back to article Latest Windows 10 Insider build pulls the trigger on crappy SMB1

Microsoft has released the newest build of Windows 10 Insider, version 16226, to developers on its fast-track release list. Build 16226 for Home and Professional editions strips out the SMB1 server software exploited by the NSA, and later by the authors of the WannaCry malware. The client SMB1 remains, so that users can …

  1. Anonymous Coward
    Anonymous Coward

    Yawn

    A multi $Bn company & this is the dross that comes out of it.

    Windows 10 took so many steps backwards, that fixing some of the things that were broken/taken out is the only reason it feels like things have moved forwards 2mm.

    "Tabs have been tweaked to make sure the X to close them can always be reached."

    It should never have ever been released where an essential part of the UI becomes unusable.

    "The favorites system can now be viewed like a directory tree"

    I'm sure Netscape Navigator did this like 20 years ago.

    Someone please take out all the plebs infesting MS and shoot them. Please.

    1. Anonymous Coward
      Anonymous Coward

      Re: Yawn

      "I'm sure Netscape Navigator did this like 20 years ago."

      Nope. Didn't have tabs, and Navigator's replacement (Firefox) will still hide the "x" closing widget when too many tabs are open. For completely different reasons, I still prefer Firefox as my web browser (cross-platform availability being one of them). And Navigator's History was a linear last-visited-URL first plain listing, not a tree, which sounds like a good idea, really.

      So, on the browser front, I regard this as mostly good news. Then again, I won't touch anything by M$ or Alphabet. History shows their products tend to phone home and hand over my personal data.

      1. Anonymous Coward
        Anonymous Coward

        Re: Yawn

        "Nope. Didn't have tabs, and Navigator's replacement (Firefox) will still hide the "x" closing widget when too many tabs are open"

        If you'd read the OP properly, you'd have seen the reference to Navigator was in the context of bookmarks/favourites view, not tabs.

        Sigh, one day people will take time to read properly before replying. Not likely, but I can live in hope.

        1. Hans 1
          Boffin

          Re: Yawn

          The last Netscape Navigator HAD TABS, FFS!

    2. Anonymous Coward
      Anonymous Coward

      Re: Yawn

      Look I'll admit I'm a MS fan boy and maybe gates should come back, but till then few things. Take Satya Nadella out back. Windows Phone I like , but it's dead. Right now it's a zombie. I would love to have the options to have windows NT 4.0 or windows 7 interface. UWP kill it. When A program deiced it needs to reboot have windows intercept and give you the option to reboot. I'm looking at you HP there is nor fucking reason to do a forced reboot for printer drivers. Do some thing about apps that steal focus. I work with two monitors I hated it when i';m working on app in the second monitor and an app pops up in the main monitor and steals the focus. Oh a can you put back the media center I kind of liked it.. Oh and for the love of god can you be a major ass hole and tell devs if you write crap code it wont run.

      1. Anonymous Coward
        Anonymous Coward

        Re: Yawn

        "I would love to have the options to have windows NT 4.0 or windows 7 interface."

        Those interfaces hardly work at all under hybrid tablet mode. You'd have to get really good again at surgically stabbing a piece of glass with a stylus, instead of the way we currently jab with fat fingers and thumbs.

        1. inmypjs Silver badge

          Re: Yawn

          "Those interfaces hardly work at all under hybrid tablet mode."

          He said options and I don't have or want a hybrid tablet so I don't give shit anyway.

        2. John Smith 19 Gold badge
          Unhappy

          "Those interfaces hardly work at all under hybrid tablet mode."

          Your failure to understand that some people do not share your PoV probably explains your rising number of down votes.

          Perhaps a significant number of readers view the lone-hacker-sitting-in-a-coffee-shop-writing-awsome-code-on-their-tablet trope to be bu***hit?

      2. Peter Gathercole Silver badge

        Re: Yawn @AC re. reboots

        Don't be so sure that windows printer drivers shouldn't require a reboot.

