PKWare Zips to Growth

Rob Kennedy writes "The Milwaukee Journal Sentinel has a story about PKWare's new business plan. It talks about the investment group that bought the company after founder Phil Katz's death in 2000, and the plan for PKWare to produce what president and COO Timothy H. Kennedy (no relation) calls 'the next generation of zip' by adding various security features."

Re:Doesn't PGP do this?

[Mnemia]

PGP compresses files during the encryption process.

bzip

[Monkelectric]

I would really like to see bzip2 take over as the defacto compression standard ... it is much smaller then zip and smaller then gzip, in some cases (source code in particular) it is almost 50% better). As an informal survey take the crystal space distribution (crystalspce.org)

cs94_002.tar.bz2 (Source) 10.7Meg,

cs94_002.tar.gz (Source) 12.6Meg,

cs94_002.zip (Source) 16.7Meg

As a side note, winrar will extract bzip2 but not create it.

Re:bzip

[Spire]

For comparison purposes, I downloaded cs94_002.zip and recompressed it with the latest version of WinRAR (3.10 beta 3), set to maximum compression. The result:

cs94_002.rar (Source) 9.4MB (9,407,157 bytes)

WinRAR appears to compress much better than bzip2; however, it isn't free. Interestingly, as good as WinRAR is, even it doesn't come that close to having the best compression ratio out there.

For lots of useful statistics on the relative capabilities of virtually every compression engine in the world, check out Jeff Gilchrist's Archive Comparison Test. A lot of progress is still being made in compression technology, so the state of the art keeps changing.

Re:bzip

[Jugalator]

7-zip is open source, free and usually compress at least as good as WinRAR.

What about JAR?

[TerryAtWork]

By the guy who did ARJ, JAR implimeneted GOST as it's encryption.

Re:Are zips still relevent?

[Ed+Avis]

With MS Office, try setting a password on your document. It gets compressed before being encrypted, so this is the easiest way to save disk space provided you can remember the password. At least, this was the case with the last versions of Word I used.

Re:Respect

[Uller-RM]

Hah. He took the established ARC format, which had copyrighted free-as-in-beer public domain routines in C, and rewrote them in x86 asm for speed... and then sold PKARC (Phil Katz ARC) as a commercial product. The original inventors of ARC sued him and won - he even kept the same misspellings in the strings, for fuck's sake. He settled for a lump sum in court, then ended up making a couple of changes to the ARC format and renamed it PKZip.

That, and if you actually look at the ZIP format, you'll notice that it's all routines invented by other people. "Shrink" is dynamic LZW, "Reduce" is RLE with a second-pass probabalistic encoder, and "Implode" is a sliding dictionary with post-compression using Huffman/SF-tree encoding.

Katz was an excellent promotor and had good networking skills. I admire him for that much, and for establishing a defacto format that scaled nicely to 64-bit sizes and arbitrary-length Unicode filenames. HOWEVER, he was hardly a pioneer in compression algorithm design. Give him credit where credit is due.

Phil wasn't the marketing type.

[rdmiller3]

What?!?

Katz was an excellent promotor and had good networking skills.

You must mean Hildegard Katz, Phil's mom, who was the VP of PKWare.

There used to be a photo on the wall of PKWare's boardroom that said volumes... It showed a beautifully done show-booth at some convention, with Phil buried in a laptop on a small podium completely ignoring all the convention-goers milling around him.

If anyone promoted and networked for PKWare, it probably wasn't Phil.

Re:Encryption and compression make a lot of sense.

[Ninja+Programmer]

Well the other reason for doing encryption after compression, is to mitigate dictionary attacks. So the cost of breaking in by brute force includes both decryption as well as decompressing.

so you 8) when Bill stole it

[DrSkwid]

the future of winzip is basically death since zip compression in browsing s built into xp

pkzip is still a command line utility elsewhere

drwxr-xr-x 2 root wheel 512 Oct 11 09:06 /var/db/pkg/pkzip-2.5

Re:Simple: Implement zip filesystem.

[Ben+Hutchings]

That's what Windows XP does, and indeed what several Windows shell extensions have done before.

How well will new features work?

[FJ]

The first new feature they introduce will create an incompatability with InfoZIP & other clones. I'm sure the users of such products will complain loudly.

Pretty obvious, ninjaboy

• bzip2 doesn't use patented technology, because it's Free Software. The difference between (the illegal) bzip and (the legal) bzip2 is that bzip2 stopped illegally using patented arithmetic coding techniques in a free software project, and started using the completely legal Huffman coding, which isn't nearly as good as some patented arithmetic coders. RAR is not free software, and the author has licensed use of an arithmetic coder from the patent owners. bzip2 could have 10-20% better compression TODAY if I simply replaced the Huffman coder with arithmetic coding. It's not a code issue, though, it's a legal and moral issue.
• Many of the compressors in the ACT are bleeding-edge experimental programs written by compression researchers, often designed to do well on the ACT corpuses. I should hope they do better than bzip2 or RAR.
• bzip2 is a single algorithm (BWT+MTF+Huffman), done well. Its only purpose is to be "better than gzip", which it is. RAR is a commercial archiver. It has a multitude of algorithms. As a commercial product, I would expect it to have better compression than free software products! Why would anyone buy it if it didn't?
• RAR 2 formats can't be unpacked without binary-only, non-free software. bzip2 formats can. As I already said: not code but legalities.

Re:Yes

[thing12]

or just support bzip2? It beats deflate all the time and is free too.

