Windows on ATM machines??

[RoadClosed]

Yep that is stupid. It would leave an ATM open to OS types of exploits like the RPC exploit! WTF were they thinking. I could maybe see it of they had some wan for local ATMs and then concentrated the data onto a VPN at a NOC or something, but only with serious safeguards in place. To hook each ATM to the internet is bordeline negligence.

[CXGJarrod]

I can see it now. Microsoft adds help to ATM Machines:

Person sticks in card into machine.

Clippy pops up "Hi, I can see that you are trying to get money."

Do you want to:

Take out cash
Check Balance
Reboot Machine

Clippy: Do you really want to take out this cash?

User selects yes.

Clippy: Do you REALLY want to delete these funds from savings?

[nihil]

I thank the Lord that there are Bars closer to me than ATMs........have to use old fashioned devices called cheques(checks), but it's one hell of an excuse?



Have a good week-end

[RoadClosed]

LOL they have been windows based ATMs for years. Chances are any ATM you have been using with a color screen is 99 percent Windows. The software load just looks like the old style machines with basic text because that's what people like.

To copy a cliche, "it's not the same version your daddy used." And like I stated earlier, CISCO even uses it on their most secure line. Funny isn't it?

Hey hihil,

I lived north of London for a while, I remember having to be issued a check (cheque) card from Barks. so I could write checks. Might as well just use a Debit card eh? All that quid is heavy anyhow.

[sk8]

believe it or not, one day an atm machine crashed right in front of me ( i didn't do anything, i swear =p )

[Fred Brown]

What do you do when the blue screen of death pops up? Reboot, reboot. There will need to be a roll of butt wipe next to the screen. It's going to be a smellie time at o banko.

Freddy

[catch]

Oh gee another thread bashing windows, how creative.

A situation like an ATM system has a few core requirements:

High Assurance. A minimalistic amount of code should be used, ideally a finite machine. This will cover both reliability and security.
Cost. This is not just a central server, large banks have tens of thousands of system and they cannot afford to spend tens of thousand per box.
Support. Banks need support both for uptime and insurance reasons. They need someone who will take responsibility if the system is unreasonably flawed.
Standards Compliance. They need systems that have been measured against a recognized yardstick. (ISO whatever)

First, the version of windows that will be used looks more like Windows CE than Windows Me and even then it is stripped down. All superfluous kernel drivers are removed, including most likely the TCP/IP stack. (in ideal situations anyhow) It would not be running RPC or IIS either for obvious reasons. It is likely that the security policy is removed as well since the system doesn't support OS level shared users. Merely two applications (user and admin) consequently all access controls would be done at the data center level.

Now that that is established, let's look at how this Windows meets the aforementioned requirements using Windows, Linux, FreeBSD, AIX, and QNX as comparison.

High Assurance: For this role a micro kernel system is an absolute must. You simply cannot have a high assurance system outside of this design requirement. Windows, AIX, and QNX all meet this requirement. Linux's monolithic kernel is simply too comprehensive to be trusted or provably assured. FreeBSD's modular kernel is not as tragic as Linux's, but is still simply not up to the task. As I said before, a finite machine like KSOS would be ideal.

Cost: This is clearly where AIX gets clobbered, it is just too much of an OS for such a menial task as individual ATM systems and the cost reflects as much. Some of you would be quick to say that Linux and FreeBSD are free... this is true, kinda. The costs of a turn-key solution for these systems would be significant, however it is unlikely that they would end up more expensive than Windows or QNX.

Support: AIX clearly wins this realm, IBM support has been legendary since the 1930's and is likely to continue being so. Windows support for the most prt is less than stellar, however one area that Microsoft has always been supportive is if their product fails to deliver on an agreed specification. Linux and FreeBSD have no such specifications and no support at all beyond basic configuration help. QNX support is more or less on par with Windows.

Standards Compliance: Here Windows and AIX are superior again, both EAL4 (ISO 15408) Linux was just evaluated at EAL2 (after much effort and hoopla) to the best of my knowledge FreeBSD and QNX have not been evaluated against either ISO or DOD standards. As a technology manager I would not bet my job on something that has not been evaluated, too risky. If something happens and a product has been evaluated I can fall back on that and not just "Duh, well I thought it was good from what I read on slashdot." I know that I am not alone in this standpoint. (an observation made after having worked closely with various financial/defense organizations)

So with a quick review AIX is viable in three categories, but the cost is a fatal blow, just too high. Linux is good in one category and not awful in one. FreeBSD is good in one catagory as well. QNX is also good in three categories (maybe four, but I couldn't find anything in a quick search). Windows is good in three categories and support is a half point.

So, with tens of millions of dollars at stake. Your job and most likely career at stake and thousands of customers’ peace of mind and a non-infinite budget... which do you choose?

catch

Edited to add:
PS I'd prolly pick QNX if only they'd get themselves evaluated... bah.

[AlkAzAA]

Over here in sweden all the ATMs (or bankomat and minuten as they are called here) have been windows based for years and there has never been any big problems with them. Sure, I have seen a few (2 or 3) error messages when I was going to get some money but that is nothing common and most of the time just make people laugh (maybe because they dont know better).
I dont belive windows would still be used and introduced in ATMs in other countries if there had been any big problems with it.

[gloworange]virtual memory low[/gloworange]

[slick8790]

no no no no. i dont believe it. i wont believe it. im liquidating all my assets if that happens

[darkes]

One interesting thing here is that the server side, which is located at the banks IT centre usually does not run Windows.

A lot of banks here still use IBM mainframes as the server, as the software is tried and tested. Also mainframes are very secure (they meet various DoD & ISO standards), and can process vast numbers of transactions per second.

The hardware encryption used is often DES3, which is almost impossible to break, given the careful way in which the keys (or rather partial keys) are physically distributed. Seems a bit over the top, but the cryptographic hardware is also tamper proof. So if you did manage to steal an ATM (has been done!), then the hardware will destroy the DES3 key it was using.