Click Here to Install Silverlight*
United StatesChange|All Microsoft Sites
Microsoft
PressPass - Information for Journalists 

Remarks by Bill Gates, Chairman and Chief Software Architect, Microsoft Corporation
Microsoft Australia Media Briefing
Sydney, Australia
June 28, 2004

STEVE VAMOS: Good morning. I'm Steve Vamos, the managing director of Microsoft Australia. Welcome to all of you. Thanks for taking the time to be with us. We certainly appreciate it, as we do your ongoing interest in our business and our products and our technology, which is important to us and certainly to our customers and industry in general.

It's great to have Bill Gates with us in Australia again. Last time Bill was here was the year 2000. It was around the time that he took on the role as chief software architect, and has since spent a lot more time in directing and engineering the evolution of our technology. And certainly around the same time back in 2000, Bill also announced the commitment that Microsoft is making to Web services, with Microsoft's .NET platform.

So, over the last four years, there's no question that Web services and the Internet has continued to grow as a key industry focus and certainly for us it's a tremendous focus of our business. So, I can't think of anyone better to talk about the last four years and the future in terms of where Microsoft and the industry is going than Bill Gates. So, would you please join me in welcoming Bill Gates to Australia? Welcome, Bill.

[Applause]

BILL GATES: Well, thanks. We talk about the goal this decade as being "Seamless Computing." And seamless means getting rid of a lot of boundaries. Boundaries between people and machine, by bringing in speech and ink. Boundaries between the machines, by bringing in the approach we call Web services. Just simplifying what is today still too complex to get all the benefits from.

Our industry has been very fast moving. You know, Microsoft got started in 1975 with a kit computer called the Altair. The hardware didn't do anything. The software barely did anything. Certainly there was no notion of connecting machines together except by carrying paper tapes around between the various machines.

In the 1980s the exponential improvement in the chips got us some very powerful hardware. You know, I'm sure you'll remember that that's when the 386 chip came along. That gave us 32-bit addressing - very powerful basis for personal computing. The '90s, early '90s, it was the push to graphical interface - Windows versus DOS. Very successful. Now, basically we take it for granted that that's the way things are done.

Towards the end of the '90s, we got all the machines connected - the low price of connectivity, the protocols of the Internet. It made us say, "Wow, every computer on the planet can essentially talk to any other computer," and that really led to a recognition that understanding the information and securing the informations between these systems then became the toughest problem.

And so I'd say in this decade, even though the hardware will advance and the connectivity will just get better and better, particularly getting more and more consumer broadband, the key element for ease of use, security, advanced productivity is software, and we're seeing a lot of great approaches where software is going to tackle these tough problems.

Microsoft is substantially the largest spender on R&D in the computer industry. In fact, with the exception of one drug-development company, we are the biggest R&D spender in the world. Second in our industry would be IBM at about $5 billion a year, and then the drop to the third is down to less than half of what we spend. We spend it in a very focused way. We spend it on software. We do a few hardware things - manufacturing Xbox, mice and keyboards - but overwhelmingly the thing that we are the best at is driving software forward.

Now, there's a lot of tough problems that we need to solve. And we'd be the first to say that if you watch somebody use a PC over a period of hours, there's definitely going to be several times where the person is surprised, frustrated, you know, "Why didn't this work? How do I get this thing done?" There might even be a piece of software that hangs or crashes, and we have to reduce that very dramatically.

Then we've also got the general challenge that these systems they're online systems. They need to be up 24 hours a day. You don't want your banking system or your e-mail system to ever say to you, hey, it's offline for any reason. And so preventing malicious security attacks and making sure that the systems are essentially available with the same or greater reliability as society's other infrastructures - the electrical infrastructure, the water infrastructure - that absolutely has to be done. And although there's a few things that can be done to help us with this at the hardware level, the real advances will come through software.

Now in security, there are some very, very key and obvious solutions. The most important is what's called isolation. This is making sure that people with malintent can't arbitrarily send code to all the different systems. The Internet in a way says, "Hey, these systems are connected." It's not like the mainframe that was kept secure not because the code was secure, but rather because only the people there in that glasshouse were actually connecting software up to it. Here we need to build the firewalls.

