Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Dr. Roy Schestowitz

2015-01-09 17:27:48 UTC
Modified: 2015-01-09 17:27:48 UTC

Summary: Some blobs like Microsoft's Windows patches and the binary-level UEFI 'validation' do not and cannot provide real security, only insecurity in disguise

THE 'PROMISE' of UEFI 'secure' boot is as ludicrous as Microsoft's claims that it pursues security. UEFI does nothing real for security; in fact, it once again does the very opposite. Quoting the news:

A pair of security researchers have found a buffer overflow vulnerability within the implementation of the unified extensible firmware interface (UEFI) within the EDK1 project used in firmware development.

Bromium researcher Rafal Wojtczuk and MITRE Corp's Corey Kallenberg said the bug in the FSVariable.c source file was linked to a variable used to reclaim empty space on SPI flash chips.

According to other news, as told (spun) by a Microsoft booster.,"Microsoft's advance security notification service no longer publicly available". The booster says that "Microsoft is taking its Advance Notification Service private, claiming the change is due to changes in the way users want their advance security notifications." Microsoft sure tells the NSA about ways to hijack/wiretap Microsoft software, so it's a matter of privilege, not some company-wide policy.

How does the above serve users? It doesn't. This is about Microsoft, not users. Users will be left even more vulnerable. As Pogson correctly points out, "There are no Patch Tuesdays with Debian GNU/Linux so the bad guys are no further ahead. We can all get Debian’s patches as soon as they generate them and we can usually install the updates on running systems with no adverse consequences, like a re-re-reboot."

Moreover, in large corporations in particular, patching code internally is possible or even relying on third parties. Don't ever trust security at binary level, such as large blobs being sent that are supposedly 'patched' or some opaque board giving 'approval' before the running of a binary blob, mostly likely based on some cryptic signature approved by unknown people for unknown reasons (usually employees of companies that work with the NSA). Real security emanates from transparency, which breeds trust and provides to ability for one to study and patch one's own programs (or rely on others to do so using their specialised skills). ⬆

"Anyone wonder why the Microsoft SQL server is called the sequel server? Is that because no matter what version it's at there's always going to be a sequel needed to fix the major bugs and security flaws in the last version?"

