7-Zip question on developer, download and comparability-performance

We are reviewing our compression tools in order to finally replace it for a better one; our main concern is the encryption used.

We have been recommended in various occasion the open source product 7-zip over commercial products.

We use WinZip 9.0 and WinRar 4.20; we know they are old, so now we are considering 7-zip product.  However, some question regarding this product in order to decide to make the change and wanted EE experience on the following:

Is there more than one provider or developer of 7-Zip?
Which is a reliable source for download 7-Zip?
Being an open-source is it more vulnerable than commercial version?
LVL 1
janaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
"Is there more than one provider or developer of 7-Zip?" - who knows, It only says "Igor Pavlov" is behind it. Download it at its homepage http://www.7-zip.org/

"Being an open-source is it more vulnerable than commercial version?" - While commercial software is usually coded by highly trained, security-aware, well paid professionals, open source software is usually made by pale, long haired sweatshirt-wearing geeks that live in dark sous-terrain apartments. Lol.
No, that is no indication of quality whatsoever.
Dave BaldwinFixer of ProblemsCommented:
The official website is:  http://www.7-zip.org/   Since it is free and open source there are many places to download it but I would use the official web site.  Don't know but 'more vulnerable' has nothing to do with 'open source' or commercial but more to do with how well it is written.
Brian PringleSystems Analyst II, SCM, ERPCommented:
The software creates a fairly secure file, but has one drawback...  The file that gets encrypted is stored in the %temp% folder prior to being encrypted, which means that someone can get the original from the computer that was used to encrypt the file.  

They use AES-256 bit encryption, so the file is secure for transmission.  

It should be downloaded from http://www.7-zip.org/
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

techhealthDirectorCommented:
1.  There is only one developer (group) for 7-zip.  However 7-zip is GNU LGPL licensed, so anyone is free to distribute modified versions, under the same license.

2. 7-zip.org.  Or you can use the one on download.cnet.com

3.  There's no evidence open-source software is different in the level of security compared to proprietary ones, on average.  This article is good one to under the specific factors related to open-source software security.
http://www.zdnet.com/article/six-open-source-security-myths-debunked-and-eight-real-challenges-to-consider/

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
McKnifeCommented:
@btpringle: allow the correction: if that were a drawback, it would mean, the (presumed) attacker could already access your user profile - so you're lost anyway. Security aware people clear %temp% at logoff, scripted. Also, they don't make their profile accessible, not online, nor offline.
Brian PringleSystems Analyst II, SCM, ERPCommented:
@McKnife:  The only problem is that many users don't realize this.  They delete the original file thinking that they are safe and then do nothing further.  I just wanted the user to be aware that the file is stored there, as well as the original location.

With that said, I personally use 7-Zip and have never had issues with the encryption function.  I used to use WinZip, but the cost of it on each computer was getting prohibitive.
janaAuthor Commented:
Understood.

Since the code is available, how possible is it to reverse-engineer its process in order to identify how the 7-zip file was encrypted?
McKnifeCommented:
rayluvs, you misunderstand. Knowing exactly how it is encrypted does not make it insecure, not the tiniest bit.
janaAuthor Commented:
We are not experts on the matter; the reason for the question.

So we take it by your comment that it is not possible for a programmer to reverse-engineer the process in order to identify how the 7-zip file was encrypted.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.