Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Dr. Roy Schestowitz

2015-01-09 17:27:48 UTC
Modified: 2015-01-09 17:27:48 UTC

Summary: Some blobs like Microsoft's Windows patches and the binary-level UEFI 'validation' do not and cannot provide real security, only insecurity in disguise

THE 'PROMISE' of UEFI 'secure' boot is as ludicrous as Microsoft's claims that it pursues security. UEFI does nothing real for security; in fact, it once again does the very opposite. Quoting the news:

A pair of security researchers have found a buffer overflow vulnerability within the implementation of the unified extensible firmware interface (UEFI) within the EDK1 project used in firmware development.

Bromium researcher Rafal Wojtczuk and MITRE Corp's Corey Kallenberg said the bug in the FSVariable.c source file was linked to a variable used to reclaim empty space on SPI flash chips.

According to other news, as told (spun) by a Microsoft booster.,"Microsoft's advance security notification service no longer publicly available". The booster says that "Microsoft is taking its Advance Notification Service private, claiming the change is due to changes in the way users want their advance security notifications." Microsoft sure tells the NSA about ways to hijack/wiretap Microsoft software, so it's a matter of privilege, not some company-wide policy.

How does the above serve users? It doesn't. This is about Microsoft, not users. Users will be left even more vulnerable. As Pogson correctly points out, "There are no Patch Tuesdays with Debian GNU/Linux so the bad guys are no further ahead. We can all get Debian’s patches as soon as they generate them and we can usually install the updates on running systems with no adverse consequences, like a re-re-reboot."

Moreover, in large corporations in particular, patching code internally is possible or even relying on third parties. Don't ever trust security at binary level, such as large blobs being sent that are supposedly 'patched' or some opaque board giving 'approval' before the running of a binary blob, mostly likely based on some cryptic signature approved by unknown people for unknown reasons (usually employees of companies that work with the NSA). Real security emanates from transparency, which breeds trust and provides to ability for one to study and patch one's own programs (or rely on others to do so using their specialised skills). ⬆

"Anyone wonder why the Microsoft SQL server is called the sequel server? Is that because no matter what version it's at there's always going to be a sequel needed to fix the major bugs and security flaws in the last version?"

