Why

Why people compress their EXE files with "exe packers" making their files light up like Christmas trees on virus scanners and removing all chance of users trusting their software ever again?

It saves precious harddrive space.

Especially for bloated C++ apps. Excuse the pleonasm.

I love Christmas trees.

Broken platforms encourage people to produce broken software, news at 11.

Because they usually have something to hide.

making their files light up like Christmas trees on virus scanners
If you are implying this is anything but a problem with virus scanners you have some fucking nerve.

>>7
Right, because virus scanners should ignore any kind of self-modifying code so that any virus can be trivially made to pass a scan.

Funfact: an old exe compressor ran afoul of the prefetch at one point. I think that's the kind of program a virus scanner should be allowed to throw its arms up at. Besides, compressed exes are just stupid.

Unknown virus detection is undecidable.
Packers and protectors are indeed suspicious, however AVs could unpack most of them. Skilled humans can remove just about any packer or protection recovering something very close to the original executable.
Few packers are considered acceptable for PACKING purposes, and myself I only consider UPX acceptable as it comes with automatic decompression options, allowing even those unskilled in the art of executable unpacking to easily unpack the executable, not to mention that AV software is usually able to unpack UPX.

How do virus scanners avoid flagging VMs that do JIT compilation and such?

>>10
Usually by being too shit to detect them. Virus scanners are the ultimate in snake oil.

*grabs 65535 dicks sequentially using the SDF scheduling algorithm*