In a recent conversation, my brother-in-law, who has very little experience with computers, asked me what I thought of Microsoft. As far as he knew, anyone who knows anything about computers absolutely hates Microsoft. There is no ambivalence about it. They hate every Microsoft product going back at least as far as Windows 3.1, some as far as DOS.   I thought I'd use this space to go into just a few of the reasons why hackers generally hate Microsoft. Before I do that, let me get a few of the basics out of the way. The reasons why hackers hate Microsoft are different from the reasons why everyone else hates Microsoft. It is not because it has a monopoly, or because Bill Gates is richer than God. Those things wouldn't really bother hackers if they felt either of those things were deserved. What hackers hate about Microsoft is that it makes third-rate software with absolutely no concern about issues of security or the well being of its consumers. Microsoft wins battles because it's big and can roll over people, not because it's better. With hackers you can get away with just about anything if you are good enough. Microsoft just isn't.   Last summer, I listened to Mudge and Hobbit, two hackers from Boston's L0pht, discuss the latest gaff that Microsoft had made with its new Windows NT operating system, a system which is threatening to overtake UNIX as the Net's most frequently used operating system. The NT password scheme allows the user to enter a password up to 14 characters in length. Using basic encryption, that means there are roughly 100,000,000,000,000,000,000,000,000 possible passwords from which to choose. That's an awful lot of guesswork, more than is feasible with today's computers. However, Microsoft made the hacker's job a little bit easier. In an effort to make Windows NT backward compatible with earlier Microsoft products (including LANMAN, from the 1980s), Microsoft allowed NT to accept old LANMAN passwords (seven characters all upper case). As a result, the number of possible passwords is reduced to roughly 8,000,000,000. Eight billion passwords is not all that big a number to a computer. In fact, using a PC you can guess them all in a matter of days.   What is disturbing about this is not necessarily the security hole itself. Software is bound to be buggy, especially when it contains millions of lines of code. What is alarming is Microsoft's response. When these hackers alerted Microsoft about the hole, it denied that any problem existed. Because the hackers had discovered the bug using their own system, rather than using the exploit (the code designed to take advantage of the security hole) to break into anyone else's, Microsoft's official position was that 'no data had been compromised'. It seems that Microsoft's concern was more with PR, than with fixing the problem. In order to get Microsoft to make changes, the hackers from the L0pht had to release a version of the program that exploited this flaw on the Net (L0phtCrack). Hackers at the L0pht had to shame Microsoft into making the changes by releasing something that actually provided a visible threat to its software.   Microsoft wouldn't work with the hackers because it preferred denying that any problem existed, rather than fixing it. Indeed, Microsoft's latest press release (4/18/97) claimed that 'This is not a security flaw with Windows NT, but highlights the importance of protecting Administrator accounts and reinforces the importance of following basic security guidelines.' Translation: The passwords are still easy to crack, you just need to hide them better.   But hacker distaste for Microsoft didn't start with NT, with Windows 95 or even DOS. In fact, it predates just about every PC save one -- The Altair 8800. In the early 1970s, Bill Gates had ported a public domain computer language called BASIC to the Altair 8800, the first mass marketed PC. Although he didn't write the language, getting it to run in the Altair's 4K of memory was a significant piece of coding. Gates managed to get his copy of BASIC, which was fed on paper tape into the Altair, to be marketed and sold by the Altair's manufacturer. The Altair itself was a true hobbyist's machine. Not only did you have to build it yourself (including soldering the parts together), you also had to program it yourself. As a result, hobbyists banded together to share their love of the Altair and trade programs. One program which was frequently traded was AltairBASIC, authored by: Bill Gates. Part of the hacker ethic, however, was that code was to be freely distributed. In no time, Gates's program was widely disseminated (as was every other program that hobbyist's could get their hands on). The difference was that Gates expected to be paid, at $25.00 a pop.   Hackers who gave their code away freely and worked just as hard on their programs as Gates did on his were incensed by a now infamous letter Gates wrote and published in a computer hobbyist magazine, Computer Notes, in February, 1973. He titled it 'An Open Letter to Hobbyists'. In it, he called these early hackers 'thieves' demanding payment for the pirated programs that hackers had in their possession. As Gates put it: 'As the majority of hobbyists must be aware, most of you steal your software.' He continues the letter, complaining that such hackers 'are the ones who give hobbyists a bad name, and should be kicked out of any club meeting they show up at. I would appreciate letters from anyone who wants to pay up, or has a suggestion or comment.' According to lore, he received plenty of responses, but no payments. If you think he is over it by now (and you are reading this in Windows 95) click on 'Help' then 'Find' and type in the word piracy. You'll be amazed.   It would be nice if Microsoft provided as much free and detailed help about other aspects of the operating system as they do about piracy.   And then there is Windows95. Where to start? As an operating system, it seems to have dual goals of performing tasks very slowly and giving users no idea what it is doing and why. Hackers like to know what their machines are doing and why. There are so many layers between the user and the machine that it is difficult to explore how the machine works. Hackers hate Windows 95 because it is a weak operating system. Perhaps more important, it obscures better alternatives, including free operating systems like LINUX (a free, downloadable clone of the UNIX operating system). Such systems are not widely known and have difficulty finding developers to write good software for them. Linux is a true hacker's operating system. Nearly all of the software (including the operating system itself) is free, it is fully customizable and it really allows you to understand how your computer works, in as much or as little detail as you desire. Once again, in the OS wars, Microsoft wins because it's bigger, not because it's better.   To add to all this, Microsoft also has given us something that not even the most insidious hacker mind could create -- a text-based system of viruses. With the release of Microsoft Word version 6.0, the world was treated to a new system of viral infection that literally makes any Microsoft Word document a potentially lethal virus for your computer. Up to that point, viruses had been limited to what is called executable code. That is, they were programs that one had to choose to run, usually labeled with the extension .COM or .EXE. Images, text, e-mail were all guaranteed to be harmless. That is until Microsoft created Word's 'macro function'. Microsoft Word allows you to embed commands in a text document and have them run automatically when the document is opened. That can be a real convenience if the commands are 'Open Excel' and 'Show me last month's budget'; they can be a real drag when the commands are 'Format my hard disk' or 'Erase all my files'. Microsoft has spawned literally thousands of new viruses.   Again, the objection is not to the sloppiness of the software but to Microsoft's unwillingness to do anything about it. Because of Microsoft's sheer market dominance, it feels it doesn't have to care about security. From the very beginning, Microsoft has violated every principle that hackers stand for. And it's done it by being bigger, rather than better.