Slashdot Mirror
New Virus Attacks Via RAR Files
sscottsci writes "A new article at eWeek indicates that Virus writers are using .RAR files to bypass Filters and Anti-Virus systems to infect computers. Most anti-virus software cannot scan a .RAR file, and most firewalls do not block the extension yet."
...most firewalls do not block the extension yet.
Well, I know of a few that do now... Seriously, is this that much of a threat? Winzip (AFAIK) doesn't handle Rar archives, and most users wouldn't know how to open one if they did find one in their inbox...
Code, Hardware, stuff like that.
Goatse once came to me in a .REAR file. Close enough to avoid.
Table-ized A.I.
don't accept rar files from people you don't know. And, if you do, don't run random executables inside them?
Le français vous intéresse?
Rar files are most commonly used in the legal archiving of binary files and DVDs.
"Most anti-virus software cannot scan a .RAR file"
What? Is it really a case where the software can't scan the archive or is it just that it's not included in the default types of files to scan?
Just tested this on AVG and it indeed scans rar archives.
I fail to see the problem here. TFA says that the .rar contains a file like foto.jpg.exe. This is nothing new, they're just using a better compression program to spread their malware.
Carry on with the downloading, there's nothing to see here...
Don't buy WoW Gold! Make it yourself!
This would have been more of a threat had it been in .CAB format. Not everyone uses .RAR files. Heck, in my company there are a grand total of 3 computers capable of even opneing a .RAR file...the one I'm posting from is one. On a side note: my wife got this virus emailed to her and she called me at work to ask what a rar file was... Needless to say, this virus will not be long-lived as it's just plain stupid.
Fortunately, your grandmother has no clue what a .rar file is or how to open one, leaving her safe from infection by this new method. In fact, it's fairly safe to say that the only people who will get owned by .rar file viruses are lamer hax0r wannabes desperate for more pr0n.
"Warez is becoming infected with viruses!"
I find that more technically-abled people are familiar with and have installed WinRAR or the unix-variant based RAR on their system.
.exe file to be .txt and leave instructions within the .txt file to rename the file to .exe and from there ask them to execute it but the people that would understand those instructions would not be likely to follow them.
Of course, such people are less likely to be taken in by a virus, so I'm forced to believe that this new spin on virus writing isn't going to be very effective.
Similarly, I suppose virus-writers could rename their
I'm a big tall mofo.
And I've always extracted and scanned the contents before executing.
It just makes sense to me.
Ive been using rar extensions for years, never had a problem or complaint. Winrar is just as easy or easier to use then Winzip.....
All the common scanners can scan inside a zip archived file. However, most scanners cannot scan inside a rar archive. So you are getting it wrong. A virus scan OF the file will return nothing but a .rar file. The virus can be hidden IN the rar file, which is not scanned.
Hopefully your AV has a good realtime file scan so it if it written to a temp file it will be scanned as soon as it is accessed.
Boredom's not a burden anyone should bear.
"A new article at eWeek indicates that Virus writers are using .RAR files to bypass Filters and Anti-Virus systems to infect computers."
Computers or Computers running Windows?
ajf
It's not that there's a virus piggybacked on the .rar, which you infect yourself with by unraring the .rar, it's that they're sending around .rared viruses, which you infect yourself wih if you unrar and then execute them.
Not seeing the problem, aside from the same old 'don't go happy-assing around executing any damn old executable that someone emails you.'
Maybe you live in the stone age, but I know we use RAR here almost exclusively.
The reason Zip became so popular was its speed/efficiency comprimise back in the days where it mattered. Using zip, nowadays, is simply due to habit and culture. There isn't an advantage for MOST like there used to be.
RAR compression is better and has a very nice archive spanning feature. Believe me... this is ever so handy when backing up 40GB of data to a file system/Software that can't address files larger then 2GB. Couple that with the free Stuffit Expander, and I can't come up with a reason you WOULDN't use RAR.
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
... in related news eWeek is able to sell more impressions and generate more revenue by getting coverage on Slashdot for pointless non-news articles such as new Virus hides in compressed files ...
IMHO doing some filtering at the provider could help. My mail provider uses a Spam/Virus filter that works with black/whitelists for each user and a global blacklist created by the provider (Which can be overridden by my personal whitelist). Haven't seen a virus in my inbox for 2 years and counting.
A new virus is spreading through password-protected .arj files.
.ARJ file is, let alone find a password cracker for it.
Fortunatelly, no one got it, as no one remembers anymore what the heck an
Rumors said the password is "G04TSE.CXR0X".. go now then, have some fun...
how long until
ZIP files are inherently insecure (if you rely on the password protection anyways). RAR files are much more secure. Just try using one of those brute-force password cracking apps on a RAR file-- it takes significantly longer to brute force a RAR than a ZIP.
All I know about Bush is I had a good job when Clinton was president.
When the virus is installed, it has probably also deactivated your virus scanner.
Which is a pity, since .rar files are so much more compressible than .zip files. The difference is roughly the same between .gz and .bz2... What would be really easy is for anti-virus writers to include a RAR decompression library and look inside the damned files, rather than reject useful technology for no good reason
The OSS program ClamAV supports scanning of RAR files. If most anti-virus programs truly don't support RAR format, this is another big win for ClamAV. (I run it on my own server, and as part of an anti spam/virus email service and it runs flawlessly).
AccountKiller
Blocking extensions is pretty pointless ... how hard is it to rename before/after going thru a wall?
---- "Logoff! That cookie shit makes me nervous!" - A. Soprano
It seems to me this would be the simplest. Just require the virus makers to use the .virus extension and that will give the AV makers more time to perfect RAR scanning.
Is anyone with me?
Boredom's not a burden anyone should bear.
This is great. They have still not all figured out how to avoid bzip2 bombs, how are they supposed to be able to scan RAR files? I mean, heck, they can't adopt a new compression file every 2 weeks! Oh wait...
Both self-extracting RAR and self extracting zip files are *.EXE binaries. They just contain ta decompresser and some data to decompress.
.RAR files or something?
Did you think that Windows automatically knows to try and execute
# cat
Damn, my RAM is full of llamas.
The good thing is that most people can't open rar files. You must intentionally install software to unarchive rar files.
The only real concern is when kids install rar software and then a click-happy parent opens any attachment and any files inside. (or other multi-user home computer scenarios)
The only news here is that while AV software could help protect the clueless before, there is now a workaround. in a few circumstances. Luckily, this is a small enough percentage that no new epidemic can occur.
at least it is with my 2 subsidiaries there. Winzip does not do a Chinese version. RAR does.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
someone shouted HQX at me once and I didn't sleep for a week.
If your firewall blocks ZIP files and RAR files, then how are you supposed to exchange groups of files with your friends efficiently?
Isn't the WHOLE POINT of having archive file software on your computer defeated by blocking content with these extensions?
That's funny because I know several. All they had to do was see the same files compressed with ZIP, and again with RAR. Once they saw WinRAR did everything WinZIP could do, and then some, and was easier to boot, they switched.
Face it, people are slowly moving to a better and more efficient format. All we have is some virus protection companies who are on the slow end of adapting to new technologies. And it's not all that new, RAR has been around for at least 5 years.
Do you really want to trust an anti-virus company that can't deal with semi-popular 5 year old compression protocols?
I have known and been using .rar files for about a year. I would think that somewhere along the way, some anti-virus programmer somewhere would notice a security threat and begin working on scanning meathods?
Just a thought/question, if anyone has thoughts or explanations I would appreatiate the information.
WoW: Scheod 70 orc warlock on Shadowmoon
As the article explains it (you do read the articles ,don't you?). The .RAR has to be unpacked, to reveal a file with dual extensions - like "Pron.jpg.exe". .exe without running a virus scanner on it first. No one has made a .rar that somehow executes on its own. .exe's that came packed in .zip's, but this came packed in another compression. Duuh! it must be safe!". .rar or an .exe is, or they won't be fooled.
The user still has to be dumb enough to click on that
The article expresses a fear that there are people out there in cluelessland that will think "Gee, I know I should scan
There may be three people on the whole planet who are actually at that particular mix of clueless and clueful states. The rest either still don't know the first thing about what a
If a journalist tried to make us all afraid of the risk of terrorists that try to sneak through customs by disguising themselves as Mexican Banditos, complete with bandoleers of bullets, some people would probably buy that too.
Who is John Cabal?
And thusly, isn't it a trojan and not a piggybacked virus?
When I was a kid, we only had one Darth.
It is true that most warez files are compressed using RAR. But it is also true that the general warez kiddie is not the type who would click on any executable without some virus checking. (Yes - it seems a shame - but the run of the mill warez kiddie is not the clueless user who clicks on every attachment in their email).
