Here is how you protect yourself
Don’t use tar
Don’t use windows
Done.
Bruh we use winrar at work
Edit: it wasn’t my decision
Tldr. Update WinRAR.
Better option, uninstall WinRAR and use something more sensible like 7zip.
Better option: move to Linux, also dump rar
Who the fuck still uses WinRAR?
A few people over time have sent me RAR files.
When I ask them why, they always say they had downloaded or received a RAR file at some point, which they didn’t know what to do with until they looked it up and installed WinRAR to extract them. After that, they learned that RAR was better than ZIP for compressing files, causing them to use that instead of ZIP.
I usually respond with 7-Zip is better than WinRAR in terms of compression, while still being able to extract RAR files, which doesn’t always win people over because these are non-technical people that are usually hesitant to install new software unless they actually need to.
None of these people knew each other when they first started using WinRAR, so I think this is actually pretty common.
Orgs who haven’t updated their processes in 20 years and still have a valid license.
License? I thought the point was to see how high the number went every time you opened it.
Until you are a business and you get reamed by legal for using unlicensed software putting the business at legal risk.
I’m more of a PeaZip person myself.
I like Nanazip
Full list of options…before this turns into a long list of options: https://alternativeto.net/software/winrar/?license=opensource
Laughs in
tar.gz
I’ll just uh… Leave these here.
https://cybersecuritynews.com/7-zip-rce-vulnerability-exploited/ (another similar CVE from late last year)
I use 7-zip myself, and have for over a decade, but it too has like… A major CVE around once every six months - worse than WinRARs record actually.
Its no silver bullet.
Not a silver bullet but the functionality of 7zip is far greater then WinRAR.
Me laughing in
tarDumb and inefficient but simple enough to not care about your newfangled “security exploits”.
Do you have any foundation for your claim?
- tar paired with gzip or xz it is quite comparable in compression ratios. xz can be actually better than rar.
- tar preserves file permissions.
- tar lets you just pack files together with no compression at near instant speed
- you can pipe it
Dumb is a feature: do one thing and do it well. Inefficient? BS.
tar has no index for quick lookup, tar extracts in quadratic time, stuff like that. I mean, even zip can extract a 1 MB file in a second from a 5 GB archive, tar needs to extract the whole thing.
No “magic byte” either, making life hard for mime-tooling.To be fair, it was made for tape backups.
- tar lets you just pack files together with no compression at near instant speed
catdoes so too. Add a index with metadata and a separator bit between the files and you almost have a tar but better in some areas.“tar extracts in quadratic time, stuff like that”. Is that what your favorite clanker told you? If that’s the case, why is uncompressed tar almost instant in practice when others take many seconds? Or compressed tars in the same time neighborhood than any other tool?
Who does “quick lookups” in an arcived file? At most a content listing and then parse/grep whatever you want.
About cat: Sure bud, but go and reconstruct a folder after you cated it.
Could have afforded more secure code if anyone had bothered to buy WinRAR instead of clicking through the nag screen every time.
Why use it in the first place? To me that’s some ‘hi from 2000s’ kind of thing.
Indeed, I also got a lot of “are you from the past?” vibes
