock - 26th November 2003 13:04 - #
Get ready for it. More and more companies are moving towards running Windows on ATMs. Back in the day it was OS/2, now people are looking seriously at NT, 2000, and even XP.
Microsoft is getting into the game with their XFS standard. Be prepared to see Windows on more bank and non-bank ATMs. For another example, head over to look at press release for a new Triton Windows-based ATM.
The D - 26th November 2003 13:31 - #
Windows makes perfect sense for ATMs and even cash registers. It's a commodity operating system that works on commodity hardware and allows your average everyday programmer to write the software you care about -- stuff to drive the ATM or the cash register.
Yes, it's sad that these devices use Windows (and require excessive amounts of memory, high powered CPUs and the like), but commodity parts are dirt cheap, and switching to something more "sensible" like an embedded OS or even Linux just adds too much complexity (and too much cost) to the mix.
ziggy - 26th November 2003 15:00 - #
Andrew Bowden - 26th November 2003 15:09 - #
I don't want everyday programmers writing the software that secures my banking transactions - I want really, really good programmers doing it. I agree that you want to avoid complexity, but Windows XP is the most complex OS on the market - and has already proved itself to be a poor choice for ATM software. I don't even want to think about those voting machines - I read somewhere that they're based on Access (!!!) and modifying the voting counts is as simple as copying the database file off the machine, opening it up in Access, changing the data and saving it back again.
Simon Willison - 26th November 2003 15:50 - #
I agree with Simon, ziggy.
One important part of security (besides a threat model) is minimizing exposure. Any little bit of software running on the ATM that isn't directly needed for the purpose of handling transactions is a security risk.
Even if the vendors strip down Windows as much as possible, it will still be much more complicated than it needs to be.
The choice of commodity hardware and software has a financial incentive for the corps buying the ATMs, but doesn't answer a customer demand. And don't start with bank fees-- ATMs (as compared to human tellers) significantly reduce overheads at any reasonable cost.
Jeremy Dunck - 26th November 2003 17:16 - #
<off-topic>
Simon, it appears some of your "Last updated" dates on "Blogs I read" are broken.
For example, you show ongoing last updated "4 days, 23 hours ago", but in fact, he has several updates in the last couple of days.
</off-topic>
Jeremy Dunck - 26th November 2003 17:19 - #
Simon Willison - 26th November 2003 19:47 - #
Jeremy Dunck - 26th November 2003 20:58 - #
Anthony - 26th November 2003 21:21 - #
Tom Gilder - 26th November 2003 23:24 - #
Well, of course you can put a standard off-the-shelf install of Windows XP onto an ATM and it might be cheap (after licence costs), but really you're going to want to do some customisation, and I'd argue that this is precisely why embedded developers are going for Linux - because vendors have more control over what goes into the final system. I suppose we're all waiting for the following to be reported:
Paul Boddie - 28th November 2003 11:57 - #
Hey, I agree with you. It's regrettable that the industry has come to this point. I would love it if ATMs were the exclusive domain of wiley Lisp or Forth hackers. But there are a lot of concerns to balance here. First, there's the issue of buying commodity. If an ATM vendor builds on top of an "industry standard" platform, his hardware costs are minimized (high volume components), his labor costs are cheaper, and the skills necessary to develop his product are widely available. Second, there's the issue of managing the ATM on the network after it's installed. If it's something that is known to interoperate with the rest of the bank's network, it reduces admin costs across the board.
A friend of mine was in charge of upgrading all of the cash registers at all of his company's stores across the country about 4 years ago, and he proudly showed me the latest and greatest machines available, all running NT in there somewhere. This guy was and is still a confirmed Open Source geek (even co-authored an O'Reilly book), but when he looked at all of the factors he had to balance, there really was no other reasonable option. Yes, Windows is big, complex and insecure, but you can lock it down and run machines on a private network to beef up the security.
While there are advantages to using some custom microkernel or embedded Linux on these devices, but the costs of those choices far outweigh the value they provide. This is an area where the problem space is deceptively large, and integration and support are two huge factors that are invisible when focusing on the device itself. When, not if, someone can deliver a whole product -- not just an ATM running Linux, but the back office bits too -- we'll see some changes. Or rather, we won't because ATMs are just black boxes.
Don't get me started on voting machines. That's a whole other ball of wax with dubious value. Even if they were devoid of all Microsoft software, and developed with only the most bestest and brightest hackers on the planet, voting machines would still be fundementally unsound.ziggy - 28th November 2003 19:29 - #
Simon Willison - 28th November 2003 19:47 - #
Microsoft blows donkey nuts.
