7-zip security warning

[jI11jaCksjAkk]

Question regarding the site warning to update 7zip for those more technically savvy than me:

I updated by installing the newest version without uninstalling the older version first. Does anyone know whether that is at all problematic?

For example, if I open the program itself it does show the current version number. But what about using the right-click menu to extract archives directly in FileExplorer? Any chance that might rely on older components from a previous install without the user being able to see that in any way?

 

[anne O'nymous]

I updated by installing the newest version without uninstalling the older version first. Does anyone know whether that is at all problematic?

Unless you specified a different path to install the new version, there's no problem. The new version totally replace the older one.

 

[tooldev]

Question regarding the site warning to update 7zip for those more technically savvy than me:

I updated by installing the newest version without uninstalling the older version first. Does anyone know whether that is at all problematic?

For example, if I open the program itself it does show the current version number. But what about using the right-click menu to extract archives directly in FileExplorer? Any chance that might rely on older components from a previous install without the user being able to see that in any way?

It is usually good protocol to delete and then install a new version, if you want full safety. Updates controlled via the application itself usually takes care of doing it properly, but if you dont know what was before you cannot decide what is afterwards, right It is always a good idea to check install logs in any case.

People download all kinds of stuff to both their phones and their computers without blinking and there are tons of remnants on a standard users machine. This is simply due to most being users and enjoying the 'convenience' of Windows for example taking care of things for them. Temp files from browsers are often not deleted regularly etc. This is usually the entry door for attackers and not some obscure exploit like the 7zip one.

 

[jI11jaCksjAkk]

Unless you specified a different path to install the new version, there's no problem. The new version totally replace the older one.

It is usually good protocol to delete and then install a new version, if you want full safety. Updates controlled via the application itself usually takes care of doing it properly, but if you dont know what was before you cannot decide what is afterwards, right It is always a good idea to check install logs in any case.

Thanks so much for responding. If I had been fully awake I would probably have uninstalled the previous version first because it was a security issue and not just a routine update, but it was late and I didn't start thinking about it until this morning.

 

[tooldev]

Thanks so much for responding. If I had been fully awake I would probably have uninstalled the previous version first because it was a security issue and not just a routine update, but it was late and I didn't start thinking about it until this morning.

Haha, dont feel bad. I am just picking on the subject, not on you personally. People nowadays use about 80% of their time using browsers and those are usually the biggest door people should protect. But they dont and add extensions etc and most have a huge barn door to their systems that way, which is why i used 'obscure' in that context.

The problem you asked about is often overlooked, as people rarely actually know what was on the machine before an update. So left-overs of an old version will not show in the log as errors either and the only way to avoid that, is by making it a habit to always delete/uninstall the old and then get the new stuff afterwards.

You must be registered to see the links

to understand where your real vulnerability is...

 

[droglob]

Thanks for the heads-up about 7zip.

I hope i haven't fucked up in the meanwhile because i did open some compressed files that didn't come from this site recently.

 

[polkadotwolf]

I just want to give big thanks for the security warning notice. I really appreciate it. Good job to whoever found it, mods, etc.

 

[thisisvindermax]

does it matter if I use winrar instead?