        Most windows printers rely on GDI, which may require a reboot (or at least a restart of the display system) to register a new printer.

        This is what happens when you have unified display model built into monolithic subsystems in the OS. Its crap, but that's the way it is.

        1. Anonymous Coward
          Anonymous Coward

          Re: Yawn @AC re. reboots

          I've never had to reboot for epson all in one or even lexmark. Ever year it seems HP drivers get more and more bloated. Oh and HP does not give the option to delay reboot it just does it.

          The original AC

        2. Anonymous Coward
          Anonymous Coward

          Re: Yawn @AC re. reboots

          There could be different printing components at different levels of the printing stack - print drivers, port monitors, language monitors, print processors, etc. Some may be kernel drivers, others could be code in use by services (i.e.. the spooler), thereby sometimes a reboot is the simplest way to reload everything correctly. In my experience, most people writing setups are not exactly the most skilled developers who would know how to install something without requiring a full reboot. Many just play safe, and ask to reboot.

    3. Anonymous Coward
      Anonymous Coward

      Re: Yawn

      A multi $Bn company & this is the dross that comes out of it.

      Adding lettuce to a hamburger emoji - surely that was worth all the cost?

      It makes me wonder how the economy actually works, if this is all that business produces.

      1. 's water music
        Coat

        Re: Yawn

        >>A multi $Bn company & this is the dross that comes out of it.

        Adding lettuce to a hamburger emoji - surely that was worth all the cost?

        It makes me wonder how the economy actually works, if this is all that business produces.

        Indeed. I mean, who has lettuce in their hamburger anyway?

        The one with the pockets full of entitlement please -->

      2. Goit

        Re: Yawn

        Does that count as one of my 5-a-day?

      3. Dwarf

        Re: Yawn

        The bigger issue is that when they get to the bug list and adding lettuce to an icon is higher up than fixing the UI that everyone hates, or adding the option to remove telemetry completely then that tells us a lot about how Microsoft works internally these days.

        Here's a hint on the unwanted telemetry - how about making it a role that can be added or removed and making it a separate service, so that we can choose what we want to do with it in the service list.

        Either they don't care, or the skill set of their programmers are not up to much.

    4. Anonymous Coward
      Anonymous Coward

      Re: Yawn

      Indeed, Creators update seems anything but. It's total garbage. They seem to have totally broken DirectX, and few of my apps work anymore (DVBViewer for example), the whole OS is flakey as hell.

      I can bring it to it's knees simply by inserting a EXT4 formatted USB key, causing explorer to totally hang, and render the whole OS to need a reboot.

      1. kain preacher

        Re: Yawn

        I don't know what they did in the creators update but my HP printer stopped working. Opening up certain folders takes for ever and some times locks the system up. We are talking about less than 30 files in the folder.

    5. Just Enough

      Re: Yawn

      Yawn indeed. Another Win 10 story, so another comments section filled with those who either want to

      A/ assure everyone that they don't use it (no-one cares)

      B/ go back to Win NT. (let's skeuomorph like it's 1996!)

      1. inmypjs Silver badge

        Re: Yawn

        "so another comments section filled with those who either...."

        When you consider how many and how much Microsoft has chosen to piss off its customers trying and failing to create a market for its OS on mobile devices then trying and failing to be google WTF else do you expect?

    6. Jonathan 27

      Re: Yawn

      You can close tabs with the middle mouse button (normally the scroll wheel) in every modern browser. Quick pro tip.

  2. James O'Shea Silver badge

    Someone please take out all the plebs infesting MS and shoot them.

    No, don't do that. Ammunition costs money. Rope is cheap and reusable, and gravity is free. Hang 'em high.

    1. bombastic bob Silver badge
      Devil

      Re: Someone please take out all the plebs infesting MS and shoot them.

      I'd rather condemn them to an eternity of WIN-10-NIC! Serve them right, it would!

      and those damnable emojis can BITE MY HAIRY NAKED ASS (a modified 'Bender' quote)

      1. Gnosis_Carmot

        Re: Someone please take out all the plebs infesting MS and shoot them.

