News WinRAR security flaw ignores Windows Mark of the Web security warnings

[Admin]

WinRAR users not running the latest version are subject to a security flaw that's capable of ignoring the Windows Mark of the Web security warnings.

WinRAR security flaw ignores Windows Mark of the Web security warnings : Read more

 

[setx]

Windows' Mark of the Web is stupid idea in the first place. If user downloaded something and clicked to run it, he would select 'Yes' in that pseudo-security dialog.

help stop malware from automatically propagating

That's nonsense: if your browser automatically executes automatically downloaded stuff then your system is already compromised.

 

[COLGeek]

No politics, including attacks of that nature on each other. Stick to the tech topic, please.

Thank you.

 

[ezst036]

I personally find it shocking that people are paying for a compression program when so many free ones are available.

The resistance of RAR here truly breaks a lot of rules.

 

[AkroZ]

Popups are not a security feature, many users close them unconciously, this happen often when I help users:
Helper: There was a message, do you known its content ?
User: What message ?
Helper: There was a popup that you closed immediatly.
User: I didn't do anything, there was no popup.
Helper: I have seen it, redo the action.
User: here, no popup.
Helper: you closed it again...

 

[Exploding PSU]

Popups are not a security feature, many users close them unconciously, this happen often when I help users:
Helper: There was a message, do you known its content ?
User: What message ?
Helper: There was a popup that you closed immediatly.
User: I didn't do anything, there was no popup.
Helper: I have seen it, redo the action.
User: here, no popup.
Helper: you closed it again...

I feel like I've been so desensitised with so many bogus / extraneous popups over the years that hitting "X" whenever something pops up has become second nature... Even I'm guilty of this..

 

[Amdlova]

Winrar it's not free? For years I have close the Popup begging to buy IT

 

[qwertymac93]

Popups are not a security feature, many users close them unconciously, this happen often when I help users:
Helper: There was a message, do you known its content ?
User: What message ?
Helper: There was a popup that you closed immediatly.
User: I didn't do anything, there was no popup.
Helper: I have seen it, redo the action.
User: here, no popup.
Helper: you closed it again...

7zip ignores motw entirely by default for this reason. It took ages for the author to add optional motw support at all because he thought it was stupid from the start.

 

[Heiro78]

Windows' Mark of the Web is stupid idea in the first place. If user downloaded something and clicked to run it, he would select 'Yes' in that pseudo-security dialog.


That's nonsense: if your browser automatically executes automatically downloaded stuff then your system is already compromised.

I don't understand, isn't this article talking about a problem if an executable is started within winrar before extraction?

Do people really do that?

 

[alceryes]

I personally find it shocking that people are paying for a compression program when so many free ones are available.

The resistance of RAR here truly breaks a lot of rules.

I paid for a single user license 25 years ago. I'm gonna get my money's worth, damn it! 😉

For me, it actually is useful. Not more or less so than other free programs, but now it's the familiarity I enjoy. I also don't hook it into Explorer's R-click menu. The whole WinRAR MotW being ignored was known over a month ago. There are a dozen other articles discussing it. TH late to the party...?