Vladimir Putin 'Still Uses Obsolete Windows XP' Despite Hacking Risk

Speaking of Russia, whose agents have been accused of worldwide hacking operations, but someone at the Kremlin has apparently forgotten to inform Vladimir Putin of the importance of cyber-security. From a report: Putin, 67, appears to have the obsolete Microsoft Windows XP operating system installed on computers in his office at the Kremlin and at his official Novo-Ogaryovo residence near Moscow, according to images released by his press service. Both computers have the Kremlin towers set as their desktop backgrounds. [...] Moscow is gradually phasing out Microsoft and Google on government computers in favour of Russia's Astra Linux operating system software and domestic browsers such as Yandex. Dmitry Peskov, the Kremlin spokesman, did not comment when asked why Putin continues to use an antiquated Microsoft operating system.

Re:Win7 holdout reporting in

[NicknameUnavailable]

There's really nothing wrong with WinXP and Win7 not having updates, as long as you have good internet hygiene and firewalls up the ass you're set - unless of course you have Win10, which will dial home through your firewall and report everything it can on you.

Re:

[Anonymous Coward]

Ehh, given the Spectre/Meltdown cross-process data leaking capabilities, I think you'd have to also disable JavaScript to be secure with that set up, and that means most of the Internet isn't going to work. But maybe that's what you mean by "good internet hygiene" -- not using 99% of the Internet and only visiting a couple sites that are themselves secure? Seems a little like crossing your fingers and hoping THEY don't get compromised and wind up compromising you in turn.

Firewalls can only do so much. And w

Re: Win7 holdout reporting in

[Cmdln Daco]

If you have sites like the New York Times strictly script-blocked with NoScript the whole site renders perfectly without the paywall. It gives you a rather ' flat' NYT with just the text articles and basic pictures. It feels more like an actual print newspaper in a way...

The idea of blocking off the fruit of a lot of 'web developers' just feels good.

Re:

[arglebargle_xiv]

If you're Putin it makes perfect sense, XP doesn't phone home and who would be insane enough to try and hack whatever the Russian for Capo di tutti Capi is?

Re: Win7 holdout reporting in

[Type44Q]

as long as you have good internet hygiene

Two words: "air" and "gap." Windows is - and always has been - "toilet paper grade." However, sometimes there's asswiping needing to be done.

Any Windows

[enriquevagu]

Any Windows has the same hacking risk from the US government. And I would tend to think Win10 and all of the "calling home" features has even higher risk.

Re:

[methano]

I wish I was still running XP. Things popped when I was using XP. I recently moved to Windows 10 from 7 and you'd think it was waging a nuclear war in the background. Actually, for all their upgrading, MS, and it's penchant for "god knows what" going on in the background, has managed to outrun Moore's law.

Here's how I'd rate them.

XP > NT > 7 > 10 > 8 >> Vista

Putin's got the right idea. As long as he's just surfing the web and posting on Facebook, screw security and embrace speed.

Re:

[superdave80]

2000 >> XP > 7 > NT > 10 > 8 >> Vista >>>>>> ME

Ah, much better. (really, NT ahead of 7?)

Re:

[methano]

Maybe 7 > NT. My memory is fading. I've never used 2000 on the desktop, though I do have an 20 year old scientific instrument sitting next to me right now with a computer running 2000. It still works fine.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Any Windows

[drinkypoo]

XP64 had poor driver support. If you wanted to use all your hardware it was a no-go. I'm pretty happy with 7 still, although since Mickeysoft started pushing telemetry "updates" it's been a bit more of a hassle. I've used 10 just a bit and wow, it really is slow AF. I'll be glad to get off the Microsoft train again. Now that the UI that I like best on Linux is working again (Gnome2/MATE, Emerald, Compiz, AWN) I'm actually looking forward to it. Now I just need the time to switch, which probably won't happen for a month or so since I'm too busy.

Re:

[Rockoon]

XP64 was just Server repackaged, so driver support was fine for many things, just not video cards.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Dagger2]

It had pretty decent driver support. The only thing I couldn't get a driver for was my TV capture card, for which there was never a 64-bit driver, even for Vista or later versions of Windows.

It was 64-bit Windows in general that had poor driver support, but once people started doing 64-bit drivers they tended to do them for XP x64 too.

Re:

[ArhcAngel]

There's a large contingent of gamers who would put XP over 2000. Having to boot 98SE just to play your favorite game really sucked.

