PureBasic Forums - English

http://www.purebasic.com
https://www.purebasic.fr/english/

Third-party library developers: don't use UPX.

https://www.purebasic.fr/english/viewtopic.php?t=49066

Page 2 of 2

Re: Third-party library developers: don't use UPX.

Posted: Sun Feb 05, 2012 5:03 pm
by netmaestro
The libs may well be packed for a specific and sensible reason
I agree with Machinecode on this one. That is, unless you know some compelling reason (other than preferring a lib of 80k instead of 150k, which I don't consider valid with current machines)

Re: Third-party library developers: don't use UPX.

Posted: Sun Feb 05, 2012 5:59 pm
by moogle
Their lib their choice isn't it? I think it's the virus scanners that you should be complaining to.
Would you change your program code if some virus scanners falsely flag it? Not by removing a library but by reprogramming it because it's are falsely flagged as "suspicious"?

Just seems the wrong way to go about doing things to me.

Re: Third-party library developers: don't use UPX.

Posted: Sun Feb 05, 2012 7:05 pm
by LuCiFeR[SD]
to be honest I'm with MachineCode and netmaestro too.

If you can decrease the likelihood of your application being flagged in the first place then its a bonus.

It's been a long time since I released any software to the masses, but once in a while you will find AV software will flag you with a false positive. Agreed, you can always send them your exe for detailed analysis so you are no longer flagged. But if you are using a 3rd party lib and if that 3rd party lib just happens to be upx scrambled or whatever. it just makes everyone's task more difficult, from the AV vendors to the software developers themselves.

Re: Third-party library developers: don't use UPX.

Posted: Mon Feb 06, 2012 3:34 am
by Paul
Did you actually do some tests to determine if in fact a user lib was causing you to be flagged?
You mention that it could be 4 different user libs so did you compile 4 different code snippets, each containing commands from each one of the 4 libs?
This would certainly narrow down which lib could be causing problems, or maybe even show it is not a user lib at all.

I have a piece of software that has been available for download for years and one day someone emailed saying it had been flagged by 2 different anti-virus as containing a trojan. I contacted both anti-virus makers and both released new signature files within hours which corrected the false positive.
Problem solved. :D

Re: Third-party library developers: don't use UPX.

Posted: Fri Feb 10, 2012 12:50 am
by Thorium
Just download UPX and unpack it yourself.
UPX is just a compressor and has no protection. You can unpack it with the uncompress command of the UPX command line utility. If the unpacking fails it's not the original UPX so the file is rightfully flagged suspicious.

I used UPX on some of my software, not on all.
For libs there is no reason to use it you should allways compress the final exe only to get the best compression.
I used it if i included bitmaps in the exe. Makes the exe small and speeds up loading.
All times are UTC+01:00
Page 2 of 2

Powered by phpBB® Forum Software © phpBB Limited