WinRAR security hole?
But how will I install, special_craked_game.exe ?
Users of the popular WinRAR compression and archiving tool should update now to avoid a vulnerability that allows code to be run when a user opens a RAR file. WinRAR is one of the many apps available for compressing and packaging multiple files together for distribution or archiving, and is claimed as the world’s most popular …
I've been using the Linux version of (Win)RAR for many years... my Reg file works for both versions though I am not sure about giveaway licences. Some may find the CLI-only Linux version a bit sparse but it has the same functions as the Windows version, just not as much eye candy.
there is a project called rar2fs which can fuse mount a directory and unpack rar files on-demand in memory, so the mount looks as if you unpacked all rar files prior to directory browsing.
benefit:
you can watch downloaded warez movies without needing to unpack them first.
why is this a benefit? because extractions take space and you might want to continue seeding back to the community without increased storage requirements.
other benefit:
rar is (to my knowledge) the only archive file format, that supports seeking.
you can extract a single file from it without decompressing the prior files first, due to a lookup table with it's directory structure present within the rar file.
you can essentially use a .rar file like a cd image in this case.
unlike tar or zip where you have to run through the archive first, in order to extract what you want.
obviously this is optional and can be disabled for higher compression results but it's pretty common in scene releases to only have per-file compression (if any at all)
No, not better compression. As a rule 7z is the better compression utility, sometimes significantly so. However, as commented elsewhere RAR can create redundant archives (with user-definable amounts of redundancy) which makes sure that files in the archive can be accessed even when parts of the archive become corrupted or unreadable (happened twice in 20+ years).
I still laugh every time I see an enterprise that rolls out winrar or winzip on a corporate level, I can only ever say "eww" or think "what silly old warez d00d admin put this out there?". Particularly when there are far better and far more open and un-encumbered license-wise solutions like 7zip that don't come with a shareware trial nag on every launch. Keep it classy y'all.
Have you ever looked at the source code for 7-Zip?
It may "work", but there's no way I would want to generate the test vectors for it.
It does have some comments, but mainly commented-out code - including things like "if ( some-condition)" being comment-out to make the following block unconditional.
One of the functions is something like 1500 lines long, and includes a number of potentially-infinite nested loops.
Still, it seems to do the job if you can ignore the fact that it may have similar security vulnerabilities ;-)
Igor, bless his heart, is a genius at fancy maths and dirty coding tricks, not so much software engineering or UX. It's a throwback to that age when all compression and encryption code looked like that, heck, most software in general, and it's probably the only reason I've visited Sourceforge in years. Unrar (the only free and open source part of rar) has been cleaned up dramatically over the years compared to early releases, so it's not that ugly anymore, but it started in a quite dire state. Too bad Igor declines pretty much any code contributions, including cleanup patches.
Well... I use 7z for many things (it's faster and normally has better compression rates than RAR) but for everything that has to survive for a long time and is REALLY important I use RAR only. Main reason is that RAR can add user-defined amounts of redundancy to an archive, so even if bits of an archive go and bit-rot, chances are I can still access most if not all of it. I don't think 7z has such a feature.
Interesting i didn't know RAR archives could do that. I guess that goes to explain why a propriety program like WinRAR is still relevant when Windows has natively supported ZIP for decades, and open source alternatives such as 7zip have been around for a long time to.
I did see there was a open source archive format called Freearc that supported recovery records, but it looks like the project has died since there hasn't been any new releases since 2016.
Maybe this is something that 7zip can add support for it newer versions going forward?
keep in mind why zip is present in windows..
dave plummer made this in his spare time while working for windows.
it was a third-party tool initially and microsoft asked to buy it form him and integrate it into windows.
I suspect it just never was touched again since then, and thus the reason why there is only zip support.
If survivability is key, then TAR, optionally followed by GZIP will be your friend.
Source code available and should be runnable even 10,000 years down the track. Add in checksums to data before and after you TAR it.
Personally, i use 7-zip, but i have had my arse saved by tar (via Cygwin) for storing of system logs on Windows. S-ox records and a PFY auditor - "can you prove you never changed this?". Yup, and here you go ....
I knew I didn't trust .rar when even the Source Code for the decompression utility carried an unenforcible but still scary admonition that it was not to be used for developing a compatible compression
tool.
In my experience, that sort of behaviour has *always* meant the person who wrote it thought they had done something really clever.