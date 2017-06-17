Microsoft Will Disable WannaCry Attack Vector SMBv1 Starting This Fall (bleepingcomputer.com) 18
An anonymous reader writes: Starting this fall, with the public launch of the next major Windows 10 update — codenamed Redstone 3 -- Microsoft plans to disable SMBv1 in most versions of the Windows operating systems. SMBv1 is a three-decades-old file sharing protocol that Microsoft has continued to ship "enabled by default" with all Windows OS versions.
The protocol got a lot of attention recently as it was the main infection vector for the WannaCry ransomware. Microsoft officially confirmed Tuesday that it will not ship SMBv1 with the Fall Creators Update. This change will affect only users performing clean installs, and will not be shipped as an update. This means Microsoft decision will not affect existing Windows installations, where SMBv1 might be part of a critical system.
Microsoft kills what made it great (Score:1)
The old Microsoft was backwards compatible to old software. Yes it was hard, yes it meant to support shitty old protocols like SMB v1, but they did it, and lots of stuff worked, just worked together, Microsoft code that actually worked!
When they disable SMB v1, one cannot put XP or anything before it in the same network as a current Windows to share files. E.g. a XP VM for some old scanner or printer that you can still use via VM and the current host OS can access.
Problem is not the age of the protocol (Score:3)
What is bad is not upgrading the security of a protocol that is ON by default for 30 years.
Let us take something equally ancient on the unix side, like the Xwindows. Is it on by default in linux? Does it suck as much as SMBv1 in terms of security? What kind of security enhancements have gone into each protocol over these three decades?
I don't know which one is better, but that will give us a sense of how much blame to heap on Microsoft.
Re: (Score:3)
30 year old protocols are not ipso facto bad.
No. It will give us a sense of how much blame to heap on Xwindows. The fact that there are potentially bad practices going on elsewhere doesn't excuse them.
Re: (Score:2)
Re: (Score:2)
It HAS been upgraded to version 3. This is not a neglected protocol, this is default backwards compatibility. They are now defaulting to NOT be backwards compatible, due to lack of security.
But I agree that it should have been turned off much sooner.
Re: (Score:2)
Yes, of course, but by default all remote connection to the X server are disabled. Red Hat also has a default iptables config that shuts off the port, too.
Is there a reason not to disable it on home (Score:2)
Re: (Score:1)
In general, no, you can turn it off as long as you don't have any windows XP, 2003 or older machines. Network printers the big exception, they often only support SMBv1.