19-Year-Old WinRAR Vulnerability Leads To Over 100 Malware Exploits (slashgear.com)

← Back to Stories (view on slashdot.org)

19-Year-Old WinRAR Vulnerability Leads To Over 100 Malware Exploits (slashgear.com)

Posted by EditorDavid on Saturday March 16, 2019 @11:34AM from the Clinton-administration dept.

"Last month it was discovered that WinRAR, software used to open .zip archive files, has been vulnerable for the last 19 years to a bug that's easily exploited by hackers and malware distributors," writes SlashGear. Slashdot reader Iwastheone quotes their report: Check Point, the security researchers that revealed the WinRAR bug, explain that the software is exploited by giving malicious files a RAR extension, so that when opened they can automatically extract malware programs. These programs are installed in a PC's startup folder, allowing them to start running anytime the computer is turned on, all without the user's knowledge.

Once the bug was disclosed, however, hacker groups really began using it to their advantage, with various nations becoming the target of state-backed cyber-espionage campaigns attempting to collect intelligence. The latest comes from McAfee, the software security firm, which notes that it has identified over 100 unique exploits that use the WinRAR bug, most of them targeting the U.S.
WinRar 5.70, released in late January, patches the behavior, but "it must be manually downloaded and installed from the website, leaving most users unaware of the critical update," the article warns.

It also estimates that during the last 19 years WinRar has been downloaded over 500 million times.

144 comments

Min score:

Reason:

Sort:

Caused by closed source... by Anonymous Coward · 2019-03-16 11:38 · Score: 0

If WinRAR were open source, this would never have happened!
1. Re: Caused by closed source... by Anonymous Coward · 2019-03-16 11:49 · Score: 0
  
  That's a heckuva lot of downloads. I can see why people would use winRAR instead of maybe some other programs that don't have as many features. Odd bug but I still think it's the right software. Wouldn't you want to be sure your compressed files were incorruptible and not use some fly by night program with no root certificate? I would!
2. Re: Caused by closed source... by Anonymous Coward · 2019-03-16 12:26 · Score: 1
  
  That's a heckuva lot of downloads.
  "It also estimates that during the last 19 years WinRar has been downloaded over 500 million times."
  And dozens of people have bought it.
3. Re:Caused by closed source... by LesFerg · 2019-03-16 13:33 · Score: 1
  
  Isn't it that old fashioned shareware/nagware that asks for payment?
  
  --
  If I had a DeLorean... I would probably only drive it from time to time.
4. Re:Caused by closed source... by Anonymous Coward · 2019-03-16 13:42 · Score: 1
  
  Well 7-Zip is open source and it's not affected.
  On another note, I don't understand why anyone would use WinRAR. 7-Zip is superior in every way.
5. Re: Caused by closed source... by Anonymous Coward · 2019-03-16 13:44 · Score: 0
  
  Yup
6. Re: Caused by closed source... by Anonymous Coward · 2019-03-16 13:52 · Score: 0
  
  This.
7. Re: Caused by closed source... by Anonymous Coward · 2019-03-16 14:05 · Score: 0
  
  Agreed: 7-zip for the win. Anyway, according to peazip.org, WinRAR is really the only program to CREATE a RAR file:
  
  No alternative Open Source free RAR archiver utility (rar creator) is available: UNRAR is available as royalty-free and open source software for allowing extraction of RAR archives both on Linux and Microsoft Windows, but with the clause of not reverse engineering the code for implementing RAR compression which prevents development of royalty free rar archivers & compressors capable to create or add files to said format.
8. Re: Caused by closed source... by Anonymous Coward · 2019-03-16 14:41 · Score: 0
  
  That's more than I thought would have bought it. I'm surprised even 10 people have paid for it.
9. Re: Caused by closed source... by Anonymous Coward · 2019-03-16 14:46 · Score: 0
  
  Why use a proprietary and less efficient compression method like RAR at all?
10. Re:Caused by closed source... by Anonymous Coward · 2019-03-16 14:54 · Score: 0
  
  Isn't it that old fashioned shareware/nagware that asks for payment?
  I find the nagscreen innocuous, non-annoying. I also scan all .zip, .rar files in isolation, before they go anywhere else.
11. Re:Caused by closed source... by Anonymous Coward · 2019-03-16 16:40 · Score: 0
  
  The only thing I dont like about 7zip is it doesnt support recovery records like winrar does. On 7zip i need to have a separate par program to make and extract them.Wish they would add par support into 7zip
12. Re: Caused by closed source... by Anonymous Coward · 2019-03-16 17:25 · Score: 0
  
  Why using WinRAR, that is Windows where you can unpack your crap in a system folders? There is a nice unrar for Linux. And of course nothing beats compressed Unix tarballs.
13. Re:Caused by closed source... by Carewolf · 2019-03-16 20:35 · Score: 1
  
  If WinRAR were open source, this would never have happened!
  In this case the problem was libace being closed source (-ish), at least they used an old unmaintained binary of libace, instead of dropping it or using a maintained open source version.
14. Re: Caused by closed source... by Anonymous Coward · 2019-03-16 23:46 · Score: 0
  
  This is a good point and goes beyond the obvious nefarious usenet use. It's a good feature and 7z should catch up here.
15. Re:Caused by closed source... by Anonymous Coward · 2019-03-17 00:50 · Score: 0
  
  >_ Well 7-Zip is open source and it's not affected.
  >_ On another note, I don't understand why anyone would use WinRAR. 7-Zip is superior in every way.
  This is you and me. We understand the value of liberty-free instead of just price-free. Most don't understand. Most don't want to think to understand. Most think we're some kind of crazy or religious fanatics.
  And while we can do something about it at home, at work it's not so easy. Even IT personnel installs WinRAR, claiming it's useful.
  But then again they do Windows support... they're not supposed to know better.
16. Re: Caused by closed source... by DontBeAMoran · 2019-03-17 03:15 · Score: 1
  
  https://otland.net/threads/goo... (SFW)
  
  --
  #DeleteFacebook
17. Re: Caused by closed source... by Tough+Love · 2019-03-17 11:28 · Score: 0
  
  Anyone who willingly creates a rar file deserves to get owned by Winrar bugs.
  
