Samsung accused of pre-installing keyloggers in their new laptops

[mouser]

Yikes, if you have a recent Samsung laptop, you may want to check out this story from today's edition of Network World.

This turned out to be yet another FALSE POSITIVE by a lazy antivirus company.

Samsung Electronics is investigating allegations that some models of its R Series laptops contain keylogging software that could be used to record anything typed on the laptop computers.

Mohamed Hassan said he became aware of the issue last month, when he purchased a Samsung R525 at a Best Buy in Toronto. The laptop had keylogging software on it, which he deleted immediately. Two weeks later, Hassan decided he wanted a more powerful machine, so he returned the R525 and bought a new model -- the R540, at a local FutureShop. To his surprise, the keylogger was there too, Hassan said in an interview Wednesday.

"These were new systems. They weren't used for anything," he said. "I could give them the benefit of the doubt on the first one. But then when I got a second model, a different model from a different store, that tells me that Samsung is aware of the problem."

Hassan, an IT consultant based in Toronto, said that Samsung tech support told him: "We just put it there to find out how the computer is being used."

http://www.networkwo...rt-of-keylogger.html

[Renegade]

That is so very very far off the reservation... I have a hard time believing that any company like Samsung would do that, especially after the Sony debaucle. I could believe that a malicious third party put it on between the manufacturing and the retailer, or at the retailer.

Samsung security in Suwon is pretty darn tight. You cannot use a USB key on any machines there at all (by default). But, it's not impregnable. A third party intervening there? Dunno.

[mouser]

it is hard to imagine they would do this on purpose.. a 3rd party software seems the likely culprit.. the real question is how does it get on the pc and when..

[Renegade]

Thinking about it again, it seems to me that if Samsung were to do it, they would make use of their own custom keylogger, and not use a 3rd party one. That's just the Korean way of doing things - build it yourself. It's out of character.

[mwb1100]

Samsung's response:  http://www.samsungtomorrow.com/1071

The statements that Samsung installs keylogger on R525 and R540 laptop computers are false.

Our findings indicate that the person mentioned in the article used a security program called VIPRE that mistook a folder created by Microsoft’s Live Application for a key logging software, during a virus scan.

-http://www.samsungtomorrow.com/1071

[mwb1100]

And from an anonymous posting (that I haven't verified - if someone out there has VIPRE or Spyware Dr., it would be interesting to see if this is true):

Go try this... create a windows\sl directory then run spyware doctor or vipre... run a scan.. they will report you are infected with the same keylogger... they are simply triggering on the existance of an "sl" directory and the author of original post didn't do ANY research on this.. he just assumed Spyware Dr. was correct and then wrote about it.

-http://www.networkworld.com/community/node/72622?page=3

[Jibz]

The annoying thing is that it is already being reported on other sites as if it were a fact and not just an accusation, for instance Blue's News links it simply as "Samsung installs keylogger on its laptops".

Edit: I guess they got that from this blog post on networkworld where the author changed the wording.

[housetier]

I was totally believing those allegations, but now I have doubts. Guess, I'll have to remember to be much more careful about stuff written on the internets.

And yeah, Doco seems to be a much more reliable and trustworthy source of information

[housetier]

Secretly I want samsung to have made this mistake. It would remind people to not blindly trust companies just because they put shiny stickers on a device.

If "THEY" are being secretive they must have a sinister motive.

But given the snaky oiliness of "computer security" products, the false positive still sounds like very possible explanation.

[Renegade]

I was totally believing those allegations, but now I have doubts. Guess, I'll have to remember to be much more careful about stuff written on the internets.

And yeah, Doco seems to be a much more reliable and trustworthy source of information

-housetier (March 31, 2011, 03:58 AM)

I know what you mean. It's almost scary just how much false information you get now. Journalism used to be somewhat responsible...

Secretly I want samsung to have made this mistake. It would remind people to not blindly trust companies just because they put shiny stickers on a device.

If "THEY" are being secretive they must have a sinister motive.

But given the snaky oiliness of "computer security" products, the false positive still sounds like very possible explanation.

-housetier (March 31, 2011, 04:19 AM)

I have a soft spot for Samsung. I make lots of money from them. So I like to seem them come out ahead.

[mouser]

we have discussed so many times on this forum the evil of false positives and the laziness of security software in blithely reporting things as threats when they have no idea what they are looking at.  one wonders what it's going to take to make antivirus companies get serious about stopping this disgraceful behavior with regard to false positives.

[Renegade]

we have discussed so many times on this forum the evil of false positives and the laziness of security software in blithely reporting things as threats when they have no idea what they are looking at.  one wonders what it's going to take to make antivirus companies get serious about stopping this disgraceful behavior with regard to false positives.

-mouser (March 31, 2011, 05:02 AM)

Hell freezing over? Armageddon? The 4 horsemen of the Apocalypse?

Nah... Those are all far too common and easy~!

[lanux128]

in the end, it petered out to a false positive.. having said that, i'm bemused by a few things.

1. that a "security researcher" [1] took a security software's conclusion of an imaginary keylogger instead of doing his own research.
2. doesn't anyone else has this Vipre-Microsoft Live combo, since this has never been triggered previously? (this is easy, probably Vipre added something to the virus def. file in a newer update).
3. why is the multi language folder is directly under "C:\Windows"? couldn't Microsoft come up with a better/logical directory structure? (see pic)


pic source: http://www.samsungtomorrow.com/1071

[lanux128]

Sunbelt Software (makers of Vipre) just posted this on their twitter account.

Samsung Laptops do not have a keylogger (and it was our fault) http://goo.gl/fb/XPQzB

[mwb1100]

Wow.  As much as I agree with Mouser's position on false positives, I'm pretty impressed with Sunbelt's taking full responsibility and just flat-out apologizing.  Nowadays, it seems most 'apologies' are really not:

  - http://idealisticpra...-is-not-apology.html
  - http://blogs.msdn.co...7/02/26/1763692.aspx

[housetier]

Now THAT was quite interesting! I shall remember

fauxpology