Computer hackers have taken advantage of the acceptance of these packers as suboptimal network optimization tactics and are using them as a way to evade and bypass security controls on the gateway and at the host. Consequently, exploits or other malicious code is delivered successfully because of the packer’s ability to bypass anti-virus and IDS/IPS and directly to a user’s vulnerable system.
The article goes over the different packers in use and lists their problems, here is the summary:
While the use of packers is widespread, all have drawbacks. These include:
- The inability to easily verify and audit code
- The administrative overhead of repacking code for each change
- Suboptimal compression
- The increased risk of false negatives which may lead to a site being used to spread malicious code
- The increased risk of false positives, which may lead to a site or some of its functions being blocked by security controls
- Noticeable negative impact on client-side performance.
Site owners, operators, developers and administrators can achieve intended results — typically reducing the number of bytes downloaded from the server — with greater degree of success and fewer side-effects using one or more alternative tactics:
- Reliance on increases in average available bandwidth
- Reliance on local and network caching
- Using only safe whitespace/comment reduction techniques
- Automatic application of safe techniques as a last step in the publishing process
- The use of mod_deflate/mod_gzip for compressing the HTTP response data