I've used WinRAR like that for a number of years, but it didn't feel OK. Now I use 7zip. It's free and it's as good as WinRAR.


If you (we) advertise 7zip, it's fair to tell that 7zip also had a nasty vulnerability last year, so if anybody still has an ancient version of 7zip, that needs update too.

Thanks for the warning! I have given up on winrar a long time ago, using 7zip as a substitute. But, I haven't updated in a while, so again thanks for this information.

It's very concerning. The WinRAR exploit was from a .dll file which hadn't been updated in 14 years. WinRAR did not have access to this .dll file's source code, so they just had to drop it altogether in the latest update. It's kind of similar to the CoPay wallet hack last year, where someone was granted admin rights to a unmaintained dependency of the wallet, and the wallet then pulled in the malicious code. Even if you completely trust the writers of the program you are using, and even if you look at the code yourself, it becomes an impossible task to personally audit every dependency/file for every piece of software.

It makes a really good argument for hardware wallets.

Yes, this depends on the country You are actually residing @Crypto Girl and make the purchase from because you will be redirected to a proper page.

Additionally, I have info from Winrar page about license and program usage after 40 days of the free period.

Purchase of a WinRar license
After the forty-day trial period, you must uninstall WinRAR (Control Panel Add or Remove Programs) or purchase a license that will allow you to continue to use WinRAR permanently and without restrictions. The WinRAR software license is for life. Prices and ordering options can be found on this page. Private individuals only need one license for all computers used in their own homes. With a single license, you can install and use the program on all computers belonging to the buyer.

You should buy a license because thanks to this:
-You are motivating us to continue working on WinRAR
-You can use WinRAR for commercial applications
-You have the right to access technical support via e-mail and WinRAR Service Centers around the world

The main licensing rules
-The license will be issued electronically, in the form of a key file, and the installation program is downloaded from the winrar website
-The WinRAR license will be issued by name in your name or company name.
-We can not change or return, cancel the license after purchase. Test WinRAR for 40 days free of charge before ordering. During the testing period, the program is fully usable and has no functional limitations.

Its potential implications are far wider reaching than stealing bitcoins as well. An .exe file dropped in a Windows start-up folder could achieve anything from stealing data, encrypting your hard drive and asking for a random, keylogging, you name it. With an estimated 500 million WinRAR users, and who knows how many archives being downloaded and extracted every day, it's only a matter of time before someone takes advantage of this exploit big style. I'm sure there will be many individuals, and quite a few companies, hit with an attack of some sort using this method.

7zip can open all file types, and can definitely make zip files, so there is zero reason to keep winzip and winrar. 7zip is free open source software, and that should be enough reason to give it priority.

In Linux other compression algorithms have now taken the spot, such as xz. I think 7zip can handle those too. There is 7z for Linux of course.

Thanks for the heads up! I'll update mine ASAP.

And for something like this to happen not long after the Chrome 0-day attack, just wow...

Thank you very much o_e_l_e_o updated my Winrar but how could this Exploit stay undetected for 14 years.
Are there any other cases of this exploit having been used in the past?