Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Dr. Roy Schestowitz

2015-01-09 17:27:48 UTC
Modified: 2015-01-09 17:27:48 UTC

Summary: Some blobs like Microsoft's Windows patches and the binary-level UEFI 'validation' do not and cannot provide real security, only insecurity in disguise

THE 'PROMISE' of UEFI 'secure' boot is as ludicrous as Microsoft's claims that it pursues security. UEFI does nothing real for security; in fact, it once again does the very opposite. Quoting the news:

A pair of security researchers have found a buffer overflow vulnerability within the implementation of the unified extensible firmware interface (UEFI) within the EDK1 project used in firmware development.

Bromium researcher Rafal Wojtczuk and MITRE Corp's Corey Kallenberg said the bug in the FSVariable.c source file was linked to a variable used to reclaim empty space on SPI flash chips.

According to other news, as told (spun) by a Microsoft booster.,"Microsoft's advance security notification service no longer publicly available". The booster says that "Microsoft is taking its Advance Notification Service private, claiming the change is due to changes in the way users want their advance security notifications." Microsoft sure tells the NSA about ways to hijack/wiretap Microsoft software, so it's a matter of privilege, not some company-wide policy.

How does the above serve users? It doesn't. This is about Microsoft, not users. Users will be left even more vulnerable. As Pogson correctly points out, "There are no Patch Tuesdays with Debian GNU/Linux so the bad guys are no further ahead. We can all get Debian’s patches as soon as they generate them and we can usually install the updates on running systems with no adverse consequences, like a re-re-reboot."

Moreover, in large corporations in particular, patching code internally is possible or even relying on third parties. Don't ever trust security at binary level, such as large blobs being sent that are supposedly 'patched' or some opaque board giving 'approval' before the running of a binary blob, mostly likely based on some cryptic signature approved by unknown people for unknown reasons (usually employees of companies that work with the NSA). Real security emanates from transparency, which breeds trust and provides to ability for one to study and patch one's own programs (or rely on others to do so using their specialised skills). ⬆

"Anyone wonder why the Microsoft SQL server is called the sequel server? Is that because no matter what version it's at there's always going to be a sequel needed to fix the major bugs and security flaws in the last version?"

