WinZip: Bug found in version 10.0, New features (and more backward incompatibility, and a controversy) in 11.0
Posted by Sachin Garg on 23rd November 2006 | Permanent Link
WinZip Computing has released version 11.0 of its flagship WinZip compression utility. It adds thumbnail images users can browse before extracting digital photos and support for the RAR file format.
They have touted new compression formats, including RAR, BZ2, and a “special” lossless technique to squeeze .wav-formatted audio files as reasons to upgrade.
The interesting discovery that this “special” technique was infact WavPack by David Bryant and that WinZip is not acknowledging their use of WavPack as required by WavPack’s license made quite a bit noise. Very interesting indeed.
This was a slight disappointment as this came from a company which has usually been very forthcoming regarding acknowledging use of third party stuff (like when they added Dmitry Shkarin’s ppmd method). Anyway, the acknowledgement issue has been fixed in the released version, now both the pages on their website and the installed help file acknowledge their use of WavPack (use of ’special’ in press releases still hurts a bit).
In all fairness, as WinZip says that they are using their own implementation of WavPack algorithm, IMHO they were not ‘required’ to acknowledge anything as the license applies only to copyrights and if it is their own implementation their is no copyright infringement (I could be wrong here and I am not a lawyer).
And how this (and other moves by WinZip and PKWare) break backward compatibility of now 18+ years old ZIP format and can cause headaches for the users, unable to figure why their friends can’t extract the files they sent, is a discussion better left for another day. Without the only unique advantage ZIP has compared to other formats (ubiquitous support and guarantee that user will be able to extract the file) it will be interesting to see how fast users switch to something inherently better.
And in other news, WinZip 10 contains a critical bug that could allow attackers to hijack a Windows PC running the utility. (The “highly critical” flaw is within the FileView ActiveX control that WinZip calls up. A malicious website exploiting the vulnerability could compromise the computer and let a hacker install malware such as a backdoor trojan or spyware on the PC. A new build of version 10 (build 7245) patches the vulnerability, so upgrade now.)