Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Dr. Roy Schestowitz

2015-01-09 17:27:48 UTC
Modified: 2015-01-09 17:27:48 UTC

Summary: Some blobs like Microsoft's Windows patches and the binary-level UEFI 'validation' do not and cannot provide real security, only insecurity in disguise

THE 'PROMISE' of UEFI 'secure' boot is as ludicrous as Microsoft's claims that it pursues security. UEFI does nothing real for security; in fact, it once again does the very opposite. Quoting the news:

A pair of security researchers have found a buffer overflow vulnerability within the implementation of the unified extensible firmware interface (UEFI) within the EDK1 project used in firmware development.

Bromium researcher Rafal Wojtczuk and MITRE Corp's Corey Kallenberg said the bug in the FSVariable.c source file was linked to a variable used to reclaim empty space on SPI flash chips.

According to other news, as told (spun) by a Microsoft booster.,"Microsoft's advance security notification service no longer publicly available". The booster says that "Microsoft is taking its Advance Notification Service private, claiming the change is due to changes in the way users want their advance security notifications." Microsoft sure tells the NSA about ways to hijack/wiretap Microsoft software, so it's a matter of privilege, not some company-wide policy.

How does the above serve users? It doesn't. This is about Microsoft, not users. Users will be left even more vulnerable. As Pogson correctly points out, "There are no Patch Tuesdays with Debian GNU/Linux so the bad guys are no further ahead. We can all get Debian’s patches as soon as they generate them and we can usually install the updates on running systems with no adverse consequences, like a re-re-reboot."

Moreover, in large corporations in particular, patching code internally is possible or even relying on third parties. Don't ever trust security at binary level, such as large blobs being sent that are supposedly 'patched' or some opaque board giving 'approval' before the running of a binary blob, mostly likely based on some cryptic signature approved by unknown people for unknown reasons (usually employees of companies that work with the NSA). Real security emanates from transparency, which breeds trust and provides to ability for one to study and patch one's own programs (or rely on others to do so using their specialised skills). ⬆

"Anyone wonder why the Microsoft SQL server is called the sequel server? Is that because no matter what version it's at there's always going to be a sequel needed to fix the major bugs and security flaws in the last version?"

