<<< NEWS FROM THE LAB - Thursday, March 31, 2011 >>> ARCHIVES | SEARCH Confirmed: Samsung is Not Shipping Keyloggers Posted by Mikko @ 12:25 GMT We now have confirmation for what we wrote in our previous blog post: Samsung is not shipping keyloggers on their laptops.



The whole saga was caused by a false alarm of the VIPRE Antivirus product. Apparently VIPRE detects the StarLogger keylogger by searching for the existence of a directory called "SL" in the root of the Windows directory. This is a bad idea.



As an example, here's a screenshot showing VIPRE alerting on a completely clean Windows computer after an empty "SL" folder was created:







As some Samsung laptops do indeed have a folder called "C:\WINDOWS\SL" on them by default, VIPRE would alert on them with a similar warning.



Unfortunately Mohamed Hassan (CISSP) who did the original analysis did not double-check his findings and blamed Samsung instead. Apparently he did not look at the contents of the "SL" folder at all.



Samsung is innocent.



Many thanks to fellow Twitterers @the_pc_doc, @SecurityLabsGR and @paulmutton who helped with the investigation!



Updated to add: Alex Eckelberry has published a blog post explaining further why VIPRE had the false alarm.





















