Not a security issue today, but I’m calling my co-worker out on this one. Whenever you make a zip file, always verify you can UNZIP it before sending it off. Especially if it’s a very large mission critical zip file.*
I spent the week cleaning up a customer’s site after a virus attack. Part of my tool kit included a DVD containing several gigabytes worth of program files and data files I needed to install on the freshly wiped system.
When the time came to unzip the files, I got a error message. Okay, no problem. I’ll just load the backup DVD. Error message. Uh oh. I copied zip file to the hard drive successfully and tried again. Error message. Neither Windows XP, my Mac, Stuffit Expander, 7-Zip or WinZip could handle the file. Each would get a few folders in before choking on a corrupted file or directory. WinZip managed to push through a couple of the errors and get me a little further but not even half the files I needed came out.
The bottom line here is simple. Always, ALWAYS, always verify the zip file you create can be opened. Here are a couple guidelines you can use to ensure success.
Use well tested compression software
7-Zip tends to be my compression utility of choice on Windows. Reviews and my personal experience show it is quite robust and the open source community keeps it reasonably maintained. The price is right too. WinZip, the classic Windows fallback, can have the occasional quirk but generally works fine. Microsoft Windows’ built-in zip utility also works reasonably well. On the Mac side, there’s Drop Stuff / Stuffit Deluxe, OS X’s built-in zip utility and several others. In my experience, no one Mac utility works any better or worse than any other. I generally prefer Stuffit but I think I’m in the minority on that one. Chalk it up to old habits. Nevertheless, I do not trust ANY of these utilities blindly. Whenever I create a file, I always verify I can unzip it before sending it out.
Not all zip files are created equal
The zip file format has evolved over the years. There’s a variety of compression methods, and encryption methods to handle file size, security and delivery. Some programs can create self extracting archives and executables. Others can segment extra large zip files for delivery in bite size attachments. Sometimes the options, security and file size are important. But when sending a zip file in an unfamiliar context, air on the side of robustness.
Know your recipient as you know yourself
Maybe the person you’re sending the zip file to doesn’t have the deluxe version of Stuffit Deluxe 12.0 Special Deluxe Edition. Maybe they’re using an unlicensed copy of WinZip from 8 years ago. If that’s the case they may not be able to open your tightly compressed zip file because WinZip didn’t handle blowfish encryption back then. Most people I know prefer a large zip file they can open to a tiny one they can’t open. So if you don’t know what they’re dealing with, ASK. Seriously.
Be careful with large zip files
Depending on the context and the delivery media, large can mean 10 megabytes (email) or 10 gigabytes (DVDs). For our purposes we’ll say large implies anything that takes a while to create or deliver. If you are sending a “large” amount of data, consider zipping the files in more manageable chunks. That way if a zip file fails to open, the recipient is only partially up a creek without a paddle.
In case I didn’t say it already, check your zip file before you send it! In my case, forensics later determined the zip file worked but was not properly burned to the DVD. That discovery of course is just icing on the turd. The old seamstress’s expression a stitch in time saves nine [stitches] holds equally true here. It’s much easier to recreate the zip file before you send something rather than a day later when someone’s ticked off at you. To use an allegory only male readers will fully grasp, zip up with same care you’ve used every day since you stopped wearing diapers. Screwing up is a careless mistake for which you have only yourself to blame. Brian.
* Footnote: Astute readers will note it might be a good idea for me to check the zip file before flying cross county to visit a customer site. But astute project managers will note it is also a good idea to take the initiative in shifting blame.