Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Dr. Roy Schestowitz

2015-01-09 17:27:48 UTC
Modified: 2015-01-09 17:27:48 UTC

Summary: Some blobs like Microsoft's Windows patches and the binary-level UEFI 'validation' do not and cannot provide real security, only insecurity in disguise

THE 'PROMISE' of UEFI 'secure' boot is as ludicrous as Microsoft's claims that it pursues security. UEFI does nothing real for security; in fact, it once again does the very opposite. Quoting the news:

A pair of security researchers have found a buffer overflow vulnerability within the implementation of the unified extensible firmware interface (UEFI) within the EDK1 project used in firmware development.

Bromium researcher Rafal Wojtczuk and MITRE Corp's Corey Kallenberg said the bug in the FSVariable.c source file was linked to a variable used to reclaim empty space on SPI flash chips.

According to other news, as told (spun) by a Microsoft booster.,"Microsoft's advance security notification service no longer publicly available". The booster says that "Microsoft is taking its Advance Notification Service private, claiming the change is due to changes in the way users want their advance security notifications." Microsoft sure tells the NSA about ways to hijack/wiretap Microsoft software, so it's a matter of privilege, not some company-wide policy.

How does the above serve users? It doesn't. This is about Microsoft, not users. Users will be left even more vulnerable. As Pogson correctly points out, "There are no Patch Tuesdays with Debian GNU/Linux so the bad guys are no further ahead. We can all get Debian’s patches as soon as they generate them and we can usually install the updates on running systems with no adverse consequences, like a re-re-reboot."

Moreover, in large corporations in particular, patching code internally is possible or even relying on third parties. Don't ever trust security at binary level, such as large blobs being sent that are supposedly 'patched' or some opaque board giving 'approval' before the running of a binary blob, mostly likely based on some cryptic signature approved by unknown people for unknown reasons (usually employees of companies that work with the NSA). Real security emanates from transparency, which breeds trust and provides to ability for one to study and patch one's own programs (or rely on others to do so using their specialised skills). ⬆

"Anyone wonder why the Microsoft SQL server is called the sequel server? Is that because no matter what version it's at there's always going to be a sequel needed to fix the major bugs and security flaws in the last version?"