Comment removed based on user account deletion
Last time I looked at WinRAR it had no support for NTFS Permissions, unlike WinZip. Which makes it pretty useless for backups outside of the proverbial mom's basement.
Nice elitest answer there. YOU can't think of a good purpose to use
Also, I prefer the
What would be really easy is for anti-virus writers to include a RAR decompression library and look inside the damned files, rather than reject useful technology for no good reason
The FAQ claims that it doesn't open files produced by anything newer than WinRAR 2.9. Newer formats seem to be undocumented.
One of our customers started blocking zip files. So now we either rename them to zi_ or use another kind of compression (rar, gzip, etc.). What on earth is the difference? A virus can latch on to whatever it wants - it would take almost no effort on the part of the author.
What will fix this is more knowledgeable users and up-to-date antivirus software. My own users get viruses from other people, but either the antivirus software catches it, or they simply call and ask what they should do (delete or send it to me first).
Soon our customer will probably start blocking rar files, then zi_ files. It is the probably one of the laziest ways to block viruses, and not really that effective at it.
Vote for global prefs bug
A new version of KaZaa has just been released
Linux is not Windows
Personally I prefer WinRAR to any compression program currently available.
Unfortunately, WinZip sucks beyond words.
XP's Native handling of Zip files is annoying at best, and is usually one of the first things I disable whenever I install XP.
I guess I just don't understand what the "nightmare" part is about WinRAR.
How easy does it have to be, really? Select files, right click, select "add to archive" or "add to filename.rar" and let it run. You're done.
Extracting is even easier. Right click, select "Extract files" to get a path choice, "Extract Here" to uhm, extract in the current folder or "Extract to filename" which creates a folder with the same name as the file.
Not to mention the bonus features you get if you bother to open the program, such as file recovery and repair, authentication checking, and the ability to extract from a partial set and even extract broken files if you really, really need them.
However, this should not be an issue at all, since most people don't have any support for RAR files and therefore can't open them to run the executable inside it (which is monumentally stupid anyway and whoever does, deserves whatever crap they get installed as a result of that action).
As for the "yet" part of blocking...
When are we going to put the responsibility in the hands of the user and stop dumbing down the internet? There are those of us who actually know what we're doing, don't open unknown attachments, never get viruses or trojans and always get pissed off when email servers filter out valid files.
I can't even send a bloody Word document because of the "risk of macros".
Gimme a freakin' break already.
Listen up people, if you're too dumb to use email without infecting your computer with the latest malware, maybe you should reconsider email as your communications method of choice.
-- This sig for rent.
Windows doesn't have a .rar viewer built-in as standard anyway. It would be a bigger problem if windows could open .rar files by default.
.rar users to the not-quite-so-dumb crowd, as they had to at least know enough to download a .rar archiver to open the virussed .rar in the first place.
.rar ;-)
This elevates most
Even most l33t h8x0rs use
Just how often do you email 40GB files?
You're right that it's basically 'habit' that zip is used, but there has been abosolutely no reason to expect/need our users to download, send or receive RAR files. Because, as you said, that "habit".
When our clients start wanting to send us stuff in RAR, we'll deal with it. Until then, there is no reason and I suspect that this is true for most (not all) corporations...
F.U.D. FEAR UNCERTANTY and DOUBT. This is a ploy to scare the masses. This is not really new. This isn't even that much of a risk to most companies. Rar is not a standard that IT people rely on. This seems to be aimed at generating FUD into the the public. This can happenen in any type of compression tool. .rar file types at the FW. I don't have any problems with blocking any type of attachments.
Yes AV scanners can scan RAR files.
Where does this guy get off saying you can't block
This article is crap and only posted to stir a commotion.
We shouldn't waste anymore time on this post. I am sure we have something important to discuss.
Umm, this is REALLY old news. This particular method of trying to sneak past virus scanners has been around since at least March 2004 (search Google for W32.Beagle@mm!rar).
Well then what's the big deal? Joe-AOL downloads a .rar file, but can't open it (and expose the nasty files) because he doesn't have WinRAR. This is a security risk HOW?
Thank you virus writers. Now there is one more file extention that I will have to rename to .txt before sending to coworkers so that the corporate firewall doesn't automatically delete my attachment.
Thanks a lot assholes...
Maybe that's because firewalls aren't supposed to block files at all? They manage (including blocking) network connections, not files.
Yes, I know many "internet security solutions" comes with web and/or mail filter function, but that's not what you call a "firewall".
You give compeling arguments why both zip and rar are used: they became popular when the speed/efficiency compromise mattered. Using either now is simply due to habit and culture.
There isn't an advantage for most users.
bzip2, 7z, and many more compression formats are better, and you can find archive spanning programs for every single compression technique because that's such a trivial algorithm to implement.
I can't come up with a reason why you'd use rar OR zip.
Mod me down and I will become more powerful than you can possibly imagine!
Why exactly is hiding part of the filename considered helpful?!!!
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
"Using zip, nowadays, is simply due to habit and culture."
Kinda like using windows, Huh?
"Look! There! Evil, pure and simple from the Eighth Dimension!" --Buckaroo Banzai
Because RAR doesn't provide the best compression. There are other, newer forms that are better. See 7-zip, bzip2, gzip (in some cases), ACE, etc... Who is living in the stone age now?
I misread the article and assumed the case was on sending malformatted RAR-files, making WinRar.exe execute arbitrary code, which would then bypass the virus scanner, but it seems now, after a swift second pass on the article that this is not necessarily the case.
That's what I would believe as well. In fact, as soon as winrar writes the virus file, an on demand scanner ould pick it up and flagg it even before it could have a chance to do something.
"Most of these are appealing to lustful young men" :-)
only allow women access to email attachments and downloads. Problem solved
The thing about WinRAR that really bugs me is the context items it insists on adding to my shell right-click menu. Oh, that and being shareware so they expect to be paid for annoying me...
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
Educate the users not to be morons. At our site, we've had trouble working with a university because our ISP removes .exe files from attachments and their server removes .zip files. Pretty hard to exchange executables in that kind of environment.
Now we use an ftp server. All because idiots click on attachments without thinking.
Is there a free version of RAR available yet? I can use Zip for free. If I really want, I can even use it Free, as there exist open source solutions for handling Zip files.
Is there any open source RAR handlers? Last I checked, there weren't any. The only solution is apparently shareware. Well, Zip is free. Sounds like a win to me.
Besides, Zip can do archive spanning too. The Windows XP built-in Zip compressor can't, but any decent Zip program should be capable of doing it.
...and people would activate the files anyway...
Comment removed based on user account deletion
I use TrendMicro's Housecall, because I have a fear of resident AV's. They scan right through Rar's, and recently they added suppourt for modifying a Rar, regardless of if it's locked, passworded or whatever. I'm sure that most other AV companies will follow suit, seeing as how I've used Housecall on my landlady's computer (She had a virus, she wanted me to fix it) and it found some viruses, and Norton didn't. McAfee doesn't even belong in this topic discussion, it's more benign than Iceland.
Housecall @ Trend Micro
There are a lot of archive types out there (zoo, lzh, pkarc, pkpak, pkzip, tar, rar, and probably a bunch I've forgotten). However, the actual libraries required to at least perform a basic read operation are fairly minimal and many are Open Source. It would be trivial to have a generic set of calls in the virus scanner and have pluggable archive support, as new archive systems become popular.
The overheads would be minimal, as the virus scanners around today are much larger than any archive support library. The benefit would be that this kind of extension could be allowed for within days, not years.
As for checking the extension. Sheesh! Even using 'file' to check for magic numbers is an improvement on that. It's possible to trick some browsers into adding or changing extensions, so what extension the file has at time A has no automatic bearing on what extension the file will have at time B, making screening of that kind utterly useless.
Mind you, most virus scanners still don't check dead-space and can't handle stealth viruses, so why am I surprised they don't do a good job on anything else?
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Gosh. .
All my household systems come with software to decrypt rars, bzip2s, gzips, tars, etc. .
All this extra functionality results in vulnerabilities, eh?
Oh. Wait. Even when I get the file open, the trojan won't excute. Guess I better fire up Wine, see if I can get it to work.
If only Win32 was better supported in Linux, then I wouldn't have these cross-platform issues.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
1) If you think 7z is a trivial algorithm to implement, you REALLY haven't looked at it. Also there isn't (last time I checked) any mac implementation
2) I find on large files rar tends to beat bzip2
No cookie for you.