  --
  When all you have is a hammer, every problem starts to look like a thumb.
18. Re:Caused by closed source... by Anonymous Coward · 2019-03-17 14:12 · Score: 0
  
  I have never worked at a company that used WinRAR for anything. Compression archives in order of commonality, zip, gzip, 7z and then other formats like arj, lzh and rar. Zip has always been the number one dominant archiver in use in business though.
  In fact most places I've ever worked regarded WinRAR to be a somewhat shady app and avoided it. I can say that if someone were to give me a rar archive at work, I would tell them to repackage it in a standard format, like zip.
19. Re: Caused by closed source... by Anonymous Coward · 2019-03-17 15:39 · Score: 0
  
  Anyone who willingly creates a rar file deserves to get owned by Winrar bugs.
  RTFA. The problem isn't WinRAR itself or .RAR archives at all, it's in a free library that WinRAR uses to extract .ACE archives. If you want to finger-point, figure out who created the .ACE extraction library a couple of decades ago.
20. Re: Caused by closed source... by Tough+Love · 2019-03-17 15:57 · Score: 1
  
  The problem is rar.
  
  --
  When all you have is a hammer, every problem starts to look like a thumb.
21. Re: Caused by closed source... by parkinglot777 · 2019-03-18 01:22 · Score: 1
  
  You said as if WinRAR has no choice of their library. Hmm... Who made the decision to use the library then? Not WinRAR? Then they can't find an alternative after knowing the bug? Yeah right.
Meh by cheesybagel · 2019-03-16 11:41 · Score: 3, Insightful

I use 7-zip. Haven't installed WinRAR in like a decade.
1. Re:Meh by Anonymous Coward · 2019-03-16 12:21 · Score: 0
  
  Pretty sure 7-zip uses WinRAR's official uncompressor. which was free. Not sure if it was also affected.
2. Re:Meh by hcs_$reboot · 2019-03-16 13:10 · Score: 1
  
  Tried to install it on my system: got an "invalid or corrupted package" error.
  
  --
  Slashdot, fix the reply notifications... You won't get away with it...
3. Re: Meh by Anonymous Coward · 2019-03-16 13:13 · Score: 0
  
  7-zip does not support the affected .ace files so no. Renaming an ace to a rar won't open in 7-zip at all.
4. Re:Meh by Anonymous Coward · 2019-03-16 13:35 · Score: 0
  
  It looks pretty fucking related to me. Where's your reading comprehension?
5. Re: Meh by Anonymous Coward · 2019-03-16 13:41 · Score: 0
  
  Very low. This is true. Unless you buy that argument above that says it's a completely unrelated problem to the RAR hack.
6. Re:Meh by Anonymous Coward · 2019-03-16 13:45 · Score: 0
  
  How is it related that "cheese bagel" doesn't use the affected product in question? Hmm? Sample size of 1 isn't data, nor is it empirically checked. That's not science and not using the program = zero experience with the issue.
  So you tell me, how is his singular user choice to not be using the affected program related to the discussion? What insight does saying so offer? That he prefers 7zip? Who asked, how does that matter for shit?
  Answer if you think you can make that related to a 19 year old neglected vulnerability that he never noticed or mentioned.
7. Re: Meh by Anonymous Coward · 2019-03-16 13:54 · Score: 0
  
  Is the vulnerability in the RAR compression or the shitty client? 7-zip was perfectly capable of replacing WinRAR for opening RAR files. Anyone still using closed source compression tools deserves a 19 year old vulnerability.
8. Re: Meh by Anonymous Coward · 2019-03-16 14:09 · Score: 0
  
  There are dozens of other programs unrelated to winrar that can handle it. That Cheesedick-Bagler uses 7zip isn't information anyone needs to know, it changes nothing for anybody. 7zip also has vulns, btw.
  There is no comp/decomp that I'm aware of without several vulns right now, 7zip included. The issue in THIS case is that it went 19 years without anyone DOING shit about it.
  7zip sure isn't related, QED.
9. Re: Meh by Anonymous Coward · 2019-03-16 14:47 · Score: 0
  
  7zip does however have its own vulns... just.. not 19 years old ones. (that anyone is finding at this moment... how old is 7zip? 'looks' =https://en.wikipedia.org/wiki/7-Zip = 1999, pretty old!)
10. Re: Meh by Anonymous Coward · 2019-03-16 14:49 · Score: 0
  
  7-Zip is related in that it's the solution to using insecure garbage like WinRAR and the inferior RAR format.
11. Re: Meh by Anonymous Coward · 2019-03-16 15:25 · Score: 0
  
  7zip is pretty popular and if you want it for Linux on any semi popular distro you can grab it from their official repo.
  If you're having trouble installing it try Google or a help forum, slashdot isn't your personal IT support helpdesk.
12. Re: Meh by Anonymous Coward · 2019-03-16 16:20 · Score: 0
  
  It's not "the" solution, lol. That makes this thread an advertisement for one of dozens of programs that do this, most of them free and with comparable vulns as 7zip. I like 7zip fine, but still wtf. Rar isn't shit.
  I don't keep either installed nor do I need them, ever. Tarballs work. Zips are kind of a mixed bag supported everywhere. I have speeds such that compressing something takes more time than sending it, most cases. It's just moot.
  Why more vulns? We have plenty already. Install what you want but less is more.
13. Re:Meh by antdude · 2019-03-16 19:09 · Score: 2
  
  I wished 7-zip would let me extract multiple highlighted files into their own (directorie/folder)s like WinRAR which is why I still use it. :(
  
  --
  Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
14. Re:Meh by Anonymous Coward · 2019-03-16 19:26 · Score: 0
  
  Ark (KDE archiver app which uses 7zip as one of its backend) does this. Not sure about others.
15. Re: Meh by Anonymous Coward · 2019-03-16 20:02 · Score: 0
  
  Winrar is slow and doesn't have good GUI clients on other platforms.
  Zip's only redeeming feature is itâ(TM)s ubiquity and speed. It's compression ratio is poor and it destroys symlinks.
  Tarballs are annoying: difficult to browse and update.
  LZMA/LZMA2 (e.g. 7zip or xz) has the best compression at the moment, but the toolset is my great and compressing is slow.
16. Re: Meh by Anonymous Coward · 2019-03-16 23:48 · Score: 0
  
