This seems... wrong? Isn't %LOCALAPPDATA% commonly used to store executables for programs that want to install for a single user and not the whole computer? An example of which includes Google Chrome?
The exploit abuses ADSes with ..\ in the name to drop files on the system that aren't visible in the WinRAR file browser. It drops malware in the temp directory and then a .lnk in the Startup directory to activate an attack against COM, influencing the DLL that's being loaded by legitimate applications.
Maybe you're thinking of %AppData%?
>By default, VS Code is installed under C:\Users\{Username}\AppData\Local\Programs\Microsoft VS Code.
https://code.visualstudio.com/docs/setup/windows
%appdata% would be C:\Users\{Username}\AppData\Roaming
I'd still bet it's Usenet users that installed WinRAR way back when and have stuck to it ever since
Why people use it over .7z though? For that, I have no idea.
The docs for the toolchain he implemented (https://github.com/taviso/rarvmtools) allude to a number of bugs, but doesn't sound (??) like they're related to this vulnerability.
smokel•5mo ago
Yeah, right.
Edit: this figure is possibly taken from the WinRAR website [1]. It is more likely that there have been that many cumulative downloads, and even that seems to be a high number. Given that Windows has .zip file support built-in for quite some time, and the fact that nearly nobody downloads .zip files anymore, makes me very suspicious of this kind of statistic.
[1] https://www.win-rar.com/
sidewndr46•5mo ago
RiverCrochet•5mo ago
RAR seemed to handle large collections of files better on Windows than .zip back in the day, and it had a few features that .zip didn't, so it was something I typically installed on like Windows XP and such back then. But I'm not sure why anyone would use it over 7-zip today unless you have massive numbers of old .RAR files laying around.
I did work for a company that actually licensed WinZip because it was easier to use than the default Windows interface for .zip files.
johnmaguire•5mo ago
Even then, 7-zip supports extracting rar.
hulitu•5mo ago
7zip UI is ... a bit special. It is not shitty like Windows {10,11}, but it needs some emotional attention.
FirmwareBurner•5mo ago
In aa world where 7zip exists, most likely not.
AlexandrB•5mo ago
close04•5mo ago
I think Windows 11 got native RAR and 7Z support recently but I'm not sure what libraries it uses for this.
hatsuseno•5mo ago
scrlk•5mo ago
jeroenhd•5mo ago
nerdjon•5mo ago
Until very recently Windows could not natively unarchive .rar files and you needed to download WinRAR to be able to do this. I still find it not terribly uncommon to run into a random .rar file that previously would have meant I needed to install it, even if I only used it once.
> and the fact that nearly nobody downloads .zip files anymore
Citation needed? Why would people not be downloading .zip files anymore?
hnuser123456•5mo ago
TonyTrapp•5mo ago
Objective: 7z (the format) doesn't have the same data recovery options as RAR. As it stands, RAR remains one of the best options for long-term archival of data for casual users thanks to its optional recovery records.
nerdjon•5mo ago
A lot of non technical people know "winrar" and even if they don't if you search "rar file" on Google the first result is winrar.
close04•5mo ago
wongarsu•5mo ago
hulitu•5mo ago
Kids those days. There are some rar archives ( with recovery record ? ) that are only readable by winrar.
sim7c00•5mo ago
smokel•5mo ago
Still, I sincerely believe that in a typical year, a typical user runs into zero or one .zip files. Of course there are exceptions, but these power users do not make up a large part of the population. Facebook and Instagram are not shipped in .zip format for a reason.
Here are some numbers to think about:
According to Microsoft, there are ~1.4 billion devices that run Windows 10 or Windows 11 [1]. Apparently, there are some 200 million additional devices that run older versions of Windows [2].
Now, I could hypothetically ask my mom and dad, and find out that only one of them knows what a .zip file is. The other has not heard of .rar. I don't think I myself am a typical user, but I do know .rar, and I do not even have WinRAR installed.
That leaves me to conclude that it is very, very, unlikely that 31% of all Windows users has WinRAR installed.
[1] https://blogs.windows.com/windowsexperience/2025/06/24/stay-...
[2] https://jitendra.co/how-many-windows-users-are-there-in-the-...
k_roy•5mo ago
Of course, RAR usage nowadays is probably a bit more limited to things like usenet downloads, so the people caring enough to install an alternative decompressor is narrowing.
Larrikin•5mo ago
entelechy0•5mo ago
bdcravens•5mo ago
I do reject the idea that "nearly nobody downloads .zip files anymore". It's still pretty common. Crafters using Cricuts and engravers regularly download zip files of fonts, etc. Fedex/UPS package up invoices of a certain size, or consolidated billing accounts, in zip files. Etc.
transcriptase•5mo ago
HackerThemAll•5mo ago
At this point you lost my attention.
hulitu•5mo ago
Windows has _some_ .zip file support. Winrar is usually used for rar files. Zip files are still used (docx xlsx and pptx are zip files).