Summary: Shocking new revelations about Microsoft's patronising attitude, which leaves customers vulnerable and unable to control their computers

Microsoft Spurned Researcher Collective is a new group of disgruntled experts whom Microsoft mistreated after they had helped Microsoft discover serious bugs in its software. According to this news item, Microsoft's attitude towards security vulnerabilities is absolutely appalling and Microsoft should be slammed for it.

In October 2006, security researcher H.D. Moore discovered a serious problem with the way applications running on Windows display rich text content.

He reported the vulnerability to Microsoft and nearly four years later it's still not fixed, despite the fact that it could be exploited to run malicious code on a PC and take control of it.

Unfortunately, this is not an isolated incident. According to the Zero Day Initiative, which serves as a broker between security researchers who find flaws and software companies who need to fix them, there are 122 outstanding vulnerabilities that have been reported to vendors and which have not been patched yet. The oldest on the list was reported to IBM in May 2007 and more than 30 of the outstanding vulnerabilities are older than a year.

So it only took like what...? Just years? There are other examples like this one -- several of which we covered here before. Such utter negligence [1, 2, 3] deserves scrutiny if not legal action, for reasons we explained before. By not fixing known problems Microsoft can carry on faking numbers to create a false perception of security. "Pressure mounts for a swifter response to vulnerabilities," says this new report from The H and a security news site now argues that "AV vendors detect on average 19% of malware attacks" (that's not much better than no AV software at all).

The data used for this study were collected and analyzed between April 20, 2010 and April 22, 2010, resulting in an overall total data set of approximately 1,708 confirmed malware files. The files were then run through the latest release of the top desktop AV solutions upon initial detection and again every six hours for one month to determine their detection and lag rates.

No wonder one in two Windows PCs is believed to be a Windows zombie PC. ⬆