Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Dr. Roy Schestowitz

2015-01-09 17:27:48 UTC
Modified: 2015-01-09 17:27:48 UTC

Summary: Some blobs like Microsoft's Windows patches and the binary-level UEFI 'validation' do not and cannot provide real security, only insecurity in disguise

THE 'PROMISE' of UEFI 'secure' boot is as ludicrous as Microsoft's claims that it pursues security. UEFI does nothing real for security; in fact, it once again does the very opposite. Quoting the news:

A pair of security researchers have found a buffer overflow vulnerability within the implementation of the unified extensible firmware interface (UEFI) within the EDK1 project used in firmware development.

Bromium researcher Rafal Wojtczuk and MITRE Corp's Corey Kallenberg said the bug in the FSVariable.c source file was linked to a variable used to reclaim empty space on SPI flash chips.

According to other news, as told (spun) by a Microsoft booster.,"Microsoft's advance security notification service no longer publicly available". The booster says that "Microsoft is taking its Advance Notification Service private, claiming the change is due to changes in the way users want their advance security notifications." Microsoft sure tells the NSA about ways to hijack/wiretap Microsoft software, so it's a matter of privilege, not some company-wide policy.

How does the above serve users? It doesn't. This is about Microsoft, not users. Users will be left even more vulnerable. As Pogson correctly points out, "There are no Patch Tuesdays with Debian GNU/Linux so the bad guys are no further ahead. We can all get Debian’s patches as soon as they generate them and we can usually install the updates on running systems with no adverse consequences, like a re-re-reboot."

Moreover, in large corporations in particular, patching code internally is possible or even relying on third parties. Don't ever trust security at binary level, such as large blobs being sent that are supposedly 'patched' or some opaque board giving 'approval' before the running of a binary blob, mostly likely based on some cryptic signature approved by unknown people for unknown reasons (usually employees of companies that work with the NSA). Real security emanates from transparency, which breeds trust and provides to ability for one to study and patch one's own programs (or rely on others to do so using their specialised skills). ⬆

"Anyone wonder why the Microsoft SQL server is called the sequel server? Is that because no matter what version it's at there's always going to be a sequel needed to fix the major bugs and security flaws in the last version?"

