Does Removing SMB1 Break Anything on Home Networks?
My previous post provided information ( primarily for home users) on how to turn off SMB1 to help avoid the bad guys who are out to cripple your Windows computer. Microsoft released some patches, and if you are totally up to date, you are protected. For Now. And to be honest, there are plenty of people out there with Windows 8/8.1 and older that are not up to date. It is unknown if future attack vectors will use SMB1 in a different manner to install malware/ransomware. Turning of SMB1 on your Windows computer closes the hole.
Most casual home users (who aren’t working in the tech or IT Pro industry) probably don’t know that there are consumer networking devices and programs that rely on SMB. And there are devices that are using SMB1 and you MAY have devices and products where the vendor has not updated to at least SMB2. These issues probably won’t impact casual home users, but I want to call them out.
If, after disabling SMB1, you find something that doesn’t work, it may well be a result of disabling SMB1. Before you enable it again, there are a few things to try, depending on the issue. Following are the three biggest “gotcha’s” – with my comments, suggestions, work around’s.
Turn Off SMB1 on Windows Now
For the non technical computer users out there, this is a red alert. You many have heard of Wannacrypt. There’s a new variant out now. Even if you haven’t heard of this ransomware malware, please turn off SMB1 on your Windows computers. The following is for Windows 10 and Windows 8.1/8. It is very easy to do (note – click or tap on an image to show larger version):
1. Type the words control panel in the Cortana/Search box lower left. Control Panel will appear at the top. Double click to select it.
Surface Pro (2017)
I really loved my Surface Pro 3 (purchased June 2014), but earlier this year, it became useless as a portable with a non functional battery. If I hadn’t encountered the (well known) battery issues, I would still be happily using my SP3. But being chained to AC outlets isn’t my idea of portability. I was hoping that Microsoft would offer a special trade in allowance for SP3 owners in light of the well publicized battery issues afflicting this model, but alas, it didn’t happen. Nevertheless, I decided to spend the money and splurge on the new Surface Pro, i7, 512/16 configuration. The form factor is perfect for me and the extreme portability (bad back) just can’t be equaled elsewhere.
After three days, my opinion is that this is a dream machine powerhouse.
Multi Factor Authentication App Backup and Usage Strategies
I’ve been using Microsoft’s Authenticator App because not only does it support Azure Authentication (Office 365) but because it supports my Microsoft Account, Google account, and anyplace else that supports the OTP standard. Any site or service that supports RFC6238 is supported by MS Authenticator and I can scan a QR code (and in some cases enter a Secret Key instead of a QR code) to “provision” an account.
As my list of 2FA/multi factor authentication enabled assets grows, I had been thinking a lot about what would happen if I upgraded my iPhone or had a hardware failure and needed to replace it. Even restoring a new phone from an iPhone backup does not restore the accounts to MS Authenticator (and the same is true of other 2FA apps, although several offer their own export/import or backup/restore functions). And, while I do get push notifications to approve or deny access on my Apple Watch from MS Authenticator for my Office 365 account and my Microsoft Account, for other sites and services, since Microsoft does not (yet) offer a full fledged Apple Watch App, I need my phone when prompted to enter a code.
