upx VS Lean and Mean Docker containers

According to this source:

Following optimization, tools like UPX can compress the resulting binary, significantly reducing file size. This compression is invaluable for resource-constrained environments but adds a decompression step during binary execution.

I have been using UPX but I'm quite sure if there's something out there that offers better compression.

Ah that's nice, long ago I used parchment.js to load a inform7 created z5 file on my website. You could try to compress your executable with upx https://upx.github.io/

In this process, the given packer tool embeds a natively compiled PE into another executable that contains the information needed to unpack the original content and execute it. Perhaps the most well known packer, which is not even for malicious purposes, is Golang's UPX package.

Rewrite in C#, and use an obfuscator on the DLL. You can also write some parts in C++ as many variable and function names are forgotten when compiling. You should also encrypt the PCK, and see if you can embed it. If it's embedded, you can make it more annoying to deal with by packing it with https://upx.github.io/

Another good example of false positives like this would be binaries that are compressed with UPX - the way it works is apparently very similar to how stub-loader malware operates and signature detection tools will flag it as malicious.

This will optimise the release binary to be as small as possible. Additionally with upx we can create really small docker image !

Then I compressed it with upx, cp small.exe smallUpx.exe && upx --brute smallUpx.exe, got a 10752 bytes executable, half the size, but still pretty large

And if you want to make the container quickly secure without bloats, maybe give this a try https://github.com/slimtoolkit/slim

Slim.ai presents the data in a more user friendly way than many of the other tools in this post. On top of its open source SlimToolkit for identifying the contents of an image, Slim.ai uses Trivy for vulnerability scanning.

What about https://github.com/slimtoolkit/slim?

A last practice that I do not use at all and which may interest you is to use slim toolkit to keep only the useful elements in your final image.

Anyone tried using https://github.com/docker-slim/docker-slim To minify an image?..

Distroless images are better left for people with serious need for lightweight images and good Linux knowledge because they require lot of planning with the build so that they stay light and work. If you need lighter images but docker isn't your main tool and you can't afford to take hours and hours of practicing different build strategies you can check docker-slim (https://dockersl.im/). With this tool you can easily size down the images.

Maybe this would help in that regard: https://github.com/docker-slim/docker-slim