--Unknown

March Plans for Techrights: next month we plan to start the series about how the SRA failed
Where Does the Solicitors Regulation Authority (SRA) Stand on Machine-Generated Legal Documents and Copy-pasting One Client's Lawsuit to Start Another (for American Serial Strangler)?: Now that many law firms cheat (copypasta, paper DOoS, LLM slop, breaches of rules, even defaming the other side) the SRA cannot keep up
Of Course Android is Not Free Software: That Android is not about freedom should not be so shocking
Talking About Blackboxes: Having just reposted a couple of articles from Alex Oliva
Microsoft Slop is Already Killing XBox: Microsoft will fail at alleviating such concerns
Two Weeks Have Passed and It Looks Like Conde Nast's Ars Sloppica Sacked "Senior" "AI" "Reporter" Benj Edwards But Did Not Remove All His LLM-Produced 'Articles': the editorial standards at Conde Nast's Ars Sloppica are a joke
Alex Oliva (GNU Linux-Libre): Stricter is Less Popular: Reprinted with permission from Alex Oliva
Fraud and Crimes at Microsoft: A lot of these American companies simply cheat and even bribe
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, February 25, 2026: IRC logs for Wednesday, February 25, 2026
FSF's Alex Oliva on Hardware Black Boxes: Reprinted with permission from Alex Oliva
What Microsoft Hides Underneath: In recent years a lot of this shell game was played via "Open" "AI" [sic]
A Lot of Slopfarms Died, Google News Feeds the Few Which Survived and Still Target "Linux": Many just simply died
Links 25/02/2026: Fifth Year of War in Ukraine, Dihydroxyacetone Man Looking to Start More Wars: Links for the day
Gemini Links 25/02/2026: Retired a Year, Illness, Losing a Lung, and "Back to Gemini": Links for the day
The Register MS Published a Ponzi Scheme-Boosting Fake Article This Morning. It Mentions "AI" 30 Times.: Will credibility be left after the bubble pops entirely?
They Try to Ruin Linux, Too ("Attestation" in GNU/Linux): In the context of Web browsers, this isn't unprecedented and we wrote a lot about it
Mozzarella Company: All Our Cheese Comes With Mold Now, But You Can Ask the Seller to Remove the Mold: If you reject and oppose slop, do not download/use Firefox
Stallman Was Right About Back Doors: I had some conversations with Dr. Stallman about security and back doors
Australian Signals Directorate ex-employee sold back doors to Russia: Reprinted with permission from Daniel Pocock
IBM Debt-Loading and Liability (Toxic Asset) Offloading: One can hope that IBM will be subjected to the same attention Kyndryl received, but this boils down to politics
Links 25/02/2026: 'Hybrid Warfare' and "Boycott the State of the Union": Links for the day
IBM (and Red Hat) Can Disappear in the Coming Years, Along With Kyndryl (Debt Twice as Big as Its 'Worth'): No wonder Red Hat workers tell us they hate IBM
Software Freedom is Science, But It Also Sustains Life: In some sense, Software Freedom can be explained in the context of nourishing people
“Xbox, like a lot of businesses that aren’t the core AI business, is being sunsetted.": There has been a lot of narrative control lately, including at 9PM on a Friday
3,300 Capsules Known to Lupa and Currently Accessible: Gemini Protocol turns 7 this summer
When it Comes to Firmware, the FSF and Its Founder RMS Won the Argument (But Not the Fight, Yet): The "whataboutism" tactics are physiological manipulation means of discouraging those who move in the correct direction
Austria Tackles Digital Weapon Disguised as "Social" and/or "Media": Are we seeing the end days of Social Control Media?
Nothing Over the Horizon for XBox: XBox is not even being sold in many places anymore
Solicitors Regulation Authority (SRA) Contradicting Itself: You Can Use Slop to Cheat Clients, But You Can Also Face Disciplinary Actions Over Slop: Where does the SRA stand on the matter?
In Praise of Eben Moglen: Hopefully Professor Moglen will be with us for many decades to come and become an active speaker on issues such as Software Freedom
Sunsetting IBM (for the Benefit of Few Corrupt Officials and Wall Street Speculators): IBM will not (and cannot) survive for much longer [...] The issue is bad leadership, not any particular nationality/race
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, February 24, 2026: IRC logs for Tuesday, February 24, 2026
Gemini Links 25/02/2026: Rise of Solar in 2025 and Smallnet Protocols: Links for the day
HR Blunder at IBM or IBM Struggling With Money?: Weird for such an allegedly rich company to be so stingy
Gemini Links 24/02/2026: x86 Computer In-Browser and Administration: Links for the day
Envy is the #1 Enemy of Richard Stallman: Whenever you see someone mocking Richard Stallman, ask yourself: does this person have a reason to be jealous of Richard Stallman?
Life is Sweeter When Less Means More: People need to think "small", not "big" (as in capital)
Championing a Cause: Probably over 100 million GNU/Linux users on laptops/desktops
Balmoral rape cult & Debian suicide cluster indifference, community: Reprinted with permission from Daniel Pocock
Father of XBox Says What Microsoft Does Not Want to Hear About XBox (They All Know It's Dead): Microsoft just worried shareholders will find out Sharma is "just a face" and an undertaker
Can Much Longer Can the Financial 'Press' (Pump-n-Dump Megaphone) Cheer for IBM's Accounting Enigma?: IBM has fallen almost 25%
France Needs to Focus on Software Freedom, Not Flags: We need more SIP advocacy!
Combatting Censorship in the "Civilised World": The Media Blackout Surrounding EPO Strikes and Other Large-Scale Actions: We - collectively speaking - cannot afford to keep the Office in the hands of a "Mafia"
Religious or Not, Consider Quitting Social Control Networks (All of Them) This Season: Lent is a good time to quit addiction such as social control media
EPO Strike Actions and Other Industrial Actions Are Effective When Management Fears the Staff and Staff No Longer Fears Any Managers: 'António the unready' should get ready to be ousted
Liberating the Self From the Invisible Prison of Plutocrats-Controlled Media and Social Control Media: Can you always see the full picture or does something (someone powerful) obstruct it?
Links 24/02/2026: Drug Cartel Decapitated, Jeffrey Epstein-Connected 'Linux' Foundation Promotes Slop and Buzzwords at MWC Barcelona 2026: Links for the day
2023: Layoffs Are Because of "AI". 2024: Shares Up Owing to "AI". 2025: Shares Recently Fell Due to "AI". 2026 Forbes (Paid by IBM): Shares Falling is Good!: "AI" is smoke and mirrors
Bitcoin: Code of Conduct stifled open source concerns: Reprinted with permission from Daniel Pocock
Slop Boosters and 'Hype Agents' Render Themselves Irrelevant and the General Public Becomes Incredulous Due to "Bros Who Cry Wolf!": It won't age well
"Half-baked Vibe Code Shipped Full of Errors": Seems timely after our latest article
IBM Did Not Fall Because of COBOL Vapourware, IBM Still Collapses Because It's Worthless, Way Overvalued, and Very Likely Cooks the Books: language-to-language conversion (in the context of programming) is nothing new
Links 24/02/2026: Copyright Litigation Over Anne Frank’s Diary, "Arrogance of Developers": Links for the day
Another New Low for Solicitors Regulation Authority (SRA): Authorising Slop Disguised as "Legal Advice": SRA is a lapdog - not a watchdog - of the "litigation industry"
EPO "Cocaine Communication Manager" - Part IV - "Many Jobs Were Given to Spanish Employees for No Related Skills At All": The EPO's fate might be similar to that of the XBox
Gemini Links 24/02/2026: Hardware Tinkering and Slop Bots Attacking the "Small Web": Links for the day
Quitting Reddit (Social Control Media Controlled by Conde Nast): There is a new post in Reddit
IBM is the World Champion at Layoffs and There Are Reportedly More Layoffs in IBM This Month (EU): IBM fired 60,000 in 1993
Free Software is for Everyone: Young and old, rich and poor etc.
Gemini Links 24/02/2026: Voltage Divider on Slide Rule and Many Raspberry Pi Projects: Links for the day
Links 24/02/2026: Telephone Turns 150, Political News Catchup, and Rearmament: Links for the day
Asha Sharma "a Palliative Care Doctor Who Slides Xbox Gently Into the Night": 2026 will probably be the last year of XBox
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, February 23, 2026: IRC logs for Monday, February 23, 2026

Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Recent Techrights' Posts