Viruses could stop you getting cash from an ATM
Cash machine networks could soon be more susceptible to computer viruses, a security firm has warned. The warning is being issued because many banks are starting to use the Windows operating system in machines.
Concerns over Windows cashpoints
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSAlert.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
Just think how pissed people would get if they can’t get cash because windows is borked on their banks network.
I had a machine eat my card one time. But that was in East St. Louis so the ATM was probably running on a Vic 20.
Microsoft + stable design for security = 0
What on earth makes a bank think Windows is a good idea for an ATM? It’s such a dumb decision it’s laughable.
Surely if OS/2 has been powering ATMs for years they can keep using it – it’s not going to break just because IBM don’t offer support any more.
We sell a lot of network-protocol conversion boxes/software to banks. Our non-embedded systems use to be OS/2. Then we ported the software over to Linux back around mid ’97.
If you ever get a check cleared at a 7-11 you might be using my UDP code. Why they chose UDP was beyond me.
Well, I’m not mainly concerned about viruses and trojans on ATM’s, but about machines asking my confirmation 23gazillion times before giving me my cash (are you sure, pretty sure, absolutely sure, damn sure, sorry you clicked the wrong button let’s start over)
I was bitten by this in late 2000. My local garage ATM was running Windows NT 4. The application crashed, Windows rebooted and eventually it came up again.
It wouldn’t return my card, though.
I try to avoid cashpoints made by NCR for this reason.
In the UK, I’ve actually seen ATMs that crashed, rebooted and let you into the Windows DESKTOP!! That’s how I knew those ATMs used Windows.
Once, I’ve actually seen one of those famous Illegal Operation dialogs at the cash points. This rarely (never?) used to happen until the move to Windows.
Windoze on an ATM! Scary thought. They should use OS/2, Linux, or better yet QNX.
In the netherlands almost all ATM’s have been running Windows for the last several years and they just work fine. (IT people at Banks are not idiots and very aware of stuff like TCO and security.)
‘Being an ATM’ is not difficult for Windows, most creepy security scenario’s (ie no browser, 3rd party apps, etc) do not apply for the ATM as they just perform a single function on a proprietary, closed network. The machines newer crash and almost always work, if they do not work they’re mostly out of money, have a mechanical failure or the network is unavailable.
I work in banking IT and standards are so low it makes you wonder how banks manage not to loose any more money than they do now. But with so much of the management and workforce with little to no IT background (even some developpers (trained on the job on VB) and admin people), it’s hardly a surprise than windows should have gone so far.
Being an ATM’ is not difficult for Windows, most creepy security scenario’s (ie no browser, 3rd party apps, etc) do not apply for the ATM as they just perform a single function on a proprietary, closed network.
..ok, so explain this:
“In January 2003 the Slammer worm knocked out 13,000 cash machines of the Bank of America and many of those operated by the Canadian Imperial Bank of Commerce.”
I don’t trust Windows with my email…..let alone my bank account.
Me thinks that the “seperate networks” is the most crucial in this context. If seperate networks are used, it becomes more of a stability/reliability than a security issue. Like that it never crashes just by sitting there, and that everything works as before after power outages (crash-proof, journaling/read-only filesystems etc). Windows XP embedded might be okay here, I’d rather go with something like QNX or special-purpose embedded OS.
Anyway, the risk is mostly carried by the banks. If their IT practices fail, and ATM machines are unavailable or crackers get their hands on the money, the bank will lose customers. If they screw up enough, other banks that use better methods will take over.
In the netherlands almost all ATM’s have been running Windows for the last several years and they just work fine.
What’s your definition of ‘just working fine’? Most (afaik) run a modified version of Windows 2000. Anyway, i’ve seen crashed ATMs. Even at the Dutch Railways (NS) i’ve seen crashed computers. I’m not to sure if its as stable as required…
Windows found your PIN no and has phoned home!
In the UK natwest use MS-Windows on their cash machines too. I have only seen a blue screen of death once, I found it quite funny. However my brother has had his card swallowed due to an ATM crash.