        WinME would be a better torment.

        1. kain preacher

          Re: Someone please take out all the plebs infesting MS and shoot them.

          No Windows XP SP3 with 512 megs of ram and Norton set to do a full scan on boot up. followed by some asinine start up script written by BOFH who family is being held ransom.

  3. Anonymous Coward
    Anonymous Coward

    Edge, emojis, and SMB1 - three things I don't use

    Cortana seems a bit on the heavy, slow side to be incorporating throughout the system for search. And it's got very few of the search parameter options you would typically need.

    I replaced most of my Windows search needs with a nice piece of software named FileLocator Pro a few years back, and have been very pleased with it. The lite version of the software, also called Agent Ransack, can be made to run under Wine on Linux.

    1. Pascal Monett Silver badge

      You can replace Windows Search with anything up to and including a divining rod and you'll be pleased with the result.

      I installed a home NAS two years ago and started placing all my various data files from my home PCs onto it. Some folders got pretty large, as in more than 1,000 entries. Whenever I tried opening those folders in Windows Explorer, it took ages. Anything under 400 files was slow but acceptable, anything above a thousand was agonizing.

      People were telling me it was the protocol used by network access (wasn't that named SMB ?). I was seriously miffed that a bloomin' protocol had transformed my storage dream into a bloated snail.

      For reasons I do not recall, I decided to try removing Windows Search from my PC (you know, Uninstall, Windows Options, Search). Once done (and rebooted), I opened a folder on my NAS. To my surprise, in the millisecond after I clicked, there it was. Just like a local disk, actually.

      Needless to say, Windows Search has been removed from all of my PCs. I use Everything Search now, for the rare occasions when I don't quite remember where I stored something and, you know what ? Everything Search doesn't take five bloody minutes to find a result. Not even five seconds. The result is there practically as I type. You know, like it should be on a system that is ten million times more powerful than the one I had ten years ago.

      Windows is the only OS that has succeeded in taking all the performance gains hardware ever offered and keeping UI response times at the same levels since '95.

      1. John Smith 19 Gold badge
        Joke

        "Windows is the only OS that has succeeded in taking all the performance gains hardware

        ever offered and keeping UI response times at the same levels since '95."

        Pascal.

        Thank you for noticing.

        It's been damm hard work to figure out ever more creative ways to burn those cycles and fill your disk capacity but time and again our team has stepped up to the challenge for the Corporation.

        <signed>

        Windows 10 Development Team.

      2. Anonymous Coward
        Thumb Up

        Concur. Everything installed before taking Windows Search to the woodshed for wackiing with an axe is seriously recommended. Except I'm dealong with 1.38 million files and in some directories above 10,000+ files, Loving it..

    2. bombastic bob Silver badge
      Devil

      Re: Edge, emojis, and SMB1 - three things I don't use

      I left SMB1 enabled in Samba because of Win XP machines. For now. But the shares are nearly all read-only.

      The others I never use, either.

      Emojis. Bleah. The only ones I use are profane and NSFW and therefore won't have little cartoony emblems pre-designed by Micro-shaft. Example: (.Y.) <-- that's a mild one

      yeah let's see Micro-shaft do THAT one. HA HA HA HA HA

  4. FozzyBear
    Facepalm

    emoji's, headsets and speech recognition.

    Nice to see Microsoft concentrating on fixing the important things in the OS.

  5. Anonymous Coward
    Anonymous Coward

    Most SMB1 issues were in the implementation, not the protocol

    While SMB1 was born in an era when sound authentication and encryption were yet to come, most vulnerabilities seen were in Microsoft implementations of it, especially the RCE ones.

    The staggering ignorance and blame putting from this Microsoft guy doesn't bode well, but explain a lot about the contempt towards users used in Windows 10 development and deploy.

    Nobody will regret the demise of SMB1 (unless you need to access some old server), but you can't fix something if you don't know why it is broken.