I. G. - 28th November 2003 21:28 - #
and one day, it will be linux and some java/php/xml whatever things which will replace the windows and old atm.
why ? because the industry would like it. to create new product, to be "on the edge" and because "it's more efficient, more open, more secure" ( "more" is the word important)
don't look after rationality, it's not rational to put a product like windows on machine like atm, there dozens of others product which can be used and still be used by transactionnal platform.
if some people want windows, it's because they want microsoft "blessed" technologies. nothing else.
well, when some people will want an other technology available with an embedded linux (or bsd, qnx, or whatever) , we will see a whole new switch.
great , no ? it means works for people like me :) (the people who switch softwares on computers )
Michel Galle - 1st December 2003 03:07 - #
Serge - 29th January 2004 22:56 - #
The security features of an ATM are done in a hardware encrytor, which means no PINs are available in the clear. Thus, the OS is irrelevant in terms of customer security.
The stability of Windows as compared to Linux may be debateable, but Windows together with XFS allow the bank to use multiple vendors hardware with the same ATM application.
XP Embedded is the ideal Windows OS for ATMs. As far as I know, Diebold supports XP embedded only. This means, that much of the OS can be stripped away, and the user shell can be disabled.
The disadvantage of Windows, however, is that the banks will require to use a particular version of Windows for longer than Microsoft (so far) supports each version. Banks do not want to upgrade there ATM infrastuctures, every 2 years or so.
Andrew - 2nd April 2004 14:13 - #
Zeeshan Ali - 15th September 2004 06:15 - #
Peter - 20th January 2005 23:57 - #
renoldvasili@hotmail.com - 4th August 2005 16:41 - #
ARIYO EMMANUEL - 17th January 2006 16:20 - #
Wow, this is an interesting read. Interesting, because I have a backgound in this. I used to work for a company (which shall remain nameless) that produced software that ran on a number of different types of ATMs, and also the back-end software that communicated with these ATMs.
Originally the majority of these ATMs (the NCR variety) ran OS/2, and now, as you know, most of them will be running Windows.
Errâ?¦. Yes, why not? Inside an ATM there's basically just a PC with a pile of gadgets attached. A cash dispenser, a screen, a couple of printers (for the receipts and journal roll), depository, envelope dispenser, that sort of stuff. But at the end of the day it's a PC. Connect a keyboard and mouse and it'll boot into Windows until you instruct it to behave like an ATM.
Well, yes and no. It doesn't make perfect sense. It's expensive and it's insecure. And after a while, it'll need to be upgraded because it'll no longer be supported. Thus more expense. In fact your argument above rings true for Linux too. I recently installed Linux on my laptop - took no time at all, and everything worked. Even the wireless connection. This is not the problem. It's the NON-standard stuff inside the ATM which is a problem. Linux knows how to access your CD drive just as well as Windows does; but it wouldn't have a clue how to drive a cash dispenser. The drivers to do this are made available by the manufacturers. And do they provide Linux versions? Unfortunately, no. They provide Windows versions of the drivers, and that's what makes Windows the obvious choice. There's no other.
That just doesn't make sense. Linux is cheaper (well, free) and is often easier to install than Windows. I don't see your point here.
Again, Ziggy, you seem to be implying that it's difficult and expensive to install Linux on an "industry standard" platform. It's not; that's what Linux was designed for. This isn't the issue; it's lack of driver availability for the weird bits and bobs that you find inside ATMs, that you wouldn't normally find on a desktop PC. I'm sure that writing a Linux driver for an ATM envelope dispenser is not at the top of Linus's list.
â?¦as you can with Linux - only with better security!
Why microkernel or embedded linux? This isn't a PDA or mobile phone we're talking about here (or a black box), it's a PC. Just like your desktop but with some extra gadgets attached. You don't need a scaled-down Linux (or Windows for that matter). You just need extra drivers. And as for the back office bits, well back office software running on Unix is very common - our ATM controller was Unix, and yes, I ported it to Linux just to see if it would work. It did, very nicely thanks.
Well serge, I have plenty of knowledge on "ATM development and operating systems" and I'm afraid I agree with Michel. But maybe for different reasons. There's the security issue; banks will require the confidence that their ATMs won't be prone to viruses and (maybe worse) spyware; and there's the cost. Remember, a lot of banks in third world countries have ATMs. Each one requires Windows and each one requires a licence, which means fees.. That all adds up. It's no surprise that Linux is taking off in places like India and China. It can't be too long before the financial organisations there start thinkingâ?¦ why can't we put this stuff in our ATMs? Part of the reason they haven't yet has to do with Microsoft's huge marketing clout. I just can't buy a PC from PC World without having Microsoft Windows on it. "Paying the Microsoft tax". It's the same with ATMs I suppose.
Renold, this illustrates my point nicely. There's a bank in Brazil called Banrisul which uses Linux to drive its ATMs. I believe this was done with assistance from Connectiva, which merged with Mandrake to become Mandriva Linux. And if you're more successful than me in getting information about this out of them, then let me know! I did send an email to Mandriva requesting information (about drivers and such like) and got nothing in return. Seriously, driving ATMs with Linux is something I would dearly like to get involved in if I could do it and keep my family fed at the same time. Oh, and I suppose I'd need an ATMâ?¦ and reinforced floorboardsâ?¦ these things are pretty heavy! The ATM's cash dispenser sits inside a safe made from 1cm thick steel. One day maybe.
Steve V - 6th July 2006 15:49 - #