Combination - fun iPhone puzzling
This whole thing of RAR not being in use by corporate IT, that it is used a lot by warez, I wonder if certain industry groups we all know and love, would use this type of delivery method to get back at software pirates?
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
The freeware ICEOWS handles and creates RAR files. It's one of the few Windows-based freeware RAR programs I've seen. It also handles a dozen other common compression formats as well.
Actually, RAR has been around for over a decade.
:)
(Since 1993, according to WikiPedia.)
I remember investigating it back in my BBSing days.
Though I guess that makes it an even sorrier situation for AV companies.
Don't tell anyone! Now gmail may start parsing RAR files and forbidding anyone from attaching rar files which include executable files :(
:( What next, parsing the exe header?
They already do this with zip files, which is a pity. Many times, I have to send attachments which include EXE files... If this protection is implemented, we'll have to rename the exe files to ex_ or something
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
Sorry> I should have quoted, but nevertheless RTF parent (now been modded down). That was exactly my point.
# cat
Damn, my RAM is full of llamas.
I and many others in my (legitimate American) business use RAR files all the time to transfer 100+meg (compressed) files over modem lines. Due to several competing factors, the best way to get the files is good old dos copy (as inefficient as it is) and have you ever lost your modem connection in the 20+th hour of copying a file? If 73 of the 100 files made it, you're 73% done. If you had 73% of that one file copied, you're 0% done and have to start over.
Pulp Audio Weekly - Geek News and Reviews
So, you're complaining that your illegal free stuff is too much of a hassle because it's rarred and not zipped? Give me a break.
It's about people clicking on RAR archives said to contain Anna Kournikova pictures, and other women with hot grits? Well what's new there?
:-P (of course a digitally signed one so they get a false sense of security)
It's not a problem with RAR in specific... If they block RAR files, I'm sure they could instead just be guided to a web page and told to install an ActiveX control instead.
If you could only patch the real serious security holes here -- the ones in the users' brains...
Beware: In C++, your friends can see your privates!
XP's Native handling of Zip files is annoying at best, and is usually one of the first things I disable whenever I install XP.
I guess I just don't understand what the "nightmare" part is about WinRAR.
How easy does it have to be, really? Select files, right click, select "add to archive" or "add to filename.rar" and let it run. You're done.
Extracting is even easier. Right click, select "Extract files" to get a path choice, "Extract Here" to uhm, extract in the current folder or "Extract to filename" which creates a folder with the same name as the file.
Wait, so you don't like Windows XP's way of handling ZIP files, but then you go on to describe using RAR that sounds like it works in exactly the same way.
Choose a bunch of files. Right click and choose "Send To -> Compressed Folder". Right click a Zip file and choose "Extract All". Choose a location to extract the files to.
Sounds almost exactly like the way you described WinRAR.
Except for one thing: I can explore into Zip files just like any other folder. Double click on it, and it opens in an Explorer window, just like a folder. (By the way, you can also choose "Explore" on Zip files if you want to use the Explorer style interface instead of the new window interface.)
You can copy files in and out, just like any other folder. Sounds smooth to me. Last time I checked WinRAR, it did not work like that, instead the RAR file would open up inside WinRAR and display as a long list of files instead of the much cleaner list of icons you get with Windows XP's Zip support.
I can't imagine why you'd find Windows XP's Zip support annoying. I perfer it over WinZip, which is a shoddy program.
I hate RAR archives. I use WinZIP (which seems to be more widely supported) and 7-Zip. I use the latter to open up tar.gz archives.
Debugging? Klingons do not debug. Bugs are good for building character in the user.
Buy Steampunk Clothing Online!
WinZip now has AES encryption.
Not everyone uses NTFS/Windows.
This bothers me, it always bothers me when something that is not a vulnerability gets pegged as one. .RAR is not a vulnerability, and it's not a means for spreading viruses any more than any other format is. The vulnerability lies in short-sighted software development that failed to take into account that perhaps .RAR files might be used in addition to .ZIP. It's similar to the claims that international support in mozilla was a vulnerability. It isn't. the USER is the vulnerabitlity, educate the user and the vast majority of these problems will go away.
Why didn't we have problems like this in the past? Why did virus writers have to be so much more clever? It was because the only people using computers had at least something of an idea of what they were doing. Viruses are, for the most part, easily avoided. It's only when users are clueless and trusting that they are allowed to flourish.
Our greatest enemy is neither a single man, nor is it a nation, it is, as it has always been, our own greed.
just for some info... Here is an individual's little test that shows that
http://www.techimo.com/forum/t67795.html
i used windows 98 for 4 or 5 years (on irc and broadband no less) without a virus checker or firewall, and whenever i went to a lan party my friends would always make me install one (or two once) and scan before connecting, and i was always clean. preventive software measures don't solve jack.
they should have educational videos for idiot users, like sex ed. "parite.b, the silent doesnt-actually-do-anything-harmful."
When you're afraid to download music illegally in your own home, then the terrorists have won!
You can disable those.
IHBT.
Maybe because tar and tar-gzip for compression is so much safer and superior in both performance and features?
I personally use rar because it can store filenames that can contain unicode characters, something that zip can not do (or at least the zip programs I've used can't)
i had a test system get infected with a virus, and just as a test, I compressed the exe with ZOO, and none of the anti-virus programs would do anything about it, couldnt even detect it.
converted to a self-extracting file, and it was still invisible.
I even sent it off to NAV/SARC and McAfee, never heard a word back from them.
so yes, its possible and very easy to compress viruses in ways the anti-virus engines can't understand and they would slip right by...
Rar is superior to tar+bzip2 in about any regard. Its solid mode can mimic what tar is about, it can store more metadata, its compression beats bzip2 most of the time, and so on. However, if I don't know my audience exactly I don't send rar files. I don't know if people on the other end have a rar application or are willing and able to install one. Zip is the smallest common denominator, and tar.bz2 is fine for all Unix people.
Time to go back to using ARJ
I am familiar with only two anti-virus solutions: ClamAV, and Avast! Antivirus. Both of them scan rar files.
Get a clue.
Spanning across lots of small archive files means that if a news server drops files, someone only has to repost 5 or 10 megs of small pieces instead of the entire thing. Likewise for reconstruction via PAR files. Taking care to minimize inconvenience like that IS doing the job completely and correctly.
Also have news for you, winRAR doesn't "Load itself into memory" anymore than winzip, 7zip or whatever else does.
If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
LOL, yes, this is exactly why I use RAR, honestly! Jesus you're dumb.
You know, the horse and carriage has been a standard for a long long time now, so what is the point in getting around in something totally faster that then makes people go out and buy something just like it when in the end it does the same thing as that horse and carriage.
Clue: WinRAR compresses better, is more secure, and is a heck of a lot more feature rich than WinZIP. WinZIP is, to put it nicely, a piece of shit. And ZIP is outdated compared to RAR and 7-Zip (be it compression or security).
Your newbieness truly knows no bounds. Please educate yourself, don't worry, we'll all wait:
Now, STFU and sit.
All I know about Bush is I had a good job when Clinton was president.
Back in the DOS days with BBS systems we used to have software that would determine the real file type of the upload, unpack it by shelling out to zip/rar/arj/lha/ha/arj and then scan it with a couple of virus scanners and heuristics (Thunderbyte AV, McAfee Scan, F-Prot)
Anyway, while you could argue the current RAR approach does get past most email scanning systems anyone running an on-access scanner will get still get the alert it's infected the moment they try to launch/unpack an infected file from within it.
[)amien
You can remove all the contect menu items if you want to. It takes less than 30 seconds. Those items are there to make things easier for you! You must dead lazy....
I am unaware of any av software I have seen (I have seen and configured most) that cannot extract rar (even embedded levels deep) and scan the enveloped files. It seems like tech news sites are taking a que from american media (and american leadership) by sensationalizing non problems. There are plenty of real issues to deal with and bs problems like these make it harder to sift through all the crap to find what really matters. The command-line virus scanner I used to scan files that were uploaded to my bbs in 1986 could scan within rar (and most other) compressed files. Perhaps the people reporting news on technical news sites should have some sort of technical background and (preferably) experience.
...reject useful technology for no good reason"
No no, you dont understand. If you change your av code to scan rars, or if you mention "firefox" as a supported browser on your website, or if you include suport for linux in your games, then the HACKERS WIN!!
Correct me if I'm wrong, but I do not understand how this poses a new threat to any system that is protected by a working antivirus. .rar files. System is safe from virus. .rar files. User manually executes virus contained in .rar file. File is first decompressed to the Temp directory, where antivirus catches it.