  6. Anonymous Coward
    FAIL

    Yep

    MSFT baaaad

  7. Anonymous Coward
    Anonymous Coward

    As Windows 10 grows and matures...

    I hope Microsoft has the decency to release service packs like the good old days. Preferably allow an option for people to receive the DVD/CD via snail mail.

    It is impractical (and sometimes costly) to download all the updates on a fresh installation of RTM Windows 10. Especially on the blasted 'forced and always-on' update feature.

    It's also a nightmare for software developers. Back in the day, for example, Win XP SP2 was the baseline from which developers advertise their software's compatibility. If a software today is compatible with Win 10, which version of Win 10 would it be? Anniversary Update? Creators' Update? Redstone 2?

    Why not give proper version numbers instead of coming up with silly names? For example, Win 10.2.1 or Win 10.3.2?

    Get back to basics and stop trying to be a hipster. Microsoft will never be another Apple, and even Apple has finesse when it comes to being hipster.

    1. Anonymous Coward
      Anonymous Coward

      Re: As Windows 10 grows and matures...

      Why do you want to go back to crazy cd's and of of date win 7 iso's. If you download Creators Update, you get it with June's patches installed. Microsoft finally do the right thing and people like you still want to waste everybody's time with outdated methods. I tell you, it's not me...

      1. Annihilator

        Re: As Windows 10 grows and matures...

        "Why do you want to go back to crazy cd's and of of date win 7 iso's"

        Because not everyone has access to fast, unlimited broadband?

        1. Roland6 Silver badge

          Re: As Windows 10 grows and matures...

          >"Why do you want to go back to crazy cd's and of of date win 7 iso's"

          Because it is a good use of your time when your laptop requires a replacement HDD and you're looking at embarking on a transaltantic flight in a couple of hours...

      2. shovelDriver

        Re: As Windows 10 grows and matures...

        Where are you downloading from? Compilations on the 'Bay'?

        I ask because I just reloaded my machine with the newest and "greatest" release version downloaded driectly from Microsoft using the Media Creation Tool. After the reboot, it immediately started downloading two (02) Cumulative Updates, along with 3 or 4 other ancillary updatees such as Win Defender definitions, Flash, etc.

        Even after I built my own install set, including integrating the latest CU's available via the Update Catalog, I still had to wait while a fresh install downloaded additional items.

  8. John Smith 19 Gold badge
    Gimp

    "Home and Professional editions strips out the SMB1 server software exploited by the NSA."

    But don't worry Fort Meade cube rats, MS will have left plenty more exploitable vulns in their code for you to use.

    They always do.

    1. imanidiot Silver badge
      Coat

      Re: "Home and Professional editions strips out the SMB1 server software exploited by the NSA."

      *Cough* Isn't that exploitable vuln Windows 10 in it's entirety? *Cough*

      --> The one with the Windows 7 install thumbdrives -->

    2. Gnosis_Carmot

      Re: "Home and Professional editions strips out the SMB1 server software exploited by the NSA."

      I wonder if MS has made some way of stripping out the SMB1 client on Home and Pro as well?

  9. eJ2095

    Whats this Edge you speak of

    Oh hang on i know..

    Used to download the browser of your choice (Then Windows gets into a fight with you about it being set as the default browser)

  10. John Smith 19 Gold badge
    Coat

    We still seen to be missing the most valuable Emoji of all....

    The "This is a piece of s**t" emoji.

    Which I think would be a most valuable addition to the dictionary of visual communication.

    1. John H Woods

      Re: We still seen to be missing the most valuable Emoji of all....

      U+1F4A9 PILE OF POO

      1. John Smith 19 Gold badge
        Thumb Up

        "U+1F4A9 PILE OF POO"

        I stand corrected.

        This does indeed encapsulate exactly what I need to express my opinion.

        1. hplasm
          Devil

          Re: "U+1F4A9 PILE OF POO"

          Isn't that the new Windows logo?

        2. Missing Semicolon Silver badge
          Happy

          Re: "U+1F4A9 PILE OF POO"

          I bit. I looked it up. Its official name is indeed "PILE OF POO". WTF!

