Computer Viruses: Fact or Fiction? Windows 95 and Viruses Jim Fox
Although Windows 95 does not contain any built-in virus protection, there are several features that make it more difficult for a virus to infect your system. These features include disabling direct hard disk access, detecting modifications to the Master Boot Record (MBR) and identifying unknown device drivers.
In earlier versions of Windows a virus could make normal DOS operating system calls and easily access the hard disk directly. With Windows 95, direct access to the hard drive has been disabled (in order to protect long file names). If a virus attempts to bypass the operating system and write directly to the hard drive, the system is halted and an error message is displayed.
Viruses that infect the MBR hook the INT13h chain in order to monitor hard disk access and damage the data on your hard drive. Each time you boot your computer Windows 95 checks to see which programs are monitoring the INT13h chain and compares this to the list of programs it recorded the last time it booted up. If any new programs are there that Windows 95 does not recognize, a message is displayed warning of a suspected virus. You are then presented with a series of steps to follow in order to trouble shoot the file.
Windows 95 maintains a list of all the real mode drivers that it can safely replace with its own protected mode drivers. If a new or unknown device driver appears that hooks the INT13h or INT21h chain, Windows 95 presents a warning dialog explaining the situation and giving you the chance to remove the suspected driver/virus before any damage is done.
