Bonum Certa Men Certa

Microsoft and Its Boosters Worsen Linux Security

posted by Roy Schestowitz on Dec 01, 2023

The circus goes on and on. Latest:

UEFI flaws allow bootkits to pwn potentially hundreds of devices using images: Secure? But whose standards?

Hundreds of consumer and enterprise devices are potentially vulnerable to bootkit exploits through unsecured BIOS image parsers.

Security researchers have identified vulnerabilities in UEFI system firmware from major vendors which they say could allow attackers to hijack poorly maintained image libraries to quietly deliver malicious payloads that bypass Secure Boot, Intel Boot Guard, AMD Hardware-Validated Boot, and others.

Dubbed "LogoFail," we're told the set of vulnerabilities allows attackers to use malicious image files that are loaded by the firmware during the boot phase as a means of quietly delivering payloads such as bootkits.

The vulnerabilities affect the image parsing libraries used by various firmware vendors, most of which are exposed to the flaws, according to the researchers at Binarly.

Image parsers are firmware components responsible for loading logos of vendors, or workplaces in cases where work-issued machines are configured to do so, flashing them on the display as the machine boots.

THE article above was shared just moments ago in IRC (by Sompi). It's yet another one of many such revelations and incidents. It's important to distinguish real, inherent security (auditable, reproducible, small and simple enough to exhaustively traverse and learn) from marketing junk and junk science. One need not go far back in time (just over a week) to grasp perils of Windows and shortcomings of fingerprint biometrics - i.e. quasi-futuristic security theatrics and gimmicks.

Where does this end? What happened to proper engineering?

The Microsofters like to break things and block Linux from booting and installing. Of course they call this whole charade "security" and anyone who questions their motives is "against security" or "homophobic" or something to that effect... so do not ever criticise what they do. Questioning Microsoft is an act of intolerance and disregard for the supposed needs of "Big Users" of Linux...

It should be noted that Microsoft's Poettering is pushing similar things and worse via systemd (even TPM). We covered this before. It'll get worse over time. As one reader put it some hours ago: "The Poettering-driven merge of /usr/bin and /bin is going to cause a tremendous amount of further damage to both the technological base as well as the community and add a lot of unnecessary effort."

This reader moreover cited "The collapse of Debian" - an ongoing discussion that relates to the above. And "there is a good three-point summary further down on the first page," this reader said, though to quote the top part: "Fedora and Ubuntu has nothing on what Debian was, and Debian is no longer what it was. We no longer have in our midst that which we used to have, and now more than ever need."

Almost all my machines run Debian and I heard that Debian 12 can be tough on some desktops/laptops. Heck, this site's server runs Debian 12, but so far no major issue. 4 Debian Developers have been added in 2 months, so one can hope the project can survive and thrive in an age when both IBM and Canonical push Microsoft agenda.

While GNU/Linux usage sure is increasing [1, 2], both in homes and businesses, the freedom of it is being compromised and security intentionally sabotaged (hence, many consider or move to BSD). It's rapidly becoming yet another back-doored platform that is vulnerable enough to be deemed "enterprise-ready" by the likes of the NSA.

Other Recent Techrights' Posts

Europe's Adoption of GNU/Linux, by Country (Now About 6%)
in Switzerland, for instance, adoption of GNU/Linux has been profoundly low
Not Only Has Adoption of Windows Vista 11 Flatlined/Plateaued, Now It is Going Down!
Did many people delete Vista 11 and install GNU/Linux instead?
GNU/Linux Peaking in Europe, Android Measured as Higher or More Prevalent Than Windows
Android topping Windows
Gemini at 3,800+
total number of known capsules at above 3.8k
 
