1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News 7-Zip compression library hit by security flaws

Discussion in 'Article Discussion' started by Gareth Halfacree, 12 May 2016.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,400
    Likes Received:
    1,812
  2. Jimbob

    Jimbob Member

    Joined:
    2 Jul 2009
    Posts:
    190
    Likes Received:
    1
    I've never unstood why people use 7-Zip, why not use WinRAR or the build in Zip support? Am I missing something?
     
  3. XXAOSICXX

    XXAOSICXX Member

    Joined:
    20 Apr 2011
    Posts:
    755
    Likes Received:
    15
    Licensing. Winrar ain't free, 7-Zip is :)
     
  4. Jimbob

    Jimbob Member

    Joined:
    2 Jul 2009
    Posts:
    190
    Likes Received:
    1
    WinRAR is, you just have to click close and ignore the message. ;-)
     
  5. Maki role

    Maki role Dale you're on a roll... Staff

    Joined:
    9 Jan 2012
    Posts:
    1,653
    Likes Received:
    97
    Honestly I think 7-Zip is simply better than WinRAR. It's smaller, lighter and doesn't ask you to upgrade every 5 minutes if you haven't purchased it. As for built in support, people sometimes use RARs, so having a program that can open them is rather handy.
     
  6. Icy EyeG

    Icy EyeG Controlled by Eyebrow Powers™

    Joined:
    23 Jul 2007
    Posts:
    517
    Likes Received:
    3
    Since 7-Zip is actually better, free and open source. I think the question makes more sense in reverse.
     
  7. Jimbob

    Jimbob Member

    Joined:
    2 Jul 2009
    Posts:
    190
    Likes Received:
    1
    Not used it for ages. Perhaps I'll switch around then and give it another go! :)
     
  8. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,259
    Likes Received:
    316
    I'm confused, the article mentions the utility and the quote from Talos security mentions the libraries, what has me confused is that (afaik) the libraries can be used to compress/decompress files independently of the utility so is it correct to say the security flaws are not in the utility but in those independent libraries and if so does it effect all the file formats created with those libraries. i.e if you use those libraries to create z7, rar, or tar formats?
     
  9. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,400
    Likes Received:
    1,812
    The vulnerabilties are in the libraries; the utility uses those libraries (basically, it's a front-end to the libraries.) If you're using the vulnerable (pre-16.00) libraries, either because you're using a pre-16.00 build of 7-Zip itself or because you're using a third-party program which includes said libraries, then you're vulnerable.

    In case that wasn't clear: Applications which use the 7-Zip libraries for compression and decompression operations are vulnerable. The 7-Zip application uses the 7-Zip libraries for compression and decompression operations. Ergo, the 7-Zip application is vulnerable. (Was vulnerable, rather, 'cos it's been fixed in 7-Zip 16.00.)
     
  10. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,259
    Likes Received:
    316
    Yea it dawned on me about 30min after i wrote that. :duh: Lesson learnt in how to engage the brain before opening my mouth (or should that be before clicking post?).

    Thanks for taking the time to explain it for slow people like me though Gareth. :thumb:
     
  11. XXAOSICXX

    XXAOSICXX Member

    Joined:
    20 Apr 2011
    Posts:
    755
    Likes Received:
    15
    Ha. If only...

    It's not free for commercial use :)
     
  12. Tattysnuc

    Tattysnuc Thinking about which mod to do 1st.

    Joined:
    19 Jul 2009
    Posts:
    1,592
    Likes Received:
    55
    7zip achieves higher compression rates for the type of objects we use (databases) and is very efficient on multi thread systems.

    We experimented using Winzip, winrar and 7zip and found that not only was it quicker to compress the files, it could compress them much more. It was more stable when large numbers of (small text) files were being used.

    Zip does have the advantage of being supported within windows so any searches could extend to the contents of zip folders.
     
  13. loftie

    loftie Well-Known Member

    Joined:
    14 Feb 2009
    Posts:
    2,877
    Likes Received:
    130
    Thanks for this, updated my 7Zip.
     
  14. Wwhat

    Wwhat Member

    Joined:
    2 Oct 2005
    Posts:
    263
    Likes Received:
    1
    I use both, for some things winrar is better and for some things 7-zip is.

    Advantages of winrar include quicker access to single files in large volumes and the ability to repair both rar and zip files, as well as the ability to open partial files.
    Advantage of 7-Zip is smaller files (or it used to be at least) and the ability to open exe files and such.
     

Share This Page