1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News 7-Zip compression library hit by security flaws

Discussion in 'Article Discussion' started by Gareth Halfacree, 12 May 2016.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,066
    Likes Received:
    6,610
  2. Jimbob

    Jimbob Minimodder

    Joined:
    2 Jul 2009
    Posts:
    205
    Likes Received:
    7
    I've never unstood why people use 7-Zip, why not use WinRAR or the build in Zip support? Am I missing something?
     
  3. XXAOSICXX

    XXAOSICXX Minimodder

    Joined:
    20 Apr 2011
    Posts:
    761
    Likes Received:
    15
    Licensing. Winrar ain't free, 7-Zip is :)
     
  4. Jimbob

    Jimbob Minimodder

    Joined:
    2 Jul 2009
    Posts:
    205
    Likes Received:
    7
    WinRAR is, you just have to click close and ignore the message. ;-)
     
  5. Maki role

    Maki role Dale you're on a roll... Lover of bit-tech

    Joined:
    9 Jan 2012
    Posts:
    1,724
    Likes Received:
    151
    Honestly I think 7-Zip is simply better than WinRAR. It's smaller, lighter and doesn't ask you to upgrade every 5 minutes if you haven't purchased it. As for built in support, people sometimes use RARs, so having a program that can open them is rather handy.
     
  6. Icy EyeG

    Icy EyeG Controlled by Eyebrow Powers™

    Joined:
    23 Jul 2007
    Posts:
    517
    Likes Received:
    3
    Since 7-Zip is actually better, free and open source. I think the question makes more sense in reverse.
     
  7. Jimbob

    Jimbob Minimodder

    Joined:
    2 Jul 2009
    Posts:
    205
    Likes Received:
    7
    Not used it for ages. Perhaps I'll switch around then and give it another go! :)
     
  8. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    I'm confused, the article mentions the utility and the quote from Talos security mentions the libraries, what has me confused is that (afaik) the libraries can be used to compress/decompress files independently of the utility so is it correct to say the security flaws are not in the utility but in those independent libraries and if so does it effect all the file formats created with those libraries. i.e if you use those libraries to create z7, rar, or tar formats?
     
  9. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,066
    Likes Received:
    6,610
    The vulnerabilties are in the libraries; the utility uses those libraries (basically, it's a front-end to the libraries.) If you're using the vulnerable (pre-16.00) libraries, either because you're using a pre-16.00 build of 7-Zip itself or because you're using a third-party program which includes said libraries, then you're vulnerable.

    In case that wasn't clear: Applications which use the 7-Zip libraries for compression and decompression operations are vulnerable. The 7-Zip application uses the 7-Zip libraries for compression and decompression operations. Ergo, the 7-Zip application is vulnerable. (Was vulnerable, rather, 'cos it's been fixed in 7-Zip 16.00.)
     
  10. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    Yea it dawned on me about 30min after i wrote that. :duh: Lesson learnt in how to engage the brain before opening my mouth (or should that be before clicking post?).

    Thanks for taking the time to explain it for slow people like me though Gareth. :thumb:
     
  11. XXAOSICXX

    XXAOSICXX Minimodder

    Joined:
    20 Apr 2011
    Posts:
    761
    Likes Received:
    15
    Ha. If only...

    It's not free for commercial use :)
     
  12. Tattysnuc

    Tattysnuc Thinking about which mod to do 1st.

    Joined:
    19 Jul 2009
    Posts:
    1,620
    Likes Received:
    60
    7zip achieves higher compression rates for the type of objects we use (databases) and is very efficient on multi thread systems.

    We experimented using Winzip, winrar and 7zip and found that not only was it quicker to compress the files, it could compress them much more. It was more stable when large numbers of (small text) files were being used.

    Zip does have the advantage of being supported within windows so any searches could extend to the contents of zip folders.
     
  13. loftie

    loftie Multimodder

    Joined:
    14 Feb 2009
    Posts:
    3,173
    Likes Received:
    262
    Thanks for this, updated my 7Zip.
     
  14. Wwhat

    Wwhat Minimodder

    Joined:
    2 Oct 2005
    Posts:
    263
    Likes Received:
    1
    I use both, for some things winrar is better and for some things 7-zip is.

    Advantages of winrar include quicker access to single files in large volumes and the ability to repair both rar and zip files, as well as the ability to open partial files.
    Advantage of 7-Zip is smaller files (or it used to be at least) and the ability to open exe files and such.
     

Share This Page