5 Replies Latest reply on Sep 8, 2016 12:35 PM by Peter M

    Are Executable Compressors Virus Scanners Friend Or Foe?

    stefanschnell

      Hello community,

       

      as a developer of Windows software I use an executable compressor, e.g. like UPX, to reduce the size of my programs or libraries. Also, in my special case, I implement libraries as resources in my executables. On this way I deliver often only one file to my customers – XCopy deployment. All my dependent libraries are included in the executable. To reduce their size, before I add it as resource, I use an executable compressor too. In a few cases the programs or libraries are part of an SAP GUI for Windows Add-On and it was stored on the SAP MIME-Repository. In case of using with an ABAP report – ABAP is the programming language of SAP – it loads the executable from the MIME-Repository and transfer it to the frondend server – the client. To reduce download time and size on the database an executable compressor is also profitable. But if an executable or library is compressed with an executable compressor virus scanners often classifies it as suspicious.

       

      So, on the one hand I have very compact executables and I can be sure that all dependencies are available, but it could be the danger that a virus scanner classifies it a suspicious. Or, on the other hand, there are high transparency for a virus scanner and the danger of false positive is minimized, but it exists a disadvantage in size and the danger of missing dependencies.

      What is in your opinion the best strategy to handle this gap?

       

      Also executable packer often offers virus detection mechanisms. But if I activate it the danger of positive false is much more higher.

       

      Is it an option to offer different versions? I mean one compact version and one for environments with virus detection systems?

       

      Thanks for tips and hints.

       

      Cheers

      Stefan