--Unknown

If Your Company Lost About 30% of Its 'Value' in 3 Months, Then Maybe It Was Never Worth What You Claimed: Does that make sense?
Pleroma is Dying: The last social control media that I joined was Pleroma
Asia and Social Control Media: statCounter reckons it's down from over 10% to just 3% since it began tracking those things
Anonymous Threats Against My Wife and Against Yours Truly: Promoting GNU/Linux and condemning people who attack GNU/Linux is not a crime
Decades-Long Microsofter (Darryl K. Taft) and TIOBE Conflate Microsoft GitHub (Proprietary) With FOSS in Microsoft-Sponsored 'News' Site: We do not intend to do a lengthy debunking because we covered this subject several times in the past
Microsoft Cuts Continue, Visitor Center in Redmond Shut Down: This goes on and on, leading up to the next giant wave of mass layoffs
IBM Bubble Deflating After James Kavanaugh's Accounting Trick With 'Toxic Assets' Comes Under SEC Scrutiny: If something goes up based on false speculations, bonus numbers and self-serving lies, then it'll come back down, eventually...
The EPO's Corruption and Violation of Rules is Spreading to the United Kingdom (Software Patents): Yesterday a letter was sent to the chief regarding salaries while reminding him of the next strike, which is only 11 days away
IBM Continues Tanking Today, Already $58+ Lower Than Recent High, Insiders Explain Why: The same CFO from the inception of Kyndryl is still the CFO at IBM
Put Criminals in Prison, Not People Who Report the Crimes: Can people be sent to prison for opposing crime?
Links 13/02/2026: SUSE Uses Microsoft Internally, MElon's Company Helps Turn Epstein Files Into Child Abuse (After the Pornography Scandals): Links for the day
African Browser Choices Show a Growing Problem in the World Wide Web: World Wide Web (WWW) becoming little but a transport layer for a particular proprietary application (Google Chrome) [...] we're back to the late 1990s
If You Want Digital Freedom, Then Follow Richard Stallman, the "Linux" Brand Has Changed and OSI is Microsoft (GitHub): If you want something stable and predictable, then stick with GNU, the GPL, and GCC
Solicitors Disciplinary Tribunal and SRA Failing to Curb SLAPPs Against People Who Expose Wrongdoing: We'll soon show messages that we transmitted to politicians
Beware the Latest IBM SPAM, IBM is Already Down "After Hours": After a harsh day in Wall Street IBM's shares area already down again (after trading hours)
Radicalism in Our Communities is Mostly Corporate, Not Grassroots: Infiltration and systematic destruction can be shallowly painted as "inducing manners"
Life Gets Better After Social Control Media: Don't become part of these experiments
statCounter Suggests Americans Are Dumping Social Control Media: Are Americans getting fed up with social control media and quitting in droves?
Back Doors and Fake Security: They've militarised everything, even people's home computers
Cost-Cutting and Book-Cooking at IBM: It's like cutting salaries by more than 50%
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, February 12, 2026: IRC logs for Thursday, February 12, 2026
Mainstream Media Intentionally Ignoring EPO Strikes: “EPO on Strike!”
Jeffrey Epstein crypto disclosure: uncanny timing, Bitcoin demise, pump-and-dump, ponzi schemes: Reprinted with permission from Daniel Pocock
Gemini Links 12/02/2026: Avoiding Coffee, Trying Ubuntu, and "Open Source Robot": Links for the day
Microsoft Slop CEO Speaks of Layoffs: They will go along with the "replaced by AI" baloney
In Systematic Contempt of the British High Court, Brett Wilson LLP Spent Two Years Lying to Courts and Breaking Rules Against Us: We criticise Brett Wilson LLP quite lot because of its conduct
IBM Kyndryl as "Aggressive “Enron” Accounting": IBM Kyndryl continues to nosedive today
Relationships evidence: Tiago, Tassia, Thais, Antonio & Debian favoritism, nepotism: Reprinted with permission from Daniel Pocock
Debian pregnancy cluster: why it is public interest: Reprinted with permission from Daniel Pocock
State of the Slop, Slopfarms Containment: Slopfarms still exist this year, but their visibility is limited
Links 12/02/2026: Pushback Against, "NATO Is Expected to Step Up Arctic Security": Links for the day
Links 12/02/2026: "Microsoft Just Forked Windows" and Windows Notepad is a Giant Security Hole: Links for the day
Windows Has Become Increasingly Irrelevant: There's a very massive wave of layoffs coming Microsoft's way
Our Most Successful Year Ever: The hired guns in London are eager to turn the UK into another China
Slopfarms Waning, But Not Extinct Yet: Metrics show that usage of LLMs is declining
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, February 11, 2026: IRC logs for Wednesday, February 11, 2026
IBM's Stock is Crashing: If it follows the trajectory of its satellite Kyndryl, it can fall and reach as low as $75
Gemini Links 11/02/2026: Sunny Morning and "KiCad Aims to Ease Linux Installation": Links for the day
Microsoft Loses Ground in Switzerland: One issue is, Google and Apple seem to gain at Microsoft's expense
Microsoft Layoffs Must be Very Near (and Very Large): just like IBM
Bringing Attention/Awareness of EPO Corruption and Cocaine Use to the Mainstream Media: What has Europe become? Prey to vultures?
The Solicitors Regulation Authority (SRA) Delusion - Part V - Everyone Seems to Agree That SRA is a Sham: We're going to start a new series soon
A Can of WORMS - Part V - Up Next: The Comeback of RMS in the United States: Guess who funds the cancellers
Threats From 'Former' Red Hat (Now IBM) Staff While IBM's Likely Accounting Fraud Attracts Public Scrutiny: We must be getting "warm"
Matthew J. Garrett Has Just Sent a Threat to Put My Wife and I in Prison Because His Own Spouse Says He's a Rapist: What really intimidates him is his own spouse
Gemini Links 11/02/2026: Terminator Trilogy and Lagrange in the Apple App Store: Links for the day
Links 11/02/2026: Fentanylware (CheeTok) for ICE, Jimmy Lai Shows Journalism Became 'Crime' in Hong Kong: Links for the day
With Firefox Measured at 2% in the United Kingdom Time is Running Out for Web Site Support for Gecko/Servo Users: The open Web is rapidly dying while Mozilla celebrates and champions slop
Lawsuit reactions: EFF behaviour reveals zombification, censorship: Reprinted with permission from Daniel Pocock
Links 11/02/2026: $700 Billion Slop Bill, Social Control Media Under Political Fire for Deliberate Health Harms: Links for the day
Amended Input From Software Freedom Institute for EU Consultation on Free Software: "On 3 February 2026 Software Freedom Institute lodged a submission with the European Commission's inquiry into Open Digital Ecosystems"
Mobbing at the European Patent Office (EPO) - Part VI - Attacks on Staff and Attacks on the Law Merit Another New Series: new series coming shortly
Nadella's Mindless PR Spam Ahead of the Layoffs 'Snowball' (Adding Up Batches) Turning Into an Avalanche: Based on recent observations, the more puff pieces we see about Nadella, the closer we get to Microsoft "pulling the trigger" on mass layoffs
When Happens to Red Hat If (or When) IBM Collapses: IBM is in flux because its CFO is now implicated in what seems like accounting fraud
IBM's Financial Engineering (Accounting Fraud) Shell, Kyndryl Holdings Inc, is Insolvent: If this was done by the very same people who still run IBM, can we expect any better from "Sugar Daddy" IBM?
2026 a Very Productive Year and We Have Many Big Stories to Tell: maybe we'll produce 8,000 new articles/pages by year's end
Clownflare is in Trouble as Its Debt More Than Doubled in Less Than a Year, Expect Further Enshittification: Clownflare isn't free
After the Next Wave of Microsoft Layoffs Washington State Could be #1 for US Layoffs: Microsoft Corp shares were down yesterday
EPO's Local Staff Committee The Hague (LSCTH): The EPO is Generally “Managed by Excel” (Microsoft): The current management has basically defined corruption to be "success"
With an IBM Company Down Over 75% After Apparent Accounting Fraud the IBM Insiders Want Answers From James Krabanaugh: He has no technical qualifications
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, February 10, 2026: IRC logs for Tuesday, February 10, 2026

Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Recent Techrights' Posts