Samsung Did Not Install Keylogger Software on Laptops: New Research

A new review of laptops from Samsung (News - Alert) show they do not have keylogger software installed, as previously speculated. Instead, there was confusion about an anti-virus program, according to media reports.

The presence of keylogger software is a serious issue.  They can be used by hackers to lift confidential information such as usernames or passwords, media reports explain.

The charge was made that keylogging software had been installed on R525 and R540 Samsung laptops. Then researchers looked more in-depth at the allegations and found that they were false, according to a Samsung blog post.

A test using a security program, named VIPRE, made by GFI Software, “mistook a folder created by Microsoft’s (News - Alert) Live Application for a key logging software, during a virus scan,” according to the Samsung blog post.

“The confusion arose because VIPRE mistook Microsoft's Live Application multi-language support folder, "SL" folder, as StarLogger,” the Samsung blog post added.

A blog post from GFI Labs by Alex Eckelberry, general manager, GFI Security, said the incorrect result was their “fault,” and was “incredibly embarrassing.”

In his explanation of how the events unfolded, Eckelberry said that researchers have several tools to detect malware.

“In VIPRE among some of the detection types are heuristic (meaning, using a method of pattern analysis on the file); behavioral (looking at the behavior of a file in VIPRE's emulator to see if it does anything malicious) or signature-based (simply creating a file signature for the file). Part of the heuristic toolkit used might be any number of types of analyses, and these can include looking at the contents of the file for specific patterns that indicate malware. A researcher can also (but rarely) use a folder path as part of a more comprehensive detection set. Imagine you're a researcher: You see the folder name ‘C:\windows\sl’,” Eckelberry said.

This is, indeed, something one would never find on a Windows system at the time the detection was written, so the researcher added this folder path to his heuristics for this keylogger. It was peer-reviewed and tested against a broad range of Windows platforms, including every foreign language set. Everything is fine and dandy... except that at some point several years after the original detection was written, Windows Live started using that directory to install Slovenian language files for Windows Live. Samsung started pre-installing Windows Live, including all the languages, and there you have the problem we're having today,” Eckelberry continued.

PC World reported if Samsung had installed keylogger on the laptops it may have meant serious legal trouble for the company.

Cindy Cohn, legal director for the Electronic Frontier Foundation, told PC World, "They shouldn't be installing keyloggers on devices that they're selling to the general public. Even if Samsung isn't using it, you're basically setting up someone else to use it.”

It could have led to lawsuits or possible violations of consumer protection laws, Cohn told PC World.

In other recent news about GFI Software, TMCnet reported that Amazon.com (News - Alert) was the target of an online scam which created fake receipts for items sold through Amazon.com and its partners. GFI Software made the discovery and alerted Amazon.com about the deception which came in the middle of the busy winter holiday selling season.