108
WinRAR zero-day exploited since April to hack trading accounts
(www.bleepingcomputer.com)
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
No idea why folks still use stuff like this when there are open source alternatives like 7zip and Nana Zip.
I use WinRAR (as a switch from 7-Zip) because it works well enough, is fast and stable and has good compression. For me, switching to another Windows archiver would have no merit.
Is security not a merit?
Honestly, this is like the first time I heard WinRAR has this big security vulnerability. But I am still planning to stay on WinRAR given its easy to use UI and unlimited free trial.
It is. Coincidentally, security was one of the reasons to uninstall 7-Zip.
There's barely any CVEs on that page. It's likely a security researcher did some fuzzing of the executable and found a few issues at once.
Have you looked at how many vulnerabilities there's been in things like Windows, MacOS, Chrome, etc?
I have. The point is that there is no software without vulnerabilities.
Definitely true, but that conflicts with this:
If you uninstalled software because of security, you wouldn't have any software left :)
Also true. I was probably too impatient when I bought a WinRAR license over night. But now I have it and I use it. :-)
Y-you paid for WinRAR?
I even own legitimate Total Commander and mIRC licenses!
Wow, a real unicorn! 🦄
I'm sure they're still celebrating someone purchasing a license :)
The number of reported issues seems to be about the same with WinRAR: https://www.cvedetails.com/vulnerability-list/vendor_id-1914/product_id-3768/Rarlab-Winrar.html
Is WinRAR really faster, more stable, and has better compression than 7-Zip? I haven't used WinRAR in probably over a decade at this point.
It depends. The RAR5 format used by newer WinRAR versions (the "old" one is still supported just well) can have smaller archives than 7z, but the opposite is also true. Still, yes, WinRAR is in my experience faster and more stable.
(Note that "as small as possible" is not usually the most relevant point. The best compression is currently reached with the ZPAQ format, but using it with maximum compression settings is painfully slow.)