Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Dr. Roy Schestowitz

2015-01-09 17:27:48 UTC
Modified: 2015-01-09 17:27:48 UTC

Summary: Some blobs like Microsoft's Windows patches and the binary-level UEFI 'validation' do not and cannot provide real security, only insecurity in disguise

THE 'PROMISE' of UEFI 'secure' boot is as ludicrous as Microsoft's claims that it pursues security. UEFI does nothing real for security; in fact, it once again does the very opposite. Quoting the news:

A pair of security researchers have found a buffer overflow vulnerability within the implementation of the unified extensible firmware interface (UEFI) within the EDK1 project used in firmware development.

Bromium researcher Rafal Wojtczuk and MITRE Corp's Corey Kallenberg said the bug in the FSVariable.c source file was linked to a variable used to reclaim empty space on SPI flash chips.

According to other news, as told (spun) by a Microsoft booster.,"Microsoft's advance security notification service no longer publicly available". The booster says that "Microsoft is taking its Advance Notification Service private, claiming the change is due to changes in the way users want their advance security notifications." Microsoft sure tells the NSA about ways to hijack/wiretap Microsoft software, so it's a matter of privilege, not some company-wide policy.

How does the above serve users? It doesn't. This is about Microsoft, not users. Users will be left even more vulnerable. As Pogson correctly points out, "There are no Patch Tuesdays with Debian GNU/Linux so the bad guys are no further ahead. We can all get Debian’s patches as soon as they generate them and we can usually install the updates on running systems with no adverse consequences, like a re-re-reboot."

Moreover, in large corporations in particular, patching code internally is possible or even relying on third parties. Don't ever trust security at binary level, such as large blobs being sent that are supposedly 'patched' or some opaque board giving 'approval' before the running of a binary blob, mostly likely based on some cryptic signature approved by unknown people for unknown reasons (usually employees of companies that work with the NSA). Real security emanates from transparency, which breeds trust and provides to ability for one to study and patch one's own programs (or rely on others to do so using their specialised skills). ⬆

"Anyone wonder why the Microsoft SQL server is called the sequel server? Is that because no matter what version it's at there's always going to be a sequel needed to fix the major bugs and security flaws in the last version?"

