Packer question

Well i'm just curious, what is the point of view of anti-virus industry about exe packers ?

For no particular reason, i started to collection exe packer and there is almost alwais a false positive among the group. I've seen many software having to explain themself with antivirus software because they used the same packer (and thus the same unpacking code) than know virus. Heuristic engine would pick them up as unknow variant of (xxxx). I have not found any official number on this, but i widely guess that packers account for 1/4 to 1/3 of all false positive? Is this number accurate ?


Also how can an antivirus choose wich part of the executable should be part of a signature. And how can they make sure those part are not common one found in other software ?

I was just beung curious. Thanks in advance for any answear.

 

- By reverse engineering (disassembling) or
- With the help of enough beer and dices - the total number of the eyes after the 3rd throw is the relative offset from the entrypoint

Method 1 is recommendable