--Unknown

Slopwatch: LinuxSecurity, UbuntuPIT, and Google News: We've also just noticed more slop from UbuntuPIT
Microsoft Windows is No Longer an Operating System, It's Surveillance Project: Why is this even legal to preload on PCs outside the US?
Qualcomm Arduino Takes Aim at Raspberry Pi: Qualcomm is a Microsoft partner
Slopwatch Appreciated by Real Authors of GNU/Linux Articles: We do try to keep on top of those things
Upgraded R.R.R.R.R.R. Today: The Web of 2025 is full of garbage, not limited to slopfarms
Freedom From Proprietary Prisons: Forking always an option
IBM's Watson Died in 1956, Now Watson Dies Again: IBM is becoming just a reseller of GAFAM and other stuff
Microsoft Says That Constant Mass Layoffs Are Success, the Media Isn't Buying This Microsoft Narrative Anymore: If people in the media feel an obligation to repeat whatever lies Microsoft tells, what point will there be to the media?
Links 08/10/2025: "Mali Puts Free Speech on Trial" And Apple Enforces Dictatorship: Links for the day
Links 08/10/2025: ‘Death to Spotify’ and Law to Ban Loud Commercials on Streaming (Dis)Services: Links for the day
Links 08/10/2025: Real Innovation and Nina.chat is Dead: Links for the day
Links 08/10/2025: Y2K38 Bug is a Vulnerability, Chat Control in Europe a Threat: Links for the day
How and Why Once-Legitimate Sites Turn Into Slopfarms: Many sites will go offline and many social control networks will shut down once they realise or even openly admit they spend money and time gardening a bunch of bots and slop
UbuntuPIT Became a Slopfarm and Gnoppix Tarnishes Its Own Brand With Slop: It fits all the characteristics of mildly-edited (if at all) slop
Slopwatch: Linux Journal and Other Slopfarms: GAFAM needs to go the way of the dodo
Gemini Links 08/10/2025: "Seek Seek Revolution" and Gradient Backgrounds: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, October 07, 2025: IRC logs for Tuesday, October 07, 2025
Stagnation of the Economy and What Free Software Can (or Could) Do For It: If your economic model is based on a pyramid of lies, it won't last very long
Social Control Media is Sinking: it would rightly seem like the era of centralised "social" sites (they're not social, they're about controlling the users) is ending, not overnight but gradually
Participation in Cancel Culture Detrimental to One's Career: A cautionary tale
Passion Wins: we've increased the number of birds we feed to 100+
How Solderpunk and Sean Conner Started Gemini Protocol (and, Collectively, Geminispace) Back in 2019: Based on the "official" history
Arduino is Now a Patent Bully (Qualcomm): Qualcomm has just bought Arduino
Many Years of Microsoft Cancellations and Faked (Acquired) Revenue "Growth": XBox is basically the "next Skype"
The Comment TheLayoff.com Has Just Censored for Criticising a Ridiculous Puff Piece of IBM Management: If comments get censored for their "style" rather than their substance, then society will be worse off
The Power of Writing Down Facts: The more we write and publish, the more people will know what happened
Microsoft's Non-Denying Denial About XBox's Death is Already Being Shattered to Pieces: Like Microsoft's 'open' 'hey hi', heralding meaningless non-committing agreements with AMD is little more than vapourware
Slopwatch: UbuntuPIT Joins the Slopfarms Club: Slopfarms gonna slop
Links 07/10/2025: Privacy at Risk, GAFAM Remains Off the Hook: Links for the day
Gemini Links 07/10/2025: Modern Retro Console Idea and Batch vs Bash: Links for the day
Links 07/10/2025: International Criminal Court (ICC) Convicts Ali Kushayb; Moroccan Imprisoned for 'Offensive' Shirt: Links for the day
Links 07/10/2025: EU' Chat Control is Back, US Cracks Down on Democracy: Links for the day
Techrights Pursues Justice and Truth Because, Without Those, Society Descends Into Chaos: most people reject dogma and pseudoscience
Upcoming Talks by Richard Stallman in Helsinki, Göteborg, and Rome: Join with him and share the software
Something Bad is Happening in the Open Source Initiative (OSI): The latest OSI blog post is from a Microsoft operative and a few weeks ago the Executive Director left
TLS 1.3 Dominates Geminispace (99% of Known Capsules): it's nowadays safe to assume almost every capsule can handle TLS 1.3
Why soylentnews.org Has Been Having Technical Difficulties Lately: The network has been going up and down quite a lot this past week
A Statement Against Violence: The facts are on our side
They've Run Out of Things to Rebrand or Label as "AI": The next few years will be interesting because if Microsoft lays off tens of thousands of workers each year, there won't be much left except mountains of debt and dying brands
The Register MS is Still Being Paid to Participate in the "AI" Ponzi Scheme Which Will Crash the Economy: The Register MS is hoping to get lucky by tricking people into a scam
Richard Stallman Confirms His Talk in Göteborg This Coming Friday: "The hosts say that the list will not be given to the state"
Most of the "Linux" Results This Morning in Google News Are LLM Slop From the Same Slopfarm, Plagiarising Phoronix: The main question is, does Google even care at this point?
Gemini Links 07/10/2025: Civil War and "Goodbye Web": Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, October 06, 2025: IRC logs for Monday, October 06, 2025
Evidence Contradicting Microsoft's Non-Denying Denials and Expectation of Many Layoffs Soon: "Microsoft has had this constant drip of layoffs for months."
The "AI Revolution" is Going Very Well, Right?: money that does not exist and alleged potential that is pure fiction
Links 06/10/2025: Scam Altman Himself Admits He Runs a Scam Based on a Bubble, US Administration Adopts “War From Within” Narrative to Crush Opposition/Dissent: Links for the day
Slopwatch: Fake Ubuntu 'Articles' and Google News Helps People Who Plagiarise Phoronix Using LLMs: Michael Larabel can't possibly be happy about that
6,000 Pages/Articles a Year: Today in one month from now the site turns 19
When Things Become So Ubiquitous That They're Almost Nameless: The notion or the concept of software freedom isn't tied to any particular brand or project, so it should still resonate
At Least 3 Richard Stallman Talks in Europe Confirmed So Far, Next Week in Rome There's Another: Dr. Stallman has not announced this yet
IDG Seems to Have Abandoned Sandra Henry Stocker's UNIX/Linux Column: Unless we hear otherwise or see some update/s, this may mark another death blow from IDG
Gemini Links 06/10/2025: Winter Nights and "Virtue Signaling": Links for the day
Links 06/10/2025: Scientific Awards and Typhoon Matmo: Links for the day
IP Kat Gone Bonkers, Pushing Slop in Patents (Likely Illegal, With Severe Consequences): AstraZenecaKat: "Last time, this Kat covered some practical steps on how to ensure client confidentiality when using AI tools (IPKat)."
Links 06/10/2025: Grokipedia as Malicious Slop, US 'Martial Law' a "New Normal": Links for the day
Fake Economics and Clown Computing Circuses: who's gonna pay for these scams?
Nobel Prize in Economics Does Not Exist, It's Propaganda From Sveriges Riksbank: "It is that time of the year when it is important to remind people that there are no Nobel Prizes for professional wrestling, astrology, or economics"
Rust is Eating Linux: That's a recipe for problems
Cindy Cohn (Executive Director of EFF) is a Millionaire, Earned Almost $30,000 Per Month Before Departing While the EFF Lost Money: EFF is "Big Business"
Non-Denying Denial From Microsoft (Again) Regarding the End of XBox Consoles: It's kind of hilarious that even the site chosen by Microsoft to relay its BS, based on past loyalty, isn't quite buying it
Bringing Back Lost Articles From the 1990s: Microsoft Products Leave Door Open to NSA: Nothing has changed since then
When the Slop Bubble Pops People Will Say Richard Stallman Was Right (Again): What was once known as Computer Science turned into "IT"
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, October 05, 2025: IRC logs for Sunday, October 05, 2025
Links 06/10/2025: Science, Hardware, and Andrej Babis Making a Comeback: Links for the day

Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Recent Techrights' Posts