And we had about a third of our customers who've never had any problem with security attacks. Why? Because they had those firewalls in place. But for the other 70 percent of the customers, clearly it wasn't made automatic enough, it wasn't made obvious enough. There wasn't a tool you could go in and really check to make sure you were only open to the things that you needed to be open, and those tend to be actually quite few -- the mail server for mail, the Web server for http -- but most of the systems can actually be isolated.

In those cases where you really need to be connected up, whenever there's a security problem we need to make sure that the security updates get onto those systems faster than somebody with bad intent can go in and perform an attack. In fact, the people with bad intent are not the people who've discovered the vulnerabilities, rather it's security firms or our own patches that point the way, and then somebody packages those up in a way that they spread around.

So having updating that happens extremely rapidly, and flows out using the full speed of the Internet, that takes care of the rest of those issues. We do want to reduce the number of times any update has to be made. This involves very advanced tools, techniques that have been in academia for a long time but never used against large-scale software. You know, we are the first company that's actually using software-proved techniques to go through and show that only a tiny piece of code has to be right for the security to work well, and that's part of this quality push.

We've seen a big effect on that, if we take Windows 2000 Server. The first year that that was out, we had about twenty-four security bulletins, things that we asked people to patch there. With the most recent release [Windows Server 2003] we've now had four of those, and so a pretty dramatic reduction. However, you know, we should get that to be either one or zero during that timeframe, and that's where software proved techniques will come in.

If you compare that to other software, those techniques are not being used. You know, the time, the average time to fix on an operating system other than Windows is typically 90 to 100 days. You know, today we have that down to less than 48 hours. Now, because of the popularity of our systems, people with malintent who want to spread those viruses are going after them more, but not just ours. You know, we've seen it recently with a firewall product, we've seen it with Cisco, and we see it at a fairly significant level against Linux and other systems as well.

We have people on this job on a very regular basis and make the security improvements a unique asset we have to get to that before we're done. A new weak link is emerging and that is the way people using passwords; those are often easy to guess with computer systems, or you'll use the same password on a very insecure system that you used on a secure system. And so moving more and more into smart cards, biometric, that'll be a necessary step.

Spam is also a gigantic problem, and in some ways it relates very much to the security problem because spam can not only waste time but it can spread bad software. There are a set of techniques being put into place that will eliminate spam as a major problem. The first approach we took is filtering - looking at the message, seeing if it's talking about certain things or connecting up to certain kinds of Web sites and filtering it out. Those approaches today are filtering something like 90 percent of the spam, but that's still a lot of spam left over. In fact, they've increased their volume to try and get around that, and so we need new techniques.

And we've just announced in the last few weeks one where we actually can guarantee that the mail really is who it appears to come from. And what that does for us is it lets us say that if you're getting mail that's not from a stranger we can always pass it through, and mail that appears to come from a stranger we can be very stringent and require more proof that that's a legitimate piece of email, and there's some very clever ideas there about having the computer that does the sending do some extra work or bouncing back something where the human verifies that this really is a legitimate piece of email.

As we combine these approaches over the next year we will be able to make dramatic improvements in terms of what goes on in spam. This industry cooperation, the invention that's coming from Microsoft along with laws that simply say that fraudulent e-mail is not allowed. The combination of those things really is going to make a very big difference.

Now, not only do we need to make these systems secure, we need to make them far more impactful. We need to let them drive productivity. We need to get rid of all those different boundaries. We need to make software development more productive that it is today. We think about that as overall what we'd call Seamless Computing.

As we connect systems together, the most important advance taking placing is an industry standard called Web services. You've seen Microsoft and IBM drive this. It really comes from a piece of work that Microsoft started around XML with some small companies about 10 years ago. XML -- some people didn't think it was that important, but maybe three or four years ago there was wide recognition that that really was the format that information would be exchanged in.

But you need not only that format, you need the protocols around it. Protocols that let you find, say, a system that might be selling the product you're interested in, protocols that let you secure the information, that guarantee that even if the network's unreliable that it gets delivered completely. And those Web services advances are very, very far along. In fact, the last few, the highest level ones, are already out in draft form and they'll be finalized during the rest of this calendar year.

And so for the first time we will have laid in place something that lets software on any computer talk to software on any other computer. It doesn't mean you have to rewrite the software; you simply put a Web service layer on top of it to make this work. And this is completely independent of the hardware, the chip, the operating system or even the language that the software's working in. This works for, you know, C, Java, Visual Basic, you name it, they all can connect up here.

So this is actually a necessary piece for the dream of e-commerce to come true. We talked a lot about e-commerce during the late '90s; some companies got started and said, you know, this'll be solved overnight. You know, the dotcoms will immediately take over banking and shopping and all of those things.

Well, that was naive in many ways, naive in terms of the business models, the expertise required, and so what we're seeing here is the traditional companies embracing the Internet, and now more and more using Web services to be able to deliver what they're good at but deliver it in this new form. It's Web services that are going to make even rich workflow applications possible to do, not only within a company but across company boundaries.

One thing we struggle with is that even though the information that people need to do their jobs is not really available to them they've gotten used to the fact that it's hard to do quality analysis, it's hard to do timing analysis, it's hard to know what the most demanding customers are thinking. And yet by giving people better software tools, that's quite solvable.

Just imagine that 20 people, some in one company, some in another, are trying to collaborate on a project. Today, they would use e-mail, and they'd attach large things to the e-mail and if new people come into the discussion, they would find that they would have to go back and try and dig through that - very, very inefficient. It's only with the concept of what we call SharePoint that you can create a Web site, secure that Web site, and not have to have IT get involved in it. In fact, it, you know, works across company boundaries.

We have about 50,000 of those at Microsoft, and that's even only over the six months that we've made that available. People should start to have very high expectations for doing business information analysis, not just top level executives but everyone throughout the organization.

New techniques for visualization, breakthroughs in the Excel spreadsheet, breakthroughs in the database, breakthroughs in graphic representation. All of these things will be necessary, and yet that's a role that Office can play, and yet it's a very high volume, low cost tool, let people work in new ways.

Our interaction with these devices will be far more natural. It won't just be the keyboard, it'll be speech, speech that gets recognized, it'll be the Tablet device with ink. Those are getting smaller and smaller, the software's getting better. We'll just say, hey, that's common sense that we do things that way.

The boundary between the phone and the PC can be made far simpler. You know, if you're out shopping and you spend money and you want an expense report, just take your camera and take a photo of it and tell your camera, "Hey, your phone, that's an expense report," and it'll be sent up and recognized in the right application.

And so we're just scratching the surface in terms of visual recognition, speech recognition and ink recognition. These are big investments on Microsoft's part, and people are naturally a little skeptical because over the last 20 years they felt, well, speech recognition, we must be close to it. And, in fact, the quality of the systems that have been out there haven't been good enough.

In the home environment it'll become commonsense that keeping memories of what's gone on with your kids and your calendar, they're very easy to call up, very easy to share. Your music, of course, you can organize and listen to as you like. TV shows, you know, see them exactly when that's convenient to you. Planning schedules with other people, we can make that very straightforward.

So the breadth of things that can go on at home, we're just less than a third of the way of where we'll be even by the end of this decade, and so the PC is playing a more and more central role and making it simpler, making it more reliable as we bring in these new capabilities. That's a very, very important thing.

You know, so all the devices need to work together. We have the idea of bringing intelligence down to the smallest device, the wrist device, the pocket device, in your auto where speech is very important, since you don't want to distract the driver. And that leads to things like digital meetings where it'll be trivial to put a little what we call ring camera in the meeting, video record what goes on, be able to share that with people who are at a distance, be able to follow up, search the transcript to make sure that everybody sees the part that's interesting to them, or even can see parts that see it and see it at a higher speed than it took place inside the meeting itself.

So this is really moving towards Seamless Computing. It means big investments by the hardware companies, big investments by the software companies. It means new standards, first and foremost, what we're doing on Web services. It means helping customers with the right isolation techniques to get the right things done and all of these things are really, you know, expectations that customers need to have. By really driving forward with this, we can take what Windows has been and make it even more effective, even more common as a tool.

We can take Office and make sure that it's very worthwhile for people to have the latest versions there, and yet allow people to have variety in that computing environment. So a lot of challenges for us, that's why you've seen us raise R&D so dramatically over the last three or four years. It's because of the optimism about the high-volume, low-price software products that we build.

   
 

© 2009 Microsoft Corporation. All rights reserved. Contact Us |Terms of Use |Trademarks |Privacy Statement