NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
ReadyNAS Duo v2 Windows 10 2019 Fall Update SEcurity and Shares
If you despair about Netgear support and security you are not alone: - 1. With Windows 10 Fall update 2019 SMB 1.0 is automatically removed from your PC as unsafe. 2. If you read the Microsoft thre...
Woodfield wrote:1. With Windows 10 Fall update 2019 SMB 1.0 is automatically removed from your PC as unsafe.
Afraid, you seem to be very new to Windows 10 and all it's development and enhancement over the year. This started to happen years ago already, not much change on the Win 10 Fall Update (which is still a work in progress and not released for production). FMI start your reading here: https://support.microsoft.com/en-us/help/4034314/smbv1-is-not-installed-by-default-in-windows
Woodfield wrote:2. If you read the Microsoft thread about this, they have been warning for a long time that it is a security issue:
Where was a lot written about a security vulnerabiity which affected both Windows and OS using SAMBA. In fact, the fixes were available in the field even before this made it to the public and a lot of copycats pushing started to make a lot of noise which appears to scare people until November 2019 (and it will continue much longer).
Woodfield wrote:3. Has Netgear done anything to either warn users or update its firmware? Absolutely not. You just find out that after the Windows Update Raidar no longer allows you to browse your drive through Windows File Explorer. Wonderful.
Netgear released a firmware update back in 2017 also for your NAS addressing the CVE-2017-7494 vulnerability.^which allowed to access and write to any shared folders even if the users wasn't authorized.
Woodfield wrote:4. The fix is to go to Windows services, ignore the security warnings and enable SMB 1.0. So Netgear forces you to risk being the victim of ransomeware etc.
The "big" vulnerability was fixed on both Windows and SAMBA source code - and deployed https://kb.netgear.com/000038792/RAIDiator-Version-4-1-16-Sparc Still, and shared folder legally accessible on a NAS, a Windows PC or Server, on a business class storage systems, ... can be encrypted by malware. Dropping SMB 1.0 does not change a s**t.
Woodfield wrote:5. Worse perhaps, although you can see your shares in a browser, you will be warned that the certificate used by Netgear is unsafe. Carry on at your own risk. In other words, the firm cannot even be bothered to update its certificate, never mind deal with an appropriate software update - despite the warning from Micorosoft.
Well explained by StephenB above already.
Woodfield wrote:6. It took me ages to find the above, albeit unsatisfactory, solution and that was only thanks to the pop ups from Microsoft guiding me to the problem.
I won't talk of the fact that SMB1 isn’t modern or efficient - many features have made it to the higher protocol versions. Some would (massively) help on these underpowered NAS system like yours - however, it has never happened. Other features are simply out of scope, like protocol signing or encryption
Enabling the CIFS/SMB 1.0 feature can be done in a very easy way on the Windows 10 systems: Just add/enable the CIFS/SMB 1.0 Client feature.
There are many legit reasons why users can and must continue using the SMB 1.0 [Items 1..3 stolen from a Microsoft blog, and extended:
- You’re still running XP or WS2003 under a custom support agreement.
- You have old management software that demands admins browse via the so-called ‘network' aka 'network neighbourhood’ master browser list.
- You run old multi-function printers with old firmware in order to “scan to share”.
- You operate legacy storage systems, legacy NAS models, ... only supporting SMB 1.0/CIFS.
schumaku wrote:The "big" vulnerability was fixed on both Windows and SAMBA source code - and deployed https://kb.netgear.com/000038792/RAIDiator-Version-4-1-16-Sparc
Woodfield - I'm not sure if you have a v1 or a v2 (your title says one thing, your model number field says something else).
schumaku's link (4.1.16) is for the fix on the v1. It was also fixed on the v2 at the same time (5.3.13) - that link is here: https://kb.netgear.com/000038794/RAIDiator-arm-Version-5-3-13-for-ReadyNAS-Duo-v2-NV-v2
If you aren't running the final firmware for your NAS, then you should update it.
Thank you StephenB and schumaku for your replies. Much appreciated.
However, when you write "This started to happen years ago already, not much change on the Win 10 Fall Update" I am afraid that does not accord with my experience.
Prior to the update Radiator worked and I could browse the V1 (my version error but prompted by the infexibility in the way Netgear gives options). After the update Radiator would not locate and allow me to browse. Adding back the support for the protocol solved the issue but took me ages to find.
My real grouse is with a vendor attitude that says what you have got is old; and therefore we could not care less. Go and buy a new one. That is both wasteful and arrogant. My drive works fine and, yes, I also back up everything to OneDrive.
Woodfield wrote:
However, when you write "This started to happen years ago already, not much change on the Win 10 Fall Update" I am afraid that does not accord with my experience.
Microsoft announced they were deprecating SMB1 in 2014. They got much more serious about it in May 2017, when WannaCry exploited some vulnerabilities. FWIW, Netgear did fix those security issues in 5.3.13.
In the fall 2017 release of Windows 10 (1709), Microsoft stopped installing SMB1 by default in new installs of Windows 10. They also put in automatic removal of SMB1 if it wasn't used for 15 days. https://support.microsoft.com/en-us/help/4034314/smbv1-is-not-installed-by-default-in-windows At that point, we began seeing the SMB1 connectivity issues in this forum that you just ran into.
The Duo v2 was discontinued by Netgear in 2013 - before Microsoft announced the deprecation plans, and well before they implemented it in Windows 10.
I agree it would have been nice to have SMB 3 support in the older NAS. But SMB 3 would have reduced the performance of the older NAS, and it would have been quite a bit of work to add it. FWIW, I think that Netgear was struggling to fully support the three quite different platforms (4.1.x sparc, 4.2.x intel, 5.3.x arm) they had in the field before they launched OS-6, and (in my opinion) one reason they consolidated down to one going-forward platform (OS 6) was to solve that problem.
In any event, all vendors (including Microsoft) do drop older platforms regularly. Though it is annoying if you have an older product that is still working well for you.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
