Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Dr. Roy Schestowitz

2015-01-09 17:27:48 UTC
Modified: 2015-01-09 17:27:48 UTC

Summary: Some blobs like Microsoft's Windows patches and the binary-level UEFI 'validation' do not and cannot provide real security, only insecurity in disguise

THE 'PROMISE' of UEFI 'secure' boot is as ludicrous as Microsoft's claims that it pursues security. UEFI does nothing real for security; in fact, it once again does the very opposite. Quoting the news:

A pair of security researchers have found a buffer overflow vulnerability within the implementation of the unified extensible firmware interface (UEFI) within the EDK1 project used in firmware development.

Bromium researcher Rafal Wojtczuk and MITRE Corp's Corey Kallenberg said the bug in the FSVariable.c source file was linked to a variable used to reclaim empty space on SPI flash chips.

According to other news, as told (spun) by a Microsoft booster.,"Microsoft's advance security notification service no longer publicly available". The booster says that "Microsoft is taking its Advance Notification Service private, claiming the change is due to changes in the way users want their advance security notifications." Microsoft sure tells the NSA about ways to hijack/wiretap Microsoft software, so it's a matter of privilege, not some company-wide policy.

How does the above serve users? It doesn't. This is about Microsoft, not users. Users will be left even more vulnerable. As Pogson correctly points out, "There are no Patch Tuesdays with Debian GNU/Linux so the bad guys are no further ahead. We can all get Debian’s patches as soon as they generate them and we can usually install the updates on running systems with no adverse consequences, like a re-re-reboot."

Moreover, in large corporations in particular, patching code internally is possible or even relying on third parties. Don't ever trust security at binary level, such as large blobs being sent that are supposedly 'patched' or some opaque board giving 'approval' before the running of a binary blob, mostly likely based on some cryptic signature approved by unknown people for unknown reasons (usually employees of companies that work with the NSA). Real security emanates from transparency, which breeds trust and provides to ability for one to study and patch one's own programs (or rely on others to do so using their specialised skills). ⬆

"Anyone wonder why the Microsoft SQL server is called the sequel server? Is that because no matter what version it's at there's always going to be a sequel needed to fix the major bugs and security flaws in the last version?"

