The author suggests that rar is dangerous, because anti-virus software can detect viruses some viruses until you put those viruses inside a rar archive.<p>But the author doesn't test to see what happens when the user tries to do anything with the rar. presumably people have to extract content to be able to use it - wouldn't that be the point when the anti virus spots the threat?<p>I thought it was well understood that users should scan content near the point of use rather than the point of download (later, rather than sooner) to allow time for definitions to be distributed and incorporated into av products.
This is true and I can confirm this. I sincerely urge everyone to check any executable for viruses <i>before</i> they double click on it, while running on Windows, especially!<p>Just because your antivirus scan doesn't tell you that it's a virus, doesn't mean the file isn't infected. Always, try uploading the file to a cloud based solution like <a href="http://virustotal.com" rel="nofollow">http://virustotal.com</a> which will return scan results from several anti-virus engines. Even if the detection ratio is as low as 2-3, you should be extremely cautious.<p>Attackers on the internet generally store Viruses inside a container like RAR or Zip and password-protect them. And they supply the password separately. This can be seen in forums, etc. where there is a lot of traffic. The logic behind is that when you run a scan against a virus package hiding behind a password-protected container like RAR or Zip, the anti-virus engine will fail to determine that the file is infected and some engines will even tell you it's clean! Always extract these files, scan it, or upload to a cloud scanning solution and then run it on a sandbox environment to be safe.<p>I have been a victim of several such attacks in the past (several years back) wherein these files were sent to me as Email attachments and the password was mentioned in the email body as something like "Hurry, open this, run this..etc". And even many popular emails vendors like Gmail fail to detect such files (even till date). Just don't fall for it! Maybe that free smiley software isn't worth it, after all?<p>For my fellow Windows users, there is an excellent free anti-virus that comes with a Virtual Kiosk and Sandbox mode (meaning, if you run anything inside a sandbox, even a virus won't be able to affect your computer) provided by the popular security guys Comodo:<p><a href="http://www.comodo.com/home/internet-security/free-internet-security.php" rel="nofollow">http://www.comodo.com/home/internet-security/free-internet-s...</a><p>Cheers!
No. Questionable downloads use rar archives because of the compression was generally higher than zip and allowed you to "split" files so it was easier to transport over usenet.<p>A virus isn't useful until it's extracted anyway.
Disclosure: I work for an AV vendor. Mine was one of them listed that does scan within RAR files regardless of a hidden attribute.<p>One of the things about scanning within archive files is that it's quite IO intensive and by default isn't enabled for most AV installs. I very much doubt the reason for why it's stressful from an IO perspective is lost on HN readers, but one thing that is overlooked in the comments and the article itself is that by default most operating systems do not support RAR compression and really what is mainstream is ZIP on Windows, and Tarballs and Stuffit files on Mac.<p>The default settings in most AV software are good enough for situations as the author wrote, even if they're on the list that didn't successfully scan within the archive. If your scanner is scanning on write, extracting the archive will in fact cause it to trip regardless of the file's hidden or lack there of attribute.<p>RAR is a notable exception as it does have the ability to execute code as it is processed through a virtual machine, but at the same time a number of AV engines are geared towards situations like this using things like suspicious behaviour detection and whatnot. Those however are not necessarily enabled by default.<p>I think that the author's beliefs are a bit overblown here. What really matters is what happens after the RAR file is extracted, not while it's more or less safely packed inside.
Title is extremely misleading, the original - "Why questionable downloads use rar archives" is better, and more importantly, accurate.<p>60% of antivirus programs missed viruses hidden in an alternate data stream of a file inside a rar archive, <i>not</i> the simple case of a virus in a rar file.
I never really understood why Virus scanners are so keen on scanning archives. Most stuff that I have archived I never touch and if I touch the contents, the Virus scanner will warn me anyway.<p>In fact the archive search is the single reason why I never do full disk scans voluntarily. They take ages and need tons of resources... Most of the times such a full disk scan is stuff on decompressing some archive.
RAR archives are hugely popular in China, for both legitimate and (presumably) illegitimate reasons. All my Chinese friends constantly send me RAR files. I’ve long wondered why that’s the case. All operating systems these days have built in Zip tools, but you usually have to install extra software to create and extract RAR files.
I seem to remember reading about how the rar format supports executing (arbitrary?) code when you unrar a file (presumably to support custom decompression algos?) but I can't for the life of me find a reference for it now. Anyone have any idea what this is and if that's a factor too?