Re:

[bn-7bc]

ME shuld not be incloded iirc it's the last windows to yuse the nx code base and kernel, ótaly different beast then the rest in your list

Re:

[superdave80]

True, but I couldn't help but take one last swipe at that piece of crap :-)

Re:

[gx5000]

I was on the Team that launched it at MS Canada.
It was so Crap our calls dropped by 50%...98SE on the other hand....
The only people that had issues with ME were the starfish that didn't update their BIOS or used shit hardware.
As a tech the ability to rollback patches accumulations or just the registry was a godsend. We didn't switch out at home to XP until SP1 went through its 7th iteration, but sh*tting on ME is just such a Starfish move.

Re:

[Brain-Fu]

Linux > Windows.

Yeah, yeah, I know. Captain Obvious, and all that.

Re:

[o_ferguson]

Only if you're not doing tasks for business or entertainment.

Re: Any Windows

[FireXtol]

I've used Vista for years. I loved it. It's set up almost exactly like 2000 'under the hood', but vastly improved NT. It's basically the same as 2000 is to XP as Vista is to 7. 10 is alright. Unfortunately Microsoft is royally fucking up what would easily be the best NT ever. It's almost like self sabotage. I think Microsoft foresees Linux and derivatives like Android and other players in the mobile space consuming their market and it'll end up just like windows phone. I truly think Microsoft Windows wi

Re:

[BKX]

You should probably stop using antique computers and upgrade to something a bit newer, assuming by "moved" you meant "upgraded Windows". If you really want Windows 10 to shine, an SSD is a must, and don't bother with less than 8GB RAM (16GB is really very much better). If you run decent hardware, Windows 10 blows any previous version of Windows out of the water, performance-wise. I'm currently using computers that originally came with Windows 8 but with SSDs, gobs of RAM, and decent processors and my perfor

Re:

[i286NiNJA]

My current install is finally running stable. Could be drivers (got rid of AMD). Could be MS. Could be disabling telemetry but my gaming pc needed to be rebuilt so often that it killed my motivation to play video games and I let it sit for nearly a year before getting it working. After getting a gtx1080 I let it sit powered off for like 4 months before I finally felt compelled to try one more time.

Running good now but come on windows 10 is a complete bullshit OS and I bought a laptop with it preinstall

Re:

[Swave An deBwoner]

Can't you just go into the BIOS setup manager and disable secure boot?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[toddestan]

I have computers with SSD's, Core i7's, 16GB of ram, and high end GPU's. But whenever I occasionally pull out my old Windows XP computer out of the closet when I have need to use it (I have an old film scanner that doesn't support anything newer than Vista), I always marvel at how fast and responsive it seems compared to what I have gotten used to. This is a single core Athlon XP with 2GB of RAM, an IDE hard drive, and an ATI 9600. Yet it's more responsive to input, switching applications is faster, the

Re:

[Anonymous Coward]

it's not like XP was particularly special, but if you wanted something that ran on grandma's 128MB of RAM you're damn right it was XP, which may indirectly have make it "pop" more as it became more "obsolete"

and so while win7 isn't special, it too gains big points in relative scale, in the form of "it's not win8" "it's not win10"

more than OSs, it's old software that I find /really/ pops, old editions of MSoffice and photoshop that boot in less than a second

Re:Any Windows

[Z00L00K]

And maybe Putin did run XP just to troll everyone - if you make a great deal of a show using something in public that you don't use for real then you are performing a misdirection - and Putin is pretty good at that, don't forget that he comes from KGB.

This.

[rsilvergun]

If Putin was using XP for anything of consequence then we'd know it, because amateurs would have long since hacked him and released a ton of incriminating items.

Re:

[Rockoon]

...assuming there are incriminating items to find on that xp machine.

Anyone that wants real security runs BSD, and no, not Apples version of it.

Set dressing

[Martin S.]

Perhaps the set dresser [wikipedia.org] is a true believer that takes the Putin's call to the good old days seriously.

In soviet Russia

[Trogre]

Computer is owned by you.

Re:

[superdave80]

Nice. I actually haven't seen a 'in soviet russia' joke on \. in quite some time.

Re:

[geek]

Well it is a lot like hot grits down your pants

Re:

[Phil Urich]

I'd like to . . . hrmmm . . . something about Natalie Portman? Man, it's been a while.

Re:

[o_ferguson]

n/t

Re:

[superdave80]

In Soviet Russia, Natalie Portman wants YOU!

