Gates expounds on DOJ and his 'Net focus

Self-appointed software architect explains why XML is so important, how the government is wrong and where Windows is going.

By John Fontana
Network World, 05/15/00

Microsoft Chairman and Chief Software Architect Bill Gates met with Network World Senior Editor John Fontana last week at NetWorld+Interop 2000 to talk about the antitrust case against his company and a variety of technology matters, including the role of XML, security standards, application service providers and those ever-present viruses.

Is a settlement in the antitrust case still possible, and if so, what would it take to bring it about?

We've always been very anxious to find any type of settlement.

We do have two key principles that are important to our customers. One is should Windows be able to support the Internet. What is the key disagreement here between us and the government? They disagree with our software design, they disagree that putting Internet APIs into Windows or putting the browser into Windows, they disagree that that was a good thing.

The other thing is that the name Windows has some integrity. The government's whole intent is that somebody can rip out part of Windows, change the user interface, and do whatever they want and call it Windows. And we say, if people do those things that is OK, but that shouldn't be called Windows.

When you buy a computer that says it runs Windows, you should know it's the user interface you read about, learned on another machine, saw in a software manual. . . . The idea is that the Windows trademark ought to mean something.

If you came to some conclusion on those issues, there could possibly be a settlement?

Look, those are the only things that, sure, if somebody were to cede that our choice of designing to support the Internet was both for customers and legally a great thing, I'm sure we would have some kind of a settlement.

If the government prevails, what will be the fallout in the industry, not immediately, but two or three years down the road?

What the government is trying to say is that the Office user interface and the Windows user interface [should] divert from each other so that they [are] incompatible. When you call to get support, they don't want the Windows company to ever talk to the Office company, so if you have anything that falls between the boundaries of those two things, they are going to guarantee that you are screwed. And there are dozens of things like that in [the government's proposal]. Their expertise is not what customers need in this world of software, and so the regulatory approach they come up with obviously is not going to work as well as the marketplace has worked on these things. So you have to say to yourself who [does the government] go after next; it's interesting to guess who that will be.

Any guesses?

I don't think I should speculate.

What projects have you set in motion in your first 100-plus days as chief software architect that you feel will eventually have an impact on enterprise computing?

The big focus for us now is the Internet as a platform. What we can all get out of the Internet can be dramatically better if we essentially think of writing programs that work across the Internet, that monitor business agreements, match buyers and sellers.

Now, with the shipment of Windows 2000, and me moving into the software architect role, my goal is to go around the company and talk about this XML platform, listen to the guys and say, 'OK, what does this mean for Visual Studio? Does it mean we need to have schema design and language extensions? How does all this XML stuff fit into our plans?' The SQL Server guys got a lot of XML stuff in there, but it is not the end.

So you have XML projects in the pipeline?

Oh, absolutely. The 2000 generation of Exchange and SQL Server got quite a bit of XML stuff added on. It wasn't redesigned down into the core, but with the next big release of those products, there is more XML stuff that we need to do.

I guess you could say XML is the rallying cry, but also there is this thing called data/view separation. It's where a user wants to be able to view from multiple sites, they want to customize, they want to be on different devices with different screen sizes, or say, even a voice interface. With HTML, you mix the data and view, it's only when you get the separation that you get the multisite customization, multidevice capability. So my fairly unique role is to go to all these groups and talk about all this stuff, and get all these bets [lined up] where we really believe in the Internet as a platform.

How ready is the XML standard? What still needs to be developed to support the type of integration with the Internet platform you are talking about?

There are some standard efforts that need to actually fit into XML. It does require language breakthrough, literally extending Visual Basic, C, Java, whatever languages to make XML very natural. It requires new tools, requires advances in the databases. To really use XML and turn the Internet into a platform built around XML, for the industry that is a five-year project.

With this Internet platform - or what you have called Next Generation Windows Services - what will enterprises need to do to make their networks ready for it?

We are not asking people to change their hardware networks in some dramatic way. Everything that people are doing to have better Internet connectivity and getting information up on the Internet is moving this in the right direction. But there are some needs, such as multimedia-enabled networks, multicast and better authentication, that will encourage people to do some things a little bit faster.

