Thanks to Shawn Brink over at TenForums, I saw a fascinating article from the Microsoft Tech Community this morning. Entitled “SMB is Dead, Long Live SMB” it explains the exceedingly long and tortuous road that leads from Barry Feigenbaum’s work at IBM in 1983 to the present day (see the history coverage of Server Message Block, or SMB, at Wikipedia for a good recap). I started working in the networking world in 1984, when I took at job at Schlumberger to work on application development to read and re-parameterize wireline log files. The only way to get data in and out of the PDP-11 computers they had on their mobile trucks and barges at the time was using TCP/IP (using the PUP, or Peripheral Update Protocol, long since totally obsolete). Little did I know that this would propel me inexorably through most of the remainder of my working life.
But SMB, of roughly the same vintage (1983 vs 1979) is not TCP/IP, by any stretch. Its original design let it share network addresses amongst a maximum of only 254 unique endpoints or devices. However, SMB has always been ridiculously easy to implement (which is why developers liked it) and use (ditto for end users). That said, SMB1 (the first version of that protocol) is recognized as chatty (lots of back-n-forth on network segments on which it’s active) and terribly insecure.
In fact, chattiness and insecurity explain Microsoft has been trying to kill SMB1, mostly unsuccessfully, for a while now. First, they deprecated use of that protocol in Windows Server 2012 R2 in mid-2013. Then, they started NOT installing SMB1 by default with the release of Windows Server 2016 and Windows 10 1607 (aka “Fall Creators Update”). Microsoft has also come out with new versions of SMB, named SMB2 and SMB3 (a cleaned-up, more secure and streamlined version of SMB3 that uses the same protocol format and headers as SMB2). They’re supposed to be as easy to use as SMB1, but equipment vendors have either been incredibly lax in moving up the SMB food chain, or they’ve found it too much work to migrate to newer versions in the past few years.
Why, Oh Why, Won’t SMB Die?
If you read through the whole TenForums thread, you’ll learn the answer to that plaintive question. It’s because numerous devices, including recent-version routers (Netgear), TV sets (Sony and Samsung), media devices, and more still insist on using this protocol. In fact, Microsoft has an SMB1 Product Clearinghouse web page (last updated in April 2019). There, they list all the devices they know about that explicitly require the use of SMB1 for their gear to work properly. If you take a look at that page, you’ll see 100 or more different company names, with hundreds of products, all of which ride in this same boat. I’m very sorry to say that SMB1 looks likely to continue its dogged Zombie existence for the foreseeable future. Ouch!
My advice: use SMB1 on your local networks only if you must. And if you do use SMB1, recognize it as a definite and pronounced source of increased vulnerability and potential exploits. You certainly want to lock up your network boundary as tightly as possible. You will also not want to let unvetted and/or unfriendly folks loose on that network, because an SMB takeover can quickly and thoroughly compromise every device that permits SMB1 connections to it. You’ve been warned! I’m glad MS has turned it off by default now, and I do not use SMB1 on my networks, even though I have several devices (including two Samsung TVs) that depend on its use. So things go sometimes, here in Windows-World!
Author: Ed Tittel
Ed Tittel is a 30-plus-year computer industry veteran. He’s a Princeton and multiple University of Texas graduate who’s worked in IT since 1981 when he started his first programming job. Over the past three decades he’s also worked as a manager, technical evangelist, consultant, trainer, and an expert witness. See his professional bio for all the details.