cancel
Showing results for 
Search instead for 
Did you mean: 

Are Executable Compressors Virus Scanners Friend Or Foe?

Jump to solution

Hello community,

as a developer of Windows software I use an executable compressor, e.g. like UPX, to reduce the size of my programs or libraries. Also, in my special case, I implement libraries as resources in my executables. On this way I deliver often only one file to my customers – XCopy deployment. All my dependent libraries are included in the executable. To reduce their size, before I add it as resource, I use an executable compressor too. In a few cases the programs or libraries are part of an SAP GUI for Windows Add-On and it was stored on the SAP MIME-Repository. In case of using with an ABAP report – ABAP is the programming language of SAP – it loads the executable from the MIME-Repository and transfer it to the frondend server – the client. To reduce download time and size on the database an executable compressor is also profitable. But if an executable or library is compressed with an executable compressor virus scanners often classifies it as suspicious.

So, on the one hand I have very compact executables and I can be sure that all dependencies are available, but it could be the danger that a virus scanner classifies it a suspicious. Or, on the other hand, there are high transparency for a virus scanner and the danger of false positive is minimized, but it exists a disadvantage in size and the danger of missing dependencies.

What is in your opinion the best strategy to handle this gap?

Also executable packer often offers virus detection mechanisms. But if I activate it the danger of positive false is much more higher.

Is it an option to offer different versions? I mean one compact version and one for environments with virus detection systems?

Thanks for tips and hints.

Cheers

Stefan

1 Solution

Accepted Solutions
Highlighted

Re: Are Executable Compressors Virus Scanners Friend Or Foe?

Jump to solution

Hi stefanschnell,

There is no one answer for your question but I will try to answer it the best I can. A decent amount of malware we see is usually packed in some form and the most common one is UPX unfortunately. Most of the ankle biter AV’s available will always detect these simply because of how they are packed. Besides I would assume that most of your customers probably have AV installed since its practically free. I would personally ask if switching over to using MSI (Windows Installer Package) would be feasible. I’m not sure on how big of a difference it would make the size but it could also reduce the amount of false positives. You could also use GetClean but that would only prevent us from falsely detecting.

Hope that answers your question.

Thank you!

DG

5 Replies
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 2 of 6

Re: Are Executable Compressors Virus Scanners Friend Or Foe?

Jump to solution

That is a question beyond the abilities of this community, to give a good answer to anyway.

I will ask a support person to intervene here to hopefully give you some advice.

I'm not sure of their hours of work so it may be a day or two, or more as it's the weekend, before an answer will be forthcoming.

​ can you or any of your colleagues advise this software developer please?

---

Regards

Peter

Moderator

---

Re: Are Executable Compressors Virus Scanners Friend Or Foe?

Jump to solution

Hello Peter,

thanks for you effort.

I am searching a lot and I don't find another place like this. This forum is a great place of professional discussions of these themes. This is a merit of you, your moderator colleagues and the software developers, the specialists of virus detection - thank you for that to all of you.

Cheers

Stefan

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 4 of 6

Re: Are Executable Compressors Virus Scanners Friend Or Foe?

Jump to solution

Thank you 😉

Highlighted

Re: Are Executable Compressors Virus Scanners Friend Or Foe?

Jump to solution

Hi stefanschnell,

There is no one answer for your question but I will try to answer it the best I can. A decent amount of malware we see is usually packed in some form and the most common one is UPX unfortunately. Most of the ankle biter AV’s available will always detect these simply because of how they are packed. Besides I would assume that most of your customers probably have AV installed since its practically free. I would personally ask if switching over to using MSI (Windows Installer Package) would be feasible. I’m not sure on how big of a difference it would make the size but it could also reduce the amount of false positives. You could also use GetClean but that would only prevent us from falsely detecting.

Hope that answers your question.

Thank you!

DG

Re: Are Executable Compressors Virus Scanners Friend Or Foe?

Jump to solution

Hello desertgal,

thank you very much for your answer. I know it is not easy to answer this question, therefore I am particularly grateful to you.

It is a very good tip to switch to MSI, I will think about over but I assume there is no alternative.

In the future I will renounce UPX in other contexts.

Thanks again and cheers.

Stefan

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community