Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Dr. Roy Schestowitz

2015-01-09 17:27:48 UTC
Modified: 2015-01-09 17:27:48 UTC

Summary: Some blobs like Microsoft's Windows patches and the binary-level UEFI 'validation' do not and cannot provide real security, only insecurity in disguise

THE 'PROMISE' of UEFI 'secure' boot is as ludicrous as Microsoft's claims that it pursues security. UEFI does nothing real for security; in fact, it once again does the very opposite. Quoting the news:

A pair of security researchers have found a buffer overflow vulnerability within the implementation of the unified extensible firmware interface (UEFI) within the EDK1 project used in firmware development.

Bromium researcher Rafal Wojtczuk and MITRE Corp's Corey Kallenberg said the bug in the FSVariable.c source file was linked to a variable used to reclaim empty space on SPI flash chips.

According to other news, as told (spun) by a Microsoft booster.,"Microsoft's advance security notification service no longer publicly available". The booster says that "Microsoft is taking its Advance Notification Service private, claiming the change is due to changes in the way users want their advance security notifications." Microsoft sure tells the NSA about ways to hijack/wiretap Microsoft software, so it's a matter of privilege, not some company-wide policy.

How does the above serve users? It doesn't. This is about Microsoft, not users. Users will be left even more vulnerable. As Pogson correctly points out, "There are no Patch Tuesdays with Debian GNU/Linux so the bad guys are no further ahead. We can all get Debian’s patches as soon as they generate them and we can usually install the updates on running systems with no adverse consequences, like a re-re-reboot."

Moreover, in large corporations in particular, patching code internally is possible or even relying on third parties. Don't ever trust security at binary level, such as large blobs being sent that are supposedly 'patched' or some opaque board giving 'approval' before the running of a binary blob, mostly likely based on some cryptic signature approved by unknown people for unknown reasons (usually employees of companies that work with the NSA). Real security emanates from transparency, which breeds trust and provides to ability for one to study and patch one's own programs (or rely on others to do so using their specialised skills). ⬆

"Anyone wonder why the Microsoft SQL server is called the sequel server? Is that because no matter what version it's at there's always going to be a sequel needed to fix the major bugs and security flaws in the last version?"

