"Security" AND "Speed" TOO?!!?

So ... I just "learned" (?!?) ... just today (!!!) ... after all these YEARS (!), that not only is it "ok" (at least in my case - and probably many others) to DE-select (in Network Connections) "Client for Microsoft Networks", but that it is "advisable" (for security AND speed) ... Is this correct information that I gleaned today??

I had already deselected File & Printer Sharing (some time ago, in the same, Network Connections>Properties>General Tab), as I do not use that either.

Thanks in advance,
g ...

 

you only need it if you access files over your network/internet via VPN. it has nothing to do with your tcp/ip stack so disabling it wont hurt you. it could provide a little more security but im no security expert so i dont know for sure. all i know is when it is enabled, windows opens ports for file sharing. so if someone was actually going to try to exploit that, yeah it could provide you with one less range of open ports. as for speed, i havent seen any proof that it will effectively increase the speed of anything.

 

Thanks KS ... as a follow-up, I'm curious, the site where I read this, was also talking -*warning*- of (various Microsoft OS's) "ports 137-139" being "open/exposed". However, this info "seemed" to be "dated", as the site itself seemed to me to be dated.

Are you (or anyone) aware of this "potential" security vulnerability in any Microsoft Systems?

Thanks again,
Glenn

 

yeah, those are the ports opened for file sharing.

 

Whoa, incredible for two reasons.

1. I have a hard time believing, in this day and age, that this (seemingly to me) extremely crucial information is; (a.). not FIXED/and or otherwise ADDRESSED by and ACCOUNTED for, by MS, and (b.) more widely conveyed amongst the "brethren" (and sisterhood) online (and elsewhere), at sites such as this (though for the record, I should state that-that may well be "the case", and that I am simply naive).

2. - Your reply to my last post was the absolute fastest I have EVER seen ... you replied back quicker than I could read my own post back to myself after I had posted it! WOW! Thank you!

 

maybe this will provide a little info
http://www.lockergnome.com/it/2005/04/13/windows-file-sharing-facing-the-mystery/

and to your 2. i was still here. i pretty much sit at a computer all day at work, so major geeks provides my somewhat entertainment during the day.

 

Thanks again - oh, and glad to be able to provide some sort of "service" to ya! :-D

 

ive been looking around for this as well. apparently the range of ports 135-139(netbios which i believe was used for file sharing) were used in 95, 98, and ME. microsoft fixed that in 2000/xp(to reduce dependency on netbios) and now uses tcp/445 which i believe is the ssl port


i gotta do some more research on this...

yeah file sharing is definitely complex. researching SMB, netbios, netbeui, and cifs.

 

Hey man, "Typing" (to me), is "complex" ... THIS "stuff" (again, for me) is like some sort of aeronautical-electro-magna-physics (if there even is such a thing?), vascular neurosurgery, and "Mysteries of the Bible" ALL ROLLED INTO ONE!

 

So I suppose my li'l mini-panic here was a bit unfounded?

I guess this is the "thing": I have recently switched Firewalls (yet again) - out of the XP Home FW and into another, Free "downloadable".

This new FW is (was) telling me that 137-138 were "UDP" for "in" & "out", and that 139 is TCP "in". In my concern, I "Denied" (blocked) them all, though I'm not sure if that will cause any other problems, unless I decide that I need to share stuff (which may be the case for me before long on a local, or internal, network [?]).

But I don't even see 445 listed in the FW - at all.

Does this sound right?

 

now im just confused. theres so many crap retard answers on the internet, most coming from microsoft technet, about what the ports 135-139 and 445 actually do. i cant seem to find a straight "this is what it does" answer.
heres my confused answer though... netbios over tcp/ip and smb seems to come up a lot on searches for the 135-139 range and 445. apparently 135-139 is no longer used in later versions of windows(2000/xp) for file sharing to reduce dependency on netbios. now 445 is used with is "direct hosted smb", basically lack of netbios for communication on a lan as used in early(95,98, and me) versions of windows.
netbios is actually a way windows names the computers. this does not have to do with host names and ip addresses. it is used primarily in the application layer for communication of a lan like file sharing. since netbios is not able to communicate with computers across a wan, it needs to rely on other services such as tcp/ip, thus netbios over tcp/ip. i guess this is used, for example, in a vpn situation.

someone seriously needs to come in and correct me because i probably have a whole mess of info on this.

 

to correct this, 445 is not the ssl port, ssl uses 443.

 

Muchos Gracias! Prolly a year or more of info for me to learn about in this one post alone!

Thanks again - and i'll be-a-researchin' on my end (but please don't hold yer breath or anything like that!
PS - I SHOULD "leave 443 ALONE" [i.e. "not mess with"] - correct??

 

no, dont mess with 443. you wont be able to access any https sites or anything that uses ssl. as for 445, i really dont know. i dont think it would matter if you dont do file sharing.

you can turn off netbios over tcp/ip via network connections, properties on your nic, tcp/ip properties, general tab - advanced - wins tab

 

Ok, cool - no-messie-wit-`da "443"! And I don't even have a 445 in the list, so I can't go wrong there ... ??.

Now, since no one 'came in and corrected you', I've "done the deed" per your instructs, and am hoping when I boot-up manyana, all will be well in the hills of VA ... right?!? All does seem well as of this post ... thanks again!

BTW, gettin' a bit "cool" (down-right FRIGID!) there in MN - eh?

 

i think youd be able to effectively "block" that port by doing the above. not positive on that and i dont know for sure what it would do. i dont think it would be irreversible either way though.

if youre on the internet now and nothing seems to be going wrong i think you should be good.

and yes, it 3 degreesF outside right now. it was -6F yesterday. im at work before the sun wakes up, so its cooold when i leave my house in the morning. :cry