ACE (compressed file format): Difference between revisions

[[WinAce]], maintained by e-merge GmbH, is used to compress and decompress ACE files under [[Microsoft Windows]]. When installed, it lets the user choose between paying for a registration or installing [[WhenU SaveNow]] [[adware]]. e-merge GmbH also produces a [[WinAce#Commandline version|Commandline ACE]] for DOS; and a freeware [[command-line interface]] decompression tool for [[Linux]] ([[Intel 80386|i386]]) and [[macOS]] called "Unace". e-merge GmbH also provides several libraries for developers, including a freeware decompression [[dynamic-link library|DLL]] called "UnACEunace.DLLdll". Some third-party archivers can read the format using this DLL. None of the above is [[open-source model|open source]] [[free software]].

A newer version of Unace 2.5 that supports ACE 2.0 archives is available under a restrictive open [[source available]] license, also by Marcel Lemke.<ref>{{cite web|url=https://packages.debian.org/stable/utils/unace-nonfree|title=unace-nonfree: extract, test and view .ace archives (non-free version)|website=Debian}}</ref>

An older, independent [[The_C_Programming_LanguageC_(programming_language)|cC]] implementation is part of [[XAD_(software)|XAD-Master libxad]] by Dirk Stöcker. It is limited to unpacking ACE 1.0 archives.

''Packing'' of ACE files is licensed as proprietary information and only available through WinACE, while ''unpacking'' of ACE files is supported by a number of [[comparison of file archivers#Archive format support|third-party archivers]]. However, virtually all of them (the ones that support ACE 2.x format) do this by using the proprietary "Unaceunace.dll" from e-merge GmbH.

Since at least 2015, ACE archives have been used to deliver [[malware]] to victims by e-mail. This tactic was viable because popular [[File_archiver|archiving software]] was able to uncompress ACE archives, but support for the ACE format in security products such as [[Email_filtering|mail filters]], [[Content-control_software|web content filters]], and [[Antivirus_software|anti-virus software]] was generally weak.<ref>{{cite web|url=http://blog.frankleonhardt.com/2015/malware-sent-in-ace-format/|title=Malware sent in .ace format|website=Frank Leonhardt's blog|date=5 October 2015 |access-date=2019-03-09}}</ref><ref>{{cite web|url=https://exchange.xforce.ibmcloud.com/collection/Spammers-discover-the-7z-archive-format-for-spreading-ransomware-1b8e1aad140a017769c7eba02f500747|title=Spammers discover the 7z archive format for spreading ransomware|website=IBM X-Force Exchange|access-date=2019-03-09}}</ref><ref>{{cite web|url=https://medium.com/@seifreed/how-to-deal-with-ace-malware-files-592eb52e7135|archive-url=https://archive.today/20191024094243/https://medium.com/@seifreed/how-to-deal-with-ace-malware-files-592eb52e7135|url-status=dead|archive-date=October 24, 2019|title=How to deal with .ACE malware files?|website=Marc Rivero López' blog|date=24 January 2017|access-date=2019-03-09}}</ref>

In February 2019 several major security vulnerabilities were found in the UnACEv2unacev2.dll library which is used by [[WinRAR]] and other archiving products. Since WinACE support is [[abandonware]]discontinued, users are advised against opening ACE archives in WinRAR and possibly other products using this library.<ref>{{cite web|url=https://research.checkpoint.com/extracting-code-execution-from-winrar/|title=Extracting a 19 Year Old Code Execution from WinRAR|date=2019-02-20|website=Check Point Research|language=en-US|access-date=2019-02-26}}</ref> WinRAR stopped supporting ACE as of version 5.70, and similar products are following suit.