Installation of 'WinRAR' on Windows 10 is temporarily impossible



Version 5.91 of the compression/decompression software ' WinRAR ', which has been under development for more than 25 years since 1995, was released on June 29, 2020. However, the development team reports that this WinRAR version 5.91 digital signature certificate has been revoked from the certification authority and temporarily cannot be installed on Windows 10.

Information on the revocation of WinRAR 5.91 digital certificate

WinRAR version 5.91 was released on June 29, 2020, but it was pointed out that from around August 2020, version 5.91 could not be installed on Windows 10.

As a result of investigation by the development team, it was found that the digital signature certificate used to digitally sign the WinRAR executable file has been revoked. This made it impossible to install.

The development team contacted the certification authority that issued the certificate and asked why. Then, it seems that the explanation was returned that 'the certificate was revoked because it was caught in the inspection by VirusTotal that performs malware inspection'. It is said that VirusTotal uses more than 60 types of virus scanners, and some of them have diagnosed 'There is a problem with WinRAR version 5.91'.



'In the development history of WinRAR over 25 years, there were many cases where the official WinRAR installation package was not a pirated version but was caught by virus inspection / malware inspection, but they were all false positives,' said the development staff. Says. The reason why version 5.91 was falsely detected is that the heuristic virus scanner may have judged that it is suspicious that the self-extracting module is trying to read the data from its executable file and writing it to the disk. There is a possibility that it was doubtful that many files were created in the disk folder.' Of course, all are general operations as compression/decompression software.

In addition, it is possible that WinRAR itself was determined to be malware because the WinRAR decompression module was included in the malware. The staff said, 'WinRAR is a tool, and like any other tool, it can be used for good things, or unfortunately for bad things. In any case, preventing such false positives is my responsibility. It is impossible for us.”

The development staff explained to the certification authority the possible reason for the false positives, but the certification authority said that the 'requirement to reactivate the digital signature certificate that VirusTotal's virus scanner does not get caught' is one point It was. A case in which a digital signature certificate once issued is suddenly revoked by an external virus scanning service has not started yet, and a similar example has been reported.

by DennisM2

Furthermore, it seems that the certification authority returned the explanation that 'The reason is that the mysterious executable file of 570 MB that was supposed to be used by a hacker although it was signed with WinRAR's digital signature certificate was revoked.' The development staff requested the mysterious executable file from the certification authority for analysis, but it has already been deleted.

Since the only remaining method was to 'obtain a new digital signature certificate', the development staff acquired a new digital signature certificate from another certification authority. At the time of writing the article, the version 5.91 package with the updated certificate is distributed on the official website.

In this case, the development staff said, 'Revoking a certificate based on suspicious data diminishes the meaning of the certification system. If not completely certain, the certification authority will first contact the client. In the case of this certificate revocation, we didn't get any notice, we knew what the user was saying, and if the executable was based on a particular executable, You also need to share the file with the client so that it can be analyzed.'

in Software,   Security, Posted by log1i_yk