what is UPX's best compression method

Question

I Have been trying out different EXE packers recently. I tried out ASPack, UPX, mPress etc.. While trying out half a dozen packers, i observed that most of the packed EXE's can trigger false virus signatures. Even UPX is no exception. Still, my choice is UPX. Can anybody, please, suggest me what is the best possible compression / packing method available in UPX.?

I am quite satisfied with UPX --lzma myEXE.eXE still, would love to hear for you people on this. I am not comfortable with UPX --ultra --brute myEXE.EXE since it eats up hours to do the trick.

Answer 1

I used UPX a lot, and there was not a big difference between the versions.

The latest --lzma setting produces very good results, and --ultra --brute is indeed not worth the time spent. At best, 1% of better compression rate... you should better subsample your internal bitmaps or refactorize the code.

But, especially with Delphi applications, I do not use UPX any more. You spoke about anti-virus software false positive, and it is a huge problem. For instance, it sounds like if some "cheap" anti-virus software introduced very simple (and false) heuristic patterns, like "UPX+Delphi=potential malware" or "Delphi+size<300KB=potential malware".

If you try to submit such executable files to http://virustotal.com, you'll find out that about 8% of the anti-virus engines are doing such wrong guess.

I've seen some of my web sites flagged as "malware URI", because of this. I've seen some customers complaining about my deliveries to be infecting their computers. Not worth it.

To reduce the executable size, I therefore rely rather:

• On embedding most resources (textual, bitmaps, even external dll) as .zip inside the .exe, and uncompress them on purpose;
• On using our LVCL library, which is able to create some very small executable (if your UI needs are simple, e.g. for a setup or update program) - see here the latest source code for Delphi 5-2007.