Reply to post: I blame Microsoft

Wannacry: Everything you still need to know because there were so many unanswered Qs

DougS Silver badge

I blame Microsoft

Yes yes, no one should have an SMB port open to the internet, but poorly configured DMZs or small branch offices that are supposed to get their internet from the main office but improperly add their own 'business internet' connection from the local ISP because it is faster are probably more common than anyone cares to admit.

Microsoft firewalls off most ports by default, but leaves port 445 wide open. Why? Surely it would make more sense to have it open to ONLY the PC's local subnet, since that will suffice for 99% of home/small business installs! Require a configuration change by the admin to open it up wider - i.e. if your company uses 10.x.x.x internally open it up to 10.0.0.0/8, and pop a warning before allowing someone to disable it entirely.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019