Change detection is a powerful technique for the detection of viruses and Trojan horses. Change detection works on the theory that executables are static objects; therefore, modification of an executable implies a possible virus infection. The theory has a basic flaw: some executables are self-modifying. Additionally, in a software development environment, executables may be modified by recompilation. These are two examples where checksumming may be an inappropriate solution to the virus problem.