Links 04/03/2024: Techno-Babble in Tech Job Ads and Vision Pro Already Breaking Apart
Links for the day
[Meme] 'Debating' People by Subscribing Them to Lots of SPAM
Rebuttal? No, spam.
From Sexual Harassment of Women to Yet More Cybercrimes
They can be prosecuted
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, March 03, 2024
IRC logs for Sunday, March 03, 2024
Venezuela: Windows Below 70% (Laptops and Desktops), GNU/Linux Up to 7%
It's a lot higher in Cuba
ICYMI: ZDNet Financially Controlled by Microsoft
a history of censoring SJVN's Microsoft-critical articles
Argentina Joining the 4% 'Club' (GNU/Linux on Desktops and Laptops)
Data as ODF
Transparency Sets Society Free
"Convenient delusions" aren't bliss but temporary relief
[Meme] The EPO, Europe's Second-Largest Institution, Which is Contracting With Belarus
Socialist EPO
The European Patent Office's (EPO) Illegal Ban on Mass Communication Gets in the Way of Democracy
The scientific process (patents apply to science) must allow scrutiny, both from within and from the outside
Links 03/03/2024: Depression in Hong Kong, Sex 'Apps' and STIs
Links for the day
Links Gemini 03/03/2024: NixOS and NextCloud, Back Into Ricing
Links for the day
The Debian family fallacy
Reprinted with permission from Daniel Pocock
For Every Action There's a Reaction
Gates lobbying Modi
Like in Africa, Android Takes Control, Raking in Almost All the 'Chips' in Asia
So Microsoft has no OS majority except in Japan and Russia (and tiny Armenia).
Links 03/03/2024: Goodbye, Navalny (Funeral Reports)
Links for the day
Gemini Links 03/03/2024: A Wild Devlog Appeared and GrapheneOS Ramble
Links for the day
Be a Navalny
We salute Mr. Navalny
Mozilla Firefox is Back in ~2% Territories, Jeopardising Its Status as Web Browser to Test/Target/Validate With
Some new stats
[Meme] Russian Standards of Law: The Executive Branch Decides Everything
the president's kangaroo court
Up Next: The Tricky Relationship Between the Administrative Tribunal of the ILO and the European Patent Organisation (EPO)
We've moved from presidents who run a republic by consent to corrupt, unqualified, dictatorial officials who bribe for the seat (buying the votes)
IRC Proceedings: Saturday, March 02, 2024
IRC logs for Saturday, March 02, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Beware Imposter Sites of Techrights (Not Techrights.com or Techrights.org)
Only trust pages accessed through the domains controlled by us
Italy visa & residence permit: Albanian Outreachy, Wikimedia & Debian tighten control over woman
Reprinted with permission from Daniel Pocock
Links 02/03/2024: Actual Journalists Under Attack, More Software Patents Being Challenged
Links for the day
Gemini Links 02/03/2024: NixOS on GPD, Meson Woes
Links for the day
statCounter March 2024 Statistics (Preliminary)
Notice Asia
Links 02/03/2024: More Lawsuits Against Microsoft, Facebook Killing Hard-To-Find News
Links for the day
ZDNet (Red Ventures) Works for Microsoft (Redmond), Many Of Its Pages Are Spam/Advertisements Paid for by Microsoft
Here is the "smoking gun"
Wikipedia Demotes CNET Due to Chatbot-Generated Spew as 'Articles'; It Should Do the Same to ZDNet (Also Red Ventures, Also Microsoft Propaganda)
Redmond Ventures?
IBM Sends Money to Microsoft
Red Hat basically helps sponsor the company that's a attacking our community
The Direction WordPress (GPL) Has Taken is an Embarrassment
it comes with strings attached
When the Cancer 'Metastasises'
We had a red flag
March in Techrights (EPO Litigation and More)
One theme we'll explore a lot when it comes to GNU/Linux is the extent to which communities truly serve communities
Don't Forget to Also Follow Tux Machines
We've split the material
Yandex Usage Has Surged Since the Invasion of Ukraine, Microsoft Fell to 0.7% (It Was 1.7% Before the 'Bing Chat' Hype Campaign)
In Soviet Russia, Bing searches user
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, March 01, 2024
IRC logs for Friday, March 01, 2024
Sellout Completed: Linux Foundation Converging With the Gates Foundation
not a joke
Hitler Rants Parodies on Steve Ballmer
Parody created using clips from Downfall (Der Untergang)
With Windows This Low (27% of the "OS" Market), Steve Ballmer Would Have Thrown Another Chair
The media produced many puff pieces about Nadella at 10 (as CEO), but what has he done for Windows? Nothing.
[Meme] The Naked President
EPO Suffers From Shrinkage
Attacks on the EPC: Reality and Fiction
EPO leaks