From:	Rez <rividh DOT minusthispart AT earthlink DOT net>
Newsgroups:	comp.os.msdos.djgpp
Subject:	Re: Why the executables r so big ????
Date:	Wed, 15 Sep 1999 14:26:21 -0700
References:	<c_LD3.2608$_3 DOT 44552 AT news DOT tpnet DOT pl> <7ro4j7$e0o$1 AT solomon DOT cs DOT rose-hulman DOT edu>
X-Posted-Path-Was:	not-for-mail
X-ELN-Date:	15 Sep 1999 21:23:25 GMT
X-ELN-Insert-Date:	Wed Sep 15 14:25:12 1999
Organization:	Offworld Press
Lines:	19
Mime-Version:	1.0
NNTP-Posting-Host:	1cust136.tnt1.lancaster.ca.da.uu.net
Message-ID:	<37E00EFD.7CC0@earthlink.net>
X-Mailer:	Mozilla 3.04 (Win16; I)
To:	djgpp AT delorie DOT com
DJ-Gateway:	from newsgroup comp.os.msdos.djgpp
Reply-To:	djgpp AT delorie DOT com

Damian Yerrick wrote:
> 
> DOSArena is slightly over a megabyte unstripped and
> uncompressed. UPX, the Ultimate Packer for Executables,
> strips and compresses your binaries in one step. It can also
> make your Windows 9x programs a lot smaller.

One thing that bothers me about this and DJP or whatever the old
compressor was called, is that so far the standard virus scanners don't
have support for uncompressing them for proper inspection (and it's
annoying to have to uncompress them myself for scanning). An old and
fairly standard way of hiding malicious code was to PKLite the
executable and mung the PKLite signature; now the scanners can cope with
this, but used to be they didn't. No real reason why it couldn't be done
with some other compressor as well. 

~REZ~
(who forbids the work box to kiss files of unknown provenance -- you
never know who else they've kissed :)

- Raw text -