How to disable SMB v1

If you have been reading about WannaCry and Petya, most of the systems could have been protected two ways.

First is to make sure systems were up to date on security updates and other patching.

Second would be to disable SMB v1.

[A third way would be up to date anti-virus/security software but for those in the initial batches that were hit, this probably wouldn’t have been available.]

Server Message Block [SMB] is the file protocol that is most commonly used by Windows operating systems. It is an old protocol, over 10 years old. Communications is digitally signed, which enables the recipient of the packets to confirm their point of origination and their authenticity.

Note: Test before applying changes. You still may have some lesser known applications that still need SMB v1.

This link details how to disable SMB v1 for stand-alone computers as well as those on a domain for various operating systems.

If you are using a stand-alone computer [not on a domain], the registry “fix” below will disable SMB v1 and will take effect after rebooting:

Windows Registry Editor Version 5.00

; Disables SMB v1

; To enable, set to 1 or delete entry

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]

“SMB1″=dword:00000000

With the release of Windows 10 Fall Creator Update [a.k.a. v1709] and the server equivalent, SMB v1 will be disabled by default when you buy a new system or do a clean/fresh installation [i.e. not an upgrade].

Microsoft has a web page that lists Microsoft and third-party products that require SMB v1 and links with further information.

Note: A reminder that if you modify the registry, back up the registry before proceeding.

Advertisements

Blocking the latest Microsoft .net Framework in Windows

There is the occasional time where you want to disable Windows from upgrading to the latest .net Framework from Microsoft. As of this time, the latest version is version 4.7. The following can disable the installation:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\WU]

“BlockNetFramework47″=dword:00000001

.net Framework 4.7 incorporates all the updates and updates backwards to 4.0 [i.e. 4.0., 4.5, 4.5.1, 4.6, 4.6.1 and 4.6.2]. From the above, you can replace the version in the registry settings with the version number without the decimal [for example, BlockNetFramework462 for version 4.6.2.] .net Framework 4.x series does not replace .net framework 3.5 series.

Microsoft Exchange, for example, is at this time not compatible with .net framework 4.7.

To enable the installing, replace the “1” above in the registry settings by a “0”. Note that you can still manually install .net Framework.

Now what is .net Framework? Unless you’re a developer, you really don’t need a lot of knowledge to make use of .net Framework. You just need to know it is working. The .net Framework contains thousands of pieces of shared code which helps developers as it is much easier because they don’t have to repeat the need to perform some common function. They can instead re-use the shared code in other applications. In earlier days when high speed internet wasn’t as common, it was easier for developers to include their application only as the shared code is already installed.

Note: As usual, when modifying the registry, back it up first. And use at your own risk.

 

WannaCrypt may have been a dud for most

While the WannaCrypt/WannaCry ransomware caused some havoc, primarily in Europe and mostly of them in eastern Europe, with the infection hitting in the 6 figures, it turned out to be a big dud.

First, many did not pay the ransom. I am guessing many of those in eastern Europe cannot afford $300+.

Second, while it heavily affected those with Windows 7 computers, I suspect many of those are unprotected or not patched as they could be pirated copies of Windows 7. Eastern Europe and Asia [also hit hard] are notorious for high piracy rates. Many with pirated copies do not want to possible compromise their system with an update that could botch their copies.

Third, even though somewhere around an estimated 10 percent of computers are still using Windows XP, an operating system that has had no support for about 3 years, those who programmed botched things up because when WannaCrypt got onto those computers they wouldn’t spread to other computers and many of them would crash.

Kaspersky claims almost 98% of machines infected were Windows 7 based. Servers were just over 1% and most of those were Server 2008 R2.  Windows 10 accounted for 0.03% [I guess some turned off Windows Updates]. Servers account for 1.4% with most of them on Windows Server 2008 R2 – the server version of Windows 7.

