Re: compressing nmap executables and dlls with upx

["DePriest, Jason R." <jrdepriest () gmail com>]

On Feb 5, 2008 12:32 AM, Dario Ciccarone (dciccaro) <> wrote:
> Ahem. Have we gone back to using 20 Mb hard disks ? :)
>
> * "We should forget about small efficiencies, say about 97% of the time:
> premature optimization is the root of all evil." (Knuth, Donald.
> Structured Programming with go to Statements, ACM Journal Computing
> Surveys, Vol 6, No. 4, Dec. 1974. p.268.)
>
> I think that going from 16Mb to 6.5 Mb (while an interesting reduction
> in size), doesn't make much sense. Even if people thinks about having
> nmap on an U3 drive - I just bought a 4Gb one for less than $30.
>
> And there's a good reason NOT to do it, IMHO - AVs get antsy now and
> then, and start flagging everything, good or bad, that has gone thru UPX
> and derivatives as "suspicious". The garden variety nmap user would
> probably ignore the alarm - knowing or suspecting it has been
> UPX-or-similar compressed. But God forbids the AV (as TrendMicro used to
> do) has a "run weekly, erase suspected" job pre-configured.
>
> Happened to me once.
>
> I mean - Fyodor's call. But I see it as bringing more headaches than
> real benefits. Unless, of course, we consider those poor souls still
> accessing the Internet over 2400Bps modems . . . ;)
>
> Dario

I was thinking about folks building forensic bootable CDs (à la Helix)
and trying to cram as much as possible on one disk, but I totally
forgot about some AV considering upx "unwanted."
I actually had that problem with an IDS, too, so I should have thought of that.

Note: For anyone accessing the Internet over 2400Bps, elinks does a
pretty good job rendering Gmail in text mode.  Also, you have my
condolences.

-Jason

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org