Scenario 1: System cannot unpack
Scenario 2: System can unpack
I just tested eTrust Antivirus, and it does catch the EICAR test file if I try to open it from a RAR, so I don't see what the problem is.
Yep, I'll open that freep0rn.jpg.exe.runme using wine and then... omg i got a virus :D
Of course, RAR is not the best either...
Repton.
They say that only an experienced wizard can do the tengu shuffle.
No, he said something about saving it to a file system that doesn't support files larger than 2GB. Try burning a 3GB file onto a DVD.
Now accepting PayPal donations!
That made me kinda mad. The built in lib does rar up to 2.0, but won't look in 3.0s. What good is clamav with such a glaring hole in it?
Yeah, I could use the command line scanner with arcane options to use the unrar app, but that won't help my 5,000 email subscribers. So I'm bag to suggesting they use something like norton... (which technicall I never stopped recommending for obvious reasons).
Imagine if you weren't allowed to use roads because a bus company complained about your driving 3 times. --skunkpussy
People still use news servers? Christ that is so early 90s. And you all call me dense?
1) If you think 7z is a trivial algorithm to implement, you REALLY haven't looked at it. Also there isn't (last time I checked) any mac implementation
OK, the pzip people (p7zip project) have ported it to the posix command line. But you'll have to compile it yourself and write your own GUI. But you can at least work with 7zip archives now.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
The compression format of legends. If I remember correctly though, you had to use some annoying ARJ decompressing software cos nothing else would read it!
I also think all porn sites should be hosted on .cum domains.
Celebrate the finer things in life
It's only a matter of time before we see a .TXT virus. Sounds implausible, but virus writers are very good at adapting to people's work habits.
.ZIP at the perimeter (at a firewall or mail server.) People still have work to do -- so they workaround this block by renaming .ZIP files as .TXT files. We have several clients who *REQUIRE* us to send them files us like this.
.TXT -> .ZIP -> unarchive habit, they'll be happy to do the same with a virus.
Many companies block
So, once people get into the
And it's going to be fun seeing the whole IT infrastructure that relies on file extensions fall into a crumbling heap.
-ch
Bzip2 + tar gets as good compression as RAR and has the added benefit of being almost ubiquitous, as well as having decent open source tools for compression and extraction on virtually every platform. Multi-volume is simply a matter of calling split before storing it.
You mean they bundle WinRAR with AOL???
In the ratio of compression:time RAR is pretty much the best. In the Executable test, the "best" compressor took 10 times as long to compress as RAR did (30 seconds vs. 340 seconds or so).
It's not just about the ultimate file size.
FWIW, I do agree that there are better compression systems out today, but none of them are as widespread as RAR is. Hopefully that'll change over time.
All I know about Bush is I had a good job when Clinton was president.
I've recently examined various compression ratio comparisons on the web and it seems RAR is usually 2nd best and 7-Zip is best. I expected bzip2 to be much better than rar but in fact it was much worse. 7-Zip is released under the LGPL. Compression with the maximum compression settings is extremely slow and uses a lot of memory. RAR seems like a very good compromise.
No, she doesn't care about deflate ratios as such, but she does care about how many files she can fit on a floppy, so rar matters. If she didn't care about the compression, wtf would she be doing using zip at all?
I am trolling
Can we say "unrarring" and ".rarred" please? Makes more sense in English this way.
This reminds me of my 2 year old, saying RaR! like a lion.
"Would it kill you to put down the toilet seat?" -- Maya Angelou
If you're using a single file as an archive, you want a TOC, checksums, per-file compression and encryption. Applications still need to be archive aware, but the cost can be very low. E.g., it's common to have something like
ssize_t readArchive(char *buffer, size_t len, const char *url);
struct stat * astat(const char *url, struct stat *);
where the former loads the archive file into the specified buffer and the latter provides Unix style metadata. The URL can be something like zip://zipfile/full/path/to/file. Hardcore developers can even use kernel- or user-space based virtual filesystems and the archive looks like another partition.
Once you have this infrastructure life is _so_ much easier since everything is bundled. It can be taken to self-defeating extremes, but anyone who has had to deal with somebody putting an "equivalent" file into an application's resources can see the benefit in this.
(N.B., configuration information should not be bundled. I'm referring to things like the PHP or Perl scripts for an application, things that the average user won't need to modify.)
TAR is a weird critter. It is a streaming block-oriented protocol since it was designed to work with tape drives, but it sucks on disk because the archive must be searched sequentially to find individual files. Compression was retrofitted and it's easy to transparently handle via standard libraries, but compression blows out blocking. Compression also prevents applications from creating their own meaningful TOC since the archive is unseekable. (Archive creation tools can reset the compression stream for each file, but I think my own implementation is the only one that does so. This makes the archive semi-seekable.) The format is adequate for transport archives, but that's about it.
ZIP is nice but the standard headers don't include all Unix metadata. (There are well-documented extensions that handle this information - and it's a moot point if it's bundled application data.) The format can be streamed for both input and output (which is why the TOC is at the end of the archive), but it's not properly blocked for tape either.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
It doesn't really matter how you download the files. If you get disconnected it's a lot better to have a partial RAR set than to have to rely on your download apps ability to resume (e.g. - eDonkey, BitTorrent, etc). The other problem with sending raw files (.avi, .iso, .bin) is that, if an undetected error manages to get through your download you'll have a difficult, if not impossible, time figuring out how to get just the portion of the file you need to fix it.
With RAR's you can just redownload the part that's causing problems.
All I know about Bush is I had a good job when Clinton was president.
Personally, I found myself quite suprised that support for this wasn't there already.
Commercial antivirus vendors should have implemented this. It seems ludicrous to me that the vendors of these products skipped a popular compression mechanism just because nobody had bothered to release a virus that understood it first. Security companies should be preemptively building in support for things like this. It's not as if it was an unpredictable issue.
The free(speech) ClamAV has support for this already, and I would hazard other compression formats as well. It obviously doesn't take *massive* developer effort to add support for things like this. And it's obviously something that people have already thought about it.
One of the reasons why we have such a problem with these things is that *even vendors of security products* don't seem to want to think proactively about issues that might arise. They wait for something to bite them in the ass before they fix it - leaving everyone vulnerable in the meantime.
"Pokey, are you drunk on love?" "Yes. Also whiskey. But mostly love... and whiskey."
Lets look at some of those "reasons" for using rar:
"Because the releases consists of small parts you don't have to worry about re-downloading the whole release if something goes wrong and a file gets corrupted."
BS. In this day and age of high speed internet this is not relevent. Especially while using torrent files. It really wasn't ever relevent during the modem/bbs days. Z-modem had resume downloads and everyone used it. No need for rar then.
"You can control that everything has been downloaded correctly by checking against the SFV-file. Hence you will always know whether you've gotten a complete uncorrupt release of what you were downloading."
Again not relevent. If you are taking the time to d/l instead of actually buy something why the hell would you care if it was complete? As long as its not infected (which you just scan it to find out) and works then who cares.
"You can download from multiple sources at the same time - ensuring comformt and maximizing your download speed."
Torrent files and high speed internet trumps this one too. Another not relevent "arguement".
"We ge a standardized way of sharing, which DC obviously benefits greatly from. You will learn to recognize a good release and be spared the inconvenient trouble/surprise of poorly ripped movies by amatures."
Opinion. Yeah, those handicam releases of highly compressed video sure do benefit from being split into hundreds of small files and stuck into another archive. Clue, you don't gain anything by recompressing video.
I have yet to EVER hear of a valid reason to use rar. It seems people use it to be difficult and thats about it. And and don't give me the bs about newsgroups. They are slow and unreliable and extinct.
"Clue: WinRAR compresses better, is more secure, and is a heck of a lot more feature rich than WinZIP. WinZIP is, to put it nicely, a piece of shit. And ZIP is outdated compared to RAR and 7-Zip (be it compression or security)."
What possible features could you want except that it compresses (who gives a shit about sizes these days) and it extracts. Passwords are a pain in the ass and anyone that password locks their archive then uploads it for people is just trying to get their hit counts up for their web sites.
So again I ask, give me a good reason why rar is better?
You misunderestimate the purpose of the internets. :)
Soylent Green is peoplicious!
As for the "yet" part of blocking... When are we going to put the responsibility in the hands of the user and stop dumbing down the internet?
When the stupid end users stop downloading everything they can to infect thier PC's with spy/mal-ware. You are the EXCEPTION. "End User" is equivalent to a 4-letter word in our department. Every inch you give them is a mile they make you walk to fix their problems.
