UEFI makes computers vulnerable to advanced persistent threats that are almost impossible to detect once installed.

Here are technical details.

Kaspersky discovered this example by chance, but is unable to check in general for the presence of such rootkits in computers.

Nonfree software does not make your computer secure — it does the opposite: it prevents you from trying to secure it. UEFI is a nonfree program required for booting which is impossible to replace: in effect, a low-level rootkit. All the things that Intel has done to make its power over you secure against you also protect UEFI-level rootkits against you.

Instead of allowing Intel, AMD, Apple and perhaps ARM to impose security through tyranny, we should legislate to require them to allow users to install their choice of startup software, and make available the information needed to develop such. Think of this as right-to-repair at the initialization stage.