Hacking risk? Really?

[Artem S. Tashkinov]

There's no hacking risk as Putin does not use computers. I'm pretty sure he has an iPhone/iPad and his own private cinema.

The way he runs "the rob Russia business" he cannot afford to leave any trace, even the electronic one. His many aids most likely wield MacBooks because most people in the country distrust Microsoft/Windows 10, and also it's all about having/showing off the most expensive gadgets available and Apple perfectly caters to such people.

Putin has FSB Installed

[Roger W Moore]

There's no hacking risk as Putin does not use computers.

I would have thought the reason there is no hacking risk is that Putin uses FSB. Unlike your typical anti-hacking and anti-virus tools, it actually does run quietly in the background and simply makes any would-be hacker just disappear.

Re: Putin has FSB Installed

[aRTeeNLCH]

On top of that, FSB uses none of your compute resources, making the system fly!

Re:

[AHuxley]

Its bait for the CIA, MI6... the real Russian work is on paper in a safe..

The computer is left to see who accepted US$100000 in CIA cash money to attempt to get access to and start the file copy.
MI6 offers full UK citizenship for any Russian after the files are copied.

Contact with officials from Canada, Australia, New Zealand results in the giving of the CIA gmail account and the secret news about the US$100000 in CIA cash money.

Re:

[bn-7bc]

well strictly that ipd/iphone is a computer, not a pc but definitely a computer, but you already knew that so why do I bother posting this ? no idea

The devil you know...

[kackle]

Please prove it's SO vulnerable versus Windows 10 (assuming one is using appropriate security measures too). I'd bet it's more along the lines of FUD and assuming the newer OS is safer.

Re:

[omnichad]

There might be new vulnerabilities in Windows 10, but they are both running off versions of the same codebase. Most security flaws found in Windows 10 are likely also present in 7, Vista, and XP. And then there's the fact that XP doesn't have support for TLS 1.3 encryption, so you may have trouble finding a web browser to use - especially since current versions of major browsers won't run on XP.

Thousands of CVEs

[raymorris]

There are literally thousands of CVEs telling how you can exploit a Windows XP machine. By "you" I mean "you", not the NSA.

It's entirely possible that the NSA can hack an up-to-date Windows 10 box. It's certain that most Slashdot readers, if they were so inclined, could fire up metasploit and own an XP machine without actually knowing how the heck works.

Re:

[kackle]

Hmm, had I more time, I'd like to investigate that. I have a hard time believing that someone on the outside (i.e., from the Internet on the other side of a firewall), with no physical access to the machine, can "get in".

Re:

[kackle]

Indeed, I'm close to being a dumb end user.

Happens every day

[raymorris]

Companies and individuals are in fact compromised every day. Just at my company alone, our IDSes and other systems alert us to a problem about every week or two and we have to take a machine offline while we deal with the problem. (Yes I'm working to improve that). Firewalls are kinda like seatbelts - it's a good idea to have one, and not an excuse to be reckless.

We have a pentest scheduled for a week in January. I predict they'll be past our external firewall in no more than 30 minutes and the rest of t

Re:

[kackle]

One example of the "look cool by tricking the firewall" group is to send Destination Unreachable messages for Google or Microsoft update. As soon as the victim machine(s) poll the Microsoft update server, the firewall sees your next destination unreachable as a "related" packet, one connected to the putgoing request, and you've established yourself in the firewall state table. You now have the ability to send packets in at will.

I THINK I understand--I'm not an IT guy. Would having a simpler firewall (less features) help such scenarios?

If they're running XP inside the network, you can put an XP virus in a jpeg file, so if you get them to view your jpeg you win. You can either put the jpeg on a web site and entice them to visit the site, or just email the virus-infected jpeg to them.

I've heard of that one before, but don't know what program actually executes that would run embedded JPEG code.

Re:

[raymorris]

> Would having a simpler firewall (less features) help such scenarios?

That's an interesting question. I'm not aware of any studies on that exact point, but in general simple things are more secure. Complexity is the enemy of security.

Of course there are application firewalls which actively look for threats in emails and web pages. Those features have value. I just tested a security web firewall at work and found about 8 different ways that reduces TLS (SSL) security, but it catches malware so it's a n

Re:

[kackle]

Well, good luck and carry on! In the meantime, I will continue to lament our IT's decision to block all .EXE attachments, in and out. :/ 'Understandable since we have ignorant users, but annoying to the coders who also handle customer support, like me.