>> Anyway, the risk is mostly carried by the banks. If their IT practices fail, and ATM machines are unavailable or crackers get their hands on the money, the bank will lose customers. (Alwin Henseler)
Most of the risk is, yes. But having a cash card swallowed is not a nice experience – the only time it happened to me, I was a long way from home, with no other card and it was the beginning of a bank holiday weekend.
Douwet, I’ve seen crashed departure boards at some UK railway stations. It was the only way I new they were running MS-Windows, unless it was a *nix with the BSOD screensaver.
It amazes me that anyone would be willing to pay MS a licence fee just to show text on a screen.
Let me ask this question of all the windows fanboy’s out there.
If Windows is so stable, then why are these ATM’s crashing at all? If they are running ONE dedicated application then there shouldn’t be any probelms. It’s not like you can input extranous data into the atm for buffer overflows.
No The probelm can only be one of two things, the ATM software or Windows has memory leak probelms. With the fact that every Windows mahcine needs to be rebooted every couple of months or so, I would say it is Windows which is poorly designed.
The point of failure si windows, if Longhorn is a complete rewrite I will hold out judgement, but I have a feeling it to will have holes in it’s memory.
Yeah, everytime Microsoft said “This time it’s OK, we’ve fixed all the errors etc” and we ALL know after a year that it was a lie (again).
I’ve once seen an ATM showing a crashed windows screen and that was enough for me not to trust any ATM of that bank!
Keep on dreaming of longhorn hahahahahha
Now I knoe the world is mad. How can one be so stupid as to base an ATM on such a rotten base. Banks are going to lose customers that’s for sure, but they don’t seem to care. I am shocked to hear they would even consider such a system.
Sack the management as incompetent.
Of course ATM’s are supposed to save them money by not paying salaries, and that is why we have more and more of them.
As far as I am concerned they are a source of pissing customers off. They are unsafe to use late at night in quiet areas, they are in some cases almost impossible to use, because some idiot has installed them just where bright sunshine during the day hits the screen. I could go on…..
But if you ask me retail banking wants a good shake-up of its management and less ATM’s not more and certainly less based on that O/S.
“IT people at Banks are not idiots and very aware of stuff like TCO and security.”
Are you stupid? It’s obvious the OSAlert commenters are experts in those areas. If they don’t recommend Windows, what right do the banks have to run it?
Cash points + Viruses + Keyloggers == Rich Criminals
scary sheet, some ATMs over here in N.Ireland run Windows NT and ive seen many of them “unrecoverable error, windows will now shut down” with a ok box
never lost a card *yet* thou
I don’t know if they’re running windows, but I find that the four ATMs at my local supermarket are constantly malfunctioning. Often there’s only one working, the others have frozen or are displaying error messages. The one that works consistently has an old green screen text display, it looks like a DOS app. Personally I’d rather have that than a fancy animated colour display that doesn’t actually work. I’ve seen a few people lose cards inside the ATM or not get the money they’ve requested, the software seems ridiculously buggy.
One place that definitely uses Windows is my local bus depot, they have an touch-screen timetable. I’m sure it would be great if it actually worked, but every time I’ve been there it’s had a BSOD or error message on screen.
Let me ask this question of all the windows fanboy’s out there.
First of all, let me say that I like Windows but am no zealot. There’s no way in HELL I’d let it anywhere near an ATM machine.
If Windows is so stable, then why are these ATM’s crashing at all?/I>
Windows is stable in the hands of a competent user. I have experienced a crash or reboot on WinXP in about 2 years now.
[i]With the fact that every Windows mahcine needs to be rebooted every couple of months or so, I would say it is Windows which is poorly designed.
Granted, but that doesn’t have much impact on me, using it as a desktop OS.
Just the corporate IT world’s philosophy of ‘worst tool for the job’ at work!
