The .zip compression format has known remarkable stability and compatibility for many years, but that may soon change. PKWare and WinZip, makers of competing compression and encryption products, are fighting over the .zip standard--which means that .zip archive files created by one program may not be accessible by the other.
Both companies recently changed their implementations of the .zip format. In May, WinZip released a beta version of WinZip 9 that alters the .zip format. PKWare made its changes earlier, but recently posted specifications detailing its changes to the format.
PKWare is the company founded by .zip inventor Phil Katz, who died in 2000. Katz decided to make the .zip format an open standard, free for anyone to read or use when designing a program. This open standard allowed for the creation of PKWare's chief competitor, WinZip, which now dominates the market.
The .zip format couldn't stay the same forever. For one thing, it desperately needed adequate encryption. The long-established .zip 2.04g specification's password protection couldn't stop a reasonably knowledgeable hacker.
PKWare responded to these needs, slowly rolling out options such as certificate-based security and 256-bit AES encryption.
The recently released beta version of WinZip 9 boasts 256-bit AES encryption as well (without certificates). Although both programs use AES, the encrypted archives aren't compatible.
Since PKZip's encryption hit the market first, why didn't WinZip make its product compatible? Because PKWare didn't tell WinZip how. Until PKWare's recent release, the company hadn't updated its posted specification since 2001; the encryption details simply weren't available.
"We went a very long time trying to never be incompatible," says Kevin Kearney, WinZip technical consultant. "Then PKWare themselves did something [with encryption] that wasn't in the specs." WinZip eventually decided to go it alone.
Even PKWare's new specs aren't complete, lacking important information on certificate-based encryption. Although the feature was introduced in PKZip 5.0 for Windows nearly a year ago, it has not yet appeared in PKZip for other platforms--specifically mainframes--and PKWare doesn't consider it complete.
"Certificate-based encryption is still a work in progress," says Jim Peterson, PKZip chief technology officer. "We're not publishing it because we still have a number of features to add."
WinZip's Kearney is skeptical of that reasoning.
"They try to keep it to themselves, and if the pressure gets hot they can dribble out stuff....We think there's a legitimate claim that they're going against their stated claim to keep an open standard," Kearney says.
WinZip, by contrast, released its new specification May 12, when its beta test for the encryption-enabled version 9 went public.
But the spec should not come out until a product is done, says Steve Crawford, PKWare's chief marketing officer. He couldn't say whether PKZip will add WinZip's extensions, "given the fact that it is still a beta product." And later? "We'll cross that bridge when we get there," Crawford says.
Other companies besides the two leaders publish .zip-compatible programs, and the other players must find a middle ground. But like WinZip, some companies have become suspicious of PKWare's intent.
"What we found when we investigated was that PKWare had not fully revealed all of their extensions," says Mathew Covington, product manager for Aladdin Systems' compression program Stuff-It.
His company's strategy? "Our goal is to fully support both versions. Obviously if PKWare withholds information we can't support [PKZip]."
Both Aladdin and PentaWare, which makes PentaZip, get around the encryption-versus-compatibility dilemma by offering a high-quality encryption option that doesn't use the .zip extension.
For instance, if you select PGP encryption in PentaZip, your file will have the double extension .zip.pgp, and Windows won't try to open it as a .zip file. You can decrypt and decompress such a file in one step using PentaZip, or in two steps by first using a program that supports PGP (plenty are available), and then decompressing it with any .zip program.
Like Aladdin, PentaWare is working on support for WinZip's changes. It plans to support PKZip's new approach as well.
Some Good News
Neither PKWare nor WinZip encrypt archived files by default. This means the vast majority of .zip files will probably continue to adhere to the old, universal format for the foreseeable future.
But reliable operation 95 percent of the time means confusion the other 5 percent, the vendors acknowledge.
"It's always been the case that a .zip file is a .zip file is a .zip file," says Aladdin Systems' Covington. "For the average user, a .zip file that they can't open is a corrupt .zip file."