Please note this is drifting further off-topic, so if you're not interested in the technicalities of XP, then just delete. > According to the May 2014 issue of PC Pro magazine, they say that such > machines should run a special version, called Windows XP Embedded. > Apparently this is to be supported until at least 2016 - which begs the > question of why the consumer versions are not. A cynic might suggest that it > is easier to convince individuals to change their OS rather than corporate IT > departments! However it also states that many devices - and it does not > specifically refer to ATMs, as there are also machines in the medical and > manufacturing fields - are running a standard version of XP which is then > heavily customised for the purpose of being a locked down, embedded > device. I spent more years than I care to remember building XP-Embedded systems in a previous life. They differ substantially from desktop systems in that all unnecessary components are removed, which immediately removes many vulnerabilities. They also run from a read-only drive, sometimes a solid-state drive, which reverts to the original state upon reset. When building the system all TCP/IP ports are blocked by default, and you have to explicitly open the ones you want to use. This means that most malware doesn't get a look in, and those that do are quickly removed by a reset. The data stored on them is probably of little use, and so there is little incentive for malware writers to target them. XP-Embedded runs in many, many different products. I know of shop tills, home entertainment systems, CCTV systems, and vehicle data loggers that all run XPe produced by my former employer. My home PVR also seems to run it. Graham