dave Premium Member join:2000-05-04 not in ohio
1 recommendation |
to DarkSithPro
Re: How can consumers be protected if 95% of ATMs use XP when support ends soon?What do you propose? Are you in favour of government regulations demanding that a private company keeps spending money on a product it stopped selling several years ago? Or that there is a legally-mandated crash program to replace privately-owned functioning devices with an inadequately-tested replacement? |
|
|
Tejas
Anon
2014-Jan-21 8:27 pm
Banks are still running OS/2, Windows 2000, NT. Their security is not in the OS, besides ATMs run a special version called XP Embedded. It's designed just for that type of environment. It allows you to install only what you need and prevent writes to the drives. It's good until 2016 |
|
|
to dave
said by dave:What do you propose? Are you in favour of government regulations demanding that a private company keeps spending money on a product it stopped selling several years ago? Or that there is a legally-mandated crash program to replace privately-owned functioning devices with an inadequately-tested replacement? No, cracking down on companies that use outdated software when they where warned in 2008. How is it fair to the consumer when their personal data is being handled by an insecure OS? |
|
DarkSithPro |
to Tejas
said by Tejas :Banks are still running OS/2, Windows 2000, NT. Their security is not in the OS, besides ATMs run a special version called XP Embedded. It's designed just for that type of environment. It allows you to install only what you need and prevent writes to the drives. It's good until 2016 Well that's a sigh of relief. Thanks... |
|
nonymous (banned) join:2003-09-08 Glendale, AZ |
nonymous (banned)
Member
2014-Jan-21 8:38 pm
As another already said it should.be an embedded version of the OS. The core OS should be fairly secure at this point and doesnt have all the extra bloat surrounding the core OS to attack. |
|
dave Premium Member join:2000-05-04 not in ohio 1 edit
1 recommendation |
to DarkSithPro
But the more significant point is that the *device* is either secure or not. Focusing on one part of the device misses the point: in this case, practically all relevant XP vulnerabilities rely on the ATM being on the public network with exposed insecure services, which would be foolish regardless of which OS was running the ATM.
(The only exception seems to be an ATM with USB ports and autorun enabled - but once again that's not the fault of the OS, it's the fault of someone building a physically insecure ATM).
In any case, the ATM will be no less secure in April than it is today. |
|
4 recommendations |
to DarkSithPro
said by DarkSithPro:No, cracking down on companies that use outdated software when they where warned in 2008. How is it fair to the consumer when their personal data is being handled by an insecure OS? You're assuming the newer stuff is more secure. Why? Because the marketing people told you so? The simple act of writing a new version with even more bells and whistles (and hence, more points of vulnerability) makes newer more insecure, not less. Also, a lot of Windows bugs persist through several versions - they're not total rewrites. |
|
vaxvmsferroequine fan Premium Member join:2005-03-01 Polar Park |
to DarkSithPro
said by DarkSithPro:No, cracking down on companies that use outdated software So you want the government to crack down on the government as well. |
|
|
to goalieskates
said by goalieskates:said by DarkSithPro:No, cracking down on companies that use outdated software when they where warned in 2008. How is it fair to the consumer when their personal data is being handled by an insecure OS? You're assuming the newer stuff is more secure. Why? Because the marketing people told you so? So we should all be using Internet explorer 6 then, right? It launched with XP, so it should be as secure, or more secure than IE8,9,10 and 11? Same guys created the XP OS, so their browser directly reflects their security model, right? |
|
|
|
anonome
Anon
2014-Jan-22 3:01 am
The Internet and sites thereon (as well has how we use it/them) have changed a lot over the years. ATMs haven't changed much at all. |
|
dave Premium Member join:2000-05-04 not in ohio |
to DarkSithPro
said by DarkSithPro:Same guys created the XP OS, so their browser directly reflects their security model, right? No, because (a) it wasn't the same 'guys', it was different divisions in a huge company where not everyone pulls in the same direction, and (b) a key feature of browsers is to download and execute chunks of code from the internet; the OS, not so much. Uninstall all user-facing web access, and you'll solve most of your security problems. Disable net-facing services and that takes care of practically all of the rest. In an ATM, you're left with programming errors in the UI, and the physical ('cut through the wall') attacks. |
|
ROCINANTEOriginal Member 007 Premium Member join:1999-06-29 Hartsdale, NY |
to DarkSithPro
What does IE have to do with ATMs? |
|