WannaCry/WannaCrypt Microsoft Windows patches

If you are up to date on Windows patching, you should be covered. If not, you can still get the patch at http://catalog.update.microsoft.com/v7/site/Search.aspx?q=4012598.

It is important to know that Microsoft also release patches for unsupported Windows XP SP3 and Windows Server 2003.

Privacy in technology

Even as we close in on 2 years of Windows 10, we still see so-called “journalists” [or bloggers] who continue to fan the flames when it comes to privacy/telemetry settings in Windows. zdnet.com had one this week.

Microsoft has tweaked the way the settings are over the 2 upgrades in Windows 10 plus they tweaked it again earlier this year [if you bought a new laptop and it had the update].

Even with the tweaking, there has been many third-party tools [such as Safer Networking] that can be used to disable some of this – aside from what Microsoft provides. Some inventive people even wrote scripts to remove some of it.

Note: Some tweaks can actually cause problems as well if you modify them.

And yet, these so-called “journalists” continue to write what is considered mostly a dead issue.

If you are still whining about this privacy/telemetry issue, then I’m not sure if you belong in IT [if you are in that field]. Whining does nothing.

Everything you touch has some privacy/telemetry issues. Your ISP tracks your Internet access. Your carrier tracks your cell usage. If you use a search engine, it’s tracked. You are using an operating system? No matter which one, they are all tracking you.

Question is that do you know how much tracking Google, Apple or others are doing?

Remember when Siri from Apple first came out? Apple stored what you asked [voice recording] plus all your metadata [Apple ID, date, time, IP, etc.] for at least 6 months. After 6 months, they still kept your voice sample [and probably a subset of the metadata] for another 2 years. Apple claimed it was because they needed sample voices to improve Siri’s understanding. You are still being tracked with Siri.

When you visit a web site [that you are registered on], ever get an Email following a visit asking you if you are still interest in what you were looking at or something similar?  Staples and Best Buy are among the numerous sites that do that.

So the first thing you do when buying something with an OS is to go into the setting thoroughly – every section – and disabled or modify what you don’t want. You then research to see what else can be disabled or modified.

The same goes for web sites that you visit. Go in and turn off or modify what you don’t need.

The other alternative is to dump anything that connects yourself to the internet, the Cloud, etc. [Not even a dumb cell phone.]

 

Shutdown a computer [and restart] options

Little used by most is the hybrid utility called Shutdown.exe. And yes, it shuts down your computer or remote computers [some options only work with the local computer].

Just running it alone does nothing. It has both a GUI version [with the /i option] or command line parameters. The command line version includes many more options that you can’t do with the GUI.

First and foremost, you must have local admin rights on the computer you are shutting down – whether the one you are on the local one or remotely.

The command line has quite a few other options. To get all the options, go to a command prompt [run it elevated if you intend on using it right away] and run with the /? option to see them all. There will be the equivalent of a few screens.

The following are the more useful options:

  • shutdown /i – Show a graphical interface (note that this does not include all options available via command-line switches)
  • shutdown /s – Full shutdown
  • shutdown /r – Full shutdown and restart
  • shutdown /h – Hibernate the local computer
  • shutdown /l – To log off the current user
  • shutdown /?  – Command line options

For UEFI-based Windows 10 PCs, you have two extra options that can be invaluable:

  • shutdown /s /fw – After a full shutdown, the firmware user interface opens on next start
  • shutdown /r /o – After a restarts, it displays the advanced boot options menu

Note: As usual test before using [or a computer you can reboot anytime].

 

Apple kills QuickTime for Windows support

If you have Apple’s iTunes for Windows, it generally also installs QuickTime for Windows which is a multimedia player from Apple.

The US Department of Homeland Security’s (DHS) US-CERT is urging Windows users to uninstall Apple’s QuickTime video player because Apple will cease supporting the product. The alert comes after the discovery of two critical flaws in QuickTime that could be exploited to allow arbitrary code execution.