Jump to content
  • Windows 95 used a very basic "trick" to detect setup files


    Karlston

    • 1 comment
    • 126 views
    • 3 minutes
     Share


    • 1 comment
    • 126 views
    • 3 minutes

    Windows 95 identified installer programs by guessing from filenames and paths, using simple heuristics to protect critical system files.

    We have covered Windows 95 a lot in the recent past. This includes details about how Microsoft managed to bundle all the "fun" stuff on its CD, the methods that the operating system employed to block installers from downgrading critical system components, a mechanism that allowed a Windows 95 PC to restart a lot faster, and more. Now, we have another historical tidbit to share regarding the OS.

     

    According to Microsoft veteran Raymond Chen, while Windows 95 already had the ability to block buggy external installers from downgrading system components, an associated challenge was figuring out how to detect that an installer or a setup file was running.

     

    To work around this problem, Microsoft leveraged a rather basic heuristics-based mechanism, which involved "guessing" that the name of a file belongs to an installer. The idea was that if the words "setup", "installer", and "inst" appear in the program that is currently executing, it is likely an installer file. There were other variations of this word for other languages too, such as "imposta", "ayarla", and "felrak".

     

    If the program didn't have the aforementioned words in its name, Windows 95 would rely on a fallback mechanism where it would check if the word "setup" is present in the path leading to the executable. The rationale was the same: a setup file likely has an explicit identifier to indicate that it's an identifier.

     

    Chen further stated that:

    In the above two cases, the file check is delayed until the next start, because some setup programs will realize that the file is in use and cannot be replaced, so they use Exit­Windows­Exec to exit Windows back to MS-DOS, run a batch file, and then start Windows back up. We have to wait until the restart of Windows to catch any files that were improperly modified by the batch file.

    However, Windows 95 did perform a live file check in case of multimedia driver installs through INF files, as the team managing that likely received a special pass.

     

    It's rather interesting that Windows 95 leveraged such basic tricks and mechanisms to detect setup files. You can bet that modern operating systems like Windows 11 employ more advanced methodologies given how much more sophisticated and evolved the threat landscape has become in the past years.

     

    Source


    Hope you enjoyed this news post. Feedback welcome.

    Posted Wednesday 8 July 2026 at 6:24 pm AEST (my time).

    News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of June) 2,475

    RIP Matrix

    • Like 3

    User Feedback

    Recommended Comments

    Perhaps someone should inform Mr Chen that in THOSE days, updates were tested by HUMANS and RARELY broke end users' systems.

     

    Aaah, the good old days, when Microsoft made software that WORKED!  [sarcasm intended]

    Link to comment
    Share on other sites




    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...