Like most posters, I’m appalled at the idea of contemplating a BSOD next time I try to retrieve money from a cash machine. However, IBM deserves all the blame for this nonsense. Why did they decide to drop OS/2 in the first place ? Don’t you tell me that’s because banks forgot to pay their licenses or whatever it costs to get an ATM.
uses nt4 so it`s a tad slow.. need to run the .bat first
:”Like most posters, I’m appalled at the idea of contemplating a BSOD next time I try to retrieve money from a cash machine. However, IBM deserves all the blame for this nonsense. Why did they decide to drop OS/2 in the first place ? Don’t you tell me that’s because banks forgot to pay their licenses or whatever it costs to get an ATM.”
Because they lost intrest in about 1998 because they discovered Linux, of course IBM has always been very departmentalized so even though IBM started pushing Linux powered servers they never came up with a plan to upgrade OS/2 users to Linux without buying all new IBM hardware. So IBM would be willing to sell banks their new shinny hardware running Linux but that’s not what the banks really needed from IBM.
This is not a very unusual sight in Sweden…
http://www.silen.eu.org/usr/images/Sparbanken-bankomat.jpg
I think they run NT4 and the message says something like: Out of Virtual Memeory
Disclaimer:
First off : NDA’s stink.
Second off: Of course this does not apply to the bank listed in the article.
Third off : On with the show.
Well, lets just say, I have worked with a major banking institution for almost a year (til I found a new job). And the standards that exist are horrific. No I will not go into detail, please re-read the disclaimer. I will never put a dime into the bank that I previously contracted through.
Causes:
1) Out-Sourcing
2) In-experienced admins
In general, be afraid, very afraid and if they outsource, be even more afraid.
I thought a lot of cash machines still use DOS?
I was stationed in Japan w/ the Navy a few years ago. The base TV network was moved from a normal broadcast center to, apparently, a Windows multi-cast. I say this because one day I was changing channels; instead of the TV program, there was a Windows desktop w/ the program running in the corner inside a Real Player app. Since they ran shows that were delivered from the US on video, it seems they put them on a Real server box for broadcast.
Additionally, there was another channel that had a BSOD overlaying the actual program; the BSOD was semi-transparent so you could see the TV program playing behind the error (which was a “out of virtual memory” error I believe).
“Our ATM’s don’t run Windows”
“This is not a Windows ATM”
And the people will come..
“IT people at Banks are not idiots and very aware of stuff like TCO and security.”
Are you stupid? It’s obvious the OSAlert commenters are experts in those areas. If they don’t recommend Windows, what right do the banks have to run it?
What the?? It’s more obvious that the OSAlert commenters are MS haters. I work in an IT dept of a pretty large worldwide bank (I’ve nothing to do with ATMS though). Most of our servers run Windows and most of our desktops run either NT4 or XP. A really small (less than 1%) amount are Macs. The reason we do this is because Windows is reliable and stable (IF YOU KNOW WHAT YOU’RE DOING). If you don’t then I think you become an OSAlert commenter and just mouth off about Windows. We do run Linux on a couple of older servers and it’s about the same reliability wise and the same when it comes to patching. I have seen desktop NT4 machines up for more than 2 months. And before you all reply about how Linux stays up for months or years the reason I found those machines is because I was wondering why some patches hadn’t deployed to some machines and found that some users had deleted some SMS files and never rebooted. We don’t want them on for months as our updates run when the user logs on.
This is nothing to do with Linux – and there is a reason we don’t like Windows for applications such as this.
Td Bank as a whole in Canada runs on OS/2, I’ve nver seen a problem with them ever.
I know for a fact that my financial institution (Vancity Credit Union) uses Windows-based ATMs. I found out the hard way when I tried to take money out and I saw a “fatal exeception” dialogue box. Not very impressed to say the least.
When the Dutch Postbank ATM’s went over to NT4 the time it takes to get money out noticeably lengthened, and indeed I have also seen a BSOD on more than one occasion. What’s more, NT4 is no longer even supported by Microsoft. It’s buggy, old and insecure. Not exactly comforting.
Mind you, this is nothing compared to the other problems ATM’s in the Netherlands have had, where criminal gangs found ways of physically tampering with the machines in order to be able to read people’s cards and thus empty their accounts.
>> In the UK, I’ve actually seen ATMs that crashed, rebooted and let you into the Windows DESKTOP!! That’s how I knew those ATMs used Windows. <<
Something similar happened to me when trying to get money out at a cash machine at Sainsbury’s a while ago – the machine went down with an NT4 error, then rebooted to a fixed error message – quite un-settling at the time, especially with a queue of people waiting behind me to use the machine …
– think I typed the PIN number in too fast .. heh heh, strange all the same though ….
The reason we do this is because Windows is reliable and stable (IF YOU KNOW WHAT YOU’RE DOING).
It is always “If you no what you are doing” This normaly
comes from the peaple who say “***** is too hard to setup”.
I’ve see the ‘out of memory errors’. That fact is the system
is doing the same thing every day, running the same single
application and it still messes up when it is validating
the pin number. Which leaves the customer having to claim
a new card / Or claiming the card back.
The old Natwest and TSB were the best. If lightening
struck the bank, it would simply return the card and
reset. It was fast and reliable and looked like a Dos
or MDA AS/400 application on a dumb terminal.
Keep it simple stupid. No more fancy movies or icons
just provide a simple fast service. I do not want to
wait wile Windows reboots then goes to the desktop
then to the application only to find that it can not
remeber what it was doing, and cannot be used again
untill someones had a look at it.
my banks ATMs went down in January, 2003 (?) during one of the worms. i believe it was an email-based worm. there was also an outage during Blaster and/or Sasser.
it was kind of irritating. for what it’s worth, the ATMs ran OS2 at the time, and the bank is one of the largest in the United States. i dunno if the ATM traffic is over the inet or over leased lines.
i’m curious how a desktop / workstation worm can take out secure ATM transactions.
“In January 2003 the Slammer worm knocked out 13,000 cash machines of the Bank of America and many of those operated by the Canadian Imperial Bank of Commerce.”
yes, it was BOA that i was using. i remember that well cause my ex-girlfriend sent me out for breakfast and i had to go back home for cash. i was pretty steamed at BOA, since the outage was 1 to 2 days total.
i’m curious how a desktop / workstation worm can take out secure ATM transactions.
Improperly designed network, managed by incompetent admins.
I would not trust Linux and UNIX network administration to people who can’t manage Windows networks. UNIX/UNIX-like OS is much more demanding, much less forgiving.
“In January 2003 the Slammer worm knocked out 13,000 cash machines of the Bank of America and many of those operated by the Canadian Imperial Bank of Commerce.”
The Slammer worm took down the database system that those ATM’s relied on, it did in fact no way compromise or bring down the ATM OS itself.
I work in an IT dept of a pretty large worldwide bank (I’ve nothing to do with ATMS though). Most of our servers run Windows and most of our desktops run either NT4 or XP.
Which one is it? Its quite known the banks here are all tied to Microsoft. It goes so far, that Apache is being run on Windows because they already ‘got a Windows license’. Even though there’s a server with another OS ready to serve and it works ready to be administrated by capable folks, they still have to set up a new Windows machine with Apache. Thats the same kind of zealotry MS has, replacing working FreeBSD 4 servers running Qmail with incapable NT mailservers.
Mind you, the stability of those ATMs might affect us more than some random criminals [which issue is unrelated to technical problems with an ATM!!!!!]. It quite sucks. It costs time on the railway station because of the queue or it means you can’t pin. E.g. imagine you live in a village. Also for those saying ‘but Windows NT is unsupported’ Windows NT, 98 are still used; not everyone can easily afford some kind of upgrade. Think about the not-very-rich countries. In Hungary i went to OTP bank to get some cash and they still use Windows 98 (that wasn’t a PIN automate though). In a village i couldn’t pin simply because the only Windows machine over there got crashed!
