Reply to post: Re: SMB

Thought you were done after Tuesday's 115-fix day? Not yet: Microsoft emits SMBv3 worm-cure crisis patch

Michael Wojcik Silver badge


until this bug, SMB3 was looking pretty secure

Well, that's fine, then.

SMB is an ugly, overcomplicated, poorly-designed, highly stovepiped protocol. (And, yes, I've read the specs. I have the original on paper, in fact.) Rather than adding "features" like compression, Microsoft should be reimplementing the whole thing in a safer language (or with strict standards in place), with good (and enforced) secure-development practices, with static and dynamic analysis, and with unnecessary features disabled by default. Backward compatibility mean many customers can't simply jettison it, so Microsoft needs to fix their mistakes.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022