Sounds like you've never worked any kind of support job. People do stupid things that you tell them not to do. They will do them multiple times, after being told not to multiple times. Some of them are management, and therefore not generally subject to punishment for violating said rules. Everyone must have their pretty screen savers, fun animated cursors, and dressed up email "stationery".
Don't get me wrong, you sound like someone who is fairly educated in what not to do. As the MIS/IT/IS dept, we do these things in self defense. It's not you who has to answer to the CIO/CEO as to why we got nailed by the XXX worm/trojan/virus.
My 2cents...
Also WinRAR is completely compatible with .zip archives.
The biggest difference I have noticed as far as "ease of use" is that WinZip has nicer icons. (Oooh, shiny. Me want eye candy.)
Ok, now tell me really how many times that actually happened to you? I've NEVER seen it happen. In the world of cable modems nor did I have it ever happen back in the slow modem/bbs days.
If a protocol is designed to help with corrupted pieces I'd rather let the protocol do all the work instead of me having to sort through hundreds of tiny files to find the one that is in error.
I don't buy into any of the reasons posted so far because they are the same reasons from over a decade ago.
Those tests weren't all that great. bzip2 is great at text compression for example, but not good at other stuff. It makes no sense to test it on binary files. I've seen ACE better than RAR in some tests, results vary. Also, I didn't see 7-zip or a lot of the lesser known formats tested.
Well, since you're probably wanting to use RAR to download warez, why not just download the cracked copy of WinRAR?
Why are there only 19 people folding@home for slashdot?
It's possible she can simply afford a 2nd floppy too. But you're scenario will definately be true once Bush crushes Social Security.
Why are there only 19 people folding@home for slashdot?
I, like almost everyone else on the net use RAR files to compress stuff. They are especially good at compressing various 3D and music projects down to a manageable size. But a few months ago I started getting really curious about Alternate Data Streams (ADSs). For those of you who dont know what an ADS is, its essentially something M$ has worked into Windoze that allows you to attach various files to other files. Sounds harmless with that description until you realize that when a file is attached to another, you can not tell that a file is attached by any means other than running a special command. Even worse, the files you attached are copied to a location somewhere outside of the partition making it harder to detect. Well, it just so happens that RAR compression is the only one that I have found to date that supports compressing these ADSs. Still worse, just like in windows explorer, you cant tell that the file is attached by just looking at the screen briefly. The only way to make sure is to carefully look at the expanded size of the file(s). If they do not match the size given inside WinRar or whatever, then chances are theres a file attached and who knows what it is. Theres some nasty security flaws with RAR compression that I am wishing very much to be fixed in the near future. Just be on the lookout.
I'm talking about businesses here. I work with people on a daily basis who consider Microsoft Excel's password function to be an effective way to secure data. (Some newer versions of Excel can actually encrypt the workbook, but then the automated tools we use can't open the file.)
I think RAR makes a fine compresion tool, but business users aren't known for evaluating a tool based solely on its merits.
For more information, click here.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
4987867957350+
In WinRAR, the RAR-version is decided by what "features" you use while creating the archive. On a normal archive, the version is either 2.7 or 2.9; I can't remember.. --AFAIK, the version goes up if you embed NTFS metainfo and such; so most people end up making version 2.7/9 -archives, anyway. (Optimizing compression and stuff assumably bumps the version, but many go with the default..)
8758
A horse can't be sick, you know, even if he wants to.
Clearly you've never experienced line noise. Me, personally, if I was downloading something back in the BBS days and I had a bit of line noise I'd rather be able to download another smaller RAR piece than have to redownload the whole thing. Z-Modem wouldn't have done squat in that situation (which was so common that *drumroll please* this is why people doing this began distributing things this way). As for as BitTorrent goes, sure, it's a lot better at catching errors and correcting them, but it's not flawless. You're still better off with RAR+SFV plus BitTorrent doing it's MD5 checks than with just BitTorrent.
Yes, who cares if you got the app but no documentation to go with it. It's all greek to you, obviously!
No, Torrent files and high speed internet don't trump that point. It's rare when a torrent will fully saturate your download. And since many BitTorrent downloaders allow you to tag individual files in a torrent, you can mark RAR's you're getting from the torrent then unmark RAR's you're getting from another source (so you can fully saturate your connection).
That site listed in a thoughtful manner all the reasons why you'd want to use RAR. If you choose to ignore it because you think you know better (hint: you don't or the scene wouldn't be using split RAR's), that's your perogative. But at least a no nothing like yourself isn't responsible for scene releases or scene rules.
All I know about Bush is I had a good job when Clinton was president.
"This just shows that blocking .zip files doesn't do the trick, and only prevents people from doing their jobs. Who is stupid enough to open pornographic material from an unkown sender anyway? Especially at work? They get what they deserve. IT departments need to figure out that they need to be training people instead of just patching Windows. Wait, that's about all the time they have with the state of the Windows world, budget cuts and outsourcing. Even we Mac users are hobbled by the troubles of the PC world. Why should zips from contacts be stripped from emails, just because Windows is far from secure?"
My digital rights don't need management.
Some folk are afraid of installing programs. Especially with all the warnings we give them about the dangers of installing programes (e.g. spyware) on their pcs from the web!
For most software distributers, zip is an easy choice. It's not perfect, but it works. But it's a right pain in the ass when your vendor has a zip file of an 8-meg network driver. Hello, chicken and egg problem, make your network drivers 1.4 Meg or make them spannable!
"Because the releases consists of small parts you don't have to worry about re-downloading the whole release if something goes wrong and a file gets corrupted." BS. In this day and age of high speed internet this is not relevent. Especially while using torrent files. It really wasn't ever relevent during the modem/bbs days. Z-modem had resume downloads and everyone used it. No need for rar then.
You have obviously never done binary transfers over usenet (which is still very common today). It's done almost exclusively using RAR because news servers DO drop posts which means that you WILL lose parts of the archive.I thought that RAR was better because it used a method very similar to UHARC to provide a much higher compression ratio than ZIP files, especially for multimedia files. So, if storage space is no problem, then you might as well go ahead and use ZIP. But if storage space is no problem, why do you even compress at all? Hell, why not just use TAR? That's a standard, has been for a longer time than zip!
Not everyone uses NTFS/Windows.
Do those who do not use NTFS/Windows matter to companies that perform cost-benefit analysis? Name a national brand x86 PC marketed to residential users that comes with a keyboard and mouse but doesn't come with the hard drive preformatted for NTFS and preinstalled with Windows XP, and I'll believe you.
I actually did this back in the BBS days because some moron, probably with the same mindset as you, insisted on uploading some 400MB file to a BBS instead of uploading the original scene release-- turns out there was an error from line noise midway through the file. How did I solve it?
I wrote two simple utility programs:
- The first one made an empty file of any size (file was filled with 0's). I used this one to create a blank dummy file so I could do a Z-Modem resume at the point where the corruption occurred (so I wouldn't have to redownload everything up to that point to get the bad data).
- The second one took data from one file at a specific offset, then a specific amount of that data into another file at that same offset.
With those two apps I managed to save myself from having to re-get the whole mess.This was something I could have avoided if the moron had used RAR and split it up.
All I know about Bush is I had a good job when Clinton was president.
Zip and Rar have too completely different design philosophies. Zip compresses each file individually which means that you can access each file seperately without having to decompress the entire archive. Rar compresses an entire collection of files, which means that it can further compress archives when files are similar to each other. Try compressing a directory of log files with Zip and then again with Rar, you'll see the difference.
As to movies being rar'd into a million pieces, that just means that it was at some point transfered over usenet (or maybe IRC). Corruption of part of a transfer is a fact of life there, so breaking a file into a "million" pieces and providing parity files is normal.
Comment removed based on user account deletion
Why even **consider** having to block rar files?
.r4r or something. get real. what are we, a bunch of 3rd grade marketting types?
THEY ARE USEFUL ESPECIALLY OVER A NETWORK, you know, they reduce file sizes.
Instead: educate, and write decent sandboxing / active protection software that will scan on decompress.
OK, don't bothc the job, do it right.
blocking rar files... great then all warez sites will rename to
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
Rar is a file format? I thought it's the noise gay lions make.
Democracy is two wolves and a sheep voting on lunch.
Personally I prefer WinRAR to any compression program currently available.
For home users, WinRAR is much more expensive per seat than 7-Zip.
It just amazes me what works. If there really were topless pictures of Paris Hilton in the file you'd get hundreds of thousands of installs.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
For the people who would actually be using NTFS permissions to its advantages, they probably wouldn't be backing up using ZIP or RAR files, they'd spend a little extra and get a different type of backup solution, such as tape or some sort of network storaged backup. But for a simple server where there are maybe 5 people using it, permissions isn't a big deal and can easily be reset if needed.
