Software:WinRAR

From HandWiki
Short description: File archiver
WinRAR
WinRAR screenshot.png
WinRAR 6.21 in Windows 10
Developer(s)
  • Eugene Roshal (developer),
  • Alexander Roshal (distributor)[1][2]
Initial release22 April 1995; 29 years ago (1995-04-22)
Written inC++
Operating systemWindows Vista or later
PlatformIA-32, x64
Size3.4 MB
Available in50+ languages[3]
List of languages
Arabic, Armenian, Azerbaijani, Basque, Belarusian, Bulgarian, Burmese, Catalan, Chinese Simplified, Chinese Traditional, Croatian, Czech, Danish, Dutch, English, Estonian, Finnish, French, Galician, Georgian, German, Greek, Hebrew, Hungarian, Indonesian, Italian, Japanese, Korean, Lithuanian, Mongolian, Norwegian, Persian, Polish, Portuguese, Brazilian Portuguese, Romanian, Russian, Serbian Cyrillic, Slovak, Slovenian, Spanish, Colombian Spanish, Swedish, Thai, Turkish, Ukrainian, Uzbek, Vietnamese
TypeFile archiver
LicenseTrialware[4]

WinRAR is a trialware file archiver utility for Windows, developed by Eugene Roshal of win.rar GmbH. It can create and view archives in RAR or ZIP file formats,[5] and unpack numerous archive file formats. To enable the user to test the integrity of archives, WinRAR embeds CRC32 or BLAKE2 checksums for each file in each archive. WinRAR supports creating encrypted, multi-part and self-extracting archives.

WinRAR is a Windows-only program. An Android application called "RAR for Android" is also available.[6] Related programs include the command-line utilities "RAR" and "UNRAR"[7] and versions for macOS,[3] Linux, FreeBSD, Windows CE, and MS-DOS.

Evolution

WinRAR and the RAR file format have evolved over time. Support for the archive format RAR5, using the same RAR file extension as earlier versions, was added in version 5.0;[8] the older RAR file format has since been referred to as RAR4. WinRAR versions before 5.0 do not support RAR5 archives;[9] only older versions of WinRAR run on Windows versions prior to Windows Vista, and cannot open RAR5 archives.

The RAR5 file format - from version 7 on, referred to as "RAR" - increased the maximum dictionary size up to 64 GB, depending on the amount of available memory, with the default in version 5 increased from 4 MB to 32 MB, typically improving compression ratio. For dictionaries larger than 4 GB, the size can be specified if it is unequal to a power of 2. Thus, there are no restrictions to the range 4, 8, 16, 32, 64, allowing 5 GB or 22 GB to be chosen at will. Archives with dictionaries larger than 4 GB can only be extracted by WinRAR 7.0 or newer. AES encryption, when used, is in CBC mode and was increased in strength from 128- to 256-bit. Maximum path length for files in RAR and ZIP archives is increased from 2047 to 65535 characters.[9]

Options added in v5.0 include 256-bit BLAKE2 file-hashing algorithm instead of default 32-bit CRC32, duplicate file detection, NTFS hard and symbolic links, and Quick Open record to allow large archives to be opened faster.[9]

The RAR5 file format removed comments for each file (though archive comment still remains), authenticity verification, and specialized compression algorithms for text and multimedia files. RAR5 also changed the file name for split volumes from "archivename.rNN" to "archivename.partNN.rar".[9]

Features

  • Creation of packed RAR or ZIP archives.
  • Unpacking of ARJ, BZIP2, CAB, GZ, ISO, JAR, LHA, RAR, TAR, UUE, XZ, Z, ZIP, ZIPX, ZST, 7z, UUE 001 (split) archives, as well as EXE files containing these archive formats[9][10]
  • Checksum (integrity) verification for ARJ, BZIP2, CAB, GZ, BZIP2, RAR, XZ, ZIP and 7z archives
  • Multithreaded CPU compression and decompression

When creating RAR archives:

