WannaCry

doncole said:

I saw on TV that the WannaCry Ransom Virus will be blocked if your Windows Updates are up-to-date.

That is partially true. Windows updates prevent you from being infected by this without your intervention.
But you could still get infected, if you would run it by yourself, like by running an unknown email attachment.

doncole said:

I had this virus before. It's easy to get out with Kaspersky. But you will loose all your document if you haven't backed them up.

That is why, you always need to do regular backups. AV will usually not detect it, until after it is too late.

doncole said:

I saw on TV that the WannaCry Ransom Virus will be blocked if your Windows Updates are up-to-date.

Which upgrade do I need stop the latest ransom from England or where ever?

I just received my last Update around 5/11/2017. The only thing different, that I see, is that the border around the Windows was black now it's no color (flat).

Is this the one with ransom update?

I had this virus before. It's easy to get out with Kaspersky. But you will loose all your document if you haven't backed them up.

Don Cole

Hi Don,
Just to be clear:
The WCry ransomware does 2 things:
1. it encrypts your data for a ransom
2. it spreads via a worm which exploits an SMB1 vulnerability
So, updating your system closes the SMB1 vulnerability and prevents the thing from spreading, but it can still infect your system.

See this post for the link to the Security Bulletin:
Privacy and Security – How do I Protect Myself ? - Page 4 - Windows 10 Forums

You want to make sure the particular KB is installed for your OS.
.

Another option is to simply disable SMB1 in Windows, to prevent spreading.



This will not, however, prevent encryption.

Steve C said:

Do any essential programs / services need SMB 1.0 support?

I can't remember exactly, but seems someone said you might lose access to a NAS if it's setup that way (which supposedly it shouldn't be?) Not too sure - would have to google that myself.

Here is some information on SMB 1.0 Hope this explains it a little more.

If you don’t need to support an older SMB version for computers running Windows XP or Windows Server 2003, you can disable this function to reduce the system load and improve security

The original SMB1 protocol is nearly 30 years old, and like much of the software made in the 80’s, it was designed for a world that no longer exists. A world without malicious actors, without vast sets of important data, without near-universal computer usage.

When you use SMB1, you lose key protections offered by later SMB protocol versions:

Pre-authentication Integrity (SMB 3.1.1+). Protects against security downgrade attacks.
Secure Dialect Negotiation (SMB 3.0, 3.02). Protects against security downgrade attacks.
Encryption (SMB 3.0+). Prevents inspection of data on the wire, MiTM attacks. In SMB 3.1.1 encryption performance is even better than signing!
Insecure guest auth blocking (SMB 3.0+ on Windows 10+) . Protects against MiTM attacks.
Better message signing (SMB 2.02+). HMAC SHA-256 replaces MD5 as the hashing algorithm in SMB 2.02, SMB 2.1 and AES-CMAC replaces that in SMB 3.0+. Signing performance increases in SMB2 and 3.

Bottom line is SMB 1.0 should be Disabled, just like simrick has posted.

Steve C said:

Thanks. I'm going to disable this since I only use Windows 10 for home use. Is there any other legacy stuff enabled by default we can safely disable for improved security?

As long as you keep your Windows 10 Home updated with the latest updates, you should be just fine. Windows released some security fixes for this just a few days ago.