Kernel Krunch - Part of a Complete OS
Dude, there's already an evil bit for this sort of thing. ;)
http://www.faqs.org/rfcs/rfc3514.html
If you are taking the time to d/l instead of actually buy something
Then what about works that are not available for purchase and will not become available for purchase in the foreseeable future, such as for some politically correct BS censorship reason? You try buying a DVD copy of Disney's Song of the South.
why the hell would you care if it was complete? As long as its not infected (which you just scan it to find out) and works then who cares.
But how can you tell whether something "works" without also checking whether it is complete?
Actually, I've done support for an ISP, and I got my share of stupid questions (hint, I don't anymore, as I simply cannot stand stupid questions), the single dumbest question being "hi, do you have the latest version of the Internet?" the day after AOL launched a media blitz for the latest version of their software. Of course, I said yes, and signed up a new customer.
I understand people do stupid things. But why waste tons of cash on fixing the issue when you can just spend a little bit of cash up front to educate the employees on what not to do... and then fire them if they don't listen.
Just imagine how many lost manhours could be recovered in the corporate world that way.
-- This sig for rent.
I was refering to the SENDING of said material via email. Perhaps I should have said: "How often do you send 40GB emails?" Great, you can compress and break up a 40 gb database down to 10 or 15 2GB files... Bully for you! Now, why would those files need to be sent either by email or http(s)?
For one, Norton AV is a big resource hog. For another, AVG seems to scan files faster than Norton AV. Now AVG can scan RAR files, while Norton AV ignores them. Also the Free version of AVG has free virus definition updates, but Norton AV only gives you a year of virus definition updates and then asks you for a code to unlock that feature. I know of a lot of people still using a Norton AV that had the subscription run out, and I tried to tell them to upgrade it, but they don't know how, and get overun by the latest viruses. So I usually switch them to the Free version of AVG because it is free for personal use. Organizations usually have an IT department that can upgrade subscriptions for them.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
Yes, it is. But it's so much better than 7-Zip, I'm willing to accept that.
Like I said. I prefer WinRAR. It's not a matter of saving a buck. If it was, I'd be using the built in XP Zip support, which I dislike very much.
-- This sig for rent.
Why exactly does putting viruses into .rar's count as a new virus attack technique?
This is the same thing that has been going of for a long time with viruses in compressed files.
What's next, complaining that there are viruses in tar files? Suggesting that propagation of viruses by usb-flash drives, DVD-RW's, SD camera memory and so on... are new vectors of propagation?
This seems like a really lousy way of trying to instill virus paranoia in people to sell more A/V software.
Then again, maybe my tinfoil hat is just a bit tight today. Does anyone think there is merit to this article?
Yah but the toolset for 7-zip on Win32 blows.
...
The free extractor for it has an interface that is reminencent of something I may have tolerated eight or nine years ago, but then again...
I also haven't checked it out for awhile, maybe it doesn't crash so often anymore?
WinRAR has really nice shell integration with Windows, to the level that even WinZIP does not have yet. I do not know as to why WinZIP doesn't do things like "extract all of these files to this directory" but....
Need help treating your acne? Come here!
F-Prot has been scanning multivolume RAR archives since version 3, WITHOUT USING EXTERNAL UNRAR like ClamAV does.
AFAIK when you decompress a file the "on-access" antivirus should catch it first. Most resident antivirus have an option to scan files on creation and on access, so it's not really a big problem. Some antivirus like Kaspersky scan even the RAR if you put the resident scanner to scan ALL files.
And if you try to execute a file inside a RAR with programs like WinRAR it first creates the file in the windows temporal directory (C:\Windows\temp) prior to execution, and that leads to my first point, the scanner should get it first.
I really think there's nothing to worry with this, just be sure that your antivirus has the latest signature update.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former" - Albert Einstein.
newly discovered! big news!
//'s, commodore 64's, vic 20's. and atari's need apply) and spend 30 minutes while the casette loads.
hackers, desperate to spread their malware and viruses are now distributing them on old audio casette media. they then mail these casettes to unsuspecting foo^H^H^Hpeople telling them they are the latest MP3 songs that the RIAA has yet to discover.
these foo^H^H^Hpeople are then instructed to dig up a old walkman, connect it to their computers (only old apple
they are then surprised that instead of the latest release from brittany spears they have been infected with nasty viruses that can't do much because most of these machines don't have network connections, a tcp/ip stack or even work!
symantic and others said they'd get right to work on it. after paying off the writers for helping them reap in millions in business.
nothing to see here. move along.
abcdefghijklmnopqrstuvwxyz
I prefer ZipGenius. I can't stand Winzip or winrar.
bananas like monkeys.
back in 1997 my computer got infected with a virus from chaos.rar - a program used for swapping battle.net servers.
Same shit, different year. The guy who gave it to me didn't know because he just happened to have it handy on his linux box, I don't think that he even used it.
So much for trusting friends files.
cyn, free software and *nix operating systems enthusiast.
With the exception of #1, which is probably not exemplary of what most non-Unix users would be doing with an archiver, the rest largely consist of a few executable and huge sets of video data. For example, nothing managed to reduce the size of #3 by more than 5 percent, which is pretty much to be expected.
I'd be much more interested in the comparative results of, say, the Mozilla installation directory. Or a set of Office files. Or C:\Windows. I think any of those three would be much closer to the average user's usage.
Dewey, what part of this looks like authorities should be involved?
I've noticed that GMail won't let me send zips which have exes in them. It will however, allow me to send rars of exes.
Geee, nasty virus writers using RAR files? WOW look out, next we will see viruses in .yz1 or .bza formats. Seriously, most of our users use Winzip or XP's native ZIP (*BaRF*) so most of them will not be able to open the file. But I do like IZarc, I like to send files to people with a .7z extension and see if they can figure it out ;-)
incorrect. WinRAR supports NTFS permissions as of RAR 3.3, possibly earlier. i haven't tested it myself, but everything seems to be there.
grey wolf
LET FORTRAN DIE!
I use the free scanner Avast! and I can scan rars, so I see no probs
These viruses affect users who receive an infected RAR archive, then go out of their way to download WinRAR or some other RAR opener and unpack the executable.
Give me a break!
Conformity is the jailer of freedom and enemy of growth. -JFK
"Yes, who cares if you got the app but no documentation to go with it. It's all greek to you, obviously!"
Hahaha...exactly! Who cares! If you want documentation spend the money and buy the product. If you want it for free then you don't expect to get that. I mean really, come on now.
"the scene"
that was quite funny actually. Sounds like your some underground group doing gods work or something. A bunch of kiddies sitting around their computers ripping games and distributing online that think they are gods gift to the internet is not "a scene".
They are the equivelent of a group of lazy punks who really won't amount to much in their life but get satisfaction seeing their groups named spread on a game "release" like it were graphitti on a brick wall.
Here's another clue, no one cares who does the game releases. If it feeds your ego then good for you but at the end of the day all that extra crap gets deleted. You do realize how stupid you sound, right?
Rar uses a proprietary compression algorithm. It's free to decompress RAR's (as has been pointed out already) but to make RAR's you need to buy a RAR license. This can be a deterrent to OSS proponents like myself. Sure, one can do as the kids do and use a demo of winrar indefinitely, or use a warez winrar, but the right thing would be to register it or seek a free alternative.
RAR is wonderful, there's no doubt, but I use the GPL'd 7z (7-Zip) format for my own personal archiving. It's open, compresses at least as well as (better in many situations) RAR, but can be quite a bit slower.
If I used RAR for work-related archiving as you do, I would definitely register it, because the speed and compression offered by RAR is well worth it in that situation.
I tested McAfee and ClamAV with a Eicar.com test file compressed as Eicar.rar, and both of them got it. Since it's the 2 products used at work, we consider ourselves OK as long as the signatures gets updated.. which is done automaticly :)
Menzoberranzan Networks
In the ratio of compression:time RAR is pretty much the best. In the Executable test, the "best" compressor took 10 times as long to compress as RAR did (30 seconds vs. 340 seconds or so).
Indeed, and if you looked closer, you would see that RAR won the "best overall" prize in the executable compression test.
If you look at some of the other tests (eg, the Worms 2 test), you would see that something called SBC was often both faster than RAR and able to produce smaller files...
Repton.
They say that only an experienced wizard can do the tengu shuffle.
7-Zip is open source and opens RAR. It doesn't create them though.
Other than it compress quite well, the best thing about rar was it allowed you to send file to someone even if they had bid firewall/e-mail security. All that because those files were not scanned or blocked ! I hope it won't change soon. It was already hard enough to explain to the person how to open the rar file, let alone using a ftp client!
