Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Dr. Roy Schestowitz

2015-01-09 17:27:48 UTC
Modified: 2015-01-09 17:27:48 UTC

Summary: Some blobs like Microsoft's Windows patches and the binary-level UEFI 'validation' do not and cannot provide real security, only insecurity in disguise

THE 'PROMISE' of UEFI 'secure' boot is as ludicrous as Microsoft's claims that it pursues security. UEFI does nothing real for security; in fact, it once again does the very opposite. Quoting the news:

A pair of security researchers have found a buffer overflow vulnerability within the implementation of the unified extensible firmware interface (UEFI) within the EDK1 project used in firmware development.

Bromium researcher Rafal Wojtczuk and MITRE Corp's Corey Kallenberg said the bug in the FSVariable.c source file was linked to a variable used to reclaim empty space on SPI flash chips.

According to other news, as told (spun) by a Microsoft booster.,"Microsoft's advance security notification service no longer publicly available". The booster says that "Microsoft is taking its Advance Notification Service private, claiming the change is due to changes in the way users want their advance security notifications." Microsoft sure tells the NSA about ways to hijack/wiretap Microsoft software, so it's a matter of privilege, not some company-wide policy.

How does the above serve users? It doesn't. This is about Microsoft, not users. Users will be left even more vulnerable. As Pogson correctly points out, "There are no Patch Tuesdays with Debian GNU/Linux so the bad guys are no further ahead. We can all get Debian’s patches as soon as they generate them and we can usually install the updates on running systems with no adverse consequences, like a re-re-reboot."

Moreover, in large corporations in particular, patching code internally is possible or even relying on third parties. Don't ever trust security at binary level, such as large blobs being sent that are supposedly 'patched' or some opaque board giving 'approval' before the running of a binary blob, mostly likely based on some cryptic signature approved by unknown people for unknown reasons (usually employees of companies that work with the NSA). Real security emanates from transparency, which breeds trust and provides to ability for one to study and patch one's own programs (or rely on others to do so using their specialised skills). ⬆

"Anyone wonder why the Microsoft SQL server is called the sequel server? Is that because no matter what version it's at there's always going to be a sequel needed to fix the major bugs and security flaws in the last version?"

