[dragontamer]

Or you know, the author of 7-zip could pay for a digital certificate and sign the executable. Fake websites and "Trojans" are a known problem, with a known solution.

Unfortunately, 7-zip barely has any security involved. No digital signatures, no ASLR, no NX bit, no stack canaries, no nothing.

Hopefully these security concerns wake up Ivor. Its not the 90s anymore: developers have to participate to get a proper security posture. That's why Windows tried so hard to get everyone to use sandboxed Win10 Apps / Metro Sandbox by default, because these problems require the developers to care about security.