  > Tarballs work
  Ah, yes, .tar - the lovely compression scheme of "just glob it together into one file with an index and no compression"
  So then, which poison - which compressor - would you like for Tarballs? And while we're at it, would you like to explain why we're using an archival format literally meant for Tape ARchives to people who don't understand that historic connotations are not absolute limitations?
  And while you're at it, would you like to make TAR better known to lay people? Is that a crusade you'd like?
  From the too-smart-to-be-capable-of-interacting-with-normal-people department.
17. Re:Meh by Anonymous Coward · 2019-03-17 02:50 · Score: 0
  
  7-zip versions older than 1805 have an equally bad or worse vulnerability in them.
  https://www.cvedetails.com/vulnerability-list/vendor_id-9220/7-zip.html
18. Re: Meh by Anonymous Coward · 2019-03-17 03:19 · Score: 0
  
  It's not a solution, it's an alternate that may just be in the same position as winrar in a few years.
  Get your head out of your ass.
19. Re:Meh by Anonymous Coward · 2019-03-17 03:39 · Score: 1
  
  You can do it by selecting the option "Extract to /*", works like WinRAR
20. Re: Meh by Anonymous Coward · 2019-03-17 20:33 · Score: 0
  
  Fact: 7-Zip is open source and WinRAR is proprietary.
  Fact: 7-Zip has better compression than WinRAR.
  Fact: 7-Zip isn't insecure and WinRAR has 19 year old vulnerabilities.
  You're just butthurt because you spent money on a piece of shit software and don't want to admit that you not only got ripped off but that you are completely clueless when it comes to software, computers and technology.
21. Re:Meh by Anonymous Coward · 2019-03-18 13:07 · Score: 0
  
  PEBKAC. 7-Zip absolutely supports extracting to individual directories. I use that functionality all of the time.
Ooook by Anonymous Coward · 2019-03-16 11:42 · Score: 0

Doesn't Windows open zip files? And why would you use an un-rar-er to open zip files?
1. Re: Ooook by Lenny369 · 2019-03-16 13:00 · Score: 1
  
  1. It's faster, or at least was much faster until win10 2. It had capability that the native windows did not for a long time, which was the ability to open an archive and run an exe without extracting the entire archive, and winrar would automatically extract any dependencies on demand as they were called for. That has its uses when you dont want to extract a 700mb zip file just to run one or 2 programs within. At least that was my rationale, prior to win10 which has the same capability.
2. Re:Ooook by LesFerg · 2019-03-16 13:36 · Score: 1
  
  Personally the Windows zip management doesn't impress me at all, I much prefer 7zip. Also use 7zip for the rare use of rar files, which I don't encounter often any more.
  
  --
  If I had a DeLorean... I would probably only drive it from time to time.
3. Re:Ooook by Z00L00K · 2019-03-16 17:09 · Score: 1
  
  The Windows zip support is a bit like having just neutered animals on a farm and expect them to procreate.
  Anyway - this posted on Slashdot was actually pretty informative anyway since I have now updated my Winrar installation.
  
  --
  If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
4. Re: Ooook by Anonymous Coward · 2019-03-17 04:15 · Score: 0
  
  What a load of junk, Windows could load an EXE in a ZIP without extracting the whole archive. A dialogue box would come up asking if you wanted to run, extract all or cancel.
5. Re:Ooook by Anonymous Coward · 2019-03-17 04:20 · Score: 0
  
  Even after updating it is best to delete UNACEV2.DLL as it is still on the system from old installations.
This isn't hard... by bill_mcgonigle · 2019-03-16 11:44 · Score: 4, Informative

WinRAR was shipping a proprietary free-as-in-beer DLL to uncompress ACE archive format files.
WinRAR uses 'magic' to detect file types so malware authors are naming archives '.rar' to get it to WinRAR which then passes it into the vulnerable DLL where it uses a path traversal exploit to install malware.
Since nobody uses ACE format files anyway the WinRAR authors dropped support and removed the DLL.
Users need to update and Windows doesn't make that easy like linux distros do.
Maybe it's just me but I find the vague and nebulous "popular" articles to be confusing and hard to read.

--
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
1. Re:This isn't hard... by phantomfive · 2019-03-16 11:58 · Score: 1
  
  Maybe it's just me but I find the vague and nebulous "popular" articles to be confusing and hard to read.
  Maybe because the reporters don't understand what they are writing about.
  
  --
  "First they came for the slanderers and i said nothing."
2. Re:This isn't hard... by Shikaku · 2019-03-16 12:13 · Score: 1
  
  He means the package mangers of any Linux distro updates everything for him. Any program on Windows except the OS doesn't update unless the program does it by itself.
3. Re:This isn't hard... by Anonymous Coward · 2019-03-16 12:14 · Score: 0
  
  Not that you know exactly what it is you're blathering about generally either, but at least they get paid right?
4. Re:This isn't hard... by Anonymous Coward · 2019-03-16 12:19 · Score: 0
  
  I know right, what the fuck was he talking about? They literally push the updates on you when you're online. Assuming they don't fuck up like the 1803 or SMB-v1 shit, nothing could be easier or more idiotproof.
  The issue is that MS doesn't patch fast enough and that their framework is such a spaghetti monster / Winchester Mystery House of development that no amount of patching will ever get them to a LTS release candidate... not difficulty.
5. Re: This isn't hard... by Anonymous Coward · 2019-03-16 12:32 · Score: 0
  
  It is but now you can't use the software until you get an update from a reputable source. So much for keeping it simple.
6. Re:This isn't hard... by Anonymous Coward · 2019-03-16 12:56 · Score: 0
  
  The issue is that MS doesn't patch fast enough
  Actually in this case the issue is that MS will probably not patch 3rd-party software. That's up to the user to do, right?
7. Re:This isn't hard... by Anonymous Coward · 2019-03-16 12:58 · Score: 0
  
  so.. for the half billion people running trials or cracked copies of winrar.. is the winace support in a separate dll that can simply be deleted?
8. Re:This isn't hard... by Daltorak · 2019-03-16 12:58 · Score: 1
  