--Unknown

People Discuss Rumours of Mass Layoffs at IBM Becoming Public in 1-2 Weeks: IBM is killing its brand or its "goodwill"
The Old Days: In the early days of this site (2006) it was mostly just a couple of people, plus comments
Links 28/03/2026: Microsoft's LinkedIn a National Security Risk, Microsoft's Slop "Ambitions Face Investor Scrutiny Amid Soaring Costs": Links for the day
The Limits of Inclusion: Inclusion with caution isn't "opinionated"; it's a defence mechanism, sometimes a survival instinct
Almost 20 Years After Microsoft/Novell: The mission has not changed, but the priorities evolve all the time
LLM Slop Kills Sites, as Sites That Adopt Slop Are Doomed: People won't subscribe to such sites and visit them if they recognise it's just slop
Links 29/03/2026: Indonesia Cracks Down on Social Control Media Addiction, China Becomes World’s Scientific Superpower: Links for the day
Fedora at the Mercy of Microsoft Because of Back-Doored Kick-Switch Boot: We'll soon revisit the defamation attacks on Torvalds
Links 29/03/2026: Water Shortages and No Kings Rallies: Links for the day
Gemini Links 29/03/2026: Return to Gopherspace, "Zen of Marking Playing Cards": Links for the day
The Real XBox is Dead, So Microsoft is Calling Everything "XBox" Now: It even wanted to run a campaign to convince everybody that XBox is not actually a console
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, March 28, 2026: IRC logs for Saturday, March 28, 2026
Open Web Destroyed by Centibillionaires, Says Anil Dash of Blogging Fame: Blogging was going through its 'prime years' about 20 years ago
"Linux" Slop Going Away, Microsoft et al Pay 'Linux' Foundation to Promote Slop: It's a timely reminder that the Linux Foundation exists to promote whoever pays the Linux Foundation, even pedophiles and companies that attack the GPL
Gemini Links 28/03/2026: "Finding My Base Tone", "Astrobotany", and BugoutBack/OFFLFIRSOCH: Links for the day
Links 28/03/2026: More Worldwide Bans on Social Control Media (Harms to Adolescents), Protests in US Against Dictatorship: Links for the day
SLAPP Censorship - Part 26 Out of 200: Asking for Documents and Information You Already Have, Even Letters and E-mails That You Yourself Sent!: barristers are expensive
Gemini Links 28/03/2026: Echo Delay and 0x0.st: Links for the day
Rumours of More IBM Mass Layoffs at Beginning of April: IBM is not doing well
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, March 27, 2026: IRC logs for Friday, March 27, 2026
"Headcount" as Distraction From Mass Layoffs and Salary Reductions: Things aren't looking well when one considers revenue is acquired, not earned
"Linux" Slop Turning Rarer, New York Times Nowadays Contaminated With LLM Slop: Another day has passed without much slop about "linux"
Links 27/03/2026: Studying Whale Births, Apple is Cancelling Products, Cambodia Arrests Journalists Over Photographs: Links for the day
Gemini Links 27/03/2026: GTD, Gopher Catchup, Gemini Crawlers, and "Slop Everywhere": Links for the day
Mozilla Was Ruined Like Sirius Open Source Was Ruined - From the Top Down: Mozilla will never return to its Free software roots
Nokia Could Never Recover From Microsoft: It's very important to remember what really happened
Why Techrights and Many Other Sites Stopped Doing April Fools’ Day Articles: Well before slop (made by LLMs) it was "bad optics" to have satire or humour in a site, irrespective of the day of the year
President Not-Cocaine Campinos Notified of Historic EPO Strikes (Thousands of Workers Not Coming Back to the Office): Please do pay attention to how the media treats these strikes in Europe's second-largest institution
Slides From the Presentation Discussing EPO Strikes Until End of June or Until End of 2026 (Maybe Next Year Too): More to come soon (later today)
IBM Cuts Are Everywhere (Global), the Aim is to Lower the Pay: Because the revenues keep falling (IBM buys other companies' revenues using borrowed money)
Perpetual Strikes to Begin at European Patent Office (EPO), Large Majority Votes for Strikes Any Day of the Week: Approved industrial actions [...] Notice how none of the media or even so-called 'IP' blogs write about it
Mozilla is Not a Privacy Company, Mozilla is Run by GAFAM Executives and Managers Who Came From American Surveillance Companies: Would you trust a VPN they claim to be "free"?
SLAPP Censorship - Part 25 Out of 200: That Time Matthew J. Garrett Got Temporarily Banned/Suspended From Twitter: That he gets banned from large social control media platform is hardly surprising given his combative communications
Ubuntu Started as Free With ShipIt, Now It Becomes Payware That Exploits Debian Volunteers (Slaves): "Ubuntu" the distro now replaces the GNU components inherited from Debian with a bunch of Microsoft GitHub (proprietary) things that reject reciprocal licences
Last Night The Register MS Published a Fake Article. It Mentioned "AI" 27 Times.: Paid-for nonsense! [...] What's left of once-respectable news sites actively harms society
Links 27/03/2026: Google Executive (GAFAM, US, Surveillance) "Named the New BBC Head", Prominent Climate Scientist Resigns From NASA: Links for the day
Gemini Links 27/03/2026: "Being Busy" and "Posting Again": Links for the day
GNOME Has No "Real" Executive Director, Only an IBM (Perma)'Interim' One With No Openings in Sight: GNOME is having financial problems
Microsoft Experiencing "Leadership Exodus": Microsoft's current position is no better than Meta's (Facebook)
GNU/Linux Distros Should Reject "Age Verification" and Uphold Software Freedom for Users: It's not about protecting children
Slop Plunge: we can already "smell the blood" of the so-called 'AI industry'
IBM Media Puff Pieces While Layoffs Go On and On: Has the PR industry absorbed the press?
Media Says Microsoft Hiring Freezes, But There Are Already Microsoft Layoffs: They want the public to talk about Microsoft as if it's just not hiring when it is actually firing
Richard Stallman lynchings: Sruthi Chandran splitting Debian: Reprinted with permission from Daniel Pocock
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, March 26, 2026: IRC logs for Thursday, March 26, 2026

Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Recent Techrights' Posts