--Unknown

Links 24/12/2025: US TACOs on "China Chip Tariffs Until 2027", Russian Snickers in U.K. Convenience Shops: Links for the day
Sounds Like Microsoft 'Open' 'AI' (Slop) Ran Out of Money to Borrow: Maybe in 2026 slop will be scarce enough that eventually, maybe by year's end, we'll manage to just ignore it.
In India, Staff Works on Christmas Eve, Becomes Unemployed (Last Day): The company fires based on how "expensive" workers are more often than based on their productivity
Links 24/12/2025: Cheeto President "Accused of Rape in Jeffrey Epstein Files", Windows to be Replaced by Slop?: Links for the day
Gemini Links 24/12/2025: Tea, Love During Pain, and Gaming This Year: Links for the day
GAFAM is a Bubble, Nothing is Free in This World: Nothing is free in the world
My New CD Player/Stereo Didn't Even Last a Year, My CD Player/Stereo From the Early 1990s Still Works: That helped reaffirm what I said in recent years about production/manufacturing standards of "modern" things
GitHub Isn't Free, Microsoft Subsidises It (Losses) to Entrap You Inside Proprietary Software, Now Come the Fees: GitHub was never free
XBox Console is Dead, "Microsoft is Rethinking What XBox is": So XBox is now "cloud"
IBM SkillsBuild: Teaching Slop to People: What skills does that give? Making more slopfarms?
Maybe 2026 Will be the Last Year of António Campinos: Europe's patent system is run by thugs and it serves thugs
2025: The Year LLM Slop Rose to Prominence and Then Fell: the slop hype is bound to end
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 23, 2025: IRC logs for Tuesday, December 23, 2025
Links 24/12/2025: Spotify Surveillance and Shadow Over Rule of Law in Hong Kong: Links for the day
A Good End for a Fine Year: Today we saw some pleasant news online about the growth of GNU/Linux and more perils impacting Windows and XBox
Serial Sloppers Lost Momentum, Sites With "Linux" in Their Name Barely Bother Anymore: Will 2026 be the year slopfarms jump the shark?
Gemini Links 23/12/2025: Hydraulic Pressure Balance and mercury://: Links for the day
Gemini Links 23/12/2025: "The sun is shinning" and "problem in the Butlerian Jihad setup": Links for the day
Links 23/12/2025: "Over 8,700 News Articles Censored in Turkey in 2024" and "Photos Are Being Deleted From the Epstein Files": Links for the day
Techrights as 'Regulator' Against Runaway Trains: "Runaway trains" never scared us because we know that they, unlike us, don't think rationally
Links 23/12/2025: That ‘Satisfying Click’ and Security Lapses, Car Bomb Kills Russian Lieutenant General Fanil Sarvarov: Links for the day
Links 23/12/2025: GNU Taler 1.3, US Regime Censors Television Again: Links for the day
Valve Can Bring More Users to GNU/Linux, But It Won't Bring Freedom: Steam is DRM
Social Control Media is Bots (Fake Traffic, Fake 'Engagement'): As per FORTUNE, 76% of Twitter is alleged to be bots now
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, December 22, 2025: IRC logs for Monday, December 22, 2025
How the Slop (So-called 'AI') Bubble Will Burst Next Year: There are already talks about mass layoffs in January
"Generative AI Bubble Has Begun to Pop", Nvidia Rides “Circular Financing... a Strategy That Hearkens Back to the Dot-com Crisis”: For companies like Microsoft this may mean another 30,000+ layoffs next year
Microsoft-Connected Media Talking About XBox Division "Profit Margins" is Distraction From XBox Sales Collapsing 70% in One Year: The simple fact is, Microsoft's console is dead in the water
The Reality is "Vibe Code" (Slop) is That It's Worthless: “Confidently Wrong”
British Web Developers Can Probably Ignore Firefox Users (Based on US Standards): Mozilla has managed to piss off enough people
On the 'Digital Gulag' of 'Secure Boot' and Microsoft Disguising Its Attacks on Users as "Security": Dr. Andy Farnell has this new article
Slopfarms Can Only Survive in Google News, Which is Still Promoting Them: Google News promoted only 3 slopfarms today
Gemini Links 22/12/2025: Films, Creativity vs. Consumption, Slop in YouTube: Links for the day
Microsoft XBox Losing Money, Layoffs and Studio Shutdowns (As Well as Price Hikes) Not the Solution: Microsoft does not quite talk about profits
"Major [IBM] Reductions Will Take Place Soon in Rochester MN": Maybe that's just the latest office gossip
Links 22/12/2025: Data Breaches, deterioration in Politics, and Geminispace: Links for the day
Links 22/12/2025: North Korean Applicants Target GAFAM (Amazon), ‘Orwellian Climate of Fear’ of CPC (Even Outside China): Links for the day
More IBM Layoffs in India: It's not as simple as "laid off to be replaced by an Indian"
GAFAM Deeply Connected to Jeffrey Epstein, Richard Stallman (RMS) in No Way Connected to Jeffrey Epstein: people who hoarded all the capital get to decide what people think and say
Linus Torvalds Has a Birthday This Coming Weekend, Thankfully He Still Controls His Main Project: GNU and Linux should remain under their control as long as they live
Mozilla is Getting Attention for All the Wrong Reasons, Take a Look at LibreWolf: Just last week Mozilla added a new top-level manager who (as usual) came from a "tech giant"
When Conformism Means Capitulation and Defeat: In an age of injustices like these, we all have some kind of moral obligation not to be conformist.
Text is Still King: But the so-called 'industry' insists that we should download 10 MB of objects from multiple domains... even just to read 5-10 paragraphs of text
Links 22/12/2025: Facebook "Testing $14.99 Monthly Subscription Fee to Post Links" and "Middle East Petrostates as American Media Owners": Links for the day
Beyond the World Wide Web (WWW): We continue to treat Gemini Protocol as a first-class citizen
Serbia: GNU/Linux Rises, Windows Down to All-Time Lows: According to statCounter
"Wrestling With Pigs": "Never wrestle with a pig. You both get dirty, and the pig likes it."
Productive Year and Better Access to Techrights' Archives Going Back to 2006: we've long needed and wanted native, local, independent search facilities
Linux Abandoned by Linux Foundation: It speaks for Microsoft and for so-called 'AI' companies
Microsoft Has Practically Given Up on XBox Already: Expect many XBox related layoffs when 2026 starts (Q1)
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, December 21, 2025: IRC logs for Sunday, December 21, 2025
"Today's [Red Hat] is run by a cabal of vultures.": it seems safe to assume Red Hat too will languish away
Microsoft Layoffs in 2026 Can be Bigger Than 2025 Microsoft Layoffs (30,000+ Workers Laid Off): "Is there going to be any reorg or Microsoft layoffs?"
Gemini Links 21/12/2025: Solstice, Chaos of CSS, and Program Interpreter Fun: Links for the day
The Free Software Foundation (FSF) Represents People, Not Corporations: FSF isn't in the "business" of appeasing oligarchs

Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Recent Techrights' Posts