Bid Goodbye to Malware Prone SMB1
January 1, 2018 by Tal Widerman
Much has been said and written about the security threats posed by the SMBv1 protocol, and yet, as we look around in the beginning of 2018, the use of this protocol is still widespread. It is still not uncommon to find devices and applications using a protocol that is not only ancient, but also unsafe. Let’s take a quick look at some major reasons and recommendations that should convince anyone to stay away from this ancient version of SMB:
SMB1 is not safe: Lack of encryption, pre-authentication integrity, insecure guest blocking and more makes it vulnerable to malicious attacks such as the WannaCry ransomware attack which spread through the SMB1 protocol.
SMB1 is not efficient: SMB2 and SMB3 are much more productive by means of bigger reads and writes, peer caching, durable handles, etc.
SMB1 isn’t necessary now: Only in a very outdated environment is SMB1 the only option.
For years Microsoft has tried to prevent companies from implementing SMBv1 in new products and to upgrade older products to safer and newer SMB versions. In September 2016 the company had released an article titled “STOP USING SMB1”, and one year later became more active and disabled SMBv1 completely, starting with Windows 10 RS3.
In parallel, a shaming list was published of all companies that risk their users by using the SMBv1 protocol only and warning users to keep a foot away from these products. The WannaCry cyber-attack is a concrete proof of the risk potential and results of using SMBv1. As is well known, the WannaCry malware spread via SMBv1, first infecting one machine that would then propagate the malware to other at-risk boxes.
While Microsoft has been fighting to eliminate the SMBv1 protocol, the United States Department of Homeland Security has released an official warning to the public to disable SMBv1, and that the sooner it is done, the better.
The move to an updated SMB library is Inevitable as Microsoft will continue to release newer Windows versions with SMBv1 disabled (or even dropped completely), and sooner or later products with only SMBv1 will become simply unusable.
Visuality Systems SMB products support all SMB dialects up to the latest , encrypted SMB3.1.1 version. The chart below illustrates how different SMB versions speak to each other as of September 2017:
Visuality Systems’ NQ products are commercial, developed from scratch and come with support available round the clock. When you purchase from Visuality, you receive a product built on 20 years invested in SMB along with the backup of a professional and experienced SMB team. Visuality Systems also provides personal email and phone numbers of its engineers to ensure customers receive a quick response to any enquiry.
Try the evaluation NQ package today, email us at: [email protected]