--Unknown

Claim That Finance and HR at IBM Already Work on the Next Wave of IBM Layoffs, Media Silence Persists: The media is still telling misleading nonsense about IBM layoffs (like some fantasy about 'rehiring' thousands for "AI")
Claims of More IBM Layoffs a Week Before 'Christmas Week': Of course, as usual, nobody in the media says anything
The Register MS Does the "AI" Keyword Stuffing Because It Gets Paid to Do "AI" Keyword Stuffing: They are in effect profiting from legitimisation and promotion of a Ponzi scheme
Blogs to Read (or Even Binge on) When You Look for a Daring and Different Perspective: If you have free time and want to check out interesting old articles/posts, consider these people
Paying the Price for IBM's Leadership Buying Worthless Companies With Capital It Doesn't Have: For some people the last day at the company is Christmas Eve
When Malformed RSS or Atom Feeds Clog Up (or Even Crash) Programs: RSS readers are an excellent way to keep on top of news online
Publication Plans for the Coming Weeks: We've begun this week with many articles and plan to carry on until tomorrow
EPO People Power - Part XIV - EPO Management Living in Fantasy Land: wrongly assumes that any crime committed by the EPO will always be brushed aside
Secret Code is Undesirable: If someone wants you to use proprietary software, say no. Secret code is even worse.
Google News Still Has an LLM Slop Problem (With Slop Images Too), But Google Itself is a Pusher of Slop: If Google keeps shilling and selling slop as "AI", and moreover if people keep hating slop (there's growing awareness of this problem), then at the end Google will suffer greatly
Gemini Links 16/12/2025: Bingo Card and i586 in 2025: Links for the day
Links 16/12/2025: Security and Conflict (No Territorial Concessions in Ukraine): Links for the day
With Half of December Over, FSF Two-Thirds of the Way Towards Funding Goal: If you can share some money this month, the FSF should be a priority
A Lot of People Don't Want "Smart" (Things That Spy, Stop Working, Cannot be Repaired Easily): They also don't want slop disguised as "intelligence"
Links 16/12/2025: More GAFAM (Now Amazon) Layoffs and iRobot Chapter 11: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, December 15, 2025: IRC logs for Monday, December 15, 2025
Wrapping Up and Ending "Slopwatch": An "end-of-life" improvement
Gemini Links 15/12/2025: How We Lost Communication to Entertainment, Dichotomy Between the Real and the Digital: Links for the day
The New Chief Editor at The Register MS is a Microsofter, Now They Increase Microsoft Coverage and Add Microsoft Slant to 'Linux' Coverage: Did Microsoft pay some more?
GAFAM "doesn't depend on any sort of lock-in, humans just don't want to be free anymore," according to MinceR: As many readers are aware, our criticism of UEFI (restricted boot in particular) attracted a lot of online harassment against us, including stalking and libel
IBM Layoffs in India and IBM's CEO Spins His Lack of Market Share as a Strength: If this leadership carries on, the only red left at IBM won't be Red Hat but a red stain
Links 15/12/2025: "Life in Prison" for Criticising China, Tikhanovskaya Says 'Pressure Works': Links for the day
Due to 'Secure Boot' (An Anti-Security Measure, a Kill Switch) Computer Users Are Afraid of GNU/Linux: This is what Microsoft wanted
'Crypto' 'Currencies' Are a Ponzi Scheme. So Is "AI". Both Destroy the Planet, Not Just the Economy.: Believe it or not, millions of these GPUs just sit there boxed, unopened, unconnected, unused
The Register MS Has Just Been Paid to Promote the Ponzi Scheme Some More ("AI" Keyword Stuffing): This won't end well for The Register MS
Microsoft Colonialism in Africa is Not Sustainable: Microsoft's situation in Nigeria is not
Perpetuating the Lie of "No Red Hat Layoffs" Because of the Bluewashing (Red Hat Became Just "IBM"): Many Red Hat employees were pushed out and/or removed lately
EPO People Power - Part XIII - If the EPO's Chief Propagandist (Berenguer) Told the Police He Was a Spanish Tourist (or Similar) or That He Does Not Reside in Munich, Then He May Have Lied to the Police (in Addition to Doing Cocaine in Public): Lying to the police in Germany is a criminal offense
Links 15/12/2025: Chromebooks as Work Machines, "Americans [Who] Moved to Australia" to Avoid Cheeto: Links for the day
Breaking Your Proprietary Router in the Name of "Security": Each time they "patch" the router something that previously worked OK is likely to just break
IBM May be Breaking the Law to Silence Staff It Laid Off: Observation to add regarding IBM layoffs
Demonisation Attacks on Richard Matthew Stallman (RMS) - Including Antisemitic Attacks - Have Not Worked: Name-calling doesn't work
Slop ("AI") Will Replace People and Take Away Jobs, Say the Slopfarms With Fake (LLM-Generated) Text and Slop Images: "AI" often means slave labour in a poor country
More Than a Million Bytes Should be Enough for Most Computer Programs: Who said computing would improve over time?
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, December 14, 2025: IRC logs for Sunday, December 14, 2025
Another "AI" (Slop) Use Cases Turns Out to be a Fraud: Those who talk about this fraud get SLAPPed
They Say Rules Are Made to be Broken, at Microsoft That Became an Imperative (e.g. Accounting Fraud, Bribery and So on): Its biggest client is itself
In Russia, Microsoft is Already a Dying Breed Online: A lot of Europe also dumps Microsoft. Europe is a big revenue source of Microsoft.
The Future of News on the World Wide Web: No "greener pastures" on the Web
𝐈𝐁𝐌 𝐂𝐄𝐎 𝐀𝐫𝐯𝐢𝐧𝐝 𝐊𝐫𝐢𝐬𝐡𝐧𝐚: Proof That at IBM People Fall Upwards: IBM is collapsing
EPO People Power - Part XII - The Mobbing Got So Bad People Were Unable to Work: What's at stake here isn't just the EPO or the patent system
Links 14/12/2025: "Chile to ban smartphones in classroom" and "Portugal updates cybercrime law to exempt security researchers": Links for the day
Gemini Links 14/12/2025: "GUI TUI CLI" and EmacsConf 2025 Video: Links for the day
Links 14/12/2025: Tensions in Asia, US Making Deals With Belarus: Links for the day
A Utopian and Very Dumb Vision of Technology, Based on Accounting Fraud: the "industry" has become insane and a lot of "the media" is going along with it
Links 14/12/2025: "The Slop of Things to Come", Goldman Sachs Nervous About Slop Bubble: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, December 13, 2025: IRC logs for Saturday, December 13, 2025

Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Recent Techrights' Posts