It reads as though RAR files are infected when they're not, they're just a container. Doesn't anyone who cares about virus security actually scan the files after they extract them but before they run them?
Next thing we'll be getting complaints about ARJ files, or ACE files or UUE files containing viruses.
As a technical user I'm against our corporate firewall/mailsweeper/whatever blocking access to attachments purely based on extension. I actually need some of the zip/exe/doc/etc files that are being sent to me so I can do my job. Overzealous email rules are making it much more difficult to do it.
If you know enough to be able to extract a rar file, you probably know how to scan the file after it's uncompressed.
So again I ask, give me a good reason why rar is better?
Compression ratio on divx/xvid is better under rar than winzip. The random xvid shows 367,044,608 packed to 337,342,228. That's a savings of 29,662,380 bytes. While some might not think it's worth the time to say 30 odd megs, it is close to 9% savings.
(who gives a shit about sizes these days)
Few would care. Among those that would are co-lo users who don't want to replace their hard drives so often. Even a small 9% means 9 extra gigs per 100gigs. Users in regions who pay by the byte would also care.
What possible features could you want except that it compresses
The number of archive standards it supports? Winrar supports "7Z, ACE, ARJ, BZ2, CAB, GZ, ISO, JAR, LZH, TAR, UUE, Z" -(winrar help file). This was a good argument pre-windowsXP. Why buy winzip that supports only ZIP when you can buy WinRAR that supports a whole slew of standards used on the net including zip.
You can't say that now XP supports zip. Winrar may still be useful for a windows user for it's ISO, JAR, and CAB support.
Passwords are a pain in the ass and anyone that password locks their archive then uploads it for people is just trying to get their hit counts up for their web sites.
Encrypted archives are useful to prevent 3rd parties from sniffing packets. You might be paranoid that your ISP is looking for pirated material. While keeping a password on a website is a weak form of security, it's also adquate to prevent random detection. It's likely to keep their hit counts up, but that doesn't mean there isn't a side benifit.
So again I ask, give me a good reason why rar is better?
1. Higher compression ratio esp on divx/xvid.
2. The rarlabs application supports compression standards than winzip. It also supports ISO and TAR.
I'm not saying the world should convert to RAR. I even concede that it's damned annoying hitting rogue sites that use an *alternative* standard. But there are valid reasons to use RAR that I can not ignore.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
On a related note: today I received a couple of .zip attachments that each contained a file with a name of the form foo.html\ \ \ [a couple more] \ \.com
(This is what I saw on my shell prompt; they were newlines really.) Executables of course, and no doubt viruses. But this trick was new to me.
Downloaded: winrar_3.24_REGISTERED.rar
Wait...
Information wants to be free.
Entertainment wants to be paid.
You just want to be cheap.
Please provide a link, or post the paper as a comment.
What program do you recommend for compression and encryption?
The workaround is to open all received e-mail on Windows machines using the included WordPad program. It reads both .DOC and .RTF files, but can't run macros.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
people would still run it because it would be labeled cool_pics.virus and windows will hide the .virus by default so their machines would get infected immediately.
please me, have no regrets.
I've seen a few big companies run WinRAR on their desktop machines. The user can easily use the 'extract here' context menu and then execute/open to their hearts content (I mean it's not like the old days of the RAR command line).
But that's not the point. IT professionals will NEVER achieve the goal of making security a priority to the user. The user only needs to know what gets the from A to B, and screw everything else. Remember, most end users think of IT (in the info security sense) as a nuisance to be ignored.
Disclaimer: I might be redundant, but i haven't seen this discussed while skimming the thread.
I don't remember seeing AV software that didn't scan inside RAR archives, at least not in the last 5 years. All the mailserver setups I did that had virus scanning also scan inside RAR archives. That must mean viruses as RAR attachments are not a novelty, do they?
A more recent trend seems to be encrypted RAR or ZIP archives, with the password included in the e-mail (sometimes as a picture, thus making sure of human involvement). That's also old, I think I saw this for the first time almost a year ago.
You are correct. I think the solid archive option of rar is what makes it worth using though. So far as I know, there isn't a similar options for Zips, but correct me if I'm wrong.
While that might seem an attractive option to some, helpdesk employees worldwide are screaming at the thought of the association for .doc and .rtf files suddenly switching to Wordpad.
"Why won't my Office work, and what is this silly 'wordpad' that started up?"
"What's the frequency Kenneth?"
Rate me redundant if you like, but I insist I'm the first to put several of the points already stated today in one concise reply -- this isn't new. I've gotten about a dozen or so of these encoded .RAR files over the past few months. A lot of people don't have the tools to extract them (I had to teach our IT staff what an .RAR file is the first time I was sent one of these viruses), but they arrive with a note that says here's the password, extract the .EXE file from the enclosed .RAR, and run the thing to get a screensaver or whatever. .RAR password protection is used because it is so hard for mail servers to detect on the fly. Most (but not all) of the viruses in these .RAR files were detected the instant that I decoded the things (yes, I am foolish enough to rely on IT to catch me with Windows-based software if I fall).
So despite all of this discussion, (1) the distribution method has been around long enough that Symantec Anti-Virus can detect these things, and (2) many of the posts here say virus writers should instruct their users on how to open the file. They already do!
Did anyone bother to ask the customers what they want?
My approach simply tacks on '.txt' on the end of ALL email file attachments filenames. As a result, system compromise is IMPOSSIBLE this way provided Windows still associates .txt files with Notepad/Wordpad and those programs haven't been compromised.
In this manner the incoming file attachments can be safely scanned for viruses, deleted, quarantined, or renamed by removing the '.txt' at the end and put to use.
If you want to learn more and download my quality (but bland-looking) Windows freeware/shareware, visit now.
P.S. since July 2004, I've only gotten a handful of 'no content' email spam at iamcf13@hotpop.com. This technique is used by spammers to validate working email addresses that do not bounce. That is the only spam I recieve nowadays. All the rest is autodeleted by cf13-pop3.
However, I DO wish I could run my shareware mailserver cf13-smtp and avoid downloading the spam in the first place.
Which major brand x86 PC comes with Linspire preloaded?
My norton internet securit 2005 scans rars just fine, which is ironic seeing as it came in one and yours didnt.
Like the saying goes, never underestimate the bandwidth of a station wagon full of tapes. -Pyrotic
Serves you right for using proprietary archive formats.
that computer users can be their own best anti virus solution.
lose != loose
1) I said spanning is a trivial algorithm to implement, not 7z. RTFP. Anyway, though, why are you even arguing this?
7z is open source. It's available for all *nixes, including MacOS X, just like bz2. You want to use it but not implement it? Fine. Use the freely available implementations.
2) Good for you. As I said, there are many, many algorithms that usually beat rar. Obviously, there are select cases that rar will win. Claiming that rar wins in one type of file against a single algorithm does not prove that rar is efficient.
Mod me down and I will become more powerful than you can possibly imagine!
They've been doing that for a while. The antivirus just scans for the signature of the "self-extract and execute" code piece, and in some occasions implements the unpacker itself so it can scan the content, once the packed object's signature has been detected.
Even for polymorphic code, you can still find the unpacker's signature, albeit with a bit more difficulty.
Your anti-virus program DOESN'T need Winrar to extract a RAR file. There is source code that programs can use. See here: http://www.rarsoft.com/rar_add.htm
Yep - makes pretty much sense to me.
The thing is though, when you've got an employee playing Freecel or Solitaire all day long on their computer, that should be telling you something as their manager..... I would take that to mean either A.) I'm not giving this employee enough useful work to do, so I need to rethink what duties/responsibilities I'm assigning my staff, or B.) This person would rather screw around and play games than get their work done that they're paid to do here. Either way, "band-aiding" the problem by removing the game from the PC is probably NOT the real solution. These are the same people who will go take 30 minutes coffee or smoke breaks, wander the halls trying to look useful, or waste time on the phone all day long if they can.
http://www.walmart.com/catalog/product.gsp?product _id=3212103
In response to this and this all I can say is that the spam menace necessitated integrating antispam code to cf13-smtp. Why not fight spam at the SMTP level and keep it out of the networks once and for all in the first place? As for the mailbox scanning, how else is the mailserver supposed to detect spamlike email?
With a bit of effort, cf13-smtp can be configured to act like a regular MTA. This is accomplished by sending all email/spam logging to the bit bucket and allowing all incoming mail with a SpamByte code of 255. But doing all that ultimately allows is the influx of spam to the networks it services and defeats the purpose for the program's existence....
rar has all and every feature you'd want, 7z and maybe bzip2 offer slighty better compression (not much diff at all) but lack the features rar does.
