Regarding the ATM hack cited, it seems to me that the vulnerability has more to do with a machine design that allows someone to patch in a laptop, and also a lack of protocols that should have prevented someone from impersonating an onsite ATM technician. Even if there were a Windows OS security fix to block one form of malware, the hackers will simply create a new version so long as they have physical access to the machine's USB port.