back to article Paying for WinRAR in all the wrong ways - Russia and China hitting ancient app

If you needed another reason to keep your installation of venerable decompression app WinRAR updated, Google's Threat Analysis Group says it has spotted a vulnerability patched in August being actively abused by multiple state-backed threat actors.  According to a blog post on Monday, TAG has spotted Russian and Chinese-linked …

  1. chololennon
    WTF?

    WinRAR? Why?

    For the last 20 years or more, all PCs, that friends and family sent me to repair, have a shareware copy of WinRAR! Why? 7Zip has been completely free (and better IMHO) for ages ¯\_(ツ)_/¯ The mystery remains.

    1. Youngone

      Re: WinRAR? Why?

      Many years ago, in a previous job, we sent a bunch of engineers to China to oversee the design and manufacture of some stuff, and all the drawings were compressed into .rar archives. The Chinese guys helpfully gave our guys a cracked version of Winrar to uncompress them and explained that .rar files were "better".

      (No, I don't know what better means either).

      Of course they all bought some weird keylogging virus back from China with them. Because of course they did.

      1. Chloe Cresswell Silver badge

        Re: WinRAR? Why?

        rar was one of the first compression systems to properly support multibyte characters, I could see that giving it a reputation for "better" in somewhere like China. And these reputations will often out last the software itself.

      2. Anonymous Coward
        Anonymous Coward

        Re: WinRAR? Why?

        "Of course they all bought some weird keylogging virus back from China with them"

        I'd have been awfully tempted to put those into a sandbox, and connect to a server with fake, but exotic looking projects. Stuff that looks vaguely possible like high temp fusion, or quantum cryptography.

        Not sue if i'd A) make it look like the "good stuff" was behind very hardened security. B) seed it wirh corrupted zip files. C) rickroll them.

    2. DoContra

      Re: WinRAR? Why?

      For those that pony up for the license (and I know one of those in South America!!!!!!), more power to them. For the rest of us, 7z is a standard format, supported by multiple programs (including WInRAR!), has as near as makes no difference the same compression ratio, and only misses out on integrity/parity checking for split archives[1]. Right now 7-Zip hasn't adapted to the new Windows 11 right-click menu, but NanaZip does.

      PD: Good enough excuse to remember this gem

      [1]: While it hasn't been my experience, I was led to believe that (with the right create-time options) split rar files can recover from a corrupted part.

      1. Chloe Cresswell Silver badge

        Re: WinRAR? Why?

        The reason I see people with licenced versions of WinRAR is they have a requirement to make .rar files (normally for sending files to china), and making RAR files is the one thing you need rar.exe/WinRAR for.

        1. Dan 55 Silver badge

          Re: WinRAR? Why?

          Why would people here need to make .rar files when WinRar itself can read .7z files and the receiver can open those just as well?

          Practically everything can read everything else now, and if you're unsure you can use .zip.

          1. Chloe Cresswell Silver badge

            Re: WinRAR? Why?

            "Why would anyone want to make a rar file when you can just tell the other people (who are the ones that require) it that they can just change their work flow to match yours instead".

            In the case we had, the supplier's helpdesk system would automatically unpack the .rar files and attach it to the ticket. Using rar.exe. The command line version does not support any format but rar, unlike winrar which does. So sure, you could send them a .zip file, or a .7z file, and they would (and did) close the support request due to not being supplied the diagnostic data .

            1. Dan 55 Silver badge

              Re: WinRAR? Why?

              Isn't the customer supposed to always be right?

              If their helpdesk script can't work out which decompressor to run with which file extension then don't expect any great support from them.

              1. Ideasource

                Re: WinRAR? Why?

                Well no the customer is always right that essentially the customer has a free ticket to make the vendor do literally anything they dictate. Including the price.

                That old saying was just a empty promise that some buisnesses used to get you in the door.

                Nobody ever actually operated that way as a business.

                1. John Brown (no body) Silver badge

                  Re: WinRAR? Why?

                  IIRC, the phrase as originally coined was "Always treat the customer as if they are right", ie it was meant to teach salespeople in department stores to always be polite to the customer, even when the customer is wrong..

            2. John Brown (no body) Silver badge

              Re: WinRAR? Why?

              "In the case we had, the supplier's helpdesk system would automatically unpack the .rar files and attach it to the ticket. Using rar.exe. The command line version does not support any format but rar, unlike winrar which does."

