WinRAR? Why?
For the last 20 years or more, all PCs, that friends and family sent me to repair, have a shareware copy of WinRAR! Why? 7Zip has been completely free (and better IMHO) for ages ¯\_(ツ)_/¯ The mystery remains.
If you needed another reason to keep your installation of venerable decompression app WinRAR updated, Google's Threat Analysis Group says it has spotted a vulnerability patched in August being actively abused by multiple state-backed threat actors. According to a blog post on Monday, TAG has spotted Russian and Chinese-linked …
Many years ago, in a previous job, we sent a bunch of engineers to China to oversee the design and manufacture of some stuff, and all the drawings were compressed into .rar archives. The Chinese guys helpfully gave our guys a cracked version of Winrar to uncompress them and explained that .rar files were "better".
(No, I don't know what better means either).
Of course they all bought some weird keylogging virus back from China with them. Because of course they did.
"Of course they all bought some weird keylogging virus back from China with them"
I'd have been awfully tempted to put those into a sandbox, and connect to a server with fake, but exotic looking projects. Stuff that looks vaguely possible like high temp fusion, or quantum cryptography.
Not sue if i'd A) make it look like the "good stuff" was behind very hardened security. B) seed it wirh corrupted zip files. C) rickroll them.
For those that pony up for the license (and I know one of those in South America!!!!!!), more power to them. For the rest of us, 7z is a standard format, supported by multiple programs (including WInRAR!), has as near as makes no difference the same compression ratio, and only misses out on integrity/parity checking for split archives[1]. Right now 7-Zip hasn't adapted to the new Windows 11 right-click menu, but NanaZip does.
PD: Good enough excuse to remember this gem
[1]: While it hasn't been my experience, I was led to believe that (with the right create-time options) split rar files can recover from a corrupted part.
"Why would anyone want to make a rar file when you can just tell the other people (who are the ones that require) it that they can just change their work flow to match yours instead".
In the case we had, the supplier's helpdesk system would automatically unpack the .rar files and attach it to the ticket. Using rar.exe. The command line version does not support any format but rar, unlike winrar which does. So sure, you could send them a .zip file, or a .7z file, and they would (and did) close the support request due to not being supplied the diagnostic data .
Well no the customer is always right that essentially the customer has a free ticket to make the vendor do literally anything they dictate. Including the price.
That old saying was just a empty promise that some buisnesses used to get you in the door.
Nobody ever actually operated that way as a business.
"In the case we had, the supplier's helpdesk system would automatically unpack the .rar files and attach it to the ticket. Using rar.exe. The command line version does not support any format but rar, unlike winrar which does."
You could, of course, use something other than a registered copy of WinRAR, such as one of the other free versions, the rar command line itself or even wrap a batchfile/powershell/bash script around it.
You are correct, you could use the non-registered version in a business environment, in violation of the winrar licence, you know, the one time RAR labs do take action.
Or you could, as you say, use one of the other free versions... that don't exist. There's only one system that make rar files, and that is from rar labs. The only other programs that "make" rar files need rar.exe from.. rar labs to do it.
According to Whackypedia, the personal version is free to use in China probably in recognition that they're going to pirate it anyway.
So we all know which version is going to get installed in businesses in China. Everyone else in the world can buy a licence for this steaming pile to get support from the helldesk in China.
I saw some time ago a multipart rar, the total size was a little more than the original files, but i believe it had extra parts (i think you specify how many) to be used as recovery in case of corruption of any part. Any of the extra parts could become any other part, i think, my memory is not what it used to be, so that may be useful when dealing with multipart archives over the 'net.
Speaking from own experience, back in the floppy days RAR had better compression than ZIP and support for recovery data. For large sets, the better compression rate allowed to save a floppy or two, which you could then use as a recovery in case any one fails. And floppies failed or went missing always when they were needed.
Also, Usenet binary groups were filled with split RAR files with several recoveries in case some articles got missing. IIRC even WinRAR could UUencode.
None of these advantages are relevant nowadays.
Although 7-Zip already existed in 1999, it wasn't very known nor distributed through shareware disks, which were the way most people got to get software back then.
Most people I know who still use RAR compressed files are those who used way back before; no one who had not used it before 2010 has ever used them.
UUencoded file could be decoded by many different programs, even around the turn of the millennia. I earned my first guru badge by finding the boss' file was actually a UUencoded file. but no amount of coaxing would get the standard tools to decode it. Renamed the file to something.zip and let winzip open it ... perfectly.
IBM/Lenovo used 7-Zip as an integral part of their ThinkVantage suite, so knowing a system was a Thinkxyz odds were that C:\Program Files\ThinkVantage\SMA\7z\Formats\7z.dll existed.
This wasn't a problem until 7-Zip got used as part of an attack vector. As whilst you may have updated the install at C:\Program Files\7-Zip you were probably totally unaware of this hidden in plain sight installation...
Hence I would not be surprised if the RAR.exe exploit is similar style of attack ie. it exploits these legitimate but hidden in plain sight installations.
The crux of the problem is that highly useful venerable standalone utilities such as PuTTY, cURL, 7-Zip and RAR, but not forgetting the NirSoft utiliies, don't auto update and hence represent potential doors into an otherwise secure system.
Not exactly. It's used to find an executable file when you give it a string. If I type "program" into the Windows terminal, it will try to run program.exe, program.bat, program.cmd, when it can find one on the path. That way, someone can abstract whether this tool is a shell script or a binary without having to change the name. The problem is other applications choosing to open a file by telling the shell to execute it, rather than by using the normal functions to open a file. Sure, Windows will treat an attempt to invoke a non-executable file as a request to open it, something Linux wouldn't do, but that's no reason to use that to open a file.