Thursday, March 31, 2011

Confirmed News That Samsung IS NOT shipping Keyloggers

Confirmed: Samsung is Not Shipping Keyloggers - F-Secure Weblog : News from the Lab

F-Secure now has confirmation for what they wrote in our previous blog post: Samsung is not shipping keyloggers on their laptops.

The whole saga was caused by a false alarm of the VIPRE Antivirus product. Apparently VIPRE detects the StarLogger keylogger by searching for the existence of a directory called "SL" in the root of the Windows directory. This is a bad idea.

As an example, here's a screenshot showing VIPRE alerting on a completely clean Windows computer after an empty "SL" folder was created:

As some Samsung laptops do indeed have a folder called "C:\WINDOWS\SL" on them by default, VIPRE would alert on them with a similar warning.

Unfortunately Mohamed Hassan (CISSP) who did the original analysis did not double-check his findings and blamed Samsung instead. Apparently he did not look at the contents of the "SL" folder at all.

Samsung is innocent.