--Unknown

Attacks on Techrights Are Only Making Techrights Bigger and Even More Popular: A week ago they offered to settle with us
EPO Staff Can Go Listen to Richard Stallman Next Week in Munich (Technical University of Munich, Rudolf-Diesel Hörsaal (MW2001) on Campus Garching at 18:00): "The talk is open to the public and attendance is free. Registration is not required."
Links 15/10/2025: Qantas Airways Loses Control of Sensitive Data and Software Patents Are Being Thrown Out: Links for the day
Vista 10 is 'Dead', Here's Why People Should Move to GNU/Linux (or the BSDs): Today we try to make an outline of reasons move away from Windows to GNU/Linux
Our Sites Continue to Improve: LLM slop has had no noticeable impact on us
Gemini Links 15/10/2025: Neovim, Helix Compared and Gemlog.blue Now Closed: Links for the day
Links 15/10/2025: Mass Layoffs at Amazon, OneDrive Spyware Revved Up, More 'Gen Z Protests': Links for the day
The EPO's Staff Engagement Survey 2025 is Already Tainted by Intimidation by EPO Management (Trying to Influence Outcomes by Scaring Genuine, Honest Critics): "[W]e have received reports that, following the previous survey, teams with negative responses were reproached or questioned about their answers..."
The DDoS Attacks by Microsoft's Scam Altman and Other Slop Charlatans and Frauds is Hurting the FSF, Delinking It From Copyleft Projects: This impacts a lot more than access to the licences
Microsoft Scanning Faces in Photos People Upload to Microsoft (Even Unconsciously), Slashdot Turns Report About It Into "Microsoft Sez" (Says): Or "let's repeat the lies from a PR person/Microsoft's publicist"
[Teaser] Angel Aledo Lopez the Manipulator (Nepotism, Poll Rigging, and Other EPO Corruption): We'll discuss this later today or tomorrow, based on internal EPO material
Epic Metaphor for End of IBM: "The IBM Demolition is Down to the Last Shards!": Nothing lasts forever
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, October 14, 2025: IRC logs for Tuesday, October 14, 2025
Proprietary and DRM Prisons Spiralling Down the Sinkhole? Not Just Yet.: Let's hope that more people will flee to GNU/Linux
The European Patent Office (EPO), the Second-Largest Institution in Europe, is Cracking Down on Recreational Activities: Without AMICALE activities, and as staff already says it's pressured to work more for less, how can the EPO recruit bright people?
Transparency: FSFE financial reports exclude speaker fees and expenses: Reprinted with permission from Daniel Pocock
Many Developers Have Many Political Views, They'll Never Agree on Everything: It's an effort to divide and destroy, not build
Gemini Links 14/10/2025: An Opportunity to Consider GNU/Linux and Another Simple IRC Client: Links for the day
Slopwatch: UbuntuPIT, LinuxSecurity, Google News, and the Serial Slopper Brian Fagioli: Nothing of merit here, just more slop
Links 14/10/2025: Lack of Trust in Slop and "Retirement Challenges": Links for the day
Rhonda D'Vine, Gerfried Fuchs, Pronouns & Debian pregnancy cluster: Reprinted with permission from Daniel Pocock
At IBM, Relocation Means Layoffs (Downsizing): Silent or 'invisible' layoffs?
Central Staff Committee of the European Patent Office (EPO) Warns That EPO Management is Robbing or Manipulating Pension Funds Again: Faking "growth" is just about as bad as forgery
Probably a Lot Worse Than LLM Slop: GNOME Tying Itself to Divisive Politics, Even Where It's Clearly Not Relevant: Something has gone terribly wrong in GNOME
Links 14/10/2025: Microsoft OneDrive Scanning Faces in Photos (Without Asking First), "OpenAI Says It Will Move to Allow Smut": Links for the day
They Generally Don't Like Scholars, as They're Less Compelled or Pressured to Repeat What Corporations and Oligarchs Say: People who loathe scholars have an agenda in mind that, unlike that of reasonable people, revolves around controlling people
Dystopian Trends in Technology Make Richard Stallman More Relevant Than Ever: It's good to see him attracting vast audiences
Belated New Article About Last Thursday's Lecture by Richard Stallman in Helsinki, Finland: there are good reasons to pay with cash, not limited to privacy
Attacking Richard Stallman Has Become 'Career Suicide': If you're going to viciously attack somebody, make sure your arguments are rock-solid
Microsoft's Failing XBox Business Has Turned Games Into Funerals: How does it feel to depend on Microsoft?
Yesterday's "Distinguished Lecture" by Richard Stallman Possibly Attended by Close to 1,000 People: The capacity of the place is about 900
Slop Poisons Everything: Imagine wanting to find what Torvalds has just said or what has just been released
Taking Software Freedom 'Mainstream': interest in Software Freedom must have grown
