Is 7‑Zip Really Unsafe? Unpacking the ‘Three Sins’ of a Popular Compressor

When discussing essential computer software, compression tools are a must‑have, and 7‑Zip, a free and open‑source program released in 1999, is praised for its high compression ratio using LZMA/LZMA2 algorithms.

Paul gives 7‑Zip three sins

First sin: “Limited” open source

Although most of 7‑Zip’s source code is released under the GNU LGPL, Paul argues that its code is only hosted on SourceForge as a single archive without history, contributors, or documentation, and he cites SourceForge’s poor reputation for bundling malware.

Second sin: security issues

Paul points out past vulnerabilities, including the unpatched CVE‑2022‑29072 privilege‑escalation flaw, and notes that the installer appears unsigned, which he says weakens trust.

Third sin: the author’s nationality

He claims that because 7‑Zip was created by Russian developer Igor Pavlov, users should avoid it to support Ukraine, despite no evidence of malicious intent.

Paul also recommends alternatives such as PeaZip, NanaZip, and the Zstandard (Zstd) compressor.

Reddit discussion: many dismiss the arguments

Users argue that open‑source does not require hosting on platforms like GitHub, that SourceForge does provide some documentation and change logs, and that there is no proof of hidden backdoors or malicious motives. They also consider the nationality argument absurd, noting no concrete conflict of interest from the author.

Overall, the piece mixes technical criticism with political sentiment, and the community largely views the boycott as unfounded.