  Users need to update and Windows doesn't make that easy like linux distros do.
  This isn't actually true with Windows 10. It does have a built-in package manager that is capable of installing & updating packages from Chocolatey, GitLab repositories, etc..... and it has the Microsoft Store, which has an auto-update mechanism and is perfectly capable of supporting classic Win32 programs like WinRAR, including the command-line version. (Yes, console apps in the MS Store is a thing nowadays.)
  Problem is.... nobody really seems to know any of this. This is mostly Microsoft's fault since they rarely talk about anything other than superficial improvements in Windows 10.... and because telemetry & update policies have kept a ton of people on Windows 7 (despite the upgrade being free) so software developers haven't been especially motivated to take full advantage of Windows 10 features and deployment techniques.
  A Store App version of WinRAR would actually be mostly invulnerable to these attack vectors because the app containers which they run in aren't allowed to write to the "Startup" folder in the user's profile. Anything other than Documents, Downloads, Desktop, etc. requires explicit access, controllable via the Privacy settings page. On top of all that, the authors want to charge $29 for WinRAR.... wouldn't publishing to the store be a useful way of getting some more people to pay?
9. Re:This isn't hard... by Anonymous Coward · 2019-03-16 13:05 · Score: 0
  
  It depends. When it's being actively exploited MS has sometimes "blocked" or disabled certain 3rd party sw's, that's a no brainer. They may not patch the program to prevent the exploit but they can (sometimes) mitigate the issue.
  Anyway how did I get put on the side of defending MS, lol? Besides, the USER is RESPONSIBLE for 3rd party s/w no matter what it is. MS, as much as I loathe their decision making, can't really help that aspect.
  Certainly patching windows is not more difficult than patching Linux in any way. So the OP was in the least case being unclear.
  And how fucking hard is it to uninstall a program once you've been informed it's buggy, lol? Three clicks. Literally.
10. Re:This isn't hard... by hairyfeet · 2019-03-16 13:10 · Score: 2
  
  Or they can just delete the unACE.DLL from their WinRAR folder and it will work just fine, it will simply throw an error if you try to open an ACE file which nobody has used in ages so who cares about the error.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
11. Re:This isn't hard... by Anonymous Coward · 2019-03-16 13:14 · Score: 0
  
  "He means the package mangers of any Linux distro updates everything for him." - 3rd party user-installed SW? Uh, no? That's not true in all cases?
12. Re:This isn't hard... by Anonymous Coward · 2019-03-16 13:31 · Score: 0
  
  3rd party user-installed SW? Uh, no?
  
  No what? Did you mean "yes"?
  rar and unrar tools are in the debian and ubuntu repos, and a quick google says they are in redhats too.
  
  That's not true in all cases?
  No one claimed otherwise. But it's true in the vast majority of cases, including the one we would be talking about here.
  Compared to windows it's practically never the case. The only 3rd party software in windows update are drivers from only the largest of companies.
  Unless your software needs don't go beyond a web browser and an office suite, nearly all of your windows software isn't in windows update.
  In linux nearly all of your software IS in the repositories and only isn't the case for the most outside edge cases of software that likely a hundred people or less use.
13. Re:This isn't hard... by LesFerg · 2019-03-16 13:40 · Score: 1
  
  How popular is Chocolatey? Are there other similar tools for Windows? It would be cool to have a well supported package manager similar to the popular Linux ones. And no, not the Windows App store. Please.
  
  --
  If I had a DeLorean... I would probably only drive it from time to time.
14. Re:This isn't hard... by Anonymous Coward · 2019-03-16 13:50 · Score: 0
  
  Try Chocolatey. It relies on people keeping each package up to date but all the extra tools I add to a new Windows install are usually well maintained.
15. Re:This isn't hard... by Anonymous Coward · 2019-03-16 13:50 · Score: 0
  
  " debian and ubuntu repos " != Sigma Linux Distros. WinRar is one program, but his statement was broad - read it. Not to mention... Anyone using Linux should be tarballing anyway unless retarded... YMMV.
  " The only 3rd party software in windows update are drivers from only the largest of companies." = The vast majority of installed 3rd party s/w on windows...
  "Unless your software needs don't go beyond a web browser and an office suite, nearly all of your windows software isn't in windows update." - most major vendors offer update functionality anyway. Winrar didn't. Windows' fault?
  "and only isn't the case for the most outside edge cases of software that likely a hundred people or less use." Now you're making up numbers, lol. I guarantee you underestimate the Linux tinkering community.
16. Re:This isn't hard... by Anonymous Coward · 2019-03-16 15:21 · Score: 0
  
  This isn't actually true with Windows 10. It does have a built-in package manager that is capable of installing & updating packages from Chocolatey, GitLab repositories, etc..... and it has the Microsoft Store, which has an auto-update mechanism and is perfectly capable of supporting classic Win32 programs like WinRAR, including the command-line version. (Yes, console apps in the MS Store is a thing nowadays.)
  Problem is.... nobody really seems to know any of this.
  Even if people had heard of any of this, who would be stupid enough to trust Microsoft to update the software on their computers? MS has established a horrible track record for themselves, clearly not testing updates particularly well, installing & removing things that bring computers crashing to a halt, installing & removing things without permission, regularly installing crapware that nobody wants.
  
  This is mostly Microsoft's fault ... because telemetry & update policies have kept a ton of people on Windows 7
  Mostly? Try entirely. Nagging people for a year and forcing Win10, unrequested, on far too many computers, like so much malware, didn't help. Forcing clearly-untested updates on computers has justly pissed off a lot of people. Forcing reboots at the most inopportune times to install updates hasn't endeared them to anyone.
  Mandatory telemetry (spyware) is not a feature many of us want.
  