Re:

[raymorris]

If you need to send exes out, you could ask the sec team about allowing your AD group to either send exes, or password-protected zip files.

Does your company use Mimecast, Barracuda, something else? The systems used by most companies allow policy to be set granularly at the AD group level. Just don't ask for more than you need - if you really just need to send them out, state that clearly and don't request to have incoming exes allowed.

Re:

[kackle]

Thanks, but the IT at our medium-sized company is just awful. Apathy comes from the very top, so getting them to do anything is like pulling teeth. I'll just put up with the extra clicks/their file server on the cloud. I appreciate your response.

Re:

[raymorris]

Sorry to hear you are dealing with apathy in the company.
Honestly, every gateway used by even smaller businesses you send TO would probably block your executable on the recipient's side anyway. So you could SEND it and often they wouldn't RECEIVE it, which would be a hassle.

Re:

[kackle]

Got ya'!

ReactOS?

[uncle slacky]

Are we sure it's not React OS? ISTR the Russian govt put some money into its development a while back.

Re:

[Bu11etmagnet]

My (very small) bet is on fvwm95 (https://en.wikipedia.org/wiki/FVWM95)

Re:

[sabbede]

No, I don't think we are sure of that at all. I found some of the photos (http://en.kremlin.ru/events/president/news/62124/photos), and while you can't see the one UI element that would distinguish ReactOS from Windows (Start menu logo), what is visible could easily be React.

And probably is. The originators of the story probably don't know React exists.

Summary edits out answer

[urusan]

The part that is cut out with a [...] in the summary contains the answer:
"Windows XP, released in 2001, was the last Microsoft operating system given the green light for use on official Russian government computers, the Open Media website reported, citing defence ministry documents."

Seems pretty straightforward to me.

Re:

[0dugo0]

Doesn't surprise me. I suffer from a severe notepad/putty addiction and XP is the last Microsoft windows release I have been able to beat into not phoning home when you least expect it.

Where are the pictures

[ardmhacha]

" according to images released by his press service."

The story doesn't contain the images or a link to the images.

Definitely not XP, More like Win 7 (or a clone)

[jrnvk]

For those looking for the photos, PCMag has a link to the Kremlin website release. It's not XP. Definitely Windows 7, or something made to look strikingly like it...

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[GameboyRMH]

A recent version of Backtrack/Kali in stealth mode maybe? :-P

Re:

[NicePics13]

https://files.catbox.moe/gbt0ks.jpg [catbox.moe] Homebrew linux distro or just a modded 7?

Putin is not worried someone knocks his door

[fabioalcor]

Because he is the one who knocks.

You can still buy security updates

[sectokia]

We ran it until 2016, and even then you could continue to pay microsoft. They jacked the price iâ(TM)ll to where itâ(TM)s absurd, but its still an option.

Re:

[toddestan]

I'm pretty sure that Microsoft finally pulled the plug on XP, though it wasn't until sometime this year. Though it wouldn't really surprise me if they were still selling patches to certain customers with deep pockets for large piles of money.

Windows XP is not going away

[xack]

It's been almost six years since end of support. People are running XP either by choice or because they have legacy hardware or software that they need to use. The 2020s will be the decade of unsupported Windows as 25% of Windows users have rejected Windows 10.

Re:

[Z00L00K]

After installation of the Windows 7 December updates I will disable the update engine in hope to avoid the full screen screams about "upgrading" to 10.

the guardian

[twentyRedHeads]

man is the Guardian stupid.
Yeah putin's office computers are not secure.
I mean, really, what do russians know about computers and hacking and that sort of thing.
lol
(the Guardian is also one of sleaziest tabloids out there)

Re:

[kot-begemot-uk]

man is the Guardian stupid. Yeah putin's office computers are not secure. I mean, really, what do russians know about computers and hacking and that sort of thing.

Have you followed the submission to WADA earlier this week?

1. No Backups

2. No regular checkpoints to write once media

3. Database opened to access from the Internet

4. Sacked employees credentials not revoked

5. Sacked employee gone "whistleblower" accessing data for 6 months and according to them deleting files at random to look like they are hiding something.

That was a project on Putin's personal "watch list". Based on that, I would put some serious doubts on a lot of claims about their superior skil

Real Security Is...

[Sarusa]

He's got Russia's entire malware / hacking community under his mafia umbrella, and he can have anyone assassinated anywhere in the world. The thing's probably just a honeypot.