I would not trust Linux and UNIX network administration to people who can’t manage Windows networks. UNIX/UNIX-like OS is much more demanding, much less forgiving.
Ok then we put Ain’t unIX or VMS or whatever on it but not something which is unstable (apparently, that is Windows). We want something which is stable as a rock. Nothing more, nothing less. Personally i’d care less what that OS might be though i do care for involved security measures, too (besides stability).
Any sane civilian who cares for both privacy and service would agree w/me on that and hence would not care what the choice of OS is. In fact, would the computers be stable, we would not even know what OS it runs we would only be able to guess that. Most of us wouldn’t care though. Because they care for privacy and service (which in turn translates to security and stability).
The Slammer worm took down the database system that those ATM’s relied on, it did in fact no way compromise or bring down the ATM OS itself.
What database was that? What OS did that run on? Which machines were responsible for the attack? Who operated them? How could the attack be evaded? You seem to know what you’re talking about, please enlighten us…
>Even though there’s a server with another OS ready to serve and it works ready to be administrated by capable folks
You mean, in a Microsoft Windows-centric organization, you can easily find capable folks to run UNIX/Linux?
Wait, may be you meant fire IT Dept people who know Windows, hire those who know Linux? Well, I can see the problem of selling that idea to IT Dept.
Finally, what is wrong with running Apache on Windows? Windows is just an OS, Apache is just a web server.
By the way, considering that most people just run IIS on Windows, or Apache on Linux- having Apache on Windows is unusual combination, which means better security.
You step away from one common paltform (Win/IIS) but not into another (Linux/Apache). That is good for security.
>Thats the same kind of zealotry MS has,
Zealotry is saying that you should install Linux if you want Apache.
>In Hungary i went to OTP bank to get some cash and they still use Windows 98
Why not? I just helped my American friend to buy a new computer, his old laptop runs Win98 on 64 MB RAM. He told me he had no intention to buy new computer, he was completely satisfied with access to his Web-based email through IE and document editing with MS Word, but had to because hard drive in old laptop started to die.
My dentist, for God’s sake, runs her patient database and schedule on a PC with something that looks like Win95. Every time I visit her I am itching to pick a mouse and check Windows version. Is it 95 or 98?
My dentist lives and works in North America, by the way.
Ok then we put Ain’t unIX or VMS or whatever on it… We want something which is stable as a rock. Nothing more, nothing less.
Would you like higher banking service charges with that?
By Definition Windows appeals to the incompetent.
Therefore, you aren’t going to have much success with people, esp. network people, who barely know anything about a network, except to put a Check in the Check Box, to switch to Linux. At least without a bit of training.
But, you can’t teach those unwilling to learn.
So, we should expect ATM’s to be hacked and banks to experiences major losses in this area, until those IT departments Outsource this out to experts.
( Like IBM’s Linux Atm solutions. )
They will only learn after they’ve been burned long and hard enough.
But, that won’t be before major losses are incurred.
I have always wondered WHY the buttons on atm’s have brail. I mean c’mon, is a blind person going to be driving? or walking around to an atm to retrieve money? They’d have to have memorized the menus…
The Slammer worm took down the database system that those ATM’s relied on, it did in fact no way compromise or bring down the ATM OS itself.
this makes sense. they were running OS/2, which could get an email worm, but shouldn’t have DCOM or LSASS to get a network worm. the atm’s occasionally flake out, and that’s how i know they are OS/2 (from boot screens).
Improperly designed network, managed by incompetent admins.
one time, the ATM flaked out in the middle of an $80 withdrawl. i never received the cash, and despite several calls to the bank, it was never refunded. if i could find a bank that had the coverage of BOA, i’d switch.
never seen a blue screen or desktop on an ATM, but seen several boot screens and diagnostic menus. it’s not just BOA, i’ve seen it on other ATM’s too.
I work in banking IT and standards are so low it makes you wonder how banks manage not to loose any more money than they do now.