--Unknown

The Problem is Not Technology, the Problem is Really Bad Things Sold or Imposed as "Tech" (Like a Religion Built Around Technology): Don't hate technology, hate the corporations that abuse it to promote coercion, exploitation etc.
Resisting IBM and EPO Corruption: Rise up against EPO dictatorship next week
Where Slop Meets Ghostwriting: It's a False Analogy: It's a false analogy
Slop Technica: Ars Technica Seems Like Repeat Offender, a Part-Time Slopfarm: The culprits are repeat offenders, but the publisher will never admit this in public
Where Microsoft's Bing Cannot Even Reach 1% "Market Share": Looking at "I" countries
Links 16/02/2026: Barack Obama Responds to Racist Cheeto and Benjamin Mako Hill Studies Online Communities: Links for the day
EPO "Productivity" Will Fall Off a Cliff If Examiners Stick to the European Patent Convention (EPC) and Follow the Real Rules: The EPO's "Cocaine Communication Manager" would hate to see the next "productivity" metrics
Links 17/02/2026: Why OpenClaw is Very Sleazy and Ars Technica Exposed as Hub of LLM Slop (Credibility Destroyed Overnight): Links for the day
Benj Edwards (Ars Technica) Used Fake Articles to Promote Ponzi Scheme for Conde Nast and Its Client (Marketing): What Ars Technica and Conde Nast do here helps defraud the general public
Only One in 50 Saudis Would Use Microsoft for Search, Almost Same as Would Use Russia's Yandex: If statCounter is to be trusted
Microsoft's "AI" Concerns Are All Indian (or Low-Paid Workers Who Work Extra Hours Unpaid): portraying charlatans and frauds like they're some kind of visionaries and luminaries
Microsoft Turned Bing Into Censorship Machine of China, But Bing Is Pegged at a Mere 2% in Asia, Yandex is Bigger: Expect many Bing layoffs some time soon (like in past years)
Just Like The Register MS, Conde Nast's Ars Technica Has Just Publicly Admitted That It Published Fake Articles (Slop) Made by LLMs About Serious Subjects: Conde Nast might shut Ars Technica down to escape the bad publicity/association
Solicitors Regulation Authority (SRA) Way Too Slow to Respond to Financial Fraud at Law Firms, in Effect Helping Those Law Firms Defraud Many More People (Fleecing Clients): Who will hold the SRA accountable for this?
Techrights Became a Hub for News That IBM/Red Hat Doesn't Want You to See (and Pays Mainstream Media to Distract From): the more viciously the notorious organisation attacks the reporter, the greater the interest in what the reporter has to say
EPO's Central Staff Committee on Fourth Technical Meeting, Two Days Before First of (At Least) 4 Winter Strikes at the Second-Largest European Institution: “future orientations on the salary adjustment procedure”
IBM's Collapse Continues, Half of EU Countries to Have Mass Layoffs, "IBM Clearly Disinvests From Europe" Says IBM European Works Council: Recent publication
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, February 16, 2026: IRC logs for Monday, February 16, 2026
Gemini Links 17/02/2026: Alpenglow Industries' Closure and Gemini Server Issues: Links for the day
The Southern California Linux Expo (“SCALE”) or SCALE 23x Becomes Microsoft: It's not supporting the event, it is buying it.
Microsoft to Focus on Name-Dropping Buzzwords to Distract From Declining Business, IBM RAs (Layoffs) With Staff Stack-Ranked: Calling everything cloud or reclassifying as "AI"
Another EPO Strike One Week From Now, Local Staff Committee Munich to Discuss It This Week: Campinos MIA while Office staff goes on strike at least 4 times
Gemini Links 16/02/2026: Task Completed by Avoidance and "Playing Again With Akkoma": Links for the day
Happy Birthday (or Anniversary) to SoylentNews: "Happy Birthday SoylentNews"
Techrights' Architecture: Stability is the main goal
IBM Reduces the Thresholds for Acceptance (and the Salaries): Are chatbots good enough as IBM staff?
When It Comes to Rust, Keep All the Eyes on the Ball (Technical and Legal Perils, Sustainability Questions): It's not about security or politics
Linux Foundation Continues Falling Off a Cliff in Geminispace: Gemini Protocol will turn 7 this summer
Links 16/02/2026: cURL’s Daniel Stenberg Asserts That Slop is DDoSing Free Software, But Still Uses a Plagiarism and GPL-Violating Blender (Microsoft GitHub): Links for the day
The Techrights Community Never Needed Money, Only Goodwill: We accomplish things by a track record of suppressed facts
"AboutCode" is a Microsoft Proxy and Microsoft's Acquisition of the OSI Advances Via OSI Moles: presenting direct evidence anybody can verify
Social Control Media is Just a Digital Weapon: Social control media is not social and not media
They Will Call Smart People "Luddites": Is society "seeing the light"?
Microsoft Amutable Already Reveals That Its Focus Is Not Linux, It'll Promote "Remote Attestation": This is basically an attack on Software Freedom, even if they toss around the brand "Linux"
More People in Chad Move to GNU/Linux: Last year we began to see GNU/Linux rising there - a trend which continues this year
Dr. Andy Farnell on How Universities and Culture of Education Got Crushed by "Technofascist Nightmare": Farnell says he "already soft-quit in [his] mind"
Debt of Broadcom Grew by More Than 50%, Broadcom is Deeper in Debt Than Google: Expect many more cuts
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, February 15, 2026: IRC logs for Sunday, February 15, 2026
Links 15/02/2026: Slop, Politics, and Gemini: Links for the day
Small is Beautiful (in Cascading Style Sheets/Inheritance Rules): If done correctly, pages can take a tenth of a second to fully load
Microsoft Has Fallen to New Lows in Hong Kong This Year: That Windows "market share" falls there is perhaps expected
Free Software Foundation (FSF) Raised About 1.5 Million Dollars This Winter, Almost 50% More Than in All of 2024 Combined: Verbal advocacy goes a long way
Spread the Word About EPO Strikes and Patent Injustices in Europe: Corruption in Europe is a real thing
The Register MS is Promoting Slop, Promotion Connected to Microsoft (Trying to Replace Judges With Microsoft): marketing spun as "science"
He Did Not Have Enough Souls: A lot of the subjects we cover here no other site dares touch
"Mix Vale" is a Slopfarm: 3 "articles" about "ubuntu"
Links 15/02/2026: Roy Medvedev Dead at 100, Rise of "YouTube Politicians": Links for the day
Links 15/02/2026: How Alexey Navalny Was Executed by Putin, Erdogan Helping Iran: Links for the day
IBM Fedora Keeps Promoting Slop, Red Hat Has Been Turned Into Chaff and Trash to Help IBM's Stock (With "AI" Storytelling): Red Hat's Fedora is an old brand (20+ years). It no longer stands for what it meant to people in the Fedora Core days (I was a Fedora user back then).
What IBM Said About 2026 Layoffs and What's Happening in Practice: t'll leave IBM at the very bottom, in due course (customers will notice something profound has changed)
Gemini Links 15/02/2026: "Already Midway February" and Loadbars Remembered: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, February 14, 2026: IRC logs for Saturday, February 14, 2026

Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Recent Techrights' Posts