  (despite the upgrade being free)
  It's only "free" if you ignore the money you have to pay for it (quick lookup: ~$150 OEM for HE, ~$200 OEM for Pro).
  The initial infection period was only "free" if you ignore the bandwidth cost (not all of us have uncapped internet), especially when it was forced on you unrequested. For many people, that latter "free" infection ended up costing them in support fees to get their computer fixed/restored.
17. Re: This isn't hard... by Anonymous Coward · 2019-03-16 17:29 · Score: 0
  
  Nope, the user cannot be responsible for the operating system being insecure. Any software ran by a regular user should be prevented by the operating systems permissions system to unpack things to the system area. Patching or the software being third party has nothing to do with it.
18. Re:This isn't hard... by Anonymous Coward · 2019-03-17 01:28 · Score: 0
  
  Three clicks. Literally.
  I think it's cute how Windows admins measure in "clicks" and still think they have a fast, efficient user interface experience.
  For people looking to get work done, "three clicks" is actually a pain in the ass compared to the terminal.
19. Re:This isn't hard... by Anonymous Coward · 2019-03-17 03:59 · Score: 0
  
  You are almost correct. The DLL is 'UNACEV2.DLL'.
  However, what is a lot more interesting, is that I also found this in another programs folder, as part of a plugin package to read from archives without unpacking the whole lot.
  We are talking about the same file, byte for byte, that carries the same 2005 timestamp.
  It is a bit like finding a old vulnerable version of zlib, which for years had made PNG readers a gaping security hole, since the vast majority of software that supported reading from PNG images did so with the drop-in ready opensource code that used the a vulnerable version if the zlib library. (Hello to ImageMagick, etc. that was a nice shortcut to pwn/hang a server that passed image uploads through that for rescaling/thumbs, to just name one usage scenario.).
  People should scour their whole system for it, not just the WinRAR directory. Because, really, when did you last make ACE archives? 1990/2000?.
  Convert any existing ones to the two formats that have decompressors available that been tested to hell and back: zip & rar.
Funnily enough .... by Anonymous Coward · 2019-03-16 11:53 · Score: 0

Funnily enough, 19 years is how long I've been using my WinRAR "free trial" for ....
Sad part's the original code = lost... apk by Anonymous Coward · 2019-03-16 12:02 · Score: 0

Sad part's the original code = lost for the ACE lib being called by WinRar (so they removed it iirc) but there IS a patch you know...
* Too bad the ORIGINAL LIB'S DESIGN is poor/insecure - hence the BUG noted.
APK
P.S.=> I always felt, as a software dev/engineer myself for 24++ yrs. as a pro, that BOTH WinZip &/or WinRAR represented the ULTIMATE in user interface design that the DATA IT WORKS ON DETERMINED THEIR FUNCTION + INTERFACE DESIGN & so perfectly that MOST ALL OTHERS LIKE THEM look & act JUST LIKE THEM BOTH (proof's in the outcome results itself)... apk
1. Re:Sad part's the original code = lost... apk by Anonymous Coward · 2019-03-16 12:26 · Score: 0
  
  Get on topic. Contribute something useful you CHATTERING TWAT. What's next from you? A "full-blown CHIMP OUT"?? LOL!
2. Re:Sad part's the original code = lost... apk by Anonymous Coward · 2019-03-16 13:07 · Score: 0
  
  Well, you are always on "your" topic with relation to your long term revenue stream agenda, Chris. Poor Chris! Who gives a fuck about winrar anyway when tar works just fine?
3. Re: Sad part's the original code = lost... apk by Anonymous Coward · 2019-03-16 13:22 · Score: 0
  
  Tar works fine but you have to copy files yourself sometimes. And who is this APK miscreant? Sounds like he needs a good curbstomping
4. Re: Sad part's the original code = lost... apk by Anonymous Coward · 2019-03-16 13:35 · Score: 0
  
  APK is a nut, but harmless and correct on the merits of a hosts file being useful for some things. He does go overboard. However, the idiotic nazi troll who fakes him and Creimer, that fool needs buried next to Kendall @desert.
5. Re:Sad part's the original code = lost... apk by Anonymous Coward · 2019-03-16 13:43 · Score: 0
  
  Chris seems to contribute much more intelligent input that you ever do with your constant shit posting and whining. Just let it go, whatever it was that triggered you, it's about time you moved on from it.
6. Re:Sad part's the original code = lost... apk by Anonymous Coward · 2019-03-16 15:13 · Score: 0
  
  Sure Chris, that would certainly fit your precious agenda!
7. Re:Sad part's the original code = lost... apk by Iwastheone · 2019-03-16 15:23 · Score: 1
  
  The real sad part of this is that the submitter, iwastheone, is creimer!
  I can assure you I am not this Creimer persona. I used to use my old account "sternishefan' here on /., I've made this known before. Whatever this creimer controversy is all about, I do not care nor do I pay attention to any related comments about it. I come here for the knowledge I've learned from /. over the years.
8. Re:Sad part's the original code = lost... apk by Anonymous Coward · 2019-03-16 15:43 · Score: 0
  
  This is creimer. See my message. Mmmmmwwwwahahahahahahaha!
9. Re:Sad part's the original code = lost... apk by Anonymous Coward · 2019-03-16 15:58 · Score: 0
  
  Sure Chris, whatever you say. By the way. you already posted that disclaimer here many times:
  
  I used to use my old account "sternishefan' here on /, blahbalh... I do not care nor do I pay attention to any related comments about it.
  Really? you sound amazingly like creimer!
10. Re: Sad part's the original code = lost... apk by Anonymous Coward · 2019-03-16 17:01 · Score: 0
  
  APK is a prolific spammer and a liar. Slashdot would be better without him.
11. Re: Sad part's the original code = lost... apk by Anonymous Coward · 2019-03-16 18:25 · Score: 0
  
  You're not an engineer, GayPK.
did anyone else read that as a 19 year old by Anonymous Coward · 2019-03-16 12:03 · Score: 0

and do a double take
1. Re:did anyone else read that as a 19 year old by Scarletdown · 2019-03-16 17:53 · Score: 1
  
  Nope. You are most likely the only one.
  
