Steven "Steve" Gibson (born 26 March 1955) is an American software engineer, security researcher, and IT security proponent. In the early 1980s, Gibson worked on light pen technology for use with Apple and Atari systems. In 1985, he founded Gibson Research Corporation, best known for its SpinRite software.
Gibson started working on computers as a teenager, and got his first computing job with Stanford University's artificial intelligence lab when he was 15 years old. He studied electrical engineering and computer science at the University of California, Berkeley.
Gibson was hired as a programmer for California Pacific Computer Company in 1980, where he worked on copy protection for the company's products.
Gibson founded Gibson Laboratories in Laguna Hills, California in 1981; Gibson Labs developed a light pen for the Apple II, Atari, and other platforms and went out of business in 1983.
In 1985 Gibson founded Gibson Research Corporation (GRC) - a computer software development firm.
From 1986 to 1993 Gibson wrote the "Tech Talk" column for InfoWorld magazine.
In 1999, Gibson created one of the first adware removal programs, which he called OptOut.
In 2001, Gibson predicted that Microsoft's implementation of the SOCK_RAW protocol in the initial release of Windows XP would lead to widespread chaos by making it easier for Windows XP users to create denial of service (DoS) attacks. In that year, his company's website was brought down by a DoS attack generated by a "13-year-old amateur hacker"; the attacks continued for two weeks. Gibson blogged about the attacks and his efforts to track down the hacker. The internet did not collapse, but three years after the Windows XP release, Microsoft limited raw socket support in Service Pack 2.
In 2005 Gibson launched a weekly podcast called "Security Now" with Leo Laporte on TWiT.tv, with its archives hosted on GRC's website.
In 2006 Gibson suggested that a bug, the Windows Metafile vulnerability, was actually a backdoor intentionally engineered into the system. The accusation became an assertion and spread through the internet as a rumor after the technology news website Slashdot picked up Gibson's speculation. The rumor was widely debunked and Thomas Greene, writing in The Register, attributed Gibson's mistake to "his lack of security experience" and called him a "popinjay expert."
GRC has created a number of niche utilities, most of which are freeware.
- DNS Benchmark, freeware that lets users test the performance of the domain name servers used by their internet service providers.
- Securable, freeware to test whether a pre-Windows 7 computer is 64-bit compatible. It also tells the user if Data Execution Prevention is enabled.
- Shields Up, a free browser-based firewall testing service; one of the oldest available
- SpinRite, a hard disk scanning and data recovery utility first released in 1988. As of February 2015 the current version was 6.0, which was first released in 2004. SpinRite is a commercial product, costing $89 as of February 2015. Gibson's work on SpinRite has led to him being considered an expert on hard drive failure.
- Spoofarino, freeware released in 2006 and promised since the controversy over the launch of Windows XP in 2001, it enables users to test whether their internet service providers allow them to send forged or "spoofed" packets of data to Gibson's Web site.
- Never10, standalone freeware program that toggles registry values in Windows 7, 8, and 8.1, which either disables or enables Microsoft's Get Windows 10 app and automatic OS upgrade. As of version 1.3 also triggers the removal of any previously downloaded Windows 10 upgrade files as part of the disable function.