On Mon, 1 Mar 2004, Hiram Berry wrote in a thread that diverged from colour maps: I imajin that I don't know ten percent of the optimization difficulties in this topic, but steganography is a bit distant. As I see it, the search strings for viruses are probably kept short in the interests of keeping the total size of the database to a limit, but single bytes will probably collide within 256 bytes of a format that naturally has a flat distribution, two bytes will tend to collide within 64k, and even four bytes of search string will probably collide within 4Gigabytes of high-entropy data. So, you can see that in this branch of Computing Science, entropy isn't entirely your friend. And it's hardly the case that anti-virals are at odds with crypto, because that's what makes authenticating the database practical. Such practicalities are not likely to be within any line of thought that will yield a fractint method, though. I expect that the better anti-viral programs use search strings primarily to hit on possibilities, then they resort to more elaborate descriptions of how to verify that a virus is a threat and clean a virus file. I've read a description of boot-sector viruses that describes how they will also insulate themselves from detection in memory and on disk. That is they trap requests to read that part of your disk or RAM. (It's far more reliable to do that in protected mode, where you hav no other way of restricting DOS programs to a window). I wouldn't know where to go from here, but perhaps I could get a physical map of your hard-drive's entropy by comparing hits between it and a pseudo-random number jenerator. The hard part of a trick like that would be adapting the routines to FRACTINT's zooming (and convincing newbies that I wasn't compressing their hard-drive for display to the world in steganographic form). My guess is that I would hav the length of the sample as a parameter to adapt to the sheer size of your hard-drive. It was a stretch, but I found the link to steganography.