Totally agree. I work with a bank in the UK, and seriously, you wouldn’t bank there if you knew how stuff worked. You’ve even got internal VB systems that use the bank’s own internal components for screen reading terminal screens from the mainframe! They cause huge problems, crash regularly and when the data changes nothing works. Their bank cashier systems run a combination of Windows, custom VB applications and components for printing, and Access databases(!) for storage. I can’t tell you the problems that causes. They’d have all this in an ATM if they could.
But with so much of the management and workforce with little to no IT background (even some developpers (trained on the job on VB) and admin people), it’s hardly a surprise than windows should have gone so far.
Spot on. It’s not necessarily Windows that is a problem, although that’s bad enough. It is the attitude and calibre of IT professional that Windows and Microsoft software attract that that is the really big problem.
Roughly akin to Win98 being used in touch-screen lottery machines at convenience stores or NT4 in cash registers.
The term “Overcomputing” (which I am trying to get into the lexicon) comes to mind. None of those tasks warrant that much computing power – it’s using a sledgehammer on a fly sized problem. There is no need for anything more advanced than a 1mhz Z80 to run an ATM. The use of anything more advanced than that is simply throwing money away, and making the end device a million times more complex than it needs to be. Hell, I’d be willing to bet a properly programmed Basic Stamp could do the job!
I am increasingly disgusted with how it seems many IT “professionals” seem to automatically reach for a 1ghz+ machine with a gig of ram to handle the simplest problems when a $40 dedicated microcontroller (like the basic stamp) would do the job equally well – Hell, that’s more power than you need – You cannot tell me what an ATM does takes more power than you’d find in an old VT100 dumb terminal… BECAUSE THAT’S WHAT WE USED WITH NO PROBLEMS TWO DECADES AGO! (and I know some places that are still using them)
“It’s pretty unusual to hear about virus problems with ATMs,” he said.
Because most use stable software on OS/2 thank goodness. This is an error screen of an ATM:
http://www.theinquirer.net/images/articles/beehive_atm.jpg
Bizarrely, they seemed to have changed their systems to something else after this. Regression – get used to it!
That’s what looks like a VB overflow error (looks like it has choked on some data) and has nothing to do with Windows really, but it just shows you the quality of IT people Windows brings with it. Think about it. VB exes and DLLs needing to be installed on a machine that handles your card and your cash. If the application is exposed underneath God knows what data it will reveal, and that could be for any reason – data server down, coding error, choking on data, unable to create ActiveX objects…. A lot of staff are even designing these error messages to be as helpful as possible, exposing huge amounts of data!
Viruses are the least of my worries. .Net awaits us!
Risks of infection were small because the data networks that connect UK cash machines together and the operators of the ATMs themselves were a much smaller and tightly-knit community than in the US where viruses have struck.
Yer. The tightly knit community is generally the whole of the corporate network. The firewalling is non-existant as they use data services layers written in VB (if they’re that sophisticated!) and they are administered through PC Anywhere or Zenworks of some description. Just pray they’re not rolling out that new DLL when you put your card in!
Anti-virus software on an ATM. F**k!
Spot on. It’s not necessarily Windows that is a problem, although that’s bad enough. It is the attitude and calibre of IT professional that Windows and Microsoft software attract that that is the really big problem.
That is the big problem. Because Windows is relatively easy to jump into every man and his monkey thinks they can support the OS. Then when it crashes or has problems it’s always the OSes fault. Hmmmmmm.
Totally agree. I work with a bank in the UK, and seriously, you wouldn’t bank there if you knew how stuff worked. You’ve even got internal VB systems that use the bank’s own internal components for screen reading terminal screens from the mainframe! They cause huge problems, crash regularly and when the data changes nothing works. Their bank cashier systems run a combination of Windows, custom VB applications and components for printing, and Access databases(!) for storage. I can’t tell you the problems that causes. They’d have all this in an ATM if they could.