  • Support for maximum file size of 16 EiB, about 1.8 × 1019 bytes or 18 million TB
  • Compression dictionary from 1 MiB to 1 GiB (it is limited to 256 MiB on 32-bit editions of Windows, although 32-bit Windows still can decompress archives with 1 GiB dictionary; default size is 32 MiB)[9]
  • Optional 256-bit BLAKE2 file hash can replace default 32-bit CRC32 file checksum[9]
  • Optional encryption using AES with a 256-bit key[11] in CBC mode, using key derivation function based on PBKDF2 using HMAC-SHA256[9]
  • Optional data redundancy is provided in the form of Reed–Solomon recovery records and recovery volumes, allowing reconstruction of damaged archives (including reconstruction of entirely missed volumes)
  • Optional "quick open record" to open RAR files faster[9]
  • Ability to create multi-volume (split) archives[12]
  • Ability to create self-extracting files (multi-volume self-extracting archives are supported;[12] the self-extractor can execute commands, such as running a specified program before or after self-extraction[13])
  • Support for advanced NTFS file system options, such as NTFS hard and symbolic links[9]
  • Support for maximum path length up to 2,048 characters (stored in the UTF-8 format)[9]
  • Optional archive comment (stored in the UTF-8 format)[9]
  • Optional file time stamp preservation: creation, last access, high precision modification times
  • Optional file deduplication
  • Advanced backup options, time-stamped files and previous file version retention.

License

The software is distributed as "try before you buy"; it may be used without charge for 40 days.[2] When the period expires, the non-enterprise functionalities remain available, a move intended to discourage piracy.[4] In China , a free-to-use personal edition has been provided officially since 2015.[14]

Although archiving with the RAR format is proprietary, RARLAB supplies as copyrighted freeware the C++ source code of the current UnRAR unpacker, with a license allowing it to be used in any software, thus enabling others to produce software capable of unpacking, but not creating, RAR archives.[15]

RAR for Android is free of charge. It displays advertisements; for a payment they can be disabled.[6] A license for WinRAR does not provide ad-suppression for RAR for Android.

Security

In February 2019, a major security vulnerability in the unacev2.dll library which is used by WinRAR to decompress ACE archives was discovered.[16][17] Consequently, WinRAR dropped the support for the ACE format from version 5.70.

Self-extracting archives created with versions before 5.31 (including the executable installer of WinRAR itself) are vulnerable to DLL hijacking: they may load and use DLLs named UXTheme.dll, RichEd32.dll and RichEd20.dll if they are in the same folder as the executable file.[9][18]

It was widely reported that WinRAR v5.21 and earlier had a remote code execution (RCE) vulnerability which could allow a remote attacker to insert malicious code into a self-extracting executable (SFX) file being created by a user, "putting over 500 million users of the software at risk".[19] However, examination of the claim revealed that, while the vulnerability existed, the result was merely an SFX which delivered its payload when executed; published responses dismissed the threat, one saying "If you can find suckers who will trust a .exe labelled as self-extracting archive ... then you can trick them into running your smuggled JavaScript".[20][21]

WinRAR 6.23 fixes a critical security vulnerability which allowed the hacker to automatically execute malware distributed in archives under some circumstances.[22]