Putin is not stupid ...

[Alain Williams]

any later version of MS Windows and he faces the risk of telemetry trying to exfiltrate his data. OK: Kremlin firewalls would probably stop that, but no point in taking a risk.

Hacking risk? That depends on the situation.

[blindseer]

Is there a firewall? Is there malware detection software? Are these computers even connected to the internet?

I remember reading someone making a big deal about a fairly harmless virus getting on some USAF air-gapped systems. They were used for communicating with drones or satellites or something, and they needed to carry in files they downloaded with new maps and other information they needed. The system was a roach motel, data goes in but it doesn't come out. This was a non-issue of the virus there and no risk of a hack.

If these Kremlin computers are run this way, and I suspect that they are, then it doesn't matter what OS they run. Nobody will hack them but people in the building, if the people in the building are a hacking risk then your physical security sucks and you have bigger problems.

I've seen a lot of old XP computers in use in recent years. They are likely still in use. When someone has a CNC machine that the manufacturer provided software that runs only on XP then this computer will be running until that computer or the CNC machine fails beyond repair.

I remember seeing an article on how people are still running Apple II and Commodore computers yet. They get used to run things like tire balance machines, or by some poor family that just needs something for the children to type up their assignments and print them out (possibly on a daisywheel printer that can produce some very nice output). Are these a "hacking risk"?

I believe that the Russian government is smarter than this article gives them credit for.

Deliberate Honeypot ?

[nukenerd]

Who knows it isn't Linux with an XP screenshot for the wallpaper. Jeez, I did something like that at work for a while because I didn't want to stir up the IT admins who were locked into Microsoft shit.

Or it is a honeypot running in a VM because he likes baiting those Indian scammers.

Pootin - He's crazy smart

[AndyKron]

Everyone knows WinXP is more resistant to radiation than the newer OS's

OS security

[I am not a Bicycle]

The security of an OS depends greatly on its intended use. Can a Windows XP computer be made as secure as an NSA hardened Unix system? Yes, if the computer isn't connected directly to the Internet but passes through several firewalls that filter out harmful sites and servers, doesn't run any remote control scripting programs or services, and is housed inside a building that blocks wireless signal interception. Then again the photo could be merely just that, a Kremlin photo op intended to show that Putin isn

Win 3.1

[mveloso]

If he ran Windows 3.1 he'd be un-hackable.

Most ATMs still run XP

[Waitfor1tt]

if it's air-gapped and you stay away from usb sticks, there's no reason to patch or upgrade.

XP was the best version of Windows

[goobadoobah]

SP3 was so clean and mean... it was gold. Try opening explorer on Win7/8/10 .. it sits there for MINUTES while it scans for meta data and rubbish shit when all you want to do is sort by date modified find a file and open it.. Aside from that they probably have had enough time on XP to rip out all the NSA backdoor shit, and continue to do basic stuff on it. Putin gets points in my book here for being a badass and sticking the middle finger to Microsoft.

Re:

[johnsie]

If Windows takes that long to open explorer then you either aren't using an SSD or your computer is a piece of crap.

Re:

[toddestan]

Explorer is slow because of how it scans everything to collect meta-data, and try to draw thumbnails for absolutely everything, and often chokes when it does so. And it's slow because it's scanning your network, getting hung up by other resources on the network that are slow to respond or don't respond at all. A large directory of something like images - or worse, videos, can take several minutes to redraw if you decide to do something like sort by date instead of name. A SSD doesn't really help because

It is actually a honey pot

[Pirulo]

So many people is trying to run exploits against XP at the Kremlin rigth now, and the Soviets are tracking back the origins and counter playing with the wannabe crackers.

People with no security scream about it the loudes

[paper_sextoy]

You can secure XP same as everything else. It still gets paid updates. With a good external firewall and disabling of services all of those metasploit scripts will fail. Proper endpoint security/HIPS will stop anything else. The smug OMG! UPGRADE! movement is for grandma and the plebs who don't know jack about squat. Too many people fall into that category even though they might not admit it.

There is of course a real reason to stop using 7 and XP; software. When all of the packages you want to run legitimat

Almost certainly ReactOS.

[sabbede]

What's more likely, that the Kremlin uses XP despite knowing all the flaws, or that the Guardian's reporters aren't familiar with Russia's clone of Windows?

If you can find a photo, note that the one thing that distinguishes React from XP - the icon on the Start button - isn't visible.