I was sitting at
work one day, quietly reading through an email when I found the link to
ShieldsUP! If you've never
been there before, it's a interactive website that tests the defenses
of your computer. Around this time I'd only just begun to become aware
of trojan programs like Back Orifice. I went in, performed the tests and
found out that anyone with a little knowledge and a chunk of spare time
could infiltrate my computer. I didn't like this.
A couple of months
later, a little more time on my hands and a work of advice that information
regarding Aureate Spyware could be found at grc.com initiated me to the
work of Steve Gibson. I checked out the information, downloaded OptOut
and decided to peruse the entire site. It was such a wealth of information
that I asked its originator, Steve Gibson, if I could borrow some of his
Thanks for the consent. While it would be great
to do this over the phone, I hope you don't mind answering the questions
I was wondering
where and when you got your start in computers and electronics?
I don't know why, but it's always been a fascination for me ... starting
back when I was four years old. My father took a picture of me at age
four which you can see here at the top of my online resume: http://grc.com/resume.htm.
I was working on some "project" of some sort ... and I'm sure that I thought
it was very important.
When did security
begin to become an issue for you?
Last October I was working with an editor for PC World Magazine, helping
him with a story he was working on about Internet security. That got me
thinking about the issues involved, and I suddenly realized that I could
instantly perform a cursory security check for anyone whose computer contacted
my web server. So I dropped everything else that afternoon and built the
entire ShieldsUP! web site over the course of the next five weeks.
What are the origins
Gibson Research Corp. is my second company. My first was Gibson Labs,
which I sold to Atari Corp. after developing a high-performance light
pen for the original Apple II home PC's. Atari wanted that technology,
so they purchased the company. When the IBM PC first emerged onto the
market it's Color Graphics display (CGA) flickered horribly when scrolling
due to limitations in the hardware. So I created a product called "FlickerFree"
and incorporated Gibson Research Corp. to publish that first PC product.
FlickerFree succeeded in the market and allowed me the time to create
SpinRite which really put my work on the map.
"ShieldsUP!" was my first introduction
to your work. Do you find it alarming the number of net users that would
My feeling is that the Internet is still very much in its infancy. Users
should NOT need to know about firewalls and should not be needing to worry
about their system's security. That's like telling them that they'll need
to generate their own electricity to power their machines, or string their
own phone lines. It's ridiculous. But I believe it will all get sorted
out within the next few years. Internet Security has now received enough
attention that developing, marketing, and selling "Inherently Secure"
PC's can finally become a selling point ... and before long I think we'll
start seeing claims for "inherently secure PC's".
Your feelings on
Please see: http://grc.com/oo/aureate.htm
Do you think the
name change to Radiate was caused by the Adware exposť?
No. Fun as that idea is, I think that they recognized that "Aureate" was
a really BAD name for the market-space they were occupying.
How much change
will happen to the industry following the microsoft breakup verdict?
None. The verdict will be challenged and debated for years. And, as before
with the previous consent-decree years ago, the damage is already done.
What system/s do
you currently use?
I do all of my main work under NT4 since it's very difficult to crash
the OS when my "work-in-progress code" goes haywire. I will DEFINITELY
NOT be moving to W2K for several years, if ever. For access to USB and
multimedia things I use Windows 98 (since I have many machines around
me.) In general I hold back and avoid updating to the latest and greatest
versions of things since most upgrades are just marketing motivated.
In your programs
you like to emphasise how they've been created through assembly language.
Is software bloat an unnecessary tax on computer resources?
I really object to the way software is being written today. It's sloppy
and buggy and driven by marketing more than technology. I use assembly
language for all of my work NOT because it really makes any sense, not
because today's machines are bogged down by C and C++, but because assembly
language requires the application of a software development and programming
discipline which higher-level languages were specifically designed to
free programmers from. But that freedom has been badly abused by the marketing-driven
nature of the industry. Programmers who CAN write programs more quickly
-- and MUCH more sloppily -- are now being forced to. But assembly language
FORCES discipline and planning. It's the RIGHT way to create software.
So that's all I use.
Do you support or
experiment in any of the new breed of operating systems?
I would like to be playing with Linux or the Palm OS. But software for
those platforms don't yet have the audience of Windows, and I want to
work to affect the greatest number of people. So, for now, I'm staying
If you could recommend
one book or website to someone beginning to become conscious of internet
security, what would it be?
Frankly, that's PRECISELY why I created my ShieldsUP site, and that's
what I created it to be. If there was already a good alternative I wouldn't
What was the last
book you didn't finish?
A text titled Cognitive Neuroscience. I'm fascinated with many aspects
of our presence here on the Earth.
How close are you
to revealing "Project-X"?
There's no work going on in that direction, so it's still years away.
Finally: is there
life on Mars?
Probably, but not very interesting life. As Jeff Goldblum said in Jurassic
Park: "Life Finds a Way." So I wouldn't be at all surprised if there are
some little multi-cell things, but I don't expect much else. :)
I appreciate you
taking time from your busy life to answer these questions.
This note has been sitting here, slowly growing, for many days. So I've
determined that this will be the LAST time I agree to a textual interview
... it just takes MUCH too long. But I'm glad to have done this one.
I can't recommend a better place to start than the ShieldsUP!
pages for a true account of how safe your computer is at this very moment.
Once you've done that, stick around and have a look at grc.com. Make a
coffee, smoke 'em if you've got 'em and spend some time there.
The iconic character "Mo" (shown above) is a registered
trademark of Gibson Research Corporation, Laguna Hills, CA, USA.
Steve kindly let me use it.