UPX is a nightmare, and never worth it. I fought false positives for a few years but eventually threw in the towel and just rely on the 7zip archive for compression during distribution. It's not UPX' fault, but it's a battle you cannot win, much like screensaver suppression and joypad input.
AV software is worse than having most real viruses.
Also, even without UPX, I'm pretty sure Martin employs other tricks to try to protect his binaries from modifications, like a CRC check on the uncompressed binary. Could be mistaken, but I know there was
one closed source emudev that loved doing that.
(Don't be surprised if I make a post soon ranting about how closed-sourcedness is of the devil. It's why I gave up on the SNES and frankly, if you are a software developer who won't share things because you want your name plastered on them or you think it's okay to just release a program on Windows and make everyone else use Wine, I don't like you.)
I like you :)
The thing that pushed me toward the GPL instead of the ISC license was actually FuSoYa's Snes9X SuperFX tracer. He botched a detail (turned out to be ROMB reads) in a way that broke Doom exactly like I had in my early SuperFX support. Had he released the source, it would've been a five minute fix to see what he changed from the mainline Snes9X and to fix that bug in my core.
But because he was too selfish to share a few fprintf commands after taking the entirety of Snes9X's source for himself (his site had a screed about -not- asking him for source, too, or I'd have tried that), I had to spend a few days trying to figure out the bug with no help at all.