My previous post provided information ( primarily for home users) on how to turn off SMB1 to help avoid the bad guys who are out to cripple your Windows computer. Microsoft released some patches, and if you are totally up to date, you are protected. For Now. And to be honest, there are plenty of people out there with Windows 8/8.1 and older that are not up to date. It is unknown if future attack vectors will use SMB1 in a different manner to install malware/ransomware. Turning of SMB1 on your Windows computer closes the hole.
Most casual home users (who aren’t working in the tech or IT Pro industry) probably don’t know that there are consumer networking devices and programs that rely on SMB. And there are devices that are using SMB1 and you MAY have devices and products where the vendor has not updated to at least SMB2. These issues probably won’t impact casual home users, but I want to call them out.
If, after disabling SMB1, you find something that doesn’t work, it may well be a result of disabling SMB1. Before you enable it again, there are a few things to try, depending on the issue. Following are the three biggest “gotcha’s” – with my comments, suggestions, work around’s.
For the non technical computer users out there, this is a red alert. You many have heard of Wannacrypt. There’s a new variant out now. Even if you haven’t heard of this ransomware malware, please turn off SMB1 on your Windows computers. The following is for Windows 10 and Windows 8.1/8. It is very easy to do (note – click or tap on an image to show larger version):
1. Type the words control panel in the Cortana/Search box lower left. Control Panel will appear at the top. Double click to select it.
I’ve been using Microsoft’s Authenticator App because not only does it support Azure Authentication (Office 365) but because it supports my Microsoft Account, Google account, and anyplace else that supports the OTP standard. Any site or service that supports RFC6238 is supported by MS Authenticator and I can scan a QR code (and in some cases enter a Secret Key instead of a QR code) to “provision” an account.
As my list of 2FA/multi factor authentication enabled assets grows, I had been thinking a lot about what would happen if I upgraded my iPhone or had a hardware failure and needed to replace it. Even restoring a new phone from an iPhone backup does not restore the accounts to MS Authenticator (and the same is true of other 2FA apps, although several offer their own export/import or backup/restore functions). And, while I do get push notifications to approve or deny access on my Apple Watch from MS Authenticator for my Office 365 account and my Microsoft Account, for other sites and services, since Microsoft does not (yet) offer a full fledged Apple Watch App, I need my phone when prompted to enter a code.
Two Factor/Multifactor Authentication can help keep you safe.
The bad guys are out to get you. They’re phishing in your email, they are using brute force to try to get your password so they can log into your email accounts, your Microsoft Accounts, your Google accounts, Facebook, Twitter, and just about everywhere that you use a password to log in. Having a strong and unique password for every site and account isn’t enough these days. You CAN do more to protect yourself. There PROBABLY ARE baddies trying to break into your accounts right now. It’s a fact of life. Want an example? I was amazed at the number of unique IP’s trying to gain administrative access to the WordPress dashboard on one of my blogs by trying to login through the WordPress interface. And I was horrified.
What can you do to protect yourself? My advice is simply ‘if you don’t have 2FA enabled, enable it now if you possibly can’. (And if you are one of the folks that still doesn’t have a smartphone, consider a physical device like Yubikey’s devices. Microsoft blogged about using this product for Windows Hello as well.) I won’t cover using these devices in this article, but be aware that if you don’t have a smartphone, you do have an option.) Note that, in some cases, you can use a secondary email address as an option to SMS or Yubikey, but it isn’t as secure and I don’t recommend it.
Two Factor Authentication (2FA) relies on something you know (like a strong password) and something you have (like a cellphone/smartphone) to help secure your email, online email and social media accounts, etc. There are additional ways to use 2FA, and you can read more about this at Wikipedia, Microsoft, and there’s a particularly good write up at Google.