  --
  This space unintentionally left blank.
Comment removed by account_deleted · 2019-03-16 12:10 · Score: 1

Comment removed based on user account deletion
Glad they fixed it, won't touch 7zip. by AbRASiON · 2019-03-16 12:21 · Score: 2

Had multiple archives which were reporting as corrupt / damaged in 7zip and opened fine in WinRAR, near a decade ago.
Had I followed the advice of 7zip I could have discarded perfectly good data.
I reported the bug YEARS ago, supplied files too, nope no interest from the developers.
I spoke with someone yesterday with someone who said the same thing is STILL going on.
Nope, I don't have faith in 7zip, working with the data reliably is the #1 thing for me. I'll stick with a patched WinRAR thanks.
1. Re:Glad they fixed it, won't touch 7zip. by Anonymous Coward · 2019-03-16 13:16 · Score: 0
  
  Self-extracting with 256sha signature is good enough for me. If you're looking at "rando" files it doesn't really matter WHAT compression you use, you're asking for it! Sandbox, VM, something else is needed. ANY file can bork you.
  The problem in this case is the SAME trivial bug has been exploiting people for decades and nobody DID anything.
2. Re: Glad they fixed it, won't touch 7zip. by Anonymous Coward · 2019-03-16 13:22 · Score: 0
  
  Rar blows, just ditch the format.
3. Re: Glad they fixed it, won't touch 7zip. by Anonymous Coward · 2019-03-16 13:30 · Score: 0
  
  They all blow, especially the ones where you have go and download the source and compile it yourself
4. Re:Glad they fixed it, won't touch 7zip. by Anonymous Coward · 2019-03-16 13:37 · Score: 1
  
  I too have had files that did not open in 7zip.
  Every last one was a corrupt zip file. 7zip does not react well to corrupt files. I usually unzip the thing and then rezip it with something else and continue to use 7zip.
5. Re: Glad they fixed it, won't touch 7zip. by Anonymous Coward · 2019-03-16 20:16 · Score: 0
  
  At least 7-zip is open source. With winrar I hope you realize you're running random binaries of Russian software. What could possibly go wrong. Good luck.
6. Re:Glad they fixed it, won't touch 7zip. by Jahta · 2019-03-17 01:49 · Score: 2
  
  Had multiple archives which were reporting as corrupt / damaged in 7zip and opened fine in WinRAR, near a decade ago.
  I've used 7-Zip for years. Never had a problem, with RAR files (single or multi-part) or any other archive type. YMMV
7. Re:Glad they fixed it, won't touch 7zip. by Anonymous Coward · 2019-03-17 04:08 · Score: 0
  
  Why do you need a patched WinRAR?
  The file "rarreg.key" in the same directory as the installer is all you need with 'Unlimited Company License' details.
  I can't post the key because Slashdot thinks I'm typing jibberish.
8. Re:Glad they fixed it, won't touch 7zip. by Anonymous Coward · 2019-03-17 06:56 · Score: 0
  
  What likely happened is the files WERE corrupted or incorrect in some fashion, and 7-zip, being open source and developed by people who care, responded correctly by saying so. Whereas WinRAR, developed with the typical windows-user mentality, discarded errors or ignored what it didn't recognize and tried to parse the data anyway, which in his particular case happened to work, but usually doesn't.
  And sadly, the end result is also pretty typical: The good program that did the right thing is CLEARLY garbage, and the one that worked is a thing of godlike perfection.
9. Re:Glad they fixed it, won't touch 7zip. by Anonymous Coward · 2019-03-17 07:53 · Score: 0
  
  These usually aren't actually corrupt files. WinRAR and WinZip are constantly updating (read breaking) the zip/rar standards.
  7zip does put in effort to update their program but it takes time to reverse engineer, implement, and debug the code.
  WinRAR and WinZip could communicate about these changes in advance to make sure people don't run into "corrupt" files, but they don't. I think they intentionally break the competitions software by creating non-standard archives.
  So...if you really care about these "corrupt" archives you should be supporting open companies like 7zip.
10. Re:Glad they fixed it, won't touch 7zip. by tlhIngan · 2019-03-18 06:01 · Score: 1
  
  I've used 7-Zip for years. Never had a problem, with RAR files (single or multi-part) or any other archive type. YMMV
  The big reason is RAR introduced a new revision just a few years ago, called RAR5. It changed a lot of things and if your RAR decompressor didn't know how to handle RAR5, it would report the file as corrupt.
  The solution as always is to update - 7zip doesn't have native RAR support, so you needed to update the unrar DLL or exe and all would be fine.
  Even RAR users were caught - update WinRAR and everything would work again.
11. Re:Glad they fixed it, won't touch 7zip. by Anonymous Coward · 2019-03-19 14:28 · Score: 0
  
  No doubt WinRAR "worked" by silently writing corrupt output files, which is also typical. No errors reported, so all good, right?
Use PeaZip instead by Anonymous Coward · 2019-03-16 12:43 · Score: 0

problem solved.
1. Re: Use PeaZip instead by Anonymous Coward · 2019-03-16 14:03 · Score: 0
  
  How?
Wasn't it obvious? by mabu · 2019-03-16 12:46 · Score: 1

...that there were some bugs in WinRAR when all of a sudden everybody starts getting .RAR file attachments from random people?
Why use an obscure compression program otherwise?
1. Re: Wasn't it obvious? by Anonymous Coward · 2019-03-16 12:58 · Score: 0
  
  You wouldn't unless it had some particular feature you liked, which means you either want email or social media integration or some special version of the PKZIP/LZM algorithm. But those people are rare and they don't spam other people with rar files. You see that happening easy call to make that something funny is going on.
unace by Anonymous Coward · 2019-03-16 13:03 · Score: 0

according to the Checkpoint analysis linked in TFA, WinAce released an opensourced version of the decompression program called unace that had the same path traversal vulnerability that the proprietary dll version had. I'm wondering if the open source code is included in some antivirus software so scanning compressed Ace archives is possible, like what happened with the vulnerable unrar code a few years ago?
Re:Let MY kind show "your kind" what UR... apk by Anonymous Coward · 2019-03-16 13:25 · Score: 0

Yawn, creimer impersonating APK again. I am going to bed now. I'll see you tomorrow Chris.
RAR by rossdee · 2019-03-16 13:37 · Score: 1

Who uses .RAR archives these days?
1. Re:RAR by Anonymous Coward · 2019-03-16 13:54 · Score: 0
  
  A lot of images are .RARed for some fucking reason. I have no idea why it's a ubiquitous format.
2. Re:RAR by PinkyGigglebrain · 2019-03-16 14:10 · Score: 2
  
