Let’s end the week with some reassuring news! A detailed new report at BusinessWeek claims that around 95 percent of ATMs are still powered by Windows XP.
And as one may guess, they will be as exposed to vulnerabilities after the retirement of the operating system (after April 8) as anything under a clear blue sky. Long story short, desktops and laptops are not the only type of computers that are set to be affected by the Windows XP end of support.
This insanely high figure obviously includes worldwide ATMs, and as the story reveals the upgrade estimates are nowhere near encouraging — only 15 percent of these will move to Windows 7 by April 8.
Businesses, industries and educational organizations are not the only sitting ducks here. Financial institutions, even though they know full well the risks of staying with Windows XP after retirement, are still to put their upgrade plans into action.
Many have already outlined what they have to do, but the migration process is yet to begin.
And while the ATMs realm inherently moves more slowly than PCs, ATM operators are also citing the overall costs of migration as one of the main factors — moving a machine to a newer OS costs anywhere in the range of a few hundred dollars to thousands if some new hardware is needed.
Sure, the ATMs will not stop functioning after the retirement date. They will keep on running just as they do now, and occasionally show the XP desktop if they crash and need a reboot like they do now.
But since these machines are not accessible to the public (they are connected to private secure networks), any threat they face will have to come from inside. And that perhaps the scariest thought in all this. Think physical access and real unpatched vulnerabilities. And then take it global!
End consumers are obviously protected by industry protections, but in case of a sinister attack on these machines, the hardest hit will be those that are operating them. And in this day and age, negative publicity is far worse than an actual incident.
That being said, while Microsoft will stop patching (privately and publicly reported) vulnerabilities on Windows XP after the end of support date, it has announced that it will continue to provide antivirus signatures for its free Security Essentials program until July 2015.
Other antivirus companies plan to do the same — some for a couple of years, others even further.
This handy list compiled by AV-TEST, an independent antivirus testing firm, shows that most antivirus and antimalware companies are yet to offer specific support end dates for Windows XP. Many of these would be happy to play a wait and see game, and jump in on extra business from XP users.
Just what kind of protection these antivirus programs will offer for organizations that stay on Windows XP beyond retirement is hard to guess — antivirus software cannot protect these machines from every assault, every exploit and every vulnerability, after all.
As Microsoft continues to hit home the point regularly, the malware infection rates for Windows XP based systems are around six times higher than those that are powered by Windows 8.
There is a little bit of a reprieve for ATMs that are using the minimalist version of XP (Windows XP Embedded) as not only this operating system is less vulnerable to viruses and malware, but Redmond will keep on supporting it for a few more years.
Early 2016 is when support ends for this flavor of the operating system, making Windows Embedded 8 a very viable alternative to those that are considering migrating to a newer version.
But with each passing day it is becoming increasingly clear that these companies will have to make a decision and make it soon — before newly discovered security holes pile up in Windows XP.
Microsoft already announced the retirement ahead of time.
It is time we see a little less conversation and a little more action from ATM operators too.