What to do during the final countdown?

Las Vegas 6 February 2018 Overview o Released by Microsoft in 2015, endorsed by the ATM industry • Call for action since 2016, little signs of the whole industry planning a change • Diebold Nixdorf announced readiness, others to follow o More complex than any predecessors • E.g. security improvements, support agreements o The last one • Different W10 releases • It is inevitable, no sign of extended maintenance – plan now! Delicate balance of affordability

Can you afford to: Can you afford to: 1. Stop security patches 1. Cost of change 2. Potential hardware 2. Compliance/regulator updates 3. Jeopardise innovation Windows 10 solutions o Substantial increase in security features Windows 10 Comment Boot UEFI secure boot Various issues • DeviceGuard around BIOS setting Hard disk BitLocker Proprietary o Impact encryption versions available Key storage Trusted Platform • Presence Trusted Platform Module Module • 64 bit implementation Whitelisting Only approved Proprietary applications can versions run, validation by o Competitive tension CPU DeviceGuard Combination of Unlikely that • Microsoft vs hw/sw suppliers above features with proprietary version full hardware offer similar support security level W10 – a journey with a few lessons

o Business as usualo Windows 10 o Start planning! contains various good features o One vendor announced readiness o and Microsoft CPU support

o DeviceGuard requires a 64 bit o Quite a few implementation o Branch management required implementation o Regular support Skylake choices o Skylake – earlier deadline W7 support o Impact Microsoft’s licensing structure o Rumours of an “anniversary release” o The devil is in the o Top 3 vendors started assessment detail o Finally a Windows version with good security mechanisms o New approach, impact to vendor solutions Windows 10 – the basics New hardware requirements

10 8/8.1 7 Vista XP Prof. Processor PAE, NX, PAE, NX, SSE2 Pretty much industry support SSE2

New standard Processor 1GHz 1/2 GHz (32/64 1 GHz 1 GHz 300MHz Speed bit processor) CPU 32/64 bit 32/64 bit 32/64 bit 32/64 bit 2GB RAM 2GB RAM 1GB RAM 1 GB RAM 128 MB RAM Memory Fairly similar to Hard disk 50 GB 16/20 GB 16/20 GB 15 GB 1.5 GB (32/64 bit CPU) (32/64 bit Windows 7

CPU) (not to XP) to (not Similar to 7 to Similar Graphic card MS DirectX 9 MS DirectX 9 MS DirectX 9 MS DirectX 9 Super VGA graphics graphics device graphics graphics device with with WDDM device with device with WDDM driver driver WDDM driver WDDM driver Security • TPM 1.2+ ✓ ✓ Optional

New • Secureboot(UEFI) ✓ ✓ • Device Guard* ✓ * DeviceGuard requires the 64 bit implementation, creating high impact In comparison, a Q3 ‘15 delivered low-end Dell PC exceeds the above with 1TB disk, 3.7GHz clock and 6GB memory Releases – no more service packs o Branch structure • Current branch – immediate available • Current Branch for Business, defer changes up to four months • Long-term servicing branch complete reduction of change o Management • Validity of 10 years • Frequent change • Thorough review required • “Compulsory” • Higher system requirements not ruled out The road to Windows 10 Potential for hardware upgrades Review for different estates Technical vs commercial support

10 7 o W10 minimum specification Processor PAE, NX, support SSE2 is close to W7’s New Processor 1GHz 1 GHz • New security features are optional for Speed current ATMs, upgraded from XP/W7 CPU 32/64 bit 32/64 bit Memory 2GB RAM 1GB RAM Hard disk 50 GB 16/20 GB (32/64 bit

o Common perception that CPU) (not to XP) to (not Windows 10 requires little 7 to Similar Graphic card MS DirectX 9 MS DirectX 9 graphics graphics to none hardware upgrades device with device with WDDM driver WDDM driver Security • TPM 1.2+ ✓

New • Secureboot(UEFI) ✓ o However – what does this • Device Guard* ✓ mean for support? Intel limitations on Windows 10 support

By family: Generation Win10 Support By product name Family Generation Win10 Support Cedar Mill Legacy No Core(TM)2 Quad CPU Q9400 Legacy Core 2 No 2nd gen No Core Duo E7400 Wolfdale Legacy Core 2 No Ivy Bridge 3rd gen Limited, Win10 upgrades only Core Duo E8400 Wolfdale Legacy Core 2 No Core Duo E6400 Legacy Core 2 No Haswell 4th gen Yes Core Duo T7500 Legacy Core 2 No Broadwell 5th gen Yes Core 2 Duo multiple Legacy Core 2 No Skylake 6th gen Yes (R) 4 multiple Legacy No 7th gen Yes Core(TM) i3-2120T Sandy Bridge 2nd gen No Core(TM) i5-2390T Sandy Bridge 2nd gen No Core(TM) i5-2400 Sandy Bridge 2nd gen No i5-2400 Sandy Bridge 2nd gen No i3-2120T Sandy Bridge 2nd gen No i5-3470S Ivy Bridge 3rd gen Limited, Win10 upgrades only Source (TM) i5-3470S Ivy Bridge 3rd gen Limited, Win10 upgrades only Note: I5-3470s Ivy Bridge 3rd gen Limited, Win10 upgrades only • Intel provides support for CPUs for a number of Core(TM) i5-4570TE Haswell 4th gen Yes operating systems for no more than 7 years Core(TM) i5-4590 Haswell 4th gen Yes (R) CPU n/a - brand n/a - brand n/a • For Windows 10, Intel only provides support for 64 bit implementations Results o Data collection • Different coding of CPU capabilities • Typical Haswell or older Applied to deployers' data • Where details provided, most CPUs meet/exceed the minimum W10 specification 100% 80% o Conditional support 60% • 1 - 46% 40% 20%

• average 24% 0% • Note: validate with manufacturer 1 2 3 4 5 Intel support No Intel support Conditional Intel support o No Intel support: • 99% - 54%; • average 76% Conclusions A range of activities for the industry

o One hardware manufacturer has made Deployers a public announcement readiness • Others discuss readiness with clients

R & D Software o Software-only suppliers will need additional time End-to-end testing • Typically 3 months+ with additional work per ATM ATM make/model applications Hardware Hardware upgrades

CEN XFS Drivers Features o Deployers R&D activities 3 – 15 months Scheme compliance • Sample deployers in ATMIA 2020 committee Pilots • Pilot < 3 month before roll-out • Excludes decision making time Conclusions o Windows 10 has complexities but offers security improvements • Most ATM deployers do not have a real choice • Compliancy ahead of implementing new security features seems to have the majority vote o Act now • Vendors are nearing readiness, liaise with your vendors to determine your options • Start planning to ensure you will meet the 2020 date • Ensure your information channels are open Recommended activities

Plan and execute HW & software Assess your readiness and your Desk study suppliers’ benefits & options impact

o Start planning today! o Walkthrough the roadmap from your manufacturers to determine your configuration o Validate the hardware capabilities from your estate o Detailed hardware & software impact study prior to project rationalisation Are there genuine alternatives?

o Continue with Windows 7 • Various security improvements • High risk as support will be limited/non-existent

o Linux • Some support in some regions

o Cloud thinking as alternative • Industry initiative, requiring standardisation