Steve Gibson (computer programmer)

Early Life

Gibson began working with computers as a teenager, securing his first computing job at Stanford University's artificial intelligence lab at the age of 15. He subsequently studied electrical engineering and computer science at the University of California, Berkeley.

Career

In 1980, Gibson was hired as a programmer at California Pacific Computer Company, where he worked on copy protection for the company's software products. The following year, he founded Gibson Laboratories in Laguna Hills, California, which developed light pen technology compatible with the Apple II, Atari, and other platforms. The company ceased operations in 1983.

In 1985, Gibson founded Gibson Research Corporation (GRC), a computer software development firm based around security and utility software. From 1986 to 1993, he contributed the "Tech Talk" column to InfoWorld magazine.

In 1999, Gibson developed OptOut, one of the first programs designed to detect and remove adware. In 2001, he publicly predicted that Microsoft's implementation of the SOCK_RAW protocol in the initial release of Windows XP would make it significantly easier for users to launch denial-of-service (DoS) attacks, potentially causing widespread disruption. That same year, GRC's website was taken offline by sustained DoS attacks lasting approximately two weeks. Gibson documented his efforts to identify the attacker on his blog, ultimately tracking down the responsible party. Microsoft later limited raw socket support in Windows XP Service Pack 2, released three years after the original launch.

In 2005, Gibson launched Security Now, a weekly podcast co-hosted with Leo Laporte and distributed through TWiT.tv, with archives maintained on GRC's website. The podcast reached 1,000 episodes in November 2024, surpassing Gibson's original expectations for its run.

In 2006, Gibson raised the possibility that the Windows Metafile vulnerability was an intentionally engineered backdoor rather than an accidental coding error. Microsoft and security researcher Mark Russinovich responded, concluding that the flaw was the result of a coding mistake and that Gibson's analysis had been influenced by misleading documentation surrounding Microsoft's abort procedure.

In 2013, Gibson proposed SQRL (Simple Quick Reliable Login, pronounced "squirrel"), an authentication system designed to simplify the login process while avoiding the disclosure of transaction information to third parties.

Notable Work and GRC Products

GRC has produced a range of software utilities, the majority of which are distributed as freeware. SpinRite, first released in 1988 and a commercial product, is a hard disk scanning and data recovery utility; version 6.0 was released in 2004 and remained current as of January 2019. Gibson's sustained work on SpinRite has contributed to his reputation as an authority on hard drive failure.

Other notable GRC tools include ShieldsUP, a browser-based firewall testing service considered one of the oldest of its kind; DNS Benchmark, which allows users to evaluate the performance of DNS servers; InSpectre, which assesses a system's exposure to the Meltdown and Spectre processor vulnerabilities; and Never10 and InControl, utilities designed to manage or prevent automatic Windows upgrades. Spoofarino, released in 2006, enables users to test whether their internet service providers permit the sending of spoofed data packets.

Recognition

Gibson's work on hard disk technology through SpinRite has led to him being widely regarded as an expert on hard drive failure. His early identification of adware as a security concern, his public analysis of Windows security vulnerabilities, and his development of the SQRL authentication proposal have each contributed to his standing in the information security community.