--Unknown

Richard Stallman's Talk at Georgia Tech is Just 2 Days Away: We're still curious to see how malicious people (or trolls) in social control media will try to slant his talk as "bad"
The "Alicante Mafia" - Part VII - The Industrial Actions Began Yesterday, Here's Why: The "Alicante Mafia" might not last much longer
openai.com Traffic Said to Have Fallen 50% in the Past Three Months, Reports Say It Nearly Ran Out of Money to Borrow: After the slop frenzy all we'll have left is environmental destruction
Links 21/01/2026: "Snap Settles Lawsuit on Social Media Addiction" and Attempts in the US to Revive Software Patents: Links for the day
Links 21/01/2026: Microsoft 'Open' 'Hey Hi' in More Trouble, US Has "Brown Shirts" Problem: Links for the day
Yesterday Afternoon The Register MS Published Paid Microsoft SPAM Disguised as an Article About "AI PCs": The Register MS cannot help itself, can it? [...] Follow the money.
Microsoft's XBox is in Effect Dead Already, Now It's a Streaming and Advertising Platform: Expect many layoffs soon
EPO's Web Site Misused for Propaganda About Illegal Kangaroo Courts to Distract From EPO Scandals and Judicial Crisis in Europe: UPC is illegal and unconstitutional
Gemini Links 21/01/2026: Edible Circuits and "Sayonara HTTP": Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, January 20, 2026: IRC logs for Tuesday, January 20, 2026
IBM Hides Its Own Destruction (and Red Hat's): It's like scenes out of '1984', which is what a now-famous advertisement from Apple compared IBM to
LLM Slop Not Dead Yet, Examples of Slop About "Linux": We wish to see the totals down to zero
Links 20/01/2026: Cheeto Blackmails France Into 'Peace' While Looking to Annex EU, Mass Layoffs in Capgemini (Microsoft Reseller/Promoter) in France: Links for the day
Gemini Links 20/01/2026: Boxing and "Inbox Zero" Success: Links for the day
Windows and Slop Declining While Microsoft Silences Critics: Microsoft tries to suppress facts while faking 'demand' by imposing slop on everybody, everywhere
IBM Kills OzLabs, Signalling An Attack on Free Software (a Sign for Red Hat): ibiblio also appears to have died (or experiences critical issues)
Red Hat Vice President Leaving After Nearly Two Decades: IBM's culture of secrecy is not compatible with Free software
Links 20/01/2026: "ChatGPT Health" (Latest Distraction From Being Insolvent) Flops and Raises Concerns, "The U.S. Military Faces a Reckoning on Greenland": Links for the day
Rudeness and Vulgarity Won't Stop Journalism About Free Software: we seem to be on the right path
Readers Pleased With Layout Changes: Two days ago we began improving clarity and accessibility in the site
IBM Plans for Layoffs Becoming Clearer With "Employee Reviews": Of course this impacts Red Hat as well
IBM is Outsourcing Red Hat's Fedora to Slop to 'Save Money': If IBM cared about quality rather than alleged "cost savings" (cutting corners), it would assign more IBM staff to Fedora, but instead the exact opposite happened, with the likes of Cotton and Miller removed from the project
European Patent Office (EPO) Industrial Actions Formally Start in Two Hours: As per the latest (revised) action plan, today workers will slow down their work and limit patent grants
Microsoft Under Fresh Investigation by the Italian Competition Authority: In 2025 we kept a running tally of 30,000+ Microsoft layoffs, so 40k this year would not be unthinkable
The "Alicante Mafia" - Part VI - More Strikes Planned at the EPO, Starting This Month: Yesterday we said that friends of Berenguer or inside Berenguer's circle may have left
Gemini Links 20/01/2026: New Tea, Using a Roku at a Hotel, and "Voltage-Based Power Management for Any Raspberry Pi": Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, January 19, 2026: IRC logs for Monday, January 19, 2026
If You Don't Want "Linux" to Become "Windows", Then Follow GNU: GAFAM isn't a friend of Linux; it's only a user in the same sense clients are "users" of a brothel
Links 19/01/2026: National Broadcasters on World or Local Affairs Up to a Week Ago: Links for the day
Gemini Links 19/01/2026: Game Boy and "The Lounge" (IRC) for the Elderly: Links for the day
Slopfarms in Google News (at Least Three Today) With Fake 'Articles' About "Linux": Google itself is trying to promote its own slop ("Overview") at the expense of original and credible sources
Links 19/01/2026: ChatGPT’s Defects and The Guardian on Why So-called "AI Companies Will Fail": Links for the day
This is What the Slop Bubble Popping Can Look Like: Maybe not an overnight collapse, but getting there gradually
IBM Quiet About Its Plan for Red Hat Amid Accelerated Bluewashing: Something is going on at Red Hat
The "Alicante Mafia" - Part V - It Seems Like Some People Are Already Leaving "The Mafia": they have a rough idea of what's coming
Microsoft Means War, Microsoft is on the Side of ICE: Microsoft, people-ready
More Confirmatory Rumours Regarding "Massive" Red Hat Layoffs: Ecosystem and sales said to be targeted
Proprietary UNIX is What We'll Have If IBM Red Hat Gets Its Way: IBM Red Hat wants to control everything, even if that means killing everybody
Free Software in Times of Peace (and Times of War, Too): GAFAM and IBM are war companies
Founder of GNU/Linux (RMS) Speaks in US University (College) This Week: The auditorium has very high capacity and this is his "college comeback" talk in the United States
Office Meetings Are Most Useful to the Least Productive Workers: In my "office life" days I really didn't like meetings
LinuxSecurity and Linuxiac Are Still Slopfarms, Even Anthony Pell Does It: We suppose waiting another month or another year won't change a thing
Claim That the Board of Directors at IBM Isn't Happy With How the Company is Run: IBM tries to project an image of strength to the whole world, especially to its clients
Links 18/01/2026: Legal Trouble for xAI, Climate Concerns, Data Breaches and More: Links for the day
'Vibe Coding', Chatbots, and Other Bots (e.g. "Agents" Disguised as "Superintelligence") Aren't Saving You Time: False marketing, FOMO marketing tactics
Gemini Links 19/01/2026: Analog Cameras and Plucker in 2026, US Losing Acceptability in Europe: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, January 18, 2026: IRC logs for Sunday, January 18, 2026

Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Recent Techrights' Posts