PKWare Zips to Growth

Rob Kennedy writes "The Milwaukee Journal Sentinel has a story about PKWare's new business plan. It talks about the investment group that bought the company after founder Phil Katz's death in 2000, and the plan for PKWare to produce what president and COO Timothy H. Kennedy (no relation) calls 'the next generation of zip' by adding various security features."

What kind of Security features?

[Qender]

Might these security features include paying per zip file or something?

Doesn't PGP do this?

[yatest5]

When I PGP a file, it shrinks to same or smaller than when I standard zip it. Isn't that secure / small? Or am I horribly confused?

Encryption and compression make a lot of sense...

[Max+Romantschuk]

Since a Zip has to be decompressed anyway it makes a lot of sense to integrate encryption. It's easier to unzip once compared to unzipping and then unencrypting or vice versa.

Now, integrate this with email attachments and we're on a roll :)

Are zips still relevent?

[91degrees]

Most of the files I want to send are not going to compress to well in the fisrt place. Nowhere near enough entropy. The only files that will actually benefit are source code and binary executeables.

Okay, there may be some specialised industry data formats for microchips and the like, but the really large files tendto be things like pictures and videos. These are already compressed using standard lossy techniques. zipping these won't work.

Re:Are zips still relevent?

[knuurius]

I use zip for the ease of sending hundreds of files in one file and not very often for compression reasons.

Re:Are zips still relevent?

[Surak]

You know all those foosetup.exe InstallShield and similar formats? Most of those are either CAB compressed (Microsoft), but many of them are still PKZIP compressed.

Re:Are zips still relevent?

[AKnightCowboy]

(Although maybe someone will prove me wrong and say 'I update existing zipfiles every day, it's an essential feature, what I do is...'.)

It IS an essential feature and I do use it all the time. Being able to pop up Winzip and read individual files in an archive without extracting the whole thing (which can be hundreds of megs) is much better than the tar/gzip approach that's standard on UNIX systems. Hell, even Sun realizes that. Their recommended cluster patches are distributed in a zip archive so you can easily pull out individual patches without unarchiving the whole 50+ megs and thousands of files.

Great

[e8johan]

This seems like a good plan. I'd like zips to have:

• global password (for the filelist)
• per file(s) password(s) (for groups or individual files)
• version management (store changes, but keep the original)
• signing (both global and for file(s))
• execution abilities (oops, could trigger viruses, must be signed, but for example decompress files and compile 'em)

What I would also like is for them to go open source and actively support *nix (including Linux and MacOS X).

Cool moment.

[Soulslayer]

One of the coolest moments of the many GenCon Game Fair's that I attended in Miwaukee, WI was when a panel consisting of most of the premiere Origin producers including Richard Garriot and Warren Spector took a question from the crowd during the Q&A session and when the nervous speaker said, "Well I have a programming question...and...um.. well I'm from a little company in town...do you know PKWare?"

And all the members of the panel looked at one another and then started doing the Wayne's World bow and chanting, "We're not worthy! We're not worthy!"

Then Warren (if I remember correctly) made a mildly sarcastic and admonishing comment towards the poor PKWare dude along the lines of, "Hey man you guys have saved us tons of money on media. We use Zip all the time. Of course we know your company." (games of the era were beginning to approach some 30 floppy discs compressed and CD-ROM had not yet become an affordable alternative)

It's nice when a little mostly unkown (at the time) company making software compression utilities gets recognition from a (at the time) powerhouse game development company like that.

Could work

[Anonymous+Cowdog]

The .zip format has great inroads into the corporate world, whereas PGP is still a geek's toy. By leveraging (cough) the massive usage numbers, they could be successful with this. Of course, it remains to be seen what features they want to add. But enough zip files fly around corporate networks without security, that it does make sense to improve PKZip in that area.

On the other hand, WinZip has a a head start, as the preferred way to deal with zip files for most people. And the PKWare website seems to come up blank on Mozilla, not an encouraging sign.

But what I really want is security for my PDA data, so it is secure over the network, and secure on the hard drive of any PC, even a PC that others have access to. Can zip help with this? Not sure.

Re:Encryption and compression make a lot of sense.

[akruppa]

Hopefully, if this is what they want to do, they will do better than the embarrasingly insecure "encryption" that the old DOS PKZip included (a cryptographically-weak LFSR-based stream cipher).

Yeah, the cipher was pretty weak. Interested people might like to read the paper A Known Plaintext Attack on the PKZIP Stream Cipher by Biham and Kocher. Esentially, a string of 13 known bytes and a few hours on a good PC will decrypt the rest of the file.

But what's even worse, imho, is the horribly bad implementation. They encrypted only the file contents; file name, size and (what were they thinking?) the CRC were all in the clear. If you were using encryption to hide the fact that you possess a file you're not meant to, Pkzip will do you in real nice.

All in all an excellent example of how crypto works not.

Alex

zip & unzip everytime.

[DrXym]

pkzip/pkunzip were great tools, make no mistake but these days there is little reason to use them unless you're DOS bound. Perfectly fine open source versions exist and the likes of WinZip and XP's own zip folder extension cover the GUI side.

On the subject where the zip format should go, I believe it would be nice to see some new compression algorithms - I believe the header has space to define new types. The bzip2 algorithm would be a lead candidate. It would also be nice to see encryption and signing capabilities incorporated, perhaps based on the Java archive (jar) format.

Another thing that would help compression were if there were something akin to the tar / cabinet file mechanism for compression, where the entire contents and manifest are concatenated and compressed as a single entity rather compressed individually. This would allow for some very tight distributables.

Re:Encryption and compression make a lot of sense.

[jonathanclark]

Since a Zip has to be decompressed anyway

While until just recently, this was true - now you can create a "ZIP" file that doesn't decompress. The idea is instead of decompressing the files to disk, a tiny user-mode OS is inserted between the application that needs to use the data and the compressed data. The new OS does transparent decompression/decryption and to the application it appears the files reside on the hard drive. The OS provides streaming decompression so only small blocks are decompressed at a time and the memory requirements are very low. Yes, the data is present in memory in unencrypted form at some point so it is possible to hack - but it provides a pretty good level of data security.

The cool thing is that the archive size is usually the same size as a ZIP, but it runs directly with no install and no decompression time. Usually applications load 2x faster in this state.

This is something I've spent the last year working on. Checkout here