Is this the fault of the OS or the IT management. If IT know what they’re doing this doesn’t happen. But if IT is underfunded and understaffed which has been the norm in recent years it’s hard to stop. Corners get cut and band aids applied. You get what you pay for at the end of the day. I work for an office of an international bank in Sydney. We have 500 Australian & NZ users. Two Windows admins (me included) are responsible for SMS packaging for workstations and servers, all of our Windows servers, our database administration, all projects that come up for new servers or infrastructure. The only problem we ever have with any servers are the occasional HDD going down but all of our machines have RAID so we’re notified and replace the drive without any problem.
It keeps us really busy but we cope. But I have worked with Windows admins before that bluffed their ways into IT jobs that would have our infrastructure falling apart if they managed it for any length of time. I’m not brilliant but I’m competent. The trouble is there are too many idiots that think all they have to do is install the OS and go away. Do you do that with Unix? Do you do that with Linux? We only use Windows certified hardware, patches and drivers so we don’t get the random errors that previous posters have talked about.
I’ve said in a previous post that windows is reliable and stable (IF YOU KNOW WHAT YOU’RE DOING). So is Linux. Put an idiot loose as your admin on either box and neither will be stable (would you trust them?).
Having an ATM infected by a virus should be rubbish. The problem isn’t the OS, the problem is that the ATM was on a network that was unprotected. Why would an ATM need to be near (network wise) any machine that receives email. Why would an ATM have any path to an unprotected network such as the internet. There is a magical concept in IT land called a DMZ. If your ATM isn’t on a DMZ then it should at least be on a private network. If it’s not then you’ve got bigger problems than what OS is running on your ATM. I know a DMZ can be hacked (everything can) but the likelyhood of a virus infecting it by some genius downloading a virus through his email is gone (actually that threat should be gone if the IT department does their job at the mail gateway and on their firewalls with the internet access but again, you get what you pay for).
The UK Governtment (assholes and leeches all round) are considering using Windows to control our Trident Nuclear Sub Fleet.
Someone obviously got a nice backhander from Uncle Bill !
… is because nobody complains. If 100 customers complain about the same broken/slow/card eating ATM, and if that happened for half the ATMs of a certain bank, then they would have to change because these customers are going to switch to another bank otherwise.
But all customers seem to be fine with the way it is, and therefore nothing will change.
Yesterday I tried 3 different ATMs in my home town, none of them were working so I went into my bank. They couldn’t give me any money because they were having computer problems and they no longer have a paper system as a backup.
Why do computer systems seem to be getting more and more unreliable? What was wrong with the old text display ATMs that worked reliably? The new ones with animated colour displays don’t work half the time and quite often mess up in the middle of a transaction.
There is a magical concept in IT land called a DMZ. If your ATM isn’t on a DMZ then it should at least be on a private network. If it’s not then you’ve got bigger problems than what OS is running on your ATM.
A de-militarised zone (DMZ) is for the things you want to be publicly accessible over the Internet, e.g. web servers etc, certainly not anything sensitive, such as ATMs. A DMZ certainly a magical concept, it is merely the abscene of a firewall. Surely you mean virtual private network (VPN).
I know a DMZ can be hacked (everything can)
Only things which are publicly accessible can be hacked by the public. It is precisely because of this that banks should keep their ATMs well clear of the Internet, even VPN. ATMs should (and probably do for the most part) operate on operate on a private WAN, it’s not as though the bandwith requirements are high. Even if a VPN were 110% secure, it would still be subject to traffic issues which wouldn’t affect a private network.
“..ok, so explain this:
“In January 2003 the Slammer worm knocked out 13,000 cash machines of the Bank of America and many of those operated by the Canadian Imperial Bank of Commerce.”
I don’t trust Windows with my email…..let alone my bank account.”
If my memory serves me correctly, it was eventually found (or suggested?) that the worm got onto the ‘separate network’ via an engineer’s laptop.
It’s no good having a ‘secure, separate network’ that some monkey that uses his company laptop to surf pr0n on can then plug into…
For the record, I do try to avoid the obvious Windows ATMs too, going for the text-only/green screeners that security and stability aside, are MUCH quicker.
um, These are BANKS.
