Have you heard the joke about a man in a bar having a quiet drink, when a nerdy looking fellow sits down next to him, sipping a Martini? "You're Bill Gates!" says the astonished man. Gates nods and smiles. "Would you mind doing me a favour?" asks the man. "I'm meeting a date in the restaurant here this evening. Would you mind coming up to my table and greeting me like we're old friends? It would really give me some kudos with my lady friend." "Sure," says Gates.
Later while the guy is sitting with his date at dinner, Gates appears. "Hi," he says. "How are you?"
"Jeez, stop bugging me Bill," says the guy. "Can't you see I'm busy?"
It is no surprise that jokes like this are doing the rounds. Gates' reputation for greatness is almost more important than he is, now that Steve Ballmer is running Microsoft on a day-to-day basis as chief executive. It's getting to the point where Gates is almost famous just for being famous. He even did a guest appearance on the US TV sit-com Frazier recently in a story line in which Gates upstaged the balding radio psychiatrist.
Gates is certainly a more impressive figurehead than Ballmer, which is probably why he made the keynote speech for the launch of Visual Studio earlier this month. The product, which is Microsoft's long-awaited software development tool for Web services, has been in beta test for more than a year and, while waiting for it to ship Gates has been busy talking up the initiative.
Web services are essentially software components wrapped in an XML language called the Simple Object Access Protocol. The idea is that they will be more business-oriented and be accessible over the Internet by other software applications. Thus, for example, your accounting system could access an exchange rate calculation facility online linked to the stock exchange, as a means of keeping your currency calculations up to date.
"With Visual Studio you'll see a ton of things go online that have been done through paper or phone calls or through very inefficient processes without much visibility to date," Gates says. "It's a change for how business is done, and makes all business models more efficient."
This idea of making software more efficient and easily accessible is great on the surface, but one of Microsoft's problems is that its software has been all-too accessible of late. A series of embarrassing security flaws has caused the industry to recoil from the company's "software as a service" business model, worried about having insecure software constantly connected to the Net.
In November 2001, for example, the software giant found a bug in Internet Explorer 5.5 and 6.0 that exposed personal information in cookies, potentially rendering bank account details, credit card numbers and passwords open to hackers. It also found loopholes in the Passport security service that potentially exposed private information to online snoopers.
Microsoft had possibly its biggest embarrassment of the past year, when it admitted to a security hole in Windows XP that could allow hackers to take control of a machine by using the universal plug-and-play facility in the operating system. A panicked Microsoft urged all users of the system to install a patch to fix the problem. And then there was the revelation, last week, that Visual Studio.net is vulnerable to buffer overflow attacks.
"A lot of the vulnerabilities come at the application layer," Gates says, "and so helping developers understand these issues as they write their applications is important, particularly as you get into privacy. That's not so much a platform thing as a question of administering things - who has what rights to information and so on."
But he has dodged the question. Following the discovery of the security flaws in the operating system and in the back-end Passport service that supports it, Gates declared open season on security bugs, issuing a memo in January demanding a new era of trustworthy computing in Microsoft. "If we don't do this, people simply won't be willing - or able - to take advantage of all the other great work we do," the memo said.
So, how is Gates going to alter his software development processes to make that happen? "When there have been viruses, the fixes for those things were done months before there was a problem," he protests. "The problem isn't that the fixes haven't been done, it's that people weren't installing them."
But if this is the case, then why is Microsoft so against full disclosure? Back in October, Microsoft's security response centre manager Scott Culp issued an open letter to the hacker community imploring it not to publish any details of security holes that they discovered in its products. Such holes should be brought to the company's attention first, says Gates. "It's more constructive for someone to report [privately to the software supplier] and allow 24 hours for the fix to be there than it is to report a problem publicly without a fix," he says.
Speaking to Gates about security, it is hard to avoid the feeling that you are talking to a rabbit which is staring directly at some fast-approaching headlights. While calm on the surface, he never directly tackles the security question and it seems pretty clear that he's keeping tight-lipped until Microsoft has completed its internal security programme. According to other senior Microsoft executives, the initiative has seen the company's developers crammed into security training classrooms. Perhaps this will help them to eradicate such embarrassing problems as the buffer overflow error that caused the plug-and-play flaw which is (or should be) basic, textbook stuff for developers.
Still, Gates is looking to the future and trying to push forward while fighting off competition from other software giants, such as Sun Microsystems, which built its own Web services strategy called Sun One.
Who does Gates see as his enemies as Microsoft gears up to peddle Web services, and how will he overcome them? "We don't have enemies, we have competitors. These are companies coming in with the same dreams that we have," he says, in a tone that seems markedly different from the language used in Microsoft's legal filings against AOL in early May. "A key competitor and partner in Web services is IBM. It's a broad company that has a depth of hardware and other technologies. It's a big partner of ours in terms of putting windows on our system and promoting Web services, and it's a big competitor in terms of a lot of the software pieces that it sells."
Perhaps one of the reasons that he focuses so heavily on IBM is that its relationship with Sun has visibly soured over the past couple of years, following a licence wrangle over the Java 2 Enterprise Edition brand name. Although IBM remains committed to Java, it isn't as "in-bed" with Sun as it used to be.
And what about Linux, which Gates identified as a key threat in a memo a year or two ago? "Linux is a kernel operating system and the kernel is such a small piece of what you get in a platform right now that you wouldn't say that Linux is a competitor," Gates says. "There are people who build things on top of Linux that compete with us but Linux is a small enough part of the platform you could say that it's a commoditised piece."
It is the people building things on top of Linux that Gates should be worried about. Ximian, for example, is building an open source version of the .net framework that will run on Linux. This represents serious competition to Microsoft, which undoubtedly hopes that most people will run their implementations on the Windows platform. Microsoft has built a FreeBSD version of Linux, but this is more of a publicity gig than a serious endeavour.
When Gates sweeps out of the room, the sense of urgency with which he entered it leaves with him. But what stays is a sense of the challenge that he faces as he tries to bet Microsoft's reputation on a new framework which has already aroused suspicions among users.
Hopefully, he will be able to overcome the security challenges before he officially makes available the developer-oriented, Passport-supported MyServices component later in the year. This service will see Microsoft hosting not only third-party Web services, but also customer data, in something clearly approaching a world domination strategy. Until then, we'll keep installing the software patches as they become available.
This was first published in February 2002