7-Zip question on developer, download and comparability-performance

jana
jana used Ask the Experts™
on
We are reviewing our compression tools in order to finally replace it for a better one; our main concern is the encryption used.

We have been recommended in various occasion the open source product 7-zip over commercial products.

We use WinZip 9.0 and WinRar 4.20; we know they are old, so now we are considering 7-zip product.  However, some question regarding this product in order to decide to make the change and wanted EE experience on the following:

Is there more than one provider or developer of 7-Zip?
Which is a reliable source for download 7-Zip?
Being an open-source is it more vulnerable than commercial version?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018
Commented:
"Is there more than one provider or developer of 7-Zip?" - who knows, It only says "Igor Pavlov" is behind it. Download it at its homepage http://www.7-zip.org/

"Being an open-source is it more vulnerable than commercial version?" - While commercial software is usually coded by highly trained, security-aware, well paid professionals, open source software is usually made by pale, long haired sweatshirt-wearing geeks that live in dark sous-terrain apartments. Lol.
No, that is no indication of quality whatsoever.
Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Commented:
The official website is:  http://www.7-zip.org/   Since it is free and open source there are many places to download it but I would use the official web site.  Don't know but 'more vulnerable' has nothing to do with 'open source' or commercial but more to do with how well it is written.
Brian PringleSystems Analyst II, SCM, ERP
Commented:
The software creates a fairly secure file, but has one drawback...  The file that gets encrypted is stored in the %temp% folder prior to being encrypted, which means that someone can get the original from the computer that was used to encrypt the file.  

They use AES-256 bit encryption, so the file is secure for transmission.  

It should be downloaded from http://www.7-zip.org/
Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

1.  There is only one developer (group) for 7-zip.  However 7-zip is GNU LGPL licensed, so anyone is free to distribute modified versions, under the same license.

2. 7-zip.org.  Or you can use the one on download.cnet.com

3.  There's no evidence open-source software is different in the level of security compared to proprietary ones, on average.  This article is good one to under the specific factors related to open-source software security.
http://www.zdnet.com/article/six-open-source-security-myths-debunked-and-eight-real-challenges-to-consider/
Distinguished Expert 2018

Commented:
@btpringle: allow the correction: if that were a drawback, it would mean, the (presumed) attacker could already access your user profile - so you're lost anyway. Security aware people clear %temp% at logoff, scripted. Also, they don't make their profile accessible, not online, nor offline.
Brian PringleSystems Analyst II, SCM, ERP

Commented:
@McKnife:  The only problem is that many users don't realize this.  They delete the original file thinking that they are safe and then do nothing further.  I just wanted the user to be aware that the file is stored there, as well as the original location.

With that said, I personally use 7-Zip and have never had issues with the encryption function.  I used to use WinZip, but the cost of it on each computer was getting prohibitive.

Author

Commented:
Understood.

Since the code is available, how possible is it to reverse-engineer its process in order to identify how the 7-zip file was encrypted?
Distinguished Expert 2018

Commented:
rayluvs, you misunderstand. Knowing exactly how it is encrypted does not make it insecure, not the tiniest bit.

Author

Commented:
We are not experts on the matter; the reason for the question.

So we take it by your comment that it is not possible for a programmer to reverse-engineer the process in order to identify how the 7-zip file was encrypted.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial