I agree with Machinecode on this one. That is, unless you know some compelling reason (other than preferring a lib of 80k instead of 150k, which I don't consider valid with current machines)The libs may well be packed for a specific and sensible reason
Third-party library developers: don't use UPX.
-
netmaestro
- PureBasic Bullfrog
- Posts: 8453
- Joined: Wed Jul 06, 2005 5:42 am
- Location: Fort Nelson, BC, Canada
Re: Third-party library developers: don't use UPX.
BERESHEIT
Re: Third-party library developers: don't use UPX.
Their lib their choice isn't it? I think it's the virus scanners that you should be complaining to.
Would you change your program code if some virus scanners falsely flag it? Not by removing a library but by reprogramming it because it's are falsely flagged as "suspicious"?
Just seems the wrong way to go about doing things to me.
Would you change your program code if some virus scanners falsely flag it? Not by removing a library but by reprogramming it because it's are falsely flagged as "suspicious"?
Just seems the wrong way to go about doing things to me.
-
LuCiFeR[SD]
- 666
- Posts: 1033
- Joined: Mon Sep 01, 2003 2:33 pm
Re: Third-party library developers: don't use UPX.
to be honest I'm with MachineCode and netmaestro too.
If you can decrease the likelihood of your application being flagged in the first place then its a bonus.
It's been a long time since I released any software to the masses, but once in a while you will find AV software will flag you with a false positive. Agreed, you can always send them your exe for detailed analysis so you are no longer flagged. But if you are using a 3rd party lib and if that 3rd party lib just happens to be upx scrambled or whatever. it just makes everyone's task more difficult, from the AV vendors to the software developers themselves.
If you can decrease the likelihood of your application being flagged in the first place then its a bonus.
It's been a long time since I released any software to the masses, but once in a while you will find AV software will flag you with a false positive. Agreed, you can always send them your exe for detailed analysis so you are no longer flagged. But if you are using a 3rd party lib and if that 3rd party lib just happens to be upx scrambled or whatever. it just makes everyone's task more difficult, from the AV vendors to the software developers themselves.
Re: Third-party library developers: don't use UPX.
Did you actually do some tests to determine if in fact a user lib was causing you to be flagged?
You mention that it could be 4 different user libs so did you compile 4 different code snippets, each containing commands from each one of the 4 libs?
This would certainly narrow down which lib could be causing problems, or maybe even show it is not a user lib at all.
I have a piece of software that has been available for download for years and one day someone emailed saying it had been flagged by 2 different anti-virus as containing a trojan. I contacted both anti-virus makers and both released new signature files within hours which corrected the false positive.
Problem solved.
You mention that it could be 4 different user libs so did you compile 4 different code snippets, each containing commands from each one of the 4 libs?
This would certainly narrow down which lib could be causing problems, or maybe even show it is not a user lib at all.
I have a piece of software that has been available for download for years and one day someone emailed saying it had been flagged by 2 different anti-virus as containing a trojan. I contacted both anti-virus makers and both released new signature files within hours which corrected the false positive.
Problem solved.
Re: Third-party library developers: don't use UPX.
Just download UPX and unpack it yourself.
UPX is just a compressor and has no protection. You can unpack it with the uncompress command of the UPX command line utility. If the unpacking fails it's not the original UPX so the file is rightfully flagged suspicious.
I used UPX on some of my software, not on all.
For libs there is no reason to use it you should allways compress the final exe only to get the best compression.
I used it if i included bitmaps in the exe. Makes the exe small and speeds up loading.
UPX is just a compressor and has no protection. You can unpack it with the uncompress command of the UPX command line utility. If the unpacking fails it's not the original UPX so the file is rightfully flagged suspicious.
I used UPX on some of my software, not on all.
For libs there is no reason to use it you should allways compress the final exe only to get the best compression.
I used it if i included bitmaps in the exe. Makes the exe small and speeds up loading.