--Unknown

Dr. Andy Farnell on Why Calling Slop or Chaff "Hey Hi" (AI) Harm Us All, Except for "Ten or Twenty Rich Industrialists": "words to avoid"
Internet Trolls Likely Trying to Distract From the Demise of IBM, Problems With Red Hat: there seems to be trolling online aimed at suppressing discussion
Debian Upgrade Coming Up (Soon): Yesterday we contacted the datacentre staff about it
Getting Aggressive Suggestive of Loss - Part III - Threats From Burner Accounts Formally Treated as a Crime: Countries that cannot preserve freedom from self-censorship are countries where free press ultimately cannot prevail
24/7 Wall St. Editor-In-Chief and CEO Calls IBM Is "America’s Worst Big Tech Company", Talent is Leaving, Supposedly Strategic Units Culled: 21 hours ago by Douglas A. McIntyre
IBM's Debt Increased Over $5 Billion in 3 Months While IBM Laid Off Many in Europe, US, Confluent, HashiCorp, and Red Hat: An increase of $5,000,000,000+ in debt in just 3 months!
Corporate Media Did Not Specify What Microsoft Means by "Buyouts" (Layoffs), It May Be Hardly Different From Severance: Time will tell, but investigative journalism hardly exists anymore, so we won't hold our breath
The Corrupt Lecture the Non-Corrupt - Part V - "Diversity" and "Inclusion" at EPO Means Sleeping With Sister of "Cocaine Communication Manager" and Making Them Millionaires: Remember that top applicants or key stakeholders of the EPO are already complaining about a lack of quality
Links 25/04/2026: Fake GAFAM Valuations (Gripping the Market Based on False Accounting), "Evidence Isn't Just for Research", and "Putin Defends Mobile Internet Outages": Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, April 24, 2026: IRC logs for Friday, April 24, 2026
Gemini Links 25/04/2026: 3.4k+ Capsules, Microsoft Layoffs, Call for Nuclear Disarmament, "Internet is Sad and Lonely": Links for the day
Links 24/04/2026: Zelenskyy Says Ukraine's War Position "Most Stable", Samsung Workers on Strike Due to Pay: Links for the day
Recent Happenings at IBM Reaffirm Rumours About the CEO; He Might be Resigning (or Pushed Out) Soon: If the rumours are true (no, we did not check those tax records for ourselves), it's not unthinkable that IBM is already doing what Apple did months ago
Gemini Links 24/04/2026: Public Reticulum Gateway Node, Smol Computers, and Old E-mail: Links for the day
Links 24/04/2026: Intel Abandoning Computer Freedom (Even Further), Iran Reports That American Software and Hardware Remotely Sabotaged/Hijacked During War: Links for the day
The Great Wonders of Slop "Efficiency": Thankfully nothing was lost in the transmission and lots of work (datacentre emissions) got "done"
IBMers Expect Another Giant Wave of Layoffs, Talk (and Sing) About the PIPs: The media won't be covering the key facts
Drama at the European Patent Office (EPO) This Week: We'll be covering the EPO quite a lot this weekend and next week
As We Predicted, Francophonie Countries in the EU and Outside the EU Dumping Microsoft for National Security Reasons: We expected Belgium or some other Francophonie place to do so next
Even to Microsoft Insiders It Seems Like XBox Has Already Died or Surrendered to the Japanese Companies: Now the Microsoft layoffs are evident for people to see
EPO Cocainegate Escalates - Part VI - The Strikes Go On and On (Major Strike Today): We'll be covering this later today in relation to what the Office dubs "ethics"
Absolutely Terrible Journalism About Microsoft Layoffs This Week: 7 hours ago by Leila Sheridan
SLAPP Censorship - Part 56 Out of 200: 5RB and Brett Wilson LLP's Copy-Paste Machination for Garrett and Graveley: Here is another straightforward example of their junior barrister overusing copy-paste on his Mac
Getting Aggressive Suggestive of Loss - Part II - Lawyers Are Not "Hired Guns" (and Should Never Act Like Ones): The matter is being investigated
Nadella is Killing Microsoft. Slop Kills It Even Faster.: A decade from now we'll look back at slop like we look back at skateboards
Huge Microsoft Layoffs Coming Shortly (With Financial Report): There will be lots of slop layoffs. Be ready. It's a bubble.
Gemini Links 24/04/2026: Data Breaches and Unofficial Gemini Protocol Specification Archive: Links for the day
Microsoft Offers About 10,000 of Its Senior American (Read: Expensive) Workers to be Laid Off: How many slopfarms and media parrots play along?
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, April 23, 2026: IRC logs for Thursday, April 23, 2026
SLAPP Censorship - Part 55 Out of 200: Strangled Women, Charged for Strangulation, Cannot Find a Job Now (After Microsoft): merits public awareness and wider scrutiny
Gemini Links 23/04/2026: Spirituality and Detachment, Shoplifting in the UK, and "Introducing Scout, an iOS Native Gemini Client": Links for the day
Links 23/04/2026: YouTube Age Limits Expanded and 'Secret' Model With Bug-Finding Hype Campaign 'Leaks': Links for the day
Media Operatives of Microsoft Paint Microsoft Layoffs as Buyouts (Intentionally False Narrative): Those are mass layoffs disguised as something else
IBM's Stock Has Collapsed Over 10% in One Day, Insiders Explain What's Happening: Today, due to a lack of time, we mostly present an outline of what people say (not IBM-sponsored media hacks with LLM slop)
Getting Aggressive Suggestive of Loss - Part I - Threats Sent From Burner Accounts Since February, Belatedly Reported to British Police: Threats connected to Graveley or Garrett or 5RB or Brett Wilson LLP [...] We're not dealing with a law firm here; we're dealing with the underworld
EPO Cocainegate Escalates - Part V - Where Does the António Campinos 'Family Affair' Go From Here?: Do cocaine in public, get caught, take paid "sick leave", come back to lead Europe's second-largest organisation
Links 23/04/2026: Legal Trouble for Microsoft, Chronic Fatigue Syndrome, and DMCA Whac-a-Mole: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, April 22, 2026: IRC logs for Wednesday, April 22, 2026
Gemini Links 23/04/2026: Sunrise Chasing Season, Going Back to Older Software, New Gemini Client for Mobile Devices: Links for the day

Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Recent Techrights' Posts