WinRAR

Description

In the early 1990s, hard drives were small and internet connections were slow enough that file size was an everyday concern. Transferring a large program by modem or across floppy disks required either patience or compression. Eugene Roshal, a student of software engineering at Chelyabinsk State Polytechnic University in Russia, was working on data compression as his thesis topic. In autumn 1993 he published the first command line versions of RAR and UNRAR. The name was an acronym for Roshal Archive.

RAR compressed files more efficiently than ZIP especially in solid mode when you’re archiving multiple files together. It could divide large archives into multiple volumes for floppy disk storage. It had a recovery record that could be used to reconstruct damaged data. These weren’t incremental improvements — each addressed a real limitation users had been working around.

In 1995, Roshal published WinRAR: a graphical version for Windows that introduced the same compression engine into a point-and-click interface. Roshal’s older brother Alexander does the copyright and business side — Eugene has said the arrangement allows him to focus on development. win.rar GmbH, the company that distributes WinRAR, incorporated in 2002.

WinRAR has gone past 500 million users worldwide and is one of the most widely installed utilities on Windows, despite the existence of free alternatives and the built-in ZIP support in Windows since XP.

THE TRIAL THAT NEVER ENDS

WinRAR calls itself trialware. After downloading, users receive a 40-day trial period. When that time is up, WinRAR shows a dialog box when it is launched, reminding users of the end of the trial and requesting them to buy a license. The software then continues to work the same as before.

Nothing locks. Nothing stops working. The complete functionality is available forever. Users can close the reminder and continue. This design is deliberate.

win.rar GmbH makes no attempt to enforce compliance by technical restriction. The commercial logic: enterprise customers — companies using WinRAR to compress contracts, transfer large files, or automate archival processes — run the risk of compliance if running unlicensed software. Audit liability and the preference for orderly software inventories drive corporate users to licensed copies. WinRAR sells per-seat commercial licenses and that is the part that generates its revenue. The consumer population is primarily the distribution infrastructure: the more prevalent WinRAR is on desktops, the more natural it is that it is the default tool in the workplace.

The result has been three decades of omnipresence on Windows machines. The never-expiring trial became one of the more discussed quirks of computing — acknowledged enough to become a cultural reference.

THE RAR FORMAT

RAR remains proprietary. Alexander Roshal owns the copyright and licenses Only authorized software — mainly WinRAR itself and the official command-line RAR tool — is able to create RAR archives. RARLAB releases source code for UnRAR, a decompression only program, under a license that allows other programs to extract RAR files but specifically forbids reverse engineering the compression algorithm or writing software that can create RAR archives without permission. 7-Zip, PeaZip, and other free archivers can extract RAR files using this code. None can create them.

The format has undergone major versions over the years. RAR2 arrived with WinRAR 2.0 in 1996. RAR3 was included with version 3.0 in 2002, which added solid compression with multiple files and added a better recovery record. RAR5, introduced with WinRAR 5.0 in September 2013, made some big changes: AES encryption was upgraded from 128-bit to 256-bit, the recovery record was rebuilt using Reed-Solomon error correction codes, the compression dictionary size increased to 1GB (from 4MB in RAR3 default), and optional BLAKE2 checksums were added in addition to the default CRC-32. RAR5 archives are not compatible with versions of WinRAR earlier than 5.0.

WinRAR 7.0, released in February 2024, removed the functionality of creating RAR4 archives and increased the maximum dictionary size to 64 GB for 64-bit installations. WinRAR 7.10 was released in February 2025, removing support for 32-bit Windows. In May 2024 win.rar GmbH stopped offering physical CD-ROM delivery because of the closure of the factory that produced them and the declining demand.

COMPRESSION AND FEATURES

WinRAR creates RAR and ZIP format archives. For extraction, it supports more: CAB, ARJ, LZH, TAR, GZip, BZIP2, XZ, 7Z, ISO, Lzip, Zstandard, etc. Shell integration adds WinRAR options to the right-click context menu in Windows, so it is possible to compress or extract without opening the main interface.

Solid compression compresses all the files as one continuous stream of data instead of compressing them individually. Archiving multiple similar files — a folder of source code, a set of documents — allows solid mode to find patterns across the entire set, and to achieve better compression than file-by-file methods. The tradeoff is slower random access: to extract a single file from a solid archive, everything has to be decompressed before the file is extracted.

Multi-volume archives divide a compressed file into several smaller pieces with sequential names (archivename.part1.rar, archivename.part2.rar, etc.). Essential in the floppy disk days, the feature is still useful for upload size limits and attachment restrictions.

Self-extracting archives (SFX) package compressed data with a small decompression program. The resulting .exe file extracts its contents when it is run, requiring no archiver on the receiving system. SFX archives can have instructions to show license text, run installation scripts, or specify the path where you want to extract the archive.

The recovery record contains error correction data at archive creation time. If corruption occurs — a failed download, a bad sector, data degradation — WinRAR uses the recovery record to reconstruct the damaged portion. The record size is configurable as a percentage of the entire archive. RAR5’s implementation uses Reed-Solomon codes, which cope with scattered errors better than the method used in previous formats.

AES-256 encryption is used to protect the contents of the archive. Users can optionally enable header encryption, which hides file names, sizes and timestamps in addition to file data. Without header encryption, the structure and metadata of the archive is visible to anyone who opens the archive, even without the password. A master password, which was introduced in version 5.50 in 2017, encrypts the stored password list.

SECURITY ISSUES

In February 2019, researchers found a critical path traversal vulnerability in unacev2.dll, a third-party library WinRAR used to extract ACE archives. The flaw enabled a specially crafted ACE archive to extract files to arbitrary locations on the system, which could result in malicious executables in startup directories. The vulnerability affected an estimated 500 million installations. Because unacev2.dll dated to 2006 with no available source, win.rar GmbH removed ACE format support completely in version 5.70 instead of trying to patch it.

Earlier versions before 5.31 had a DLL hijacking vulnerability for self-extracting executables. If a malicious DLL with a specific name existed in the same folder as the SFX file, the extraction process might load it instead of the legitimate system library.

Both problems point to the challenge of keeping a long-lived proprietary application going: the ACE vulnerability arose from a dependency that had outlived its source code availability, while the SFX problem concerned a feature intended to work in heterogeneous environments where the archiver wouldn’t necessarily be available.