Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Dr. Roy Schestowitz

2015-01-09 17:27:48 UTC
Modified: 2015-01-09 17:27:48 UTC

Summary: Some blobs like Microsoft's Windows patches and the binary-level UEFI 'validation' do not and cannot provide real security, only insecurity in disguise

THE 'PROMISE' of UEFI 'secure' boot is as ludicrous as Microsoft's claims that it pursues security. UEFI does nothing real for security; in fact, it once again does the very opposite. Quoting the news:

A pair of security researchers have found a buffer overflow vulnerability within the implementation of the unified extensible firmware interface (UEFI) within the EDK1 project used in firmware development.

Bromium researcher Rafal Wojtczuk and MITRE Corp's Corey Kallenberg said the bug in the FSVariable.c source file was linked to a variable used to reclaim empty space on SPI flash chips.

According to other news, as told (spun) by a Microsoft booster.,"Microsoft's advance security notification service no longer publicly available". The booster says that "Microsoft is taking its Advance Notification Service private, claiming the change is due to changes in the way users want their advance security notifications." Microsoft sure tells the NSA about ways to hijack/wiretap Microsoft software, so it's a matter of privilege, not some company-wide policy.

How does the above serve users? It doesn't. This is about Microsoft, not users. Users will be left even more vulnerable. As Pogson correctly points out, "There are no Patch Tuesdays with Debian GNU/Linux so the bad guys are no further ahead. We can all get Debian’s patches as soon as they generate them and we can usually install the updates on running systems with no adverse consequences, like a re-re-reboot."

Moreover, in large corporations in particular, patching code internally is possible or even relying on third parties. Don't ever trust security at binary level, such as large blobs being sent that are supposedly 'patched' or some opaque board giving 'approval' before the running of a binary blob, mostly likely based on some cryptic signature approved by unknown people for unknown reasons (usually employees of companies that work with the NSA). Real security emanates from transparency, which breeds trust and provides to ability for one to study and patch one's own programs (or rely on others to do so using their specialised skills). ⬆

"Anyone wonder why the Microsoft SQL server is called the sequel server? Is that because no matter what version it's at there's always going to be a sequel needed to fix the major bugs and security flaws in the last version?"

