Next: Functionality
Up: Tools and Techniques
Previous: Summary
Change detection
is a powerful technique for the detection of
viruses and Trojan horses. Change detection works on the theory that executables
are static objects; therefore, modification of an executable implies a possible
virus infection. The theory has a basic flaw: some executables are
self-modifying. Additionally, in a software development environment, executables
may be modified by recompilation. These are two examples where checksumming may
be an inappropriate solution to the virus problem.