New WinZip exploits announced
Fixes restricted to current users, however
--------------------------------------------------------------------------------
posted 4:23pm EST Wed Oct 06 2004 - submitted by J. Eric Smith
NEWS
The most popular compression and archiving tool for Windows platforms, WinZip, was recently found to have a variety of vulnerabilities that would allow a malicious hacker to execute arbitrary code on an affected PC, says WinZip Computing, author of the WinZip software. All versions up to and including the latest 9.x version are affected by the flaw.
WinZip Computing has released a "service release" addressing these flaws, and it is available as a free download for 9.x version users. Users of older versions are required to purchase upgrades to the latest version to obtain fixes.
PC World has all you need to know on this. You can download the latest build of WinZip from Winzip.com.
ERIC'S OPINION
This is the second or third time this utility has been a major headache. Again, it highlights a growing trend in commercial software, namely that of abandonment of older versions. Got a bug in a non-current product? Sorry, you'll have to pony up to get it fixed. The latest security is only available for our latest clients.
In a way, I can see why companies take this attitude, as fixing these problems costs money. You can't continue development of an old product forever. That doesn't make it any easier to swallow, though, when your budget has to accommodate something like this. WinZip may be cheap, but multiply it by a few hundred or a few thousand users and it quickly becomes a decent-sized line item for your quarterly budget.
Here is one area where Open Source continues to have a potential advantage. After all, if you've got the source, you can fix whatever needs fixing on your own. Of course, not everyone has the time or resources to do such a thing, and Open Source sites like Freshmeat.net are littered with abandon-ware projects that haven't been updated or touched in a long, long time.
Fixes restricted to current users, however
--------------------------------------------------------------------------------
posted 4:23pm EST Wed Oct 06 2004 - submitted by J. Eric Smith
NEWS
The most popular compression and archiving tool for Windows platforms, WinZip, was recently found to have a variety of vulnerabilities that would allow a malicious hacker to execute arbitrary code on an affected PC, says WinZip Computing, author of the WinZip software. All versions up to and including the latest 9.x version are affected by the flaw.
WinZip Computing has released a "service release" addressing these flaws, and it is available as a free download for 9.x version users. Users of older versions are required to purchase upgrades to the latest version to obtain fixes.
PC World has all you need to know on this. You can download the latest build of WinZip from Winzip.com.
ERIC'S OPINION
This is the second or third time this utility has been a major headache. Again, it highlights a growing trend in commercial software, namely that of abandonment of older versions. Got a bug in a non-current product? Sorry, you'll have to pony up to get it fixed. The latest security is only available for our latest clients.
In a way, I can see why companies take this attitude, as fixing these problems costs money. You can't continue development of an old product forever. That doesn't make it any easier to swallow, though, when your budget has to accommodate something like this. WinZip may be cheap, but multiply it by a few hundred or a few thousand users and it quickly becomes a decent-sized line item for your quarterly budget.
Here is one area where Open Source continues to have a potential advantage. After all, if you've got the source, you can fix whatever needs fixing on your own. Of course, not everyone has the time or resources to do such a thing, and Open Source sites like Freshmeat.net are littered with abandon-ware projects that haven't been updated or touched in a long, long time.