  Who uses .RAR archives these days?
  Sadly many more than you would think, I encounter them more often than zipped archives in several different fields I deal with. And my efforts to get the authors.developers to change to an application that uses a more open standard have not been very successful. The frequent response I get is "I don't want to learn a new program" or "it works so why should I change?".
3. Re: RAR by Anonymous Coward · 2019-03-16 14:13 · Score: 0
  
  It's just another dead end file format that people insist on making others try to decide.
4. Re:RAR by Anonymous Coward · 2019-03-16 14:20 · Score: 0
  
  Due to this transform: RAR -> ARRR
5. Re: RAR by Anonymous Coward · 2019-03-16 14:25 · Score: 0
  
  Literally the stupidest comment ever. I hope it gets permanently deleted.
6. Re:RAR by Anonymous Coward · 2019-03-16 15:30 · Score: 0
  
  Who uses .RAR archives these days?
  Sadly many more than you would think
  Why sadly? It's a good archive format with an established track record. Sure, .7z is good too, but .RAR was kicking .ZIP ass long before 7-zip was developed.
7. Re:RAR by SuricouRaven · 2019-03-16 18:18 · Score: 2, Informative
  
  They are very common indeed in the world of piracy. There was a time when RAR was the world leader in typical compression ratio, and pirates desperately needed the best compression around. Even though 7z is now superior in just about every way, RAR has become entrenched, and very hard to displace.
8. Re:RAR by guacamole · 2019-03-16 21:05 · Score: 1
  
  It seems like the preferred format for warez and porn distribution through file hosts.
9. Re:RAR by thegarbz · 2019-03-16 22:41 · Score: 1
  
  Everyone. Is that the answer you were looking for? No seriously with multi-part compressed files RAR or self extracting RARs are still incredibly popular. The real question is who uses .ACE archives these days since that is what the article is actually about.
10. Re:RAR by Anonymous Coward · 2019-03-16 22:41 · Score: 0
  
  comics use .cbr, which is a rar archive
11. Re:RAR by Anonymous Coward · 2019-03-17 01:44 · Score: 1
  
  In the emulation/ROM scene, RAR is heavily used because of the frequent changes to ROM archives due to all the constant redumps, fixes and other improvements that keep being contributed by the community.
  7-Zip is great if you're making an archive of content that will never change, but the 7-Zip format is a "solid" compression format, meaning that adding, changing and removing files requires you to decompress and recompress the *entire archive*.
  RAR doesn't compress as heavily as 7-Zip, but it's a hell of a lot faster if you need to recompress thousands of archives in a batch operation. You can get done in hours what 7-Zip would take all day to do.
  Many of us have moved back to ZIP (particularly TorrentZip for MAME ROMs) due to its more universally-accepted status and since the format has seen some improvements since the '90s.
12. Re:RAR by Anonymous Coward · 2019-03-17 02:04 · Score: 0
  
  Who uses .RAR archives these days?
  One of the problems is precisely old files, though.
13. Re:RAR by Anonymous Coward · 2019-03-17 05:20 · Score: 0
  
  I thought the pirates used PKZIP. Then chopped to floppy disk sized pieces. Then converted to floppy images. Then ZIPped up all the floppy disk images with PKZIP. Then RARed the result and chopped it to floppy sized pieces again.
  Lather, Rinse, Repeat.
  Is that cuz they cannot afford Hard Disks?
14. Re:RAR by Anonymous Coward · 2019-03-17 16:39 · Score: 0
  
  7-Zip is great if you're making an archive of content that will never change, but the 7-Zip format is a "solid" compression format, meaning that adding, changing and removing files requires you to decompress and recompress the *entire archive*.
  Hold on there! RAR also creates solid archives. By default, and I'm fairly certain it's been that way since the DOS RAR program. Although I do remember some software distributions (MAME perhaps) that would make a non-compressed ZIP, and then compress that for a solid-like archive. It was a long time ago - in the MAME 0.27 beta days - and it was up to 30% more efficient than ZIP compression alone. Then again, this was probably both the binary and the source. I think there was a brief flirtation with LHa/LHarc for the built in extraction capability, but ultimately ZIP won out for the EXE and a solid RAR archive for the code. I think ARJ was considered as well.
  
  RAR doesn't compress as heavily as 7-Zip, but it's a hell of a lot faster if you need to recompress thousands of archives in a batch operation. You can get done in hours what 7-Zip would take all day to do.
  Many of us have moved back to ZIP (particularly TorrentZip for MAME ROMs) due to its more universally-accepted status and since the format has seen some improvements since the '90s.
  7zip can be as fast as RAR, but you'll have to compress on "Faster" or "Fastest" settings. IIRC, 7zip default settings assume you have an additional 1 GB of RAM free (over your OS and other applications). However, since RAR predates 7z, it is likely that recover options are a bit better for it. ZIP has the best recovery options of all. As always, its a best tool for the job, thing.
  So, now that ARC extraction DLLs have issues, what's the best way to extract archives in that format? Unarc?
Re:Let MY kind show "your kind" what UR... apk by Anonymous Coward · 2019-03-16 13:45 · Score: 0

I'll see you tomorrow Chris.
Somehow it would be better for all of us if you didn't. As in, just stop fucking stalking him and get over your incessant need to post shitty comments after every thing he ever contributes, or that you think may have been him, whatever. Grow the fuck up and find something else to do with your time.
Re:Let MY kind show "your kind" what UR... apk by Anonymous Coward · 2019-03-16 13:54 · Score: 0

after every thing he ever contributes,
CROFLOL! only creimer himself could have written this. :) Seriously, contribute? Shitmoths don't contribute much by nature! :)
Your Point? by Anonymous Coward · 2019-03-16 14:34 · Score: 0

Does it even matter when your compromised at the hardware level?
Not a surprise by johnslater · 2019-03-16 15:04 · Score: 1

Maybe just me, but all the contexts I ever saw WinRAR in convinced me that it was always sketchy AF. In any case I don't think I've seen it in 10 years.
Beware The Russians by Anonymous Coward · 2019-03-16 17:34 · Score: 0

The Russians use it. Because RARs author is a Russian-speaking programmer named Roshal. Rar stands for Roshal ARchiever.
Obviously it all as to do with Trump conspiracy.
Finally.. by Anonymous Coward · 2019-03-16 18:33 · Score: 0

