Newsletter Archives

  • Comparing three file-compression tools


    By Lance Whitney

    Windows includes its own tool for compressing and uncompressing single files, multiple files, and entire folders.

    But the two most popular third-party compression tools — 7-Zip and WinZip — are far more powerful and capable.

    Windows’ built-in ZIP tool will get the job done for basic compression tasks, but it has some important limitations. For example, it has no option for creating or unzipping encrypted files. You also can’t control the compression format or level. Those are all options 7-Zip and WinZip handle with ease.

    Read the full story in AskWoody Plus Newsletter 17.8.0 (2020-02-24).

  • Freeware Spotlight — WPD


    By Deanna McElveen

    Back in the day, if Windows 95 had sent out today’s Win10 telemetry, our 56K modem connections would have constantly ground to a standstill.

    Let’s face it, we’re all Microsoft’s lab rats!

    Yes, Windows offers various tools for managing privacy. But a third-party utility — WPD — makes the task far easier. It’s a one-stop privacy dashboard that digs deep into Windows settings. It will, for example, let you easily change some privacy-related Group Policy options. WPD lets you wear your foil hat with pride!

    Read the full story in AskWoody Plus Newsletter 16.41.0 (2019-11-11).

  • New 7-Zip version 19.00

    Igor Pavlov just released a new version of 7-Zip. He’s bumped the version number up from 18.06 to 19.00.

    Details coming from

  • There’s a new version of 7-Zip

    No indication as yet whether the new version 18.06 has the same security problems as the older versions 18.0 thru 18.05. I expect we’ll hear from Landave shortly.

    Günter Born has a detailed description of version 18.06, including a link to the official download site.

    Personally, I’ve manually downloaded and installed it on my production machine. I’m expecting a blast from Landave in 3… 2… 1…

  • Is it time to give up on 7-Zip?

    I’ve been a 7-Zip fan for, like, forever. That’s why it pains me to report that several people — people who know what they’re doing — are taking 7-Zip to task for failing to keep up with key security features.

    On Jan. 28, I posted an article on Computerworld titled Multiple vulnerabilities in 7-Zip. Get it updated now!

    I thought that Igor Pavlov’s new release, version 18.01, took care of the major security problems. I was wrong.

    The core of the problem: Pavlov refuses to add ASLR (Address Space Layout Randomization) to the product, and won’t compile 7-Zip with the /GS Buffer Security Check flag. (Good overview of both technologies on the ISV Software Security page.)

    This was part of landave’s original complaint:

    I have discussed this issue with Igor Pavlov and tried to convince him to enable all three flags. However, he refused to enable /DYNAMICBASE [the ASLR flag] because he prefers to ship the binaries without relocation table to achieve a minimal binary size. Moreover, he doesn’t want to enable /GS, because it could affect the runtime as well as the binary size.

    So how bad is it? Microsoft Security Response Center engineer (not speaking in an official capacity!) Joseph Bialek says:

    What year is it @7zip ?? You guys still running on 90’s hardware??

    Stefan Kanthak, whom I quoted in the Computerworld Microsoft is distributing security patches through insecure HTTP links article, says in a private message:

    [7-Zip’s] INSECURE shell extension is loaded into explorer.exe, and allows an attacker to leverage its MULTIPLE shortcomings. For example Sun/Oracle made such a blunder when they deployed an outdated MSVCRT71.dll with their Java Runtime Environment, which allowed attackers to take advantage of its flaws.

    I’m not so concerned about individual, manual use, but the incorporation of 7-Zip binaries into other packages. An anonymous poster here on AskWoody came up with a long list of other packages that rely on 7-Zip, including WinRAR, Flash, and some .NET applications.

    I’m not yet ready to throw my copy of 7-Zip in the bit bucket. But I wonder if that’s just inertia.

  • Get 7-Zip updated now

    Igor Pavlov, the developer behind my favorite zipping routine, published an important security update on Jan. 28.

    Description and full instructions in Computerworld Woody on Windows.