The 7z format used by 7-Zip is an open architecture. There are several available compression methods and bzip2 is one of them.

Fairly clueless...

[Eivind]

Well, I don't know about the company, but this article is full of hype and cluelessness. Consider for example the following nugget:

Programs that encrypt computer files tend to make the files much larger, gobbling up valuable room on a hard drive or ...

This is bullshit. I do not know of even a single cipher which makes the files larger. Indeed all ciphers commonly used today for file-archiving are block-ciphers which transform a fixed-size (typically 64 bit) cleartext-block into an identically sized ciphertext-block. Examples of such ciphers include DES, IDEA, Blowfish, 3-DES, AES, Twofish and many others.

Combining encryption with data compression is a natural, said Stephen Crawford, vice president of marketing.

The vice-president of marketing is not typically a good person to ask about technical issues. In this case he is correct though, it is a good idea to compress files prior to encryption, this both saves place, aswell as making certain attacks a little bit harder due to more entrophy in the compressed plaintext than in the plaintext itself.

Unfortunately for him this idea is so obvious that it's been implemented in typical encryption-programs for ages. Both PGP and GPG for example by default compress the plaintext priorto encrypting it. This is hardly novel.

Re:Are zips still relevent?

[noodlez84]

Therefore the Unix model of tar and then a separate compression program makes more sense - even though tar is such a crusty and wasteful format.

Joerg Schilling, the author of the famous cdrecord, probably disagrees with you. tar has everything you need, and a lot more. The problem is that all the different tar implementations suck. GNU tar, for example, is _not_ POSIX-compliant. 'file' recognizes this and will tell you what kind of archive it is. gnutar also doesn't support very large files.

Joerg Schilling has written an excellent tar program by the name of star. To overcome the limitations of the "other" tar formats, he has produced his own, without any limitations. Features of star that completely blow away anything else:

- fully ANSI/Posix 1003.1 compatible
- ACL support
- automatically detects several common archive formats and adopts to them. Supported archive types are: Old tar, gnu tar, ansi tar, star, POSIX.1-2001 PAX, Sun's Solaris tar (GNU tar supports only one foramt--its own)
- stores/restores all 3 times of a file (even creation time)
- pattern matcher

As you can see, the "tar" format no longer sucks.
Schilling has written a very good comparison between star and gnutar, entitled STARvsGNUTAR. I highly recommend reading it. Another cool document is a listing of bugs in every other implementation of tar. :)

You can grab LSB-compliant RPMs of this at my RPM page.

Re:Yes

[airlie]

7 Zip is good but you might also check out JZip. JZip looks more like Winzip which is what most users are used to.
Or try FreeExtractor which creates self extracting exe's. I have a whole collection of Open Source Software for Windows.

Re:Are zips still relevent?

[Ed+Avis]

'tar xvf' is fine; 'tar zxvf' is not because it has to read the whole archive sequentially and decompress it. (At least I think it does; in principle it could do a little better because gzip compression works in 32Kbyte blocks AFAIK.)

Re:Doesn't PGP do this?

[noodlez84]

Hell, so does GnuPG. From the GnuPG man page:

-z n

Set compression level to n. A value of 0 for n disables compression. Default is to use the default compression level of zlib (normally 6).

--compress-algo n

Use compress algorithm n. Default is 2 which is RFC1950 compression. You may use 1 to use the old zlib version (RFC1951) which is used by PGP. The default algorithm may give better results because the window size is not limited to 8K. If this is not used the OpenPGP behavior is used, i.e. the compression algorithm is selected from the preferences; note, that this can't be done if you do not encrypt the data.

PKWare bloat has already happened.

[Reziac]

The bloat already happened.

In August of 2000, I bought PKZip Explorer from PKWare. Figured for the $10 special promotion, what the hell, and it would be nice to have PKZIP that could handle Windows long file names. Also assumed it would have the same feature set as PKZIP for DOS, and their promo literature certainly *sounded* like it would.

Well, it was one of the poorest $10 purchases I ever made. The installer (a two-step, partially online-only process due to paranoia about piracy) is about 6mb, and the installed program is apparently scattered thruout Windows. So I was already annoyed by the time it was finally installed and running.

On to making my first ZIP with it. Turns out the ONLY thing it can do is grab the specified files and create a new ZIP, or unzip a specified ZIP. That's ALL it can do. It's absolutely devoid of ALL the switches and options that made PKZIP for DOS so useful. The only good thing I can say about it, is that it's fast.

Now, maybe it's improved some since then, but if it didn't even have its own ancestral feature set in 2000, yet was already 3x the size of competing products like WinZIP and WinRAR, I have scant hope for later incarnations.

And thanks to this experience, chances are I'll never buy another product from PKWare.

Yes - PGP does this?

ZIP+RSA Encryption=PGP The article shows clear FUD (either the reporter or PKWare - It's not clear):

• Encryption doesn't make files bigger at all. (Maybe a couple of extra bytes of header depending on the wrapping format, but not the data).
• (working) encryption kills compression stone dead (compression loooks for patterns in the data - encryption hides all patterns), thats all.
• Compress-before-encrypt is obvious and well known. PGP did it way back. GPG does it. TLS/SSL now does it. ssh has it built in. IPSec has it as an option now.

If RSA is involved, maybe they're just using the PK name to legitamise a new version of RSA Mailsafe - a lame PGP clone from DOS days (that wasn't compatible with PGP). RSA never did make much from PGP, but it's still popular and used, unlike s/mime and the public PKI, which is going nowhere.