What is SMB Protocol?
The SMB (Server Message Block Protocol) provides a solution for client applications in computers to read and write files and request services from server programs in a computer network.
SMB protocol can be used over the Internet via the TCP/IP protocol or over other network protocols such as Internetwork Packet Exchange and NetBEUI.
When utilizing the SMB protocol, an application (or the user of an application) can access files on a remote server as well as other resources including printers, mailslots, and named pipes. Therefore, client applications can read, create, and update files on remote servers. SMB can also communicate with any server program set up to receive SMB client requests.
Since the Windows 95 operating system, Microsoft has added additional support for both client and server SMB protocols.
For UNIX systems, Samba sharing software is available. The SMB protocol is inherited and developed by Microsoft. A pre-defined client (client) and server (server) can negotiate different protocols they prefer before initiating a session.
Microsoft has provided an open-source version of SMB for the Internet to the Internet Engineering Task Force (IETF). This protocol is called Common Internet File System (CIFS), more flexible than existing Internet applications like File Transfer Protocol (FTP). CIFS can be considered as an addition to the Internet's Hypertext Transfer Protocol (HTTP) for web browsing.
Prevent WannaCry Virus by Disabling SMB
- Install Windows Update MS17-010
The WannaCry virus exploits the ETERNALBLUE security vulnerability to infect users' computers. However, this security loophole has been addressed by Microsoft in the security update MS17-010, released in March. Therefore, you should check the update center to download these updates (by code) to your computer (for example, the code for Windows 7 would be KB4012212 or KB4012215).
- Block Ports 135 and 445
According to antivirus software reports, Wcrypt infiltrates computers through SMB (Server Message Block) ports. To prevent Wcrypt infiltration, close ports 445 and 135 on Windows XP (which Wcrypt virus uses to infiltrate, usually unused by regular users).
To accomplish this, open Command Prompt as Administrator (right-click cmd.exe and select Run as Administrator). Then enter each of the following commands in the Command Prompt window (after each command, OK status will be displayed):
netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=135 name='Block_TCP-135'
netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=445 name='Block_TCP-445'
- Disable SMBv1 Support
Run the following command in Command Prompt window as Admin to disable SMBv1 support:
dism /online /norestart /disable-feature /featurename:SMB1Protocol
In reality, there are various methods to disable SMBv1 that you can fully utilize to eliminate the risk of being compromised by ransomware. Refer to comprehensive guides on how to disable, deactivate SMBv1.
Here are some ways for you to understand what SMB protocol is and how disabling SMB can help prevent WannaCry, enabling you to safeguard your computer against the most dangerous ransomware threat WannaCry as well as other potential threats.
On Linux, a high-risk security vulnerability called SambaCry has emerged, potentially leaking sensitive information on users' computers. So, what is the SambaCry vulnerability and how can you prevent it? Please refer to the method to patch the SambaCry vulnerability shared by Mytour.