All AutoHotkey (AHK) coders read: No more upx packing of compiled ahk utils

[wraith808]

I'm a sarcopath)

-Target (June 07, 2010, 05:03 AM)

Please, get off the path and back  to your phagus!

-cranioscopical (June 07, 2010, 03:35 PM)

You *really* want to make sure you keep that turkey badge, don't you? 

[cranioscopical]

You *really* want to make sure you keep that turkey badge, don't you? 

-wraith808 (June 08, 2010, 06:10 PM)

By fair means or fowl!

[Target]

You *really* want to make sure you keep that turkey badge, don't you? 

-wraith808 (June 08, 2010, 06:10 PM)

By fair means or fowl!

-cranioscopical (June 08, 2010, 06:41 PM)

does nothing phage you?

[MilesAhead]

I found this interesting. I recompiled a bunch of my ahk and AutoIt3 utilities without UPX compression.  I noticed the other day MalwareBytes anti-malware still flagged a bunch of them.  Seems like there may be something in the compile wrapper rather than in UPX.  Seems a bit odd.

edit: before anyone gets paranoid, I scanned the compiled exes in the script folders and none of them were flagged.  Seems it only wants to flag them in Windows7 32 bit.  Weird.

[ewemoa]

That does sound weird.

Did you happen to try sending various things to virustotal?

[MilesAhead]

That does sound weird.

Did you happen to try sending various things to virustotal?

-ewemoa (June 25, 2010, 09:37 PM)

Nope.  What I think it is, when I get the false positives in Malwarebytes and it's just the AutoIt or ahk program, I add it to the ignore list.  I probably forgot that I already added them on the Vista machine earlier. When I did a full scan on the Windows7 machine it found the files without UPX compression so it probably disregarded the ignore list since they were so much bigger.  At least that's my theory.


Does make you wonder what it finds that triggers it off though.

[MilesAhead]

This issue caused me to look into some of the pros/cons of UPX compression.  I can't seem to find the links right now. But one of the issues mentioned was Windows system handling of compressed exes afa paging into memory etc..  The gist of it was, the only benefit was reduced download size, while the side-effects included Windows loading the entire exe into memory instead of paging in the code(which may not matter for small utilities.) But in any event it made me think I'm just as well off not to use compression.  These days most people can handle downloading 800KB as opposed to 600KB. Not a big issue.  Guess I could try a more thorough 7-zip or other zip program compression setting as a means to reduce the download bulk.

[Jibz]

This issue caused me to look into some of the pros/cons of UPX compression.  I can't seem to find the links right now.

-MilesAhead (August 29, 2010, 06:02 PM)

f0dder wrote a nice article about (some of) the reasons why exe compression is bad:

http://f0dder.reteam...org/packandstuff.htm

You can add the never ending problems with false positives to that.

[MilesAhead]

For some reason I also thought zip compressors had an adjustment how thorough a compression to use.  At least the free ones seem to do it all about the same.  7-zip .7z format seems to compress a bit more, but I'd either have to change the download links or put a .7z file inside a .zip file.  To get 207KB download instead of 240KB it's not worth the effort or confusion.

[f0dder]

There are adjustments to zip compression - it supports a few different algorithms, and the most common one (deflate) can have compression characteristics adjusted; not much point in going for less than maximum compression on today's hardware, though . The .7z and .rar formats have fairly more decent algorithms, but they also have a huge advantage over .zip: solid compression, which matters a lot when your archive includes a lot of small files (typical for source code distribution).

[MilesAhead]

This issue caused me to look into some of the pros/cons of UPX compression.  I can't seem to find the links right now.

-MilesAhead (August 29, 2010, 06:02 PM)

f0dder wrote a nice article about (some of) the reasons why exe compression is bad:

http://f0dder.reteam...org/packandstuff.htm

You can add the never ending problems with false positives to that.

-Jibz (August 30, 2010, 01:25 AM)

Recognition of UPX may have triggered false positives but I think many of these av apps are seeing scripting code wrapped as an exe.  Many will flag compiled scripts UPX or no UPX I'm thinking. I know Malwarebytes does.   I have to empty my recycle bin of old compiled scripts or it sucks them up and wants to reboot my machine to purge them.  It seems to sick any ahk or autoit3 script compiled to exe.

[MilesAhead]

There are adjustments to zip compression - it supports a few different algorithms, and the most common one (deflate) can have compression characteristics adjusted; not much point in going for less than maximum compression on today's hardware, though . The .7z and .rar formats have fairly more decent algorithms, but they also have a huge advantage over .zip: solid compression, which matters a lot when your archive includes a lot of small files (typical for source code distribution).

-f0dder (August 30, 2010, 01:12 PM)

Maybe you can tell me which (free) zipper you are using? I looked at four and didn't see any "more thorough" setting for .zip format.  Only other formats.

[f0dder]

I use WinRAR - it isn't free, but it supports store/fastest/fast/normal/good/best for both .rar and .zip. Haven't tested how it affects compression ratio for .zip, so it could be that in reality it only supports store and one form of deflate - *shrug*. I thought the info-zip commandline zipper supported adjusting compression ratio, but can't find a reference to it in the manual.

[MilesAhead]

Thanks for the feedback.  At the size of my stuff even a v90 dial-up it's only a few seconds difference on the download.  Plus some newbs may wonder why there's a .7z file inside their .zip file.  So it's not really worth messing with it at this point.  Zip may not be a the best but it's built into Windows. Pretty much guaranteed to be there even for the newbiest newbs.

edit: I did find out 7-zip command line implementation has a switch for more thorough .zip compression.  But at the size of my files, the archive is only about 1 or 2 KB smaller.  Guess I'll stick with 7-zip shell integrated version.  .7z does come out a bit smaller but "file not found" is about a fate comparable to death. Too much risk and not much reward trying to change links. If I was just starting now I'd probably go with .7z format though.