Battle WinRar or 7Zip? What's your favourite?

Most interested about
  1. Exclusive Features

Thiagoo

Level 3
May 10, 2021
101
You not thinking or thinking something doesn't change reality. It isn't my opinion that winrar is safe, I've done at least some research before making any claims

There are many cases of vulnerabilities being undetected for several years A Windows Defender Vulnerability Lurked Undetected for 12 Years and winrar is no different in that regard

What you don't seem to understand is that I haven't said that winrar is the most secure option around. I've only said that the security is significantly better than that of 7-zip

Saying that a vulnerability could get fixed on day 0 is just your own lack of understanding on what the problem really was. That's just not how things work. Do some actual research instead of pointlessly arguing

Edit: also kind of interesting how you again choose to selectively ignore 7-zip's anti-security stances

What you don't seem to understand is that I haven't said that winrar is the most secure option around. I've only said that the security is significantly better than that of 7-zip
And i disagree, hence the fact i'm debating.


Edit: also kind of interesting how you again choose to selectively ignore 7-zip's anti-security stances
And looks like you're not reading what i've said before:
"Everything has flaws, sure"...
7-zip has flaws, but it's not a huge mess like this one.


Saying that a vulnerability could get fixed on day 0 is just your own lack of understanding on what the problem really was. That's just not how things work. Do some actual research instead of pointlessly arguing
Putting code on your software that you don't have access to is not a good idea. The team could atleast remove .ACE after it stopped being maintaned in order to reduce some years of damage, but they probably just did choose keeping the feature over security. And i forgot to mention that .ACE files can be disguised as .RAR files too.

If you think i'm pointlessly arguing, good for you. My opinion stays the same, WinRAR is not safe.


I've done at least some research before making any claims
You should also research what i've said until now.


There are many cases of vulnerabilities being undetected for several years A Windows Defender Vulnerability Lurked Undetected for 12 Years and winrar is no different in that regard

This specific vulnerability was caused by a driver that doesn't always run on your HDD. And again, it's a completely different case as i said before.
"The researchers hypothesize that the bug stayed hidden for so long because the vulnerable driver isn't stored on a computer's hard drive full-time, like your printer drivers are. Instead, it sits in a Windows system called a “dynamic-link library,” and Windows Defender only loads it when needed. Once the driver is done working, it gets wiped from the disk again."

Systems like Windows, Android, iOS has huge chunks of critical code on their kernel, so this will happen at any time, but WinRAR only had a single outdated DLL (that could get avoided easily) that caused all of this.

I'm not replying to this again as this discussion will probably lead to nowhere. If you want to use WinRAR, use it. If you want to use 7-zip, use it too. I don't want to repeat every single word i've said here.
 
  • Like
Reactions: Nevi

anupritaisno1

Level 2
May 27, 2021
72
And i disagree, hence the fact i'm debating.



And looks like you're not reading what i've said before:

7-zip has flaws, but it's not a huge mess like this one.



Putting code on your software that you don't have access to is not a good idea. The team could atleast remove .ACE after it stopped being maintaned in order to reduce some years of damage, but they probably just did choose keeping the feature over security. And i forgot to mention that .ACE files can be disguised as .RAR files too.

If you think i'm pointlessly arguing, good for you. My opinion stays the same, WinRAR is not safe.



You should also research what i've said until now.




This specific vulnerability was caused by a driver that doesn't always run on your HDD. And again, it's a completely different case as i said before.




I'm not replying to this again as this discussion will probably lead to nowhere. If you want to use WinRAR, use it. If you want to use 7-zip, use it too. I don't want to repeat every single word i've said here.
Saying the lack of basic security mitigations like ASLR and DEP is not a big deal is just you saying nonsense about something you don't understand. As I've said, you're just arguing here in bad faith at this stage instead of doing any actual research. The lack of these basic exploit mitigations is a far serious issue than 1 security vulnerability on winrar

You also resort to twisting what I've said again. I've pointed to that article as proof that 7-zip is lacking really essential exploit mitigation and not to point to the actual vulnerability. What is so hard to understand here?

Winrar is significantly safer than 7-zip and your opinion doesn't have more importance over actual facts
 

Thiagoo

Level 3
May 10, 2021
101
Reading my comments again, i guess anupritaisno is actually right in a security perspective. Vulnerabilities is not a big parameter to define a software security, as everything has vulnerabilities coming from low risk to severe, and open source obviously doesn't mean everyone will inspect the code and fix the flaws. As i'm not a professional i should always try to expand my knowledge and acknowledge my errors, so please disconsider my previous comments if you're reading them.
 
Last edited:

Deletedmessiah

Level 24
Verified
Content Creator
Jan 16, 2017
1,377
Winrar. 7zip has really terrible security practices, nonexistent exploit mitigation and it doesn't even respect MOTW. Many security researchers describe how security issues they report are simply ignored by the 7-zip developer for years. The cryptography used is another mess entirely
It's far better to just pay for winrar to get rid of the ads than to use 7-zip
Does winrar support MOTW?
 
Top