Click here
Click here
Retail Technology, Retail technology News

Shavlik delivers first agentless XPe device patching system

Tuesday December 15 2009

Shavlik Technologies has debuted a new agentless system to manage patching Windows XP Embedded (XPe) devices commonly used in a host of thin client devices common to retail, hospitality and entertainment industries  

Shavlik Technologies has debuted a new agentless system to manage patching Windows XP Embedded (XPe) devices commonly used in a host of thin client devices common to retail, hospitality and entertainment industries

 

The company said its XPe system makes Shavlik the industry's only patch management provider with full support of XPe devices to secure these devices against viruses, worms, and hackers.

 

Windows XPe devices use a stripped down version of the Windows XP operating system on a thin client device like a kiosk or point-of-sales (PoS) device. And, because the XPe uses thin clients, many of the services and components used in the full version of the Windows XP operating system have been disabled or are not available. The company argues that an agent-based approach to patching these machines often doesn't work because there's limited disk space or services required by an agent are not enabled.

 

Embedded devices present major vulnerabilities

 

"The number of XPe devices used by consumers and individuals every single day that may have never been patched is staggering," said Nancee Melby, Shavlik Technologies product marketing director.

 

"The agent-based approach is impractical for patching the vast majority of these devices, so they simply remain unpatched and so, an entry point for hackers. Shavlik's agentless approach eliminates the obstacles to patching Windows XPe devices and leaves no footprint other than the patches themselves."

 

According to Melby, Windows XPe devices can include retail PoS cash registers, slot machines, airport or train station kiosks, gas station self service pumps, ATM-styled kiosks at cinemas and more. “PoS devices have traditionally received little attention because an attack on a single system would yield little data; they were viewed as insignificant,” she added. “But recent breaches have shattered the illusion that these devices are not a reason for concern.”

 

Staying secure and compliant

 

Shavlik claims the new XPe support not only provides a means to easily and effectively patch these devices, but also helps organisations using XPe devices to be fully Payment Card Industry (PCI) compliant.

 

The PCI Data Security Standard (DSS) requires that XPe devices that process electronic payments meet certain standards for patch management and vulnerability assessments. This includes requiring all systems to use the most recently released software patches to protect against insider threats, as well as external hackers and viruses.

 

www.shavlik.com