[Info-vax] SAMBA and Ransomeware
Scott Dorsey
kludge at panix.com
Sun Jul 16 18:15:35 EDT 2017
=?UTF-8?Q?Arne_Vajh=c3=b8j?= <arne at vajhoej.dk> wrote:
>On 7/16/2017 3:26 PM, Scott Dorsey wrote:
>> Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
>>> Ned Pile of the Microsoft SMB team has repeatedly stated that running
>>> SMB 1 is very bad, and needs to stop. Here's a longer write-up on that
>>> topic:
>>>
>>> https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
>>>
>>> Samba 3.6 and later support SMB 2 (from 2011) and Samba 4.3 added SMB
>>> 3.1.1 (2015). The OpenVMS CIFS port is based on 3.0.28a. So...
>>> there's no way around using SMB 1 with the current Samba port.
>>
>> This is true and unfortunate.
>>
>> Some of the issue here is that the SMB protocol really wasn't designed for
>> security, and Microsoft over the years has tacked more and more stuff on it
>> to improve security and availability. We can expect that they will continue
>> to do this in the future.
>>
>> This means that SMB is a moving target, and any attempt at supporting SMB
>> is going to require constant attention and a lot of updating. There is no
>> way around that I fear.
>
>Like web browsers, web servers, browser plugins, JavaScript engines,
>SSL libraries, application servers, CMS'es, mail servers and
>a ton of other stuff.
Like some of that stuff, yeah. But most of that stuff I don't want on a
server in the first place. And the stuff I do want on a server, I want to
fight to make as stable as possible. But an SMB server inherently cannot
be.
The web browser is an excellent analogy, though... and it's a reason why
I don't want to see a serious web browser on VMS. It takes up far too much
support effort for the gain it provides.
--scott
--
"C'est un Nagra. C'est suisse, et tres, tres precis."
More information about the Info-vax
mailing list