Bonum Certa Men Certa

Microsoft and Its Boosters Worsen Linux Security

posted by Roy Schestowitz on Dec 01, 2023

The circus goes on and on. Latest:

UEFI flaws allow bootkits to pwn potentially hundreds of devices using images: Secure? But whose standards?

Hundreds of consumer and enterprise devices are potentially vulnerable to bootkit exploits through unsecured BIOS image parsers.

Security researchers have identified vulnerabilities in UEFI system firmware from major vendors which they say could allow attackers to hijack poorly maintained image libraries to quietly deliver malicious payloads that bypass Secure Boot, Intel Boot Guard, AMD Hardware-Validated Boot, and others.

Dubbed "LogoFail," we're told the set of vulnerabilities allows attackers to use malicious image files that are loaded by the firmware during the boot phase as a means of quietly delivering payloads such as bootkits.

The vulnerabilities affect the image parsing libraries used by various firmware vendors, most of which are exposed to the flaws, according to the researchers at Binarly.

Image parsers are firmware components responsible for loading logos of vendors, or workplaces in cases where work-issued machines are configured to do so, flashing them on the display as the machine boots.

THE article above was shared just moments ago in IRC (by Sompi). It's yet another one of many such revelations and incidents. It's important to distinguish real, inherent security (auditable, reproducible, small and simple enough to exhaustively traverse and learn) from marketing junk and junk science. One need not go far back in time (just over a week) to grasp perils of Windows and shortcomings of fingerprint biometrics - i.e. quasi-futuristic security theatrics and gimmicks.

Where does this end? What happened to proper engineering?

The Microsofters like to break things and block Linux from booting and installing. Of course they call this whole charade "security" and anyone who questions their motives is "against security" or "homophobic" or something to that effect... so do not ever criticise what they do. Questioning Microsoft is an act of intolerance and disregard for the supposed needs of "Big Users" of Linux...

It should be noted that Microsoft's Poettering is pushing similar things and worse via systemd (even TPM). We covered this before. It'll get worse over time. As one reader put it some hours ago: "The Poettering-driven merge of /usr/bin and /bin is going to cause a tremendous amount of further damage to both the technological base as well as the community and add a lot of unnecessary effort."

This reader moreover cited "The collapse of Debian" - an ongoing discussion that relates to the above. And "there is a good three-point summary further down on the first page," this reader said, though to quote the top part: "Fedora and Ubuntu has nothing on what Debian was, and Debian is no longer what it was. We no longer have in our midst that which we used to have, and now more than ever need."

Almost all my machines run Debian and I heard that Debian 12 can be tough on some desktops/laptops. Heck, this site's server runs Debian 12, but so far no major issue. 4 Debian Developers have been added in 2 months, so one can hope the project can survive and thrive in an age when both IBM and Canonical push Microsoft agenda.

While GNU/Linux usage sure is increasing [1, 2], both in homes and businesses, the freedom of it is being compromised and security intentionally sabotaged (hence, many consider or move to BSD). It's rapidly becoming yet another back-doored platform that is vulnerable enough to be deemed "enterprise-ready" by the likes of the NSA.

Other Recent Techrights' Posts

In Defence of Physical Tickets
Tickets are not some "app" and not some "code" on some "screen"
Microsoft Layoffs Not Limited to XBox (False Narrative in the Mainstream Media)
Microsoft is becoming less relevant and workforce reductions won't end any time soon
Links 14/07/2026: Plagiarism Spun as "Training", Zelensky Announces Leadership Shuffle
Links for the day
The Register MS Has Just Published "AI" Webspam That Mentions "AI" 54 Times. It Was Paid to Do This.
Who pays for all this "AI" hype or "buzz"?
Gemini Links 14/07/2026: Self-Advocacy Online; "The Internet Is Dead: How the Web Lost Its Human Soul"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, July 13, 2026
IRC logs for Monday, July 13, 2026
Modern Technology Harms Women More Than Men (Because the 'Tech Bros' Who Dominate STEM Have a Poor View of Women)
“Privacy protects us from abuses by those in power, even if we're doing nothing wrong at the time of surveillance.”
Internet Relay Chat Trolls Are Not Expressing Opinions, They Are Saboteurs
For the record
Links 14/07/2026: "The Freedom of Information Act Is in Serious Trouble"; Irish Datacenters Use Up Almost 25% of Total Energy
Links for the day
The Register MS: "AI" Puff Pieces for Sale, Not Journalism at All, Just "Webspam"
The Register MS isn't the sole culprit
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, July 12, 2026
IRC logs for Sunday, July 12, 2026
How We Do Techrights (and What's Changing Next Week)
Many former news sites no longer yield much non-meaningless news (not anymore); there's a gap to be filled
Links 12/07/2026: Palantir Unrest and Wireshark 4.6.7
Links for the day
Links 12/07/2026: New Instrument Time and PalmOS Experiences in 2026
Links for the day
Red Hat Staff Says IBM Policy Has Stigmatised Him as a Tool and a Slopper With Plagiarism Tools
IBM is killing Red Hat with slop
Freedom of Choice or Freedom Versus Choice (or When All Choices Are Incompatible With Freedom)
When some business asserts that it gives people different options, then it can rightly argue that it offers some choices, but that is not the same as freedom
Techrights IRC Turns 5 Without a “Code of Conduct”, “Code of Conduct Committee”, and All Those Bureaucratic Nightmares
18+ years if one counts our time in Freenode as well
Why U No Use AI???
Many hype waves come and go
There Are Still Slopfarms in Google News
Google is trying to participate in if not lead this pyramid scheme
The Cyber Show Explains How Slop and Promotion of Slop is About Taking Control Away From Computer Users
"On making a trustworthy machine"
Keeping Available the Site at All Times
Informal arrangements and crowdfunding keep our work available despite resistance (including from people who break the law)
What If "Era of AI" and "AI Revolution" (Fake News) Never Happened?
So how much longer before the bust (or bubble-burst)?
GNU/Linux Approaches 5% in Australia
5% by year's end?
Europe/EU is Moving Towards Independence, Fast to Adopt Free Software
More and more states (governments, public sector) in Germany are dumping Microsoft
GNU/Linux Grows at the Expense of Windows
People who want to get work done already left Windows
Tux Machines Growing as a Volunteers-Run Site
Historically the site did not have many original stories, but this changed as the audience grew and the site gained more recognition
Links 12/07/2026: European Commission Versus ‘Addictive Design’, "Google Loses Final Appeal Over $4.7 Billion EU Android Antitrust Fine"
Links for the day
GNU/Linux Market Share Increases Some More Today, statCounter Measures It at 7.3%
Will more such thresholds and records be broken?
Gemini Links 12/07/2026: Studying Languages and 2026 Old Computer Challenge (OCC)
Links for the day
EPO "Cocaine Communication Manager" - Part XIII - At the EPO, Cocaine Addicts and Their Friends Are "Protected Class"
What does that tell us about the EPO?
Increasing Output by Focusing on Originals
It's probably more important to carry on with these than it is to keep abreast of non-crucial news
Amid Strikes and Industrial Actions, Young Professionals at the European Patent Office (EPO) Kept on 'Short Leash', According to the Local Staff Committee The Hague
Issues affecting Young Professionals
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, July 11, 2026
IRC logs for Saturday, July 11, 2026