The WannaCry and Petya ransomware epidemics both spread using flaws in the ancient SMBv1 protocol, which Windows still enables by default (for some ridiculous reason). Whether you’re using Windows 10, 8, or 7, you should ensure SMBv1 is disabled on your PC.
What Is SMBv1, and Why Is It Enabled By Default?
SMBv1 is an old version of the Server Message Block protocol Windows uses for file sharing on a local network. It’s been replaced by SMBv2 and SMBv3. You can leave versions 2 and 3 enabled—they’re secure.
The older SMBv1 protocol is only enabled because there are some older applications that haven’t been updated to use SMBv2 or SMBv3. Microsoft maintains a list of applications that still require SMBv1 here.
If you’re not using any of these applications—and you probably aren’t—you should disable SMBv1 on your Windows PC to help protect it from any future attacks on the vulnerable SMBv1 protocol. Even Microsoft recommends disabling this protocol unless you need it.
How to Disable SMBv1 on Windows 10 or 8
Microsoft will disable SMBv1 by default beginning with Windows 10’s Fall Creators Update. Sadly, it took a huge ransomware epidemic to push Microsoft to make this change, but better late than never, right?
In the meantime, SMBv1 is easy to disable on Windows 10 or 8. Head to Control Panel > Programs > Turn Windows features on or off. You can also just open the Start menu, type “Features” into the search box, and click the “Turn Windows features on or off” shortcut.
Scroll through the list and locate the “SMB 1.0/CIFS File Sharing Support” option. Uncheck it to disable this feature and click “OK”.
You’ll be prompted to restart your PC after making this change.
How to Disable SMBv1 on Windows 7 by Editing the Registry
On Windows 7, you’ll have to edit the Windows registry to disable the SMBv1 protocol.
Standard warning: Registry Editor is a powerful tool and misusing it can render your system unstable or even inoperable. This is a pretty simple hack and as long as you stick to the instructions, you shouldn’t have any problems.
To get started, open the Registry Editor by hitting Start and typing “regedit.” Press Enter to open Registry Editor and give it permission to make changes to your PC.
In the Registry Editor, use the left sidebar to navigate to the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Next, you’re going to create a new value inside the Parameters subkey. Right-click the Parameters key and choose New > DWORD (32-bit) Value.
Name the new value SMB1 .
The DWORD will be created with a value of “0”, and that’s perfect. “0” means SMBv1 is disabled. You don’t have to edit the value after creating it.
You can now close the registry editor. You will also need to restart your PC before the changes take effect. If you ever want to undo your change, return here and delete the SMB1 value.
More Information About Disabling SMBv1
The above tricks are ideal for disabling SMBv1 on a single PC, but not across an entire network. Consult Microsoft’s official documentation for more information about other scenarios. For example, Microsoft’s documentation recommends rolling out the above registry change using Group Policy if you want to disable SMB1 on a network of Windows 7 machines.
0 comments:
Post a Comment