          1. Steve the Cynic

            Re: "U+1F4A9 PILE OF POO"

            Tell me what you *thought* it would be called, if not that.

  11. Anonymous Coward
    Anonymous Coward

    Remain to be impressed

    Last week I had an update fail, with a restore to the previous version.

    Today I found my machine telling me how wonderful it is, followed by at least 5 minutes of normal operation before it all went black and I had to reboot. Then, another 5 mins later, a total freeze up.

    I sit here now waiting for the next one.

    Great.

  12. Hans 1
    Coat

    Could you rip out SMB2 and SMB3 as well, please, they are just as insecure!

    1. Anonymous Coward
      Anonymous Coward

      And what would you replace them? NFS? WebDAV? They too have their shares of issues - especially older versions.

      When Apple had to replace its AFP, it adopted SMB2 as the default one.

      1. Hans 1
        Windows

        SMB* are closed source, so inherently insecure, note that the tools 0wned all versions of SMB and they chose to rip out SMB1 ... sshfs is not, for example. NFS ? The 80's called, they want you back ;-)!

        As for WebDAV ... ohhhh, boy, you got me started ... MS have extended it ... OneDrive for business groups, aka SharePoint (Shit, sorry, I was not supposed mention that publicly), supports WebDAV, well MS' extended, incompatible form of it, which requires an auth token that can only be acquired by a browser ... embrace, extend ... B@st@rds!

        MS are so borken they should just ditch Windows ... no, their entire software devision, their code sucks golf balls through garden hoses ...

        @MS fanboys, oh, come on, rejoice! Edge has beaten Safari in the browser market share!

  13. adam payne

    You changed the burger emoji to include lettuce and sauce, good to know that they know what important stuff needs fixing.

    1. John Smith 19 Gold badge
      Unhappy

      " good to know that they know what important stuff needs fixing."

      They like to feel that if they take care of the little things you won't mind so much about the ongoing bandwidth they're soaking up shipping their "telemetry" back to Redmond.

      Not working in my case.

      I'm still p**sed off at this s**t.

  14. Robert Helpmann??
    Childcatcher

    Revisionist History

    From the article: "SMB1 was developed almost 30 years ago..."

    So, late 80s early 90s?

    From Wikipedia: "Barry Feigenbaum originally designed SMB at IBM ... Microsoft merged the SMB protocol with the LAN Manager product ...around 1990, and continued to add features to the protocol in Windows for Workgroups (c. 1992) and in later versions of Windows."

    Yes, that's about right.

    Again, from the article, "It was designed for a world that no longer exists... A world without malicious actors."

    What? I saw the movie War Games in the theater when it came out in 1983. I know, it's a work of fiction, but hacker's were a real enough part of the world to write a movie about, even if it depicted them in Hollywood implausible ways. A quick search shows viruses started in the early 70s (https://www.radware.com/resources/malware_timeline.aspx) and that Mitnik gained unauthorized access to the Ark computer network in 1979 (https://web.archive.org/web/20090317050834/http://www.thememoryhole.org/lit/deception-ch1.htm).

    I call BS! Which world had no malicious actors? Human nature being what it is should give a clue to those designing any system. There will always be the curious, the thrill seekers and the bad actors. There have been locks on doors since there were doors. To claim that things were otherwise is stupidity or lies. To operate as if there are no bad actors now... well, we can watch that play out with IoT among an unfortunate number of examples.

    1. TonyJ

      Re: Revisionist History

      "..I call BS! Which world had no malicious actors? Human nature being what it is should give a clue to those designing any system. There will always be the curious, the thrill seekers and the bad actors. There have been locks on doors since there were doors. To claim that things were otherwise is stupidity or lies. To operate as if there are no bad actors now... well, we can watch that play out with IoT among an unfortunate number of examples..."