Finally now maybe those few remaining idiots, who insist on distributing RAR files in order to make people hunt down an obseleted and largely irrelevant binary only software, to unpack a compressed archive will switch to 7-Zip and get out of our faces with their rar files. Windows users...
1. Re:Finally.. by Anonymous Coward · 2019-03-16 18:40 · Score: 0
  
  PS: Don't worry about the bugs in winrar, Windows is already pwned. Just tell your friends to stop being stupid and use a reasonable compressor program instead of some obscure shit that nobody, absolutely _nobody_ wants to go and download.
2. Re:Finally.. by Impy+the+Impiuos+Imp · 2019-03-17 00:14 · Score: 1
  
  Pwned, yes. But don't worry, the only people who know the web sites and pages you visit are are the advertising giants of Google, Amazon, facebook. And Microsoft monitors you even if you use Chrome, and wants you eventually subscribe to Windows as a cloud thing so it can monitor you directly, and every government on the planet, shrimp salad, shrimp and potatoes, shrimp burger, shrimp sandwich. That's about it.
  
  --
  (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
But! Dere's HAXX0RZ! Wif de HAX! HAXXIN!!!!1!!!1!! by Anonymous Coward · 2019-03-16 19:10 · Score: 0

Clearly, you're not the clickbait-clicking vapid idiot crowd EditorDavid, BeauHD, and msmash are working so hard to target.
He drank it by Impy+the+Impiuos+Imp · 2019-03-16 23:56 · Score: 1

"It's ok. Just download it and unzip it and don't run it if it's .exe!"
His friend moused to the DL button. The other guy made a face like Richie's little brother waiting to see if Kirk would drink the tranya.

--
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Blacklist the file and be done with it? by bunklung · 2019-03-17 00:35 · Score: 1

Why doesn't the security side of the house just blacklist the file and the world is saved? It's as simple as deleting the file. I know WinRar would love people to upgrade their software for a FEE, but the easiest solution for all is for the powers that be (Microsoft, Symantec, McAfee, etc), to quarantine the file, "UNACEV2.DLL".
MD5 Checksum: 7FE66F3BD9CBB998D56EF60D511FF06F
SHA-1 Checksum: DFD7AF26DD22DFDE03B78E835AAAA1569737A6C3
SHA-256 Checksum: 219FF84A756E7912C84EC7BE3BEE5E29FB91909AAEF8856C3DDA2C4F7723AAE7
"To users who are not interested in an upgrade or who don't find a localized version of WinRAR 5.70 yet, win.rar GmbH’s advice is to delete the UNACEV2.DLL file from their current WinRAR version to be reliably protected again. All users of WinRAR 5.10 or any newer version can find the UNACEV2.DLL file in the WinRAR program folder. WinRAR users of versions older than 5.10, can find the UNACEV2.DLL file in the Formats subfolder of the WinRAR program."
1. Re:Blacklist the file and be done with it? by AC-x · 2019-03-17 04:06 · Score: 1
  
  Next week on /.: "M$ Spyware Windows 10 has the ability to delete .dll files from your PC without your consent!" ;)
Time to try DiskZIP. by Anonymous Coward · 2019-03-17 01:50 · Score: 0

Based on a hybrid 7-Zip & WinZip compatible ZIPX stack (missing in 7-Zip). Also contains patent pending disk compression which no other ZIP/RAR/etc. tool has.
1. Re:Time to try DiskZIP. by Anonymous Coward · 2019-03-17 01:52 · Score: 0
  
  Before you whine that transparent disk compression will wreck your disk, consider that this one actually works and is safe.
Nothing new by Brostenen · 2019-03-17 01:53 · Score: 1

I catually thought that this was something that had been discovered earlier. I clearly remember that even in unrar.exe in Dos. Back around 1992/93'ish, I had infections as well... So getting a virus from opening a zip/rar/arj/zoo on MS-Dos-6.22 or earlier, was something we were used to.
Still IMPERSONATING me JEALOUS "Lil' Jowie"? by Anonymous Coward · 2019-03-17 05:39 · Score: 0

MacOS model's not done: Stop IMPERSONATING me lying & proof portfilter err's can't happen https://news.slashdot.org/comm... in my work!
u ADMIT u have a /. acct & STALK me by UNIDENTIFIABLE ac https://hardware.slashdot.org/... - YOU got ISSUES.
That's "best ya got"?
u WISH u were ME (as ur POOR imitation = the sincerest form of flattery).
WASTING ur life STALKING me by UNIDENTIFIABLE anon OR IMPERSONATING me?
Make a Wheel https://isc.sans.edu/forums/di... as I did giving users more speed/security/reliability & anonymity NATIVELY doing more for less vs. ANY single 'solution' via the best hosts file multiplatform:
APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p
APK Hosts File Engine 10++ SR-1 32/64-bit for Windows https://hosts-file.net/?s=Down...
APK
P.S.=> I BLOW U AWAY https://tech.slashdot.org/comm... + https://it.slashdot.org/commen... + https://yro.slashdot.org/comme...
moved to 7 zip years ago by Anonymous Coward · 2019-03-17 06:28 · Score: 0

does the same thing, but is not vulnerable afaik
Still IMPERSONATING me JEALOUS "Lil' Jowie"? by Anonymous Coward · 2019-03-18 02:40 · Score: 0

MacOS model's not done: Stop IMPERSONATING me lying & proof portfilter err's can't happen https://news.slashdot.org/comm... in my work!
u ADMIT u have a /. acct & STALK me by UNIDENTIFIABLE ac https://hardware.slashdot.org/... - YOU got ISSUES.
That's "best ya got"?
u WISH u were ME (as ur POOR imitation = the sincerest form of flattery).
WASTING ur life STALKING me by UNIDENTIFIABLE anon OR IMPERSONATING me?
Make a Wheel https://isc.sans.edu/forums/di... as I did giving users more speed/security/reliability & anonymity NATIVELY doing more for less vs. ANY single 'solution' via the best hosts file multiplatform:
APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p
APK Hosts File Engine 10++ SR-1 32/64-bit for Windows https://hosts-file.net/?s=Down...
APK
P.S.=> I BLOW U AWAY https://tech.slashdot.org/comm... + https://it.slashdot.org/commen... + https://yro.slashdot.org/comme...