September 28, 2003

Better Check Your Zipper

While thumbing through the Sept. 2003 issue of PCWorld, I saw an update on the WinZip / PKZip encryption incompatibility problem. In essence there's been no progress, so it was mainly a caution: For now, if you're using the newest version of either program and sharing Zipped files with others, you'll probably want to send them as unencrypted, standard .ZIP files. Read on for more details.

In a nutshell, PKWare, original makers of PKZip for DOS and Windows, introduced new encryption technology earlier this year. However, according to the press, they chose not to post or share the specs with their main competitor, WinZip. Naturally WinZip Computing felt they had to offer better encryption, as normal password-protected Zip files have been easy to crack for some time. So WinZip introduced a different encryption method, and thus the newest versions of PKZip and WinZip generate incompatible encrypted .ZIP files.

This brainy move between the two developers blows the one thing the Zip format really had going for it -- full compatibility. Also, a new WinZip 9.0 beta feature allows the new Zip format to hold more than 65,535 files and be larger than 4GB, which wasn't possible nor is compatible with older versions of either program.

To confuse things even further, both Zipping programs use the same .ZIP file extension for the standard (unencrypted) and encrypted Zip files . Many have suggested they simply implement a second file extension for encrypted Zip files -- to make it much easier for users to differentiate between the two when they download or receive them via e-mail attachments. But, no dice -- it appears they want to keep slugging it out between themselves at their customers' expense. (Uh guys, really bad plan...)

Ever since WinZip beat PKZip to the Windows platform years ago, they've been the clear leader in market share. My money is on WinZip, especially since they released their encryption specification back on May 12th. This is key so that others making Zip-compatible software can incorporate it into their own programming. Since PKWare has been less forthcoming, many question its intentions for keeping Zip an open standard. This move also makes it doubtful their new format will become the new Zip standard or will even be used by others. (That "bad plan" thing keeps coming up, doesn't it?)

The good news is that they both continue to generate the standard compatible .ZIP file if the new encryption is not used, and you don't create larger Zip files than what was supported previously. So unless you know for sure which Zipping program and version your recipient is using, you're best off not using any new encryption or compression feature, unless it's for yourself. No sense in sending a client a file they can't use. If you're regularly receiving Zip files from clients or vendors, you may just want to send them a quick e-mail asking them to use the standard "classic" features, for lack of a better term.

As it's the current issue, the Sept. PCWorld article isn't yet posted online. However, earlier similar articles can be found online at both c|net and

Topic(s):   Legal Technology  |  Privacy & Security
Posted by Jeff Beard