Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Dr. Roy Schestowitz

2015-01-09 17:27:48 UTC
Modified: 2015-01-09 17:27:48 UTC

Summary: Some blobs like Microsoft's Windows patches and the binary-level UEFI 'validation' do not and cannot provide real security, only insecurity in disguise

THE 'PROMISE' of UEFI 'secure' boot is as ludicrous as Microsoft's claims that it pursues security. UEFI does nothing real for security; in fact, it once again does the very opposite. Quoting the news:

A pair of security researchers have found a buffer overflow vulnerability within the implementation of the unified extensible firmware interface (UEFI) within the EDK1 project used in firmware development.

Bromium researcher Rafal Wojtczuk and MITRE Corp's Corey Kallenberg said the bug in the FSVariable.c source file was linked to a variable used to reclaim empty space on SPI flash chips.

According to other news, as told (spun) by a Microsoft booster.,"Microsoft's advance security notification service no longer publicly available". The booster says that "Microsoft is taking its Advance Notification Service private, claiming the change is due to changes in the way users want their advance security notifications." Microsoft sure tells the NSA about ways to hijack/wiretap Microsoft software, so it's a matter of privilege, not some company-wide policy.

How does the above serve users? It doesn't. This is about Microsoft, not users. Users will be left even more vulnerable. As Pogson correctly points out, "There are no Patch Tuesdays with Debian GNU/Linux so the bad guys are no further ahead. We can all get Debian’s patches as soon as they generate them and we can usually install the updates on running systems with no adverse consequences, like a re-re-reboot."

Moreover, in large corporations in particular, patching code internally is possible or even relying on third parties. Don't ever trust security at binary level, such as large blobs being sent that are supposedly 'patched' or some opaque board giving 'approval' before the running of a binary blob, mostly likely based on some cryptic signature approved by unknown people for unknown reasons (usually employees of companies that work with the NSA). Real security emanates from transparency, which breeds trust and provides to ability for one to study and patch one's own programs (or rely on others to do so using their specialised skills). ⬆

"Anyone wonder why the Microsoft SQL server is called the sequel server? Is that because no matter what version it's at there's always going to be a sequel needed to fix the major bugs and security flaws in the last version?"

