In future scenario of ransomware attacks like WannaCry and Petya, the vulnerabilities in Windows 10 can be reduced by disabling SMB 1.0. Microsoft releases patches from time to time to minimize the risk of these attacks. But network administrators have advised to take extra steps by unchecking SMB 1.0/CIFS options in Add/Remove features.
What is SMB and its Relevance?
It stands for Server Message Block. It is a client-server communication protocol used for sharing access to files, printers, serial ports and other resources on the LAN or WAN. This can be used for interprocess communication which can also carry transaction protocols. It was first created by IBM in the 1980s. From then onwards there have been multiple variants and are known by different names. There are small changes made to fulfill the network requirements of different protocols.
What is the Purpose of SMB?
- Dialect negotiation
- Determining other Microsoft SMB Protocol servers on the network, or network browsing
- Printing over a network
- File, directory, and share access authentication
- Record locking
- Directory change notification
- Extended file attribute handling
- Unicode support
- Opportunistic locks
How does the SMB protocol work?
It is basically a client-server request. For example, an application or user exists on the client, it can send the message to the server program and receive an SMB client request. The user can also request access to files on remote server. There are also other accessible resources like Printers, mail slots etc.
The SMB protocol is known as a response-request protocol. It can transmit multiple messages between the client and server to establish a connection and do the necessary transactions.
The Earlier History
Earlier it was known as Common Internet File System (CIFS). But it gained a bad name as a chat protocol and reduced the wide area network (WAN) performance. The cause was the combined burden of latency and CIFS’s numerous notifications.
In SMB 2.0, the number of commands and subcommands were just reduced to 19. This reduced the number of acknowledgements and improved the performance. It operates in Layer 7, also known as the application layer. It can be used over TCP/IP on port 445 for transport. When devices do not support SMB directly over TCP/IP, then it requires the use of NetBIOS over a transport protocol, like TCP/IP.
Since Windows 95 onwards, Microsoft has provided support for SMB protocol. A client and server may implement different varieties of SMB, which they handshake before starting a session.
The following are the different dialects of SMB.
SMB 1.0 (1984): Created by IBM for file sharing in DOS. Introduced opportunistic locking (OpLock) as a client-side caching mechanism designed to reduce network traffic. Microsoft would later include the SMB protocol in its LAN Manager product.
CIFS (1996): Microsoft-developed SMB dialect that debuted in Windows 95. Added support for larger file sizes, transport directly over TCP/IP, and symbolic links and hard links.
SMB 2.0 (2006): Released with Windows Vista and Windows Server 2008. Reduced chattiness to improve performance, enhanced scalability and resiliency, and added support for WAN acceleration.
SMB 2.1 (2010): Introduced with Windows Server 2008 R2 and Windows 7. The client oplock leasing model replaced OpLock to enhance caching and improve performance. Other updates included large maximum transmission unit (MTU) support and improved energy efficiency, which enabled clients with open files from an SMB server to enter sleep mode.
The Latest Versions
SMB 3.0 (2012): Debuted in Windows 8 and Windows Server 2012. Added several significant upgrades to improve availability, performance, backup, security and management. Noteworthy new features included SMB Multichannel, SMB Direct, transparent failover of client access, Remote VSS support, SMB Encryption and more.
SMB 3.02 (2014): Introduced in Windows 8.1 and Windows Server 2012 R2. Included performance updates and the ability to completely disable CIFS/SMB 1.0 support, including removal of the related binaries.
SMB 3.1.1 (2015): Released with Windows 10 and Windows Server 2016. Added support for advanced encryption, preauthentication integrity to prevent man-in-the-middle attacks and cluster dialect fencing, among other updates.
How to Disable SMB1 in Windows 10?
The following are the steps.
1. Press the Win Key and type “control”.
2. You should be able to see the default Control Panel.
3. From that window click on “Programs and Features“.
4. On the left hand side you see “Turn Windows Features On or off“.
5. By default the SMB feature is neither enabled or disabled.
6. You just uncheck the options, if they are enabled.
This should protect your computer from hacking and ransomware attacks. But a different situtation arises from disabling this option. If there are any devices on your LAN they may not be visible in your network sometimes. Though Microsoft deprecated this feature, it is necessary sometimes.
In that case, you can enable SMBv2 OR SMBv3 to make the other devices visible on your network again. But as far as possible avoid SMBv1 being active and see if there is any other alternate route.