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, October 13, 2025: IRC logs for Monday, October 13, 2025
Gemini Links 14/10/2025: Ada Lovelace Day, Sony CLIE PEG-TG50 Review, Why to Avoid Network Solutions: Links for the day
Richard Stallman (RMS) Announced His Talk Less Than 24 Hours Before It Took Place and Still Filled Up the Auditorium at Sapienza Università di Roma: Photos from yesterday evening [...] It looks like it was a very successful event
The EPO's War on Techrights Was a Massive Mistake: The EPO started the SLAPPs after we had published a few hundreds of articles; we've since then published close to 6,000 because the attacks on us emboldened insiders to help us
General-Purpose Computers to Become Growing Area of Coverage: Without them, we have little left for controlling our lives
"They missed a great opportunity to shut up." -Jacques Chirac: Brett Wilson LLP has been trying to cheat the legal system many times
Harassment evidence: Switzerland, overcrowded fitness and yoga centers, incompetence and racism in accident response: Reprinted with permission from Daniel Pocock
Vincent Danjean & Debian NXIVM collateral, blackmail risks: Reprinted with permission from Daniel Pocock
In Sweden This Past Friday Richard Stallman Explained Why Copyleft is Important: And he didn't have to 'bash' BSDs, either
IBM Layoffs Due to a Lack of Money and Company Debt Rising by Almost 10 Billion Dollars in 6 Months: IBM didn't buy Red Hat for any ideological reasons; it was a fast "cash grab" for revenue
Forbes Already Stopped Being a News Sites. Now It's a Spam and Propaganda Platform for "Paying Partners" (Companies).: news from Forbes became very scarce
Is the Second-Largest Institution in Europe (EPO) Gradually Becoming More Like a Sweatshop?: Underpaid, unqualified, inexperienced and incompatible people are already recruited to replace veteran examiners
The Register MS Has No FOSS Coverage Anymore: The Editor in Chief is like a Microsoft plant
Links 13/10/2025: "Toasty Subwoofer" and WiFi Speakers "Are About To Go Dumb": Links for the day
Gemini Links 13/10/2025: iNaturalist and Tove Jansson’s Moominpappa at Sea: Links for the day
Microsoft Does Not Deny That Large Retailers Like Walmart, Costco and Target Are Giving Up on XBox (and Not Stocking It): No doubt XBox is in trouble and rumours suggest that more mass layoffs are imminent
We'll Encourage Richard Stallman to Talk About Software Patents at the EPO Next Week When He Visits Munich (EPO Headquarters): Go listen to Richard Stahlmann
Investigative Journalism Protects Society From Corruption, Crimes Against Women, Assaults on Civil Society: "what is the point of men doing military practice to defend a system that is so rotten?"
Swiss pimp usurping reputation of legendary Tissot boss Francois Thiébaud from France (BaselWorld, SWATCH Group SA): Reprinted with permission from Daniel Pocock
Paris 'Love Nest' & Debian Outreachy: from Lycée Lakanal to ENS Cachan, Cr@ns, nepotism: Reprinted with permission from Daniel Pocock
Richard Stallman to Give Public Talk in 3 Hours, Then in the Technical University of Munich (Germany) Next Week: Richard Stallman at TUM on 21.10.2025 18:00, MW2001
Arnaud Parreaux lost case defending rogue employer: Reprinted with permission from Daniel Pocock
Mathieu Elias Parreaux declared bankrupt in Switzerland: Reprinted with permission from Daniel Pocock
Breakdown of the Rule of Law and Patent Law in the European Union (EU): The EPO cannot recruit suitably qualified patent examiners this way, let alone retain them
Gemini Links 13/10/2025: Good Films, Wizard of Earthsea, Upgrading the Steam Controller's Stick: Links for the day
Leaks and Whistleblowers: Our Plan for Today: Society simply cannot advance when too many people self-censor
It's Not Justice When One Side Denies the Other Side the Ability to Even Speak: At this stage, Brett Wilson LLP is in my humble opinion acting in contempt of the Court
Links 13/10/2025: Australian Catholic University Uses Slop to Libel Students, Canada Threatens to Kill Beluga Whales: Links for the day
How Not to Silence Tux Machines (It'll Only Backfire, Badly): defending Microsoft while attacking this site
Slopwatch: UbuntuPIT and Google News: It seems abundantly clear that Google News and Google in general participates in the slop epidemic
Vincent Danjean (not INTERPOL), Claire Bardel & Debian pregnancy cluster: Reprinted with permission from Daniel Pocock
Christmas lynchings: Martin Krafft (madduck), Penny Leach (mjollnir) & Debian pregnancy cluster: Reprinted with permission from Daniel Pocock
Gemini Links 13/10/2025: Birthdays and "Committee Unable to Contact Nobel Prize Winner": Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, October 12, 2025: IRC logs for Sunday, October 12, 2025

Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Recent Techrights' Posts