Thinkpads Forum

R&R version 3.10.0017.00 is installed on my Thinkpad T41p under Windows XPSP2.
Perhaps I should mention that I never installed Thinkpad System Update back when it replaced the good old Thinkpad Software Installer.

OK, now to the question at hand:

I occasionally run the Personal Software Inspector (PSI) from Secunia, which alerts me to insecure versions of the software on my hard drive. It has been a good tool.
Today, the PSI complained that "installation of 7-Zip 4.x is insecure".
The version on my machine is 4.32 whereas the current version from www.7-zip.org is 4.57

Now I don't normally use the 7-zip program at all. I see from the details provided by the PSI (below) that it seems to be part of R&R.

I have to admit that I have not used R&R in some time since I am used to Syncback (freeware). Perhaps I'll do an R&R backup today.

Does anyone else have experience with this? Should I be concerned about the old version of 7-zip and should I install a new version?
Thank you for any advice.

Here is the exact report from PSI:
----------
Technical details about this installation of 7-Zip 4.x, you can use this information to determine why the Secunia PSI detected the program and the security state of it.

Version Detected: 4.32.0.0

Installation Path:
c:\Program Files\Lenovo\Rescue and Recovery\Migration\bin\7z\7z.exe

----------
Thank you.

Personally I wouldn't worry too much about it.

To understand the risk, the idea is that a "virus"-laden compressed file could automatically execute, even though it appears to be an archive and not an exe. I doubt anything's been created to do this yet.

On the other hand, it's pretty easy to upgrade just in case.

I don't mean to hijack acz's thread. However, my issue seems similar enough that I think acz (and others) may benefit as well.

I have also had Secunia's PSI complaining recently about my "insecure" version of 7-Zip in the following locations.

• C:\Program Files\ThinkVantage\SMA\7z\7z.exe
  C:\Program Files\Lenovo\Rescue and Recovery\Migration\bin\7z\7z.exe

aaa wrote:On the other hand, it's pretty easy to upgrade just in case.

I would like to know exactly how to upgrade the existing 7-Zip. If 7-Zip was installed in a normal location with a corresponding entry in Add/Remove Programs, then I would probably not have any trouble upgrading. However, this case has me scratching my head.

I am fairly competent with using Windows in general but I am not sure about how to proceed with my fairly new ThinkPad T61 (with Windows XP Pro SP2).

I would have thought the ThinkVantage System Update utility would include 7-Zip in its list of available updates but it did not.

I downloaded the latest 32-bit version of 7-Zip from Sourceforge.net (7z457.exe). However, I am not certain yet whether the 7z457.exe is simply a self-extracting ZIP file or an installer. (I haven't double-clicked it yet to find out.)

If 7z457.exe is simply a self-extracting zip file, then should I just replace the 7z.exe file in the paths indicated above?

If 7z457.exe is an installer, then how do I go about uninstalling the old 7-Zip and installing the new in its place(s)...without negatively affecting the Rescue and Recovery and/or ThinkVantage "SMA" (System Migration Assistant) configuration? (7-Zip is not listed in Add/Remove Programs.)

I know I could just leave it alone but I prefer to have my Secunia's PSI report "Secunia System Score 100%". Anything less than 100% will bother me.

No worries about thread hijacking; we are all trying to help each other.
I have simply had no time to pursue this problem since my first report, but do hope to get back to it in the next couple of weeks. I need to learn more about how 7-zip is installed "normally"; and then I'll see if I learn anything worth sharing.
It seems that a 100% score from Secunia would add a tiny dash of comfort.