History

Versions

  • Command line RAR and UNRAR were first released in autumn 1993.[7]
  • Early development version WinRAR 1.54b was released in 1995 as Windows 3.x software.
  • 3.00 (2002-05): the new RAR3 archive format is implemented. The new archives cannot be managed by older versions of WinRAR. Solid compression and WAV audio lossless compression features are added.[23]
  • 3.41 (2004-12): adds support for Linux .Z archives like GZIP and BZIP2. New options include storing entire file paths and restoring compressed NTFS files.[24]
  • 3.50 (2005-08): adds support for interface skins and Windows XP Professional x64 Edition.[24]
  • 3.60 (2006-08): adds multithreaded version of the compression algorithm, which improves compression speed on systems with multiple dual-core or hyper-threading-enabled CPUs.
  • 3.80 (2008-09): adds support for ZIP archives, which contain Unicode file names in UTF-8.[25]
  • 3.90 (2009-05): adds support for the x86-64 architecture and Windows 7. Multithreaded support is enhanced.[9]
  • 3.91 is the last release that supports Valencian.
  • 3.92 is the last release that supports Serbian Cyrillic and Serbian Latin.
  • 4.00 (2011-03): decompression is sped up by up to 30%. Windows 98, Windows ME, and Windows NT are no longer supported; the minimum Windows version required is Windows 2000.[9]
  • 4.10 (2012-01): removes all ZIP limitations now allowing unlimited number of files and archive size. WinRAR now also allows creation of multivolume ZIP files. ZIP archives now include Unicode file names.[9]
  • 4.20 (2012-06): compression speed in SMP mode is increased significantly, but this improvement was made at the expense of increased memory usage. ZIP compression now uses SMP as well. The default SMP mode cannot handle text; text compression is significantly worse unless additional switches are used. Also, Windows 2000 compatibility was removed.[9]
  • 5.00 (2013-09): the RAR5 archive format is implemented. RAR5 compressed archives cannot be managed by old versions of WinRAR. The RAR 5 format improves multi-core processor utilization, and adds a larger dictionary size of up to 1 GiB with 64-bit WinRAR. Special optional compression algorithms optimized for RGB bitmaps, raw audio files, Itanium executables, and plain text, which were supported by earlier versions, are supported only in the older RAR format, not RAR5.[9] Optional optimized compression of x86 executables and delta compression (for structured table data) are supported in both file formats.
  • 5.50 (2017-08): adds support for a master password which can be used to encrypt passwords stored in WinRAR. The default RAR format is changed to version 5. Adds support for decompressing Lzip archives; adds support for high precision file dates, longer file names and larger file sizes for TAR archives.[9]
  • 5.60 (2018-06): repairing of protected RAR5 archives was improved. Automatic detection of the encoding of ZIP archive comments. Recognition of GZIP files with arbitrary preceding data as an actual GZIP archive.[9]
  • 5.70 (2019-02): removes support for ACE archive decompression due to major security vulnerabilities[26] in the unacev2.dll library.[9]
  • 6.00 (2020-12): "Ignore" and "Ignore All" options are added to read error prompt. "Ignore" allows to continue processing with already read file part only and "Ignore All" does it for all future read errors.
  • 6.10 (2022-01): Dropped Windows XP support. Added support for unpacking ZST archives. Maximum recovery record is increased to 1000% of protected data size.
  • 6.11 (2022-03): Support of Gzip archives with large archive comments has been added; In command line mode, the switch -mes can also be used to suppress the password prompt and abort when adding new files to an encrypted solid archive.
  • 6.12 (2022-05): CVE-2022-30333 security vulnerability is fixed in Unix RAR versions. WinRAR and Android RAR are not affected.
  • 6.23 (2023-08): CVE-2023-40477 and CVE-2023-38831 critical security vulnerabilities are fixed in WinRAR. Unix and Android versions are not affected.

Operating systems support

More recent versions do not support many older operating systems. Versions supporting older operating systems may still be available, but not maintained:

