Should I Use an EXE Compressor, Protector, Obfuscator, Wrapper, etc…?

This is a nuanced answer, but here goes…

As some of you may know, one of my first big commercial projects was PECompact, followed by PEBundle. The former is inactive and the latter off the market at this time. Why?

Well, I found that for every 1 legitimate user there was 99 malware authors. And they card. Boy do they card. When the software became unsellable without pre-authorization, I gave it up.

ALL malware uses some wrapper, but only SOME legitimate software uses such.

Further, I have a new ideological opposition to all executable wrappers, compressors, protectors, obfuscators, etc..  Why?

  1. ALL malware uses some wrapper, but only SOME legitimate software uses such.
  2. The lost sales from false positives, performance issues, and interoperability problems far outweigh the theoretically lost sales from cracks and keygens. I find any user willing to risk their OS integrity to install a crack or keygen probably isn’t going to pay $1 for your software.
  3. In this age of cyber-espionage, we need easy to analyze code. It doesn’t have to be open source. In fact, I’m not a big fan of F/OSS as it doesn’t currently provide me a means to live, BUT code should at least be easily analyzed by an expert, which can be done quickly if no wrapper is applied.
  4. Applications can always be cracked anyway. I don’t care what you do. I don’t care if you virtualize every opcode and have your own little emulator triggered on page faults, ALL software can be cracked. The only variables are time and impetus.

The ultimate example of my reasoning just occurred this month. Priform’s famous CCleaner, something installed on millions (?) of PCs, had injected into it some malicious code. See this article for more information. Sure, it isn’t precisely what we are speaking of, but on the same level.

Note that aside from PECompact itself and older projects, Bitsum quit using an executable compressor years ago. That should tell you something.

So, coming from the author of one of the first executable compressors, I say – use them knowing the above, and believe no claim of 100% protection. And if you are an end-user, do you feel more comfortable with code that hides what it is doing, or is wide open?

Note that aside from PECompact itself and older projects, Bitsum quit using an executable compressor years ago. That should tell you something.

This is not to say you should not have anti-piracy routines and checks. These can be done w/o Off-The-Shelf solutions and wrappers though.