              You could, of course, use something other than a registered copy of WinRAR, such as one of the other free versions, the rar command line itself or even wrap a batchfile/powershell/bash script around it.

              1. Chloe Cresswell Silver badge

                Re: WinRAR? Why?

                You are correct, you could use the non-registered version in a business environment, in violation of the winrar licence, you know, the one time RAR labs do take action.

                Or you could, as you say, use one of the other free versions... that don't exist. There's only one system that make rar files, and that is from rar labs. The only other programs that "make" rar files need rar.exe from.. rar labs to do it.

                1. Dan 55 Silver badge
                  Meh

                  Re: WinRAR? Why?

                  According to Whackypedia, the personal version is free to use in China probably in recognition that they're going to pirate it anyway.

                  So we all know which version is going to get installed in businesses in China. Everyone else in the world can buy a licence for this steaming pile to get support from the helldesk in China.

      2. Anonymous Coward
        Anonymous Coward

        Re: WinRAR? Why?

        I saw some time ago a multipart rar, the total size was a little more than the original files, but i believe it had extra parts (i think you specify how many) to be used as recovery in case of corruption of any part. Any of the extra parts could become any other part, i think, my memory is not what it used to be, so that may be useful when dealing with multipart archives over the 'net.

    3. entfe001

      Re: WinRAR? Why?

      Speaking from own experience, back in the floppy days RAR had better compression than ZIP and support for recovery data. For large sets, the better compression rate allowed to save a floppy or two, which you could then use as a recovery in case any one fails. And floppies failed or went missing always when they were needed.

      Also, Usenet binary groups were filled with split RAR files with several recoveries in case some articles got missing. IIRC even WinRAR could UUencode.

      None of these advantages are relevant nowadays.

      Although 7-Zip already existed in 1999, it wasn't very known nor distributed through shareware disks, which were the way most people got to get software back then.

      Most people I know who still use RAR compressed files are those who used way back before; no one who had not used it before 2010 has ever used them.

      1. Fred Daggy Silver badge
        Pint

        Re: WinRAR? Why? Not this Millennium.

        UUencoded file could be decoded by many different programs, even around the turn of the millennia. I earned my first guru badge by finding the boss' file was actually a UUencoded file. but no amount of coaxing would get the standard tools to decode it. Renamed the file to something.zip and let winzip open it ... perfectly.

  2. Rich 2 Silver badge

    RAR

    The ONLY reason i have ever found for using rar compression is to make it as painfully difficult as possible for the recipient to recover the original data.

    RAR should be (and hopefully has by now) consigned to the great Bin of Shit Computer Ideas. Truly awful.

  3. Roland6 Silver badge

    Venerable utilities...

    IBM/Lenovo used 7-Zip as an integral part of their ThinkVantage suite, so knowing a system was a Thinkxyz odds were that C:\Program Files\ThinkVantage\SMA\7z\Formats\7z.dll existed.

    This wasn't a problem until 7-Zip got used as part of an attack vector. As whilst you may have updated the install at C:\Program Files\7-Zip you were probably totally unaware of this hidden in plain sight installation...

    Hence I would not be surprised if the RAR.exe exploit is similar style of attack ie. it exploits these legitimate but hidden in plain sight installations.

    The crux of the problem is that highly useful venerable standalone utilities such as PuTTY, cURL, 7-Zip and RAR, but not forgetting the NirSoft utiliies, don't auto update and hence represent potential doors into an otherwise secure system.

  4. Zack Mollusc

    What?

    Am I reading this right? Windows cannot figure out how to execute a file, so it instead looks for a file with a different extension and executes that?

    1. doublelayer Silver badge

      Re: What?

      Not exactly. It's used to find an executable file when you give it a string. If I type "program" into the Windows terminal, it will try to run program.exe, program.bat, program.cmd, when it can find one on the path. That way, someone can abstract whether this tool is a shell script or a binary without having to change the name. The problem is other applications choosing to open a file by telling the shell to execute it, rather than by using the normal functions to open a file. Sure, Windows will treat an attempt to invoke a non-executable file as a request to open it, something Linux wouldn't do, but that's no reason to use that to open a file.

      1. Zack Mollusc

        Re: What?

        Thank you.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like