How Windows XP can affect the cash register

Businesses have been getting warnings for months about the end of support date for Windows XP. On April 8, Microsoft Corp. will stop releasing patches for XP, and by now, many businesses will have migrated their workplace computers to another operating system (OS) as needed.

But what about the point-of-sales (POS) systems in restaurants and stores? For Christopher Pogue, director of SpiderLabs at Trustwave Holdings Inc., this is a real problem – businesses may be running Windows XP on their payment terminals and may not even realize it, he says.

“POS applications run on top of the operating system … so it may not be on their radar, and they’ve potentially never even looked at it,” he says. “Most people don’t care which OS they’re running – they just want it to work. They’re not intentionally being irresponsible.”

However, the problem there is that hackers may be waiting for the sunset date of April 8, having prepared exploits and vulnerabilities to launch 0-day attacks. As Microsoft won’t be patching these anymore, this could be dangerous for businesses, large and small, that are still using XP at their cash registers.

The best thing to do is to update to another OS – but that may be too expensive and time-consuming for many small businesses. On one hand, having an unpatched OS is just giving hackers yet another way to attack and steal data.

But on the other hand, even with a properly updated, patched, and supported OS, it’s still possible to suffer a data breach, Pogue says, adding he’s seen a lot of them in his 14 years as a forensic investigator.

“Relying upon your OS to be up-to-date is not a silver bullet, and it never has been,” he says. “So if you haven’t updated your OS, I wouldn’t freak out and say the sky is falling, or that this is the next Y2K.”

What it really comes down to is a business decision, Pogue says.

“It’s another expense. Security isn’t their core competency. Their core competency might be making my chicken, fries, and poutine,” he says.

So if an update to another OS isn’t in the works, Pogue says businesses should protect themselves with strong passwords, properly configured firewalls, good network access controls, and all of the other layers that make up a proper security posture.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Candice So
Candice So
Candice is a graduate of Carleton University and has worked in several newsrooms as a freelance reporter and intern, including the Edmonton Journal, the Ottawa Citizen, the Globe and Mail, and the Windsor Star. Candice is a dog lover and a coffee drinker.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs