Are RAR files safe?
Sometimes I'm in a dilemma when I want to open an archive file if there is any risk by opening it, because I'm not sure if an attacker can use any trick that will trigger malware just by clicking on it. I'm not talking about clicking or opening what's inside the archive file, but just opening the archive file. So is there any risk of doing that?
You asked - Are RAR files safe
I think a well known trick will be to disguise a PE or Executable program into another file, a PDF or an archive for example. Since most people rely on the file's icon or extention, it works pretty well on common users. For instance we (the sec folks) disguised a PE file as a pdf (which was actually a vbs file) named im_now_a_daddy_guyz!.pdf.vbs and send it via email to all the company employees, explaining in the mail body how our complice is happy and wanted to share the news. 87% of the company's employees opened it. The following popup showed up on their screen. What if I told you, I could be a real Malware. It was in the scope of a security awareness program.
So yes be careful when running files. If you want to learn how to prevent this, and by the same, how to trust a file before running it, please read this page, start at Is it fake or real? part. Feel free to read the whole article (the 5 parts) . It's well written and accessible to anyone who knows how to type things with a keyboard. This article should teach some basic knowledge about the Malware reverse engineering field.