I understand people do stupid things. But why waste tons of cash on fixing the issue when you can just spend a little bit of cash up front to educate the employees on what not to do... and then fire them if they don't listen.
Corporate MIS/IT/IS dept is a whole different world to an ISP. The average ISP's won't take any responsability beyond here's the settings for your email program & dialup settings. The Average MIS/IT/IS dept however has to maintain and keep every desktop running and in many cases has VERY limited recourse to assign blame when things go wrong.
What do you think will happen when you tell a senior manager that they have done simething they aren't allowed to on the company computer?
The response is simple, instead of allowing them selfrestraint you treat them linke a pre-school child. eg Instead of saying "Please don't open that door" you simply lock the door and make sure they never have access to the key.
Most places have clauses in the employment contract concerning wilful damage and even neglect causing damage. Very few companies apply that to computers. Those that do tend to exempt any management from it. Many very large companies have software policies that include diciplinary procedures, most companies don't.
Which causes problems. Or rather allows problems to continue. Because as soon as users start getting attachments blocked they seek other ways to get them. So people start bringing files into the network via floppy/cd/usb etc.
I'd rather have robust virus checking on the PC than attachment blocking. That way if something sneaks through the email or is brought in using an alternative method it should be caught and handled on the PC.
That said I see nothing wrong with having scanning at the mail server to make sure there aren't mail worms or something nasty getting through. But it should ONLY check for known malicious files/viruses not blanket block EXEs (or RARs.
Firewalls shouldn't be blocking 'extensions' in any case. Leave that to proxy's and mail servers.
If your firewall is blocking .RAR or other 'extensions' then its probably made by Microsoft and you are very very safe :-)
Whenever you want to execute something from within a compressed archive, don't you have to write it out to disk first? (Thereby triggering a regular scan of the file)
While this may keep the original (unscannable) RAR file on your system, and will make in-transit scanning impossible, every end user with an antivirus package should be protected from the contents of the RAR.
Okay... I'll do the stupid things first, then you shy people follow.
[Zappa]
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
I cant speak for linux, but for windows...winrar has to be one of the most perfect pieces of software I've ever seen. It has one of the most untuative interfaces (shell and program) that I've ever seen. It also seems to be near bug free.
:D) and winrar is probably the program i miss the most.
I'm back to linux after a few year break (when xp came out..slack forever
It's easier to fight for one's principles than to live up to them.
Sure, but now take a look at the differences between RAR and WinZIP, then between RAR and SBC (overall compression ratio in paranthesis)--
- 9,236,385 (45.6%) WinZip
- 8,462,061 (50.1%) RAR32
- 8,236,228 (51.5%) SBC
There's not nearly as pronounced of a difference going from RAR to SBC as there was going from ZIP to RAR.I'm sure in a few years 7zip will take over, so don't take this as being some endorsement of RAR as the ultimate compression method ever. :P I just don't see it going away for awhile since it meets the "it's good enough" standard.
All I know about Bush is I had a good job when Clinton was president.
There is a difference. With winrar you can right click, extract here. Not so with the windows native zip stuff. You can also extract quickly to a directory that is the arhives name under the current directory. Plus sending to email, etc.
Lets not forget the boons of batch processing and proper security (passwords) and error detection.
Lets also not forget the ability to add recovery data (parity data) to rebuild damaged archives.
For joe shmoe who doesnt have much idea about what is going on then yes windows zip support will do. I wouldnt be able to keep a straight face if i heard someone call themselves a power user then talk about using windows native zip (or any zip) for all their compression needs.
It's easier to fight for one's principles than to live up to them.
Winzip also has crappy shell extensions, and no batch ability.
When someone uses zip for a spanned archive (thankfully very rare now-a-days) what do you do in winzip to extract all 80 zip files? Before winrar you used pkunzip. With winrar you just select them all, extract here (or to a directory with the archive name)
It's easier to fight for one's principles than to live up to them.
From the dept of repetititive redundancy dept.
Most of these are appealing to lustful young men
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Sheesh. I got the press release about this on Feb 2. It made some highly suspect claims, so I queried it with the PR, got a weak answer and declined to follow up the story. Basically, it's a product pitch for software that blocks rar archives as spam, nothing more. No different to any other mail filter product, in fact - they all allow file-extension filters.
.rar archive. .rar files .zip files and include invitations to view .rar files, they're easily mistaken for .rar virus is disguised as a patch from Microsoft Corp. .rar file extensions or any other new virus. This
Here's the release:
> Hello,
> The latest virus to cripple networks is the
> are similar to
> pornography. These compressed files carrying viruses easily get past
> most commercial anti-virus products. Since so many computer users
> are unfamiliar with
> legitimate email.
> Once opened, the archive typically contains an executable file with a
> double extension, such as "foto.jpg.exe." The viruses themselves are
> new and install a Trojan or back door on the user's PC. A recent
>
> While most anti-virus vendors are scrambling to find a solution to
> this new virus, Lightspeed Systems (www.lightspeedsytems.com) already
> offers one to its customers. The company's Total Traffic Control
> v5.02 enables users to define spam patterns for email with
> attachments with
> stops the virus at the gateway until virus signatures are available.
>
> To learn more about Total Traffic Control v5.02, please contact me at
> xxx-xxx-xxxx.
One claim I queried was to define the 'most antivirus vendors' which fail to scan RARs. In reply, they could name only one.
And then we have other dubious claims like the suggestion that RAR files are the domain of pornography and have no legitimate use.
So I discarded the release and declined the offered interview, though one shouldn't come down too hard on the vendor in situations like this: this is not the first time I've seen someone get it in the neck because of lousy PR.
Kaspersky AV has always scanned RAR files...little danger if you use kaspersky. As far as firewalls blocking rar files...simply solved by turning the extensions into .00, .01, .02, etc.
Insert_Ending_Here
Is it this paper: Attacking and Repairing the WinZip Encryption Scheme?
I read the paper and decided that the problems are quite hypothetical. The paper speaks of encrypting 2^32 files, for example.
Someone who exposes sensitive data to complete strangers should use WinZip AES, and then GnuPG to encrypt the WinZip file.
WinZip AES is secure enough for data on a computer to which there is limited access.
According to the author(s) of BZIP2, the "best available techniques" are a family of statistical compressors called PPM. Unfortunately, they're real resource hogs, so caveat emptor...
People do use floppies. I can see some value in the "lots of attachments as one file", though it wouldn't help me at all - I can save all attachments to a folder in two clicks, wheras saving the zip and then uncompressing it would take more. But as for the second, RAR over ZIP is about as marginal as ZIP over nothing. It really gives far far better compression.
I am trolling
Even then she's better off with rar. Zip spanning, if supported at all, makes you create the whole archive and then split it for different disks, wheras rar can span as it goes and better supported in programs.
I am trolling
Instead of saying "Please don't open that door" you simply lock the door and make sure they never have access to the key.
Fair enough... but then why do you insist on giving them access to Internet Explorer and Outlook or Outlook Express? Those programs are basically master keys to the system, as is evident by the flood of viruses, trojans and spyware that gets installed without the user's consent.
If you're really looking to minimize your workload, and keep them happy at the same time, why not use Firefox and Thunderbird instead? Seems logical to me.
-- This sig for rent.
IE, yep get rid of it everywhere I can. install firefox instead.
Outlook however is a problem. Management seem to love it. I've never got a real answer why. Perhaps others can explain it.
I think it's something to do with one director insisting on having exchange (another thing I hate and luckily I don't have to touch) and so exchange server = outlook client.
Friends / family etc only run Firefox & Thunderbird. I've told them they are free to run IE and outlook express, but I won't touch their computer if they do.
Friends / family etc only run Firefox & Thunderbird. I've told them they are free to run IE and outlook express, but I won't touch their computer if they do.
Very good. I do that too, and I'm glad I'm not the only one.
I only wish others would take that stand as well.
-- This sig for rent.
I'm talking about clamd which "due to license issues ... does not support RAR 3.0 archives." The README clearly states that it "uses UniquE RAR File
Library by Christian Scheurer and Johannes Winkelmann (RAR 2.0 support only)." Sadly, there is no mention of any other libraries you can download.
Lastly, the UniquE RAR library faq states, "RAR3 support is not scheduled" because "it would imply problems with the GPL license."
However, if you aren't living in a fantasy world, I would appreciate links to the library you mentioned. Kthx.
Imagine if you weren't allowed to use roads because a bus company complained about your driving 3 times. --skunkpussy