-=> Quoting Peter Louwen to Betty Holder <=-
 
 BH> FC /B A:PROGRAM.EXE C:\PROGRAM\PROGRAM.EXE
 
 BH> If it differs, then you know something was playing with the program.
 PL> However, if they do not differ, then you may not infer that everything
 PL> is hunky dory. Stealth viruses are able to make FC see what it (the
 PL> virus) would like it (FC) to see, so that FC is not able to detect any
 PL> differences. 
 PL> Peter
You are exactly right.  That didn't come to my mind as I wrote that.
But, if they did come up different (and you didn't play with or change
the .EXE), that would indicate that there was a problem, but like you
said, if they come up the same, you can't always assume you are safe.
Also, not all "hackers" (the malicious kind, the careless geniuses,
and the wannabe's) have the skill to write a good stealth virus.  But,
even if the odd were low, if your data is really that important, then
even low odds are too much of a risk to take.  That is where backups
(and multiple volume backups at that) can be life-savers.  I guess a
good write protected diskette (or CD-ROM for that matter) is one of
the best ways to store and run an anti-virus program to where at least
the physical copy won't get tampered with.  There is no telling what
will be done to the copy in memory since a stealth could recognize
what the antivirus is doing and somehow abort or otherwise screw with 
the program (perhaps cause a CPU exception error or call int 21h using
the terminate program service, or fake out the disk accesses).
Betty
--- GEcho 1.11+
---------------