See also

References

  1. (Russia , Chelyabinsk) WinRAR 3.40 release notes by Eugene Roshal (in Russian)
  2. 2.0 2.1 RAR and WinRAR End User License Agreement (EULA), RARLAB, https://rarlab.com/license.htm, retrieved 2019-03-11 
  3. 3.0 3.1 "RAR download page". RARLAB. https://rarlab.com/download.htm. 
  4. 4.0 4.1 "WinRAR And The Infinite 40-Day Trial". https://www.youtube.com/watch?v=fTgZRVVr3_Y. 
  5. Manuel Masiero (18 March 2013)"Compression Performance: 7-Zip, MagicRAR, WinRAR, WinZip" Tom's Hardware. Retrieved 27 November 2013.
  6. 6.0 6.1 "RAR for Android; RARsoft.". https://play.google.com/store/apps/details?id=com.rarlab.rar. 
  7. 7.0 7.1 Voloshin, Kirill (2011-03-10). "Error: no |title= specified when using {{Cite web}}" (in ru). http://www.compression.ru/arctest/descript/roshal.htm. 
  8. Martin Brinkmann (29 April 2013)"WinRAR 5.0 introduces the new RAR 5 format. What you need to know" Ghacks. Retrieved 27 November 2013.
  9. 9.00 9.01 9.02 9.03 9.04 9.05 9.06 9.07 9.08 9.09 9.10 9.11 9.12 9.13 9.14 9.15 9.16 9.17 9.18 9.19 9.20 9.21 9.22 9.23 "Latest changes in WinRAR (cumulative release notes for all versions)". RARLAB. https://rarlab.com/rarnew.htm.  Updated with each new beta test or released version. Current page has versions 4.00 and higher; archived page linked here has versions 3.70–3.93; older archived versions go back to 3.00
  10. "Best Archive Tool". DonationCoder.com. 2005-09-05. http://www.donationcoder.com/Reviews/Archive/ArchiveTools/index.html. 
  11. "WinRAR 5 Final Released" Techno360.in. Retrieved 27 November 2013.
  12. 12.0 12.1 Martin Brinkmann (7 September 2011). "How To Split Large Files Into Multiple Smaller Ones". https://www.ghacks.net/2011/09/07/how-to-split-large-files-into-multiple-smaller-ones/. 
  13. WinRAR Help – GUI SFX modules: setup commands
  14. "软众信息-WinRAR独家总代理商 最新官方简体中文版下载 支持64位非破解版压缩软件:软件介绍-致用户的一封信". www.winrar.com.cn. http://www.winrar.com.cn/about.htm. 
  15. "WinRAR and RAR archiver addons (downloads, UnRAR for various platforms, and source code)". RARLAB. https://rarlab.com/rar_add.htm.  License says "The source code of UnRAR utility is freeware"
  16. "Extracting a 19 Year Old Code Execution from WinRAR" (in en-US). 2019-02-20. https://research.checkpoint.com/extracting-code-execution-from-winrar/. 
  17. "WinRAR Multiple Security Vulnerabilities". https://www.securityfocus.com/bid/106948. 
  18. Kanthak, Stefan (7 February 2016). "Executable installers are vulnerable^WEVIL (case 25): WinRAR's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege". http://seclists.org/fulldisclosure/2016/Feb/58. 
  19. Shaikh Rafia (September 2015). "WinRAR Exploit Could Put 500 Million Users at Risk". https://wccftech.com/winrar-exploit-could-put-500-million-users-at-risk/. 
  20. Darren Pauli (30 September 2015). "Smuggle mischievous JavaScript into WinRAR archives? Sure, why not". https://www.theregister.co.uk/2015/09/30/500m_winrar_users_open_to_remote_code_execution_zero_day/. 
  21. "WinRAR Vulnerability Is Complete Bullshit". 1 October 2015. http://www.darknet.org.uk/2015/10/winrar-vulnerability-is-complete-bullshit/. 
  22. Goodin, Dan (2023-08-23). "WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April" (in en-us). https://arstechnica.com/security/2023/08/winrar-0-day-that-uses-poisoned-jpg-and-txt-files-under-exploit-since-april/. 
  23. "RAR - What's new in the latest version (v3.00 to v3.11)". http://www.rarlab.com/rarnew.htm. 
  24. 24.0 24.1 "RAR - What's new in the latest version (v3.40 to v3.50)". http://www.rarlab.com/rarnew.htm. 
  25. "WinRAR archiver, a powerful tool to process RAR and ZIP files". RARLAB. https://rarlab.com/. 
  26. Nichols, Shaun (2019-02-20). "Behold… a WinRAR security bug that's older than your child's favorite YouTuber. And yes, you should patch this hole". https://www.theregister.co.uk/2019/02/20/winrar_security_bug/. 
  27. "RAR 2.50 – Stats, Downloads and Screenshots". https://winworldpc.com/product/rar. 
  28. 28.0 28.1 "Downloads for: WinRAR, RAR for Mac OS X, RAR for Linux, RAR for DOS & OS/2, RAR for FreeBSD, with 40 days free trial". http://www.winrar.co.nz/download-winrar. 

Further reading

External links