How important is the ASP model in this Internet-based strategy and how will you change your licensing and channel models to adapt to it?

That will become very important because there is a certain simplicity. There are pluses and minuses. The world is not going to become 100% hosted. Our model is one where we say, 'Look, we are going to have a common software architecture for the pieces you run inside on your corporate servers and the pieces you run hosted.' We are going to make sure that the programming model is identical between those.

So if you have part internal and part hosted, which I think will be typical, then those things are still integrated together, the way the security domains work, the way the programming model and customizations work. So you can even take a piece that has been hosted and move it inside, or a piece that has been inside and move it outside. Our architecture is symmetric across the three levels - cloud [Internet], corporate server, PC client. That is one of the founding principles of this new platform.

What about licensing?

The licensing is very straightforward. When we work with our corporate customers, we are signing what we call enterprise agreements. They are three-year things where we take the number of desktops and work with them on what the per-desktop fee will be along those three years. If they move to a hosted model, then it works because they have licensed all the intellectual property.

What about Office or Exchange running in that hosted environment and renting those applications?

It would be the same thing as the enterprise agreement. If you want to have so many thousand enterprise desktops with access to Office, it works perfectly well in the hosted model.

Why do you believe wireless is going to be a big deal for corporations sooner rather than later?

Right now, we run an 802.11 network inside our company. So when people come to meetings, they've got their wireless modems, and as we are sitting talking in meetings, they are bringing up Web sites saying, 'Did you see this?' It really changes that whole style of work, and it gives you a level of flexibility [with your connection].

Will the ubiquity and interoperability of security standards be key for the new Internet platform, and if so, how do you answer critics of the Win 2000 implementation of Kerberos?

Those are strange cases where people are taking some good news and trying to turn it into some controversy. We've taken Kerberos, which is a good technology, and increased its usage by a factor of 50 with Win 2000. We made it administerable with Active Directory. That is a huge breakthrough. So the fact that somebody is saying you are taking this [auth-data field] that is defined for you to use and you are actually using it, how can somebody make a big deal of that? That is what that field exactly was for. We have perfect interoperability, it works with anything, there is nothing that breaks anything.

What about interoperability with existing Unix systems?

We integrate great with existing Unix systems. [As for] the fact that we used that extra field, that field is a vendor-specific field, which gets ignored by the Unix systems. Everything that was defined in Kerberos, we do. And so people ought to say this is Microsoft embracing a standard. They used it totally responsibly. The fact that anyone can make a controversy out of this is just bad, bad coverage.

Will you publish publicly the data format that's in that field?

We have shown people how we use that extension. We have some intellectual property associated with it and we're glad to do reasonable licenses that relate to it. But that's making something out of nothing. Ask a technologist did we need to use that field, was it defined that way, not just some guy who wants to get his name in the press. Ask somebody who really understands the [Kerberos] engineering. We did a great job here, and we did it on an open basis. That field was left open for vendor extension - not interpretation, extension.

What is Microsoft doing to jump-start your SmartCard initiative? Historically the impediment has been a hardware problem, the cost of the hardware and installing it at the desktop?

Well, all the pieces are coming together. Win 2000 shipped with a CryptoAPI, or CAPI, and you can plug in any type of authentication system. That is where the biometric things plug in, where the smart card things plug in. We worked with smart-card vendors to get the price of the smart card to be $3 or $4.

We are doing all this unbelievable encryption, file system encryption, transport encryption - those are not the weak points. So you put all this stuff into this strong link of the chain, all the work goes into that, but you have this weak link, [which is] password authentication. The solution is the smart card we think.

VBScript is a key tool on the Windows platform, but is it also a vulnerability that needs to be addressed in any way given the "ILOVEYOU" virus?

There is nothing new about this virus. If you have enclosures that are scripts, programs, anything and people double-click on those, those things run. They run as programs. We certainly put up a lot of warning. The fact is, people are clicking on those enclosures and ignoring those warning screens.

Now, administratively we let people get rid of those types of enclosures, but it's really too bad because it means you can't send somebody any kind of executable. But if people want to give that up, we give them the administrative tools that make that possible. If you don't think people are going to pay attention to those [attachement] warning screens, then you have to give up mailing executable enclosures.