      Whilst you're right, I would suggest it was a less spiteful time - viruses didn't usually look to trash your system but would pop up an annoying message, for example, and hackers weren't after your bank login details (well, primarily I guess because there weren't online banking facilities then, just the occasional dial-up-modem type of connections).

      Also the internet hadn't taken off like it would do a few years later - I remember reading an article (might even have been here on el reg) that talked about the Times newspaper accepting online subscriptions - you had to send a cheque to them.

      So in general, I think it probably was a less confrontational and destructive if slightly naive point in time.

      1. Anonymous Coward
        Anonymous Coward

        Re: Revisionist History

        There were indeed bad guys back then but not enough to be a huge concern. Certainly not enough to make adding security to thwart their actions something that reached the list of requirements when designing a system, particularly as interconnections between sites were not that common. Yes there were dialup modems that "could" be exploited and bad guys trying to exploit them but that is a very different operational problem from weak network protocols.

        The big wakeup call was the Morris Worm of 1988 with DEC and Unix hosts targeted across sites that had been networked together. It was the first significant time a bad guy exploited the known and accepted security issues in network connectivity programs. Till then everyone was more of the mindset "wow this network stuff actually works: I can connect to another system on the other side of the country."

        1. John Smith 19 Gold badge
          Unhappy

          "The big wakeup call was the Morris Worm of 1988 "

          Wow.

          Next year the world can "celebrate" 3 decades of buffer overflows

          Yay for that.

    2. Anonymous Coward
      Anonymous Coward

      Re: Revisionist History

      It's far too easy to look at something with thirty years of insight, and blame the design. Moreover, the company the MS guy works for tried to rename SMB1 as Common INTERNET File System and tried to make it standard with an RFC - it looks it took until 2017 to understand it was not designed for that, in Redmond. Probably they smoke the same west cost hippies substances...

      It is true that most LANs were "trusted", but you wonder how long MS take to harden system by default, instead of letting "compatibility needs" letting big holes available. Anyway, most system available in 1980s and early 1900s would have chocked with actual encryption demands, and Kerberos was not available in Windows until Windows 2000.

      SMB1 is an outdated protocol, has many features which are no longer useful or used, while the "patches" added to make it more secure just added complexity. It was time to bury it, but you could do it with elegance, instead of bad mouthing developers that were probably far better that those, despite years of evidence about how bad code practice are dangerous, still introduce big vulnerabilities in new code, despite the heap of advanced tools they have available, while probably the early implementations of SMB were written in assembly. And can't develop a binary protocol because they can't understand any data structure which is not made of strings.

  15. simpfeld

    SMB1 only

    Wow SMB1 ripped out.

    Lets rip out NetBIOS over TCP/IP and run SMB over so called directly hosted port 445 (goodbye WINS)

    But better still disable, NTLMv1 and NTLMv2 and just do Kerberos only. NTLM is arguably a much bigger problem than SMB1.

    Then we can start talking about how you are addressing security issues!

    Does it take a widely exploited flaw before MS disables some of this old crap. Flaws in NTLMv1 and v2 have been widely discussed in hacker conferences for years.

    1. Anonymous Coward
      Anonymous Coward

      "just do Kerberos only"

      Unluckily, not so easy. Kerberos does require a more complex setup to work - you need the KDC, etc. It would make simple deployments like a home NAS far more complex.

      Moreover, even when using Kerberos remember that accessing a share by IP instead of domain name may downgrade to use of NTLM instead of Kerberos - you can still block NTLM is you wish:

      https://technet.microsoft.com/en-us/library/jj865671(v=ws.10).aspx

      https://technet.microsoft.com/en-us/library/jj865682(v=ws.10).aspx

      Unluckily, again, directly using IP is something still done in some smaller environments (a good thing of IPv6 is it will stop that, given most people find hard to memorize IPv6 addresses....)

  16. Anonymous Coward
    Anonymous Coward

    VM sharing?

    Like instantly triggering a massive file copy has been missing from my life.

  17. gotes

    I prefer the old ROFL emoji

    Not that I've ever seen it before, or would ever use it. Or Edge.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like