If change is detected, there are several possibilities: a virus infection, self-modification, recompilation, or modification of the baseline. A knowledgeable user is required to determine the specific reason for change.
The primary strength of change detection techniques is the ability to detect new viruses and Trojan horses. The limitation of change detection is the need for a knowledgeable user to interpret the output.