Doesn’t ANYONE think that BANKS could collectively pony enough cash up to IBM so that they would continue support for OS/2 (which is a stable, working, time-tested platform) exclusively for this particular application for it?
Sure IBM might not be interested in continuing OS/2 support for its own sake, but if offered cash?
Far better that the banks spend money there, than quadruple their IT budget, or worse NOT, and STILL switch to Windows and just trust their outsourcing… *shudder*
Sorry. I was being sarcastic when I said DMZ was magical. It seems not many of the posters on this site know about them. A DMZ is not just for servers that are connecting to the internet, they can be used for any server you want to cordon off from the internet or your private network or any network. My point was that if your ATM was on a DMZ then any virus infection on your private network would not affect the ATMs. The fact that you let viruses into your private network is a disaster and really easy to stop but that’s another issue, at least the ATMs would have been clean.
If my memory serves me correctly, it was eventually found (or suggested?) that the worm got onto the ‘separate network’ via an engineer’s laptop.
Again this isn’t OS related. If you let monkeys loose on your network then it’s not safe. Doesn’t matter what OS you run.
It’s no good having a ‘secure, separate network’ that some monkey that uses his company laptop to surf pr0n on can then plug into…
It’s not secure or safe if you allow that to happen.
just wondering, how would java perform if it would replace VB
If Windows is so stable, then why are these ATM’s crashing at all? If they are running ONE dedicated application then there shouldn’t be any probelms. It’s not like you can input extranous data into the atm for buffer overflows.
Or bogus data could come in off the network.
No The probelm can only be one of two things, the ATM software or Windows has memory leak probelms. With the fact that every Windows mahcine needs to be rebooted every couple of months or so, I would say it is Windows which is poorly designed.
Ignoring for a second the fact that Windows doesn’t need to be rebooted on that schedule, there are a few possibilities.
1. These applications might be using custom low-level drivers to integrate with legacy networks and/or protocols.
2. The applications themselves may simply be buggy.
3. The applications may be running (unnecessarily) with higher privileges and thus capable of bringing the whole machine down.
4. The applications may be setup to run as the Windows shell (replacing Explorer) and the machines configured such that if the shell/primary application crashes – for whatever reason – the entire machine reboots.
The point of failure si windows, if Longhorn is a complete rewrite I will hold out judgement, but I have a feeling it to will have holes in it’s memory.
It’s not. There is no need whatsoever to rewrite Windows NT.
I think they run NT4 and the message says something like: Out of Virtual Memeory
Meaning it’s an incorrectly configured machine running an application with a memory leak…
I know for a fact that my financial institution (Vancity Credit Union) uses Windows-based ATMs. I found out the hard way when I tried to take money out and I saw a “fatal exeception” dialogue box. Not very impressed to say the least.
Which is an _application_ error not an OS error.
Funny how no-one tries to blame coredumping Linux applications on Linus…
Saw at LEAST 3 ATMs in Mexico with NT4 BSOD. one was even at the airport, one at a bank branch, one in a store.
crazy.
> Funny how no-one tries to blame coredumping Linux
> applications on Linus…
Amen on that one. I hear one more “my machine crashed running Roxio CD creator – @#$5ing Windows” I’m going to either puke, or start delivering sacks full of doorknobs.
The only ATM I’ve ever seen crash was running OS/2. I Know this because it rebooted after I inserted my card (including bootlogo and desktop), just to then tell me, it’s out of order. But it kept my card. So much for “that wouldn’t happen with OS/2”.
Bad software can crash (on) any system and I don’t care if the underlying OS still runs. If the software is crashed the OS won’t give me my money.
Is the box eating their card. If the box has Win, it may already be infected with spyware anyway. If I were the bank management, I’d worry about the possibility of $upgrade$ easter-eggs. OTOH, that Kodak picture maker station did crash on me with 40 scanned images just about the time I finished processing them. I don’t think it was running OS/2 or Linux.