--Unknown

EPO Union Leaders in Rijswijk Explain Where EPO Strikes Stand and How to Prepare for Next Week's: We have some revelations to share in a few days
Microsoft's "AI CEO" (Slop Propagandist) is Projecting, Many Microsoft "Jobs to be Replaced With All-Indian Low-Paid Staff in 12 Months": Windows is perishing
In Africa's Second-Largest Nation, Democratic Republic of the Congo (DRC), Opera 10 Times Bigger Than Firefox (and GNU/Linux Now at 5%): This will become an accessibility problem
Links 19/02/2026: "A.I.pocalypse" Inevitable and "Butlers to LLMs": Links for the day
An Inherently Royal (Monarchs') Legal System Where Size Matters (Big Capital Eats the Small): This reinforces the notion that justice is only for those who can afford it
These Statistics Should Keep Microsoft Shareholders Awake at Night: Windows is, in general (all versions collectively), declining over time
Economic Failure and Other Harsh Realities Have Nothing to Do With Slop 'Innovation': Advanced propaganda, not advanced 'AI' [...] They attack workers while insulting their intelligence
Spaniards Shutting Down MElon's Digital Weapon of "Smart Mobs": Are the Spanish people already acting based on gut feeling and shunning/shutting out the provocation vector?
Bitcoin: government engagement contradictions: Reprinted with permission from Daniel Pocock
Richard Stallman in the United States - Part II - "Haters Gonna Hate": we shall carry on with this series at the right pace
Typical! Solicitors Regulation Authority (SRA) Tells Victims of Fraud to Wait 10 Weeks: justice delayed is justice denied
statCounter: Only One in 350 Iranians Would Use Microsoft for Web Search: Microsoft is trying to fake "demand"
Slides Shown a Week Ago by the EPO's Staff Committee Ahead of the Second Very Large Strike: This coming weekend we'll drop a 'bombshell' of sorts
EPO "Cocaine Communication Manager" - Part II - Illegal Drug Addicts Mobbing the Wrong People, This Will Definitely Backfire: This year may well be the last year of Team Campinos. Nobody will hire them after that.
Mass Layoffs (But Silent Layoffs) Still Happening in IBM, You Need Only Look Closely (There Are NDAs, PIPs, 'Early Retirement' Sweeteners and IBM - Like Microsoft - Skirts the WARN Act): the layoffs are definitely happening
Very Little Slop: We are not finding much slop anymore
Links 19/02/2026: Illegal Kangaroo Court for Patents Attracts Aggressive Firms, Public Domain Review Grows: Links for the day
Gemini Links 19/02/2026: Taxing the Rich, Raspberry Pi 4 Tinkering: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, February 18, 2026: IRC logs for Wednesday, February 18, 2026
Links 18/02/2026: DMCA Weakened, Anna’s Archive Still Thriving: Links for the day
Links 18/02/2026: Gig 'Economy' Condemned, Microsoft Insulting/Stressing People With False Slop Predictions: Links for the day
Twitter Falling to 1% in Africa's Largest Nation (Algeria): About 15 years ago the regime in Egypt got toppled (and others had been too) partly because of social control media such as Twitter
"How Many Friends Do You Have?": "Do bots count?" "Friends in Facebook?" "Does a girlfriend chatbot count as a friend?"
Solicitors Regulation Authority (SRA) Responds to Crises Only After It's Way Too Late: The SRA does not do its job. The new chief's job is face-saving PR in the media.
The Techrights Team Makes the Platform Faster: The infrastructure is already fast
Mozilla Firefox Died in Afghanistan: Mozilla has been a complete disaster
Gemini Links 18/02/2026: Astronomy and Texinfo: Links for the day
Are IBM CEO and IBM CFO Ready for Financial Audit That Topples the Shares by 50% in One Day?: The same "chefs" that cooked up Kyndryl Holdings Inc are still in charge of the IBM kitchen
France Does Not Need Digital Weapons Disguised as Social and as Media: French people lost interest in Social Control 'Media' (or Networks)
"Senior AI Reporter" at Slop Technica/Ars Sloppica Has Written Nothing in Nearly a Week, Did Conde Nast Suspend Him for Fake Articles With Fake Quotes?: Slop Technica/Ars Sloppica is having a serious credibility issue right now
Linux Foundation Puts Slop Images, Not Just Slop Text, in Linux.com: More of the same then
The Register MS Paid-for 'Articles' (Ads) Seem to be LLM Slop Again: If it's true that The Register MS is resorting to these marketing tactics, will they later delete the evidence (as they did months ago)?
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, February 17, 2026: IRC logs for Tuesday, February 17, 2026
Microsoft Had Mass Layoffs Every Month Last Year, This Year It's Delaying a Lot to "Prove" Rumours That Crashed Its Stock... 'Wrong': Building a bigger snowball for later
Red Hat Is Not a Company Anymore, Amid Bluewashing and Mass Layoffs It's Merely IBM "Division" or "Brand" or "Product": systemd at this point is sort of like IBM/Microsoft thing
IBM suffers "worst weekly drop in six years", Microsoft's MSN calls it "buying opportunity": Ask Cramer what to do
Still Some Slopfarms in View, Sometimes Targetting "Linux": That's a total of at least 4 in Google News today, coming from 3 sources
Gemini Links 17/02/2026: 3D-Printed Stainless Steel Smartwatch and Gopher Bay Offline: Links for the day
Links 17/02/2026: Machine Rage and Microsoft Kills XBox Social Clubs: Links for the day
EPO "Productivity" Will Fall Off a Cliff If Examiners Stick to the European Patent Convention (EPC) and Follow the Real Rules: The EPO's "Cocaine Communication Manager" would hate to see the next "productivity" metrics
The Problem is Not Technology, the Problem is Really Bad Things Sold or Imposed as "Tech" (Like a Religion Built Around Technology): Don't hate technology, hate the corporations that abuse it to promote coercion, exploitation etc.
Resisting IBM and EPO Corruption: Rise up against EPO dictatorship next week
Where Slop Meets Ghostwriting: It's a False Analogy: It's a false analogy
Links 17/02/2026: Why OpenClaw is Very Sleazy and Ars Technica Exposed as Hub of LLM Slop (Credibility Destroyed Overnight): Links for the day
Benj Edwards (Ars Technica) Used Fake Articles to Promote Ponzi Scheme for Conde Nast and Its Client (Marketing): What Ars Technica and Conde Nast do here helps defraud the general public
Slop Technica: Ars Technica Seems Like Repeat Offender, a Part-Time Slopfarm: The culprits are repeat offenders, but the publisher will never admit this in public
Only One in 50 Saudis Would Use Microsoft for Search, Almost Same as Would Use Russia's Yandex: If statCounter is to be trusted
Microsoft's "AI" Concerns Are All Indian (or Low-Paid Workers Who Work Extra Hours Unpaid): portraying charlatans and frauds like they're some kind of visionaries and luminaries
Microsoft Turned Bing Into Censorship Machine of China, But Bing Is Pegged at a Mere 2% in Asia, Yandex is Bigger: Expect many Bing layoffs some time soon (like in past years)
Just Like The Register MS, Conde Nast's Ars Technica Has Just Publicly Admitted That It Published Fake Articles (Slop) Made by LLMs About Serious Subjects: Conde Nast might shut Ars Technica down to escape the bad publicity/association
Solicitors Regulation Authority (SRA) Way Too Slow to Respond to Financial Fraud at Law Firms, in Effect Helping Those Law Firms Defraud Many More People (Fleecing Clients): Who will hold the SRA accountable for this?
Techrights Became a Hub for News That IBM/Red Hat Doesn't Want You to See (and Pays Mainstream Media to Distract From): the more viciously the notorious organisation attacks the reporter, the greater the interest in what the reporter has to say
EPO's Central Staff Committee on Fourth Technical Meeting, Two Days Before First of (At Least) 4 Winter Strikes at the Second-Largest European Institution: “future orientations on the salary adjustment procedure”
IBM's Collapse Continues, Half of EU Countries to Have Mass Layoffs, "IBM Clearly Disinvests From Europe" Says IBM European Works Council: Recent publication
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, February 16, 2026: IRC logs for Monday, February 16, 2026
Gemini Links 17/02/2026: Alpenglow Industries' Closure and Gemini Server Issues: Links for the day

Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Recent Techrights' Posts