--Unknown

IBM Reduces the Thresholds for Acceptance (and the Salaries): Are chatbots good enough as IBM staff?
When It Comes to Rust, Keep All the Eyes on the Ball (Technical and Legal Perils, Sustainability Questions): It's not about security or politics
Social Control Media is Just a Digital Weapon: Social control media is not social and not media
Links 16/02/2026: Barack Obama Responds to Racist Cheeto and Benjamin Mako Hill Studies Online Communities: Links for the day
Gemini Links 16/02/2026: Task Completed by Avoidance and "Playing Again With Akkoma": Links for the day
Happy Birthday (or Anniversary) to SoylentNews: "Happy Birthday SoylentNews"
Techrights' Architecture: Stability is the main goal
Linux Foundation Continues Falling Off a Cliff in Geminispace: Gemini Protocol will turn 7 this summer
Links 16/02/2026: cURL’s Daniel Stenberg Asserts That Slop is DDoSing Free Software, But Still Uses a Plagiarism and GPL-Violating Blender (Microsoft GitHub): Links for the day
The Techrights Community Never Needed Money, Only Goodwill: We accomplish things by a track record of suppressed facts
"AboutCode" is a Microsoft Proxy and Microsoft's Acquisition of the OSI Advances Via OSI Moles: presenting direct evidence anybody can verify
They Will Call Smart People "Luddites": Is society "seeing the light"?
Microsoft Amutable Already Reveals That Its Focus Is Not Linux, It'll Promote "Remote Attestation": This is basically an attack on Software Freedom, even if they toss around the brand "Linux"
More People in Chad Move to GNU/Linux: Last year we began to see GNU/Linux rising there - a trend which continues this year
Dr. Andy Farnell on How Universities and Culture of Education Got Crushed by "Technofascist Nightmare": Farnell says he "already soft-quit in [his] mind"
Debt of Broadcom Grew by More Than 50%, Broadcom is Deeper in Debt Than Google: Expect many more cuts
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, February 15, 2026: IRC logs for Sunday, February 15, 2026
Links 15/02/2026: Slop, Politics, and Gemini: Links for the day
Small is Beautiful (in Cascading Style Sheets/Inheritance Rules): If done correctly, pages can take a tenth of a second to fully load
Microsoft Has Fallen to New Lows in Hong Kong This Year: That Windows "market share" falls there is perhaps expected
Free Software Foundation (FSF) Raised About 1.5 Million Dollars This Winter, Almost 50% More Than in All of 2024 Combined: Verbal advocacy goes a long way
Spread the Word About EPO Strikes and Patent Injustices in Europe: Corruption in Europe is a real thing
The Register MS is Promoting Slop, Promotion Connected to Microsoft (Trying to Replace Judges With Microsoft): marketing spun as "science"
He Did Not Have Enough Souls: A lot of the subjects we cover here no other site dares touch
"Mix Vale" is a Slopfarm: 3 "articles" about "ubuntu"
Links 15/02/2026: Roy Medvedev Dead at 100, Rise of "YouTube Politicians": Links for the day
Links 15/02/2026: How Alexey Navalny Was Executed by Putin, Erdogan Helping Iran: Links for the day
IBM Fedora Keeps Promoting Slop, Red Hat Has Been Turned Into Chaff and Trash to Help IBM's Stock (With "AI" Storytelling): Red Hat's Fedora is an old brand (20+ years). It no longer stands for what it meant to people in the Fedora Core days (I was a Fedora user back then).
What IBM Said About 2026 Layoffs and What's Happening in Practice: t'll leave IBM at the very bottom, in due course (customers will notice something profound has changed)
Gemini Links 15/02/2026: "Already Midway February" and Loadbars Remembered: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, February 14, 2026: IRC logs for Saturday, February 14, 2026
Microsoft's Bing Down to 0.5% in Armenia: Microsoft does not want shareholders to see this
Libel by Bots: Unexplored Legal Area?: Liability can be traced back to the operator
Maybe Obvious, But Merits Repeating: A Lot of "Demand" for Slop is Faked, Manufactured, Fabricated by Dark Patterns, Bundling, Media PR (Deception/Hype) Campaigns: Over the past few years many products and services got rebranded as "AI"
xAI and X (Twitter) Live on Borrowed Time, It'll Get a Lot Worse Fast: Being associated with a child porn site formerly known as "Twitter" is odorous to say the least
Microsoft is Lobbying Brussels via Opensource.org and OSI: The new (GAFAM) management at OSI is not serving the OSI's original mission
Will Lockett's Newsletter: Microsoft became Microslop and Windows users are "flocking" to GNU/Linux "to escape the mess": "Users are fed up and jumping ship from Windows to Mac or Linux. In fact, it appears that Windows has lost 400 million users since 2022!"
Photographic Collections: There are going to be over 100,000 JPEG, PNG, and GIF files by the time we turn 20
Norway Curbs Social Control Media as It Harms Norway's Society: A decrease from 11% to just 1.87% is possible to reason about
Accomplishments of Our Community: Why I enjoy writing in Techrights
Microsoft Invented a Slop CEO ("AI CEO") Because Real Interest in Slop is Waning, So It's Just Faking Its Prominence: It's noise
Google Promoting Slop, Not Journalism: The truth of the matter is, Google is part of this problem and it doesn't seem to care
Another IBM Company (Spawned by IBM) is Hiding the Scale of Layoffs, Just Like Red Hat and Kyndryl: Why is the scale of the layoffs there shrouded in secrecy?
Links 14/02/2026: Financial Woes in Hong Kong and "Hong Kong Journalists Face ‘Precarious’ Future After Jimmy Lai Jailed": Links for the day
Gemini Links 14/02/2026: Fish Shell and Meta Slash-commands: Links for the day
Links 14/02/2026: "Bias and Toxicity in" Slop, Microsoft's Vista 11 System Update Breaks Systems Again: Links for the day
Links 14/02/2026: "Suppression of Free Speech" and "Climate Change Puts Winter Games on Thin Ice": Links for the day
EPO "Cocaine Communication Manager" - Part I - Getting the Word Out About What the 'Alicante Mafia' Did to Europe's Second-Largest Institution: Can't everyone in the European media agree that letting cokeheads run Europe's second-largest institution is a terrible idea?
Richard Stallman in the United States - Part I - Huge Audience (Offline and Online), 'Cancel Culture' Attempted and Failed: the comeback of Richard Stallman (RMS) in the United States
GitHub Cannot Survive for Much Longer: Microsoft is trying to just hide the debt
Ed Zitron: Microsoft Is A Decaying Empire That Bet The Future On Making In Excess Of $500 Billion In New Revenue Within The Next 4 To 6 Years From AI — And It Hasn’t Made A Dime In Profit Yet: Microsoft bets its future on a bunch of nothing
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, February 13, 2026: IRC logs for Friday, February 13, 2026
Gemini Links 14/02/2026: "Throwback VR Headset" and OFFLFIRSOCH 2026: Links for the day

Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Recent Techrights' Posts