Technology

38487 readers

1 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 3 years ago

MODERATORS

[email protected]

108

WinRAR zero-day exploited since April to hack trading accounts (www.bleepingcomputer.com)

submitted 2 years ago by [email protected] to c/[email protected]

22 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 8 points 2 years ago (2 children)

I use WinRAR (as a switch from 7-Zip) because it works well enough, is fast and stable and has good compression. For me, switching to another Windows archiver would have no merit.

[–] [email protected] 37 points 2 years ago (2 children)

Is security not a merit?

[–] [email protected] 5 points 2 years ago

Honestly, this is like the first time I heard WinRAR has this big security vulnerability. But I am still planning to stay on WinRAR given its easy to use UI and unlimited free trial.

[–] [email protected] 2 points 2 years ago (2 children)

It is. Coincidentally, security was one of the reasons to uninstall 7-Zip.

[–] [email protected] 17 points 2 years ago* (last edited 2 years ago) (1 children)

There's barely any CVEs on that page. It's likely a security researcher did some fuzzing of the executable and found a few issues at once.

Have you looked at how many vulnerabilities there's been in things like Windows, MacOS, Chrome, etc?

[–] [email protected] 3 points 2 years ago (1 children)

I have. The point is that there is no software without vulnerabilities.

[–] [email protected] 12 points 2 years ago (1 children)

The point is that there is no software without vulnerabilities.

Definitely true, but that conflicts with this:

Coincidentally, security was one of the reasons to uninstall 7-Zip.

If you uninstalled software because of security, you wouldn't have any software left :)

[–] [email protected] 2 points 2 years ago (2 children)

Also true. I was probably too impatient when I bought a WinRAR license over night. But now I have it and I use it. :-)

[–] [email protected] 9 points 2 years ago (1 children)

Y-you paid for WinRAR?

[–] [email protected] 3 points 2 years ago (1 children)

I even own legitimate Total Commander and mIRC licenses!

[–] [email protected] 2 points 2 years ago

Wow, a real unicorn! 🦄

[–] [email protected] 8 points 2 years ago

I'm sure they're still celebrating someone purchasing a license :)

[–] [email protected] 9 points 2 years ago

The number of reported issues seems to be about the same with WinRAR: https://www.cvedetails.com/vulnerability-list/vendor_id-1914/product_id-3768/Rarlab-Winrar.html

[–] [email protected] 7 points 2 years ago (1 children)

Is WinRAR really faster, more stable, and has better compression than 7-Zip? I haven't used WinRAR in probably over a decade at this point.

[–] [email protected] 2 points 2 years ago

It depends. The RAR5 format used by newer WinRAR versions (the "old" one is still supported just well) can have smaller archives than 7z, but the opposite is also true. Still, yes, WinRAR is in my experience faster and more stable.

(Note that "as small as possible" is not usually the most relevant point. The best compression is currently reached with the ZPAQ format, but using it with maximum compression settings is painfully slow.)