We contacted three public relations officers for Samsung for comment about this issue and gave them a week to send us their comments. No one from the company replied.



Good luck, Samsung! We see a class-action lawsuit in your future…"

"The statements that Samsung installs keylogger on R525 and R540 laptop computers are false.



Our findings indicate that the person mentioned in the article used a security program called VIPRE that mistook a folder created by Microsoft’s Live Application for a key logging software, during a virus scan.



The confusion arose because VIPRE mistook Microsoft's Live Application multi-language support folder, "SL" folder, as StarLogger.



(Depending on the language, under C:windows folders "SL" for Slovene, "KO" for Korean, "EN" for English are created.)



Samsung will continue to respect customer needs by providing the highest quality products and services.

"Samsung has launched an investigation into the matter and is working with Mich Kabay and Mohamed Hassan in the investigation. Samsung engineers are collaborating with the computer security expert, Mohamed Hassan, MSIA, CISSP, CISA, with faculty at the Norwich University Center for Advanced Computing and Digital Forensics, and with the antivirus vendor whose product identified a possible keylogger (or which may have issued a false positive). The company and the University will post news as fast as possible on Network World. A Samsung executive is personally delivering a randomly selected laptop purchased at a retail store to the Norwich scientists. Prof. Kabay praises Samsung for its immediate, positive and collaborative response to this situation."

, MSIA, CISSP, CISA and the founder of, a firm that specializes in information security consulting services, said he first became aware of spy software installed on a, last month. He claimed he deleted the keylogging software () from the system immediately, using athat he failed to name.Just a couple of weeks later, after experiencing problems with the, he returned the R525 and picked up aninstead at a different store. Once again, he was alerted to the same keylogging software as he was with the first notebook and again, deleted it.Hassan claims.In a follow-up article, Hassan describes his contact with Samsung Support. The support personnel denied the presence of any such software on the Samsung notebooks. Then, Hassan alleges, after being told the same software was found on both the R525 and R540, the staff "changed its story" and referred him to Microsoft since "all Samsung did was to manufacture the hardware."Hassan was then redirected to one of the support supervisors. Here's where it gets very interesting. First the supervisor allegedly claimed to not be sure how the software could have gotten there. Then, after leaving Hassan on hold for a while, he admitted that Samsung did knowingly put the software on the laptop to, "monitor the performance of the machine and to find out how it is being used."That would seem like a damning admission, and indeed, Hassan's articles, published with some extras by Mich Kabay on networkworld.com, relates it to the Sony BMG rootkit incident and name-drops Mark Russinovich, Microsoft technical fellow (who was of Sysinternals at the time).Kabay's final comment on the second article sums up the general tone of both articles...Indeed, if true, this would be a legal catastrophe for Samsung. Luckily for Samsung, it is not true at all and there is a much simpler explanation of what really has happened here.The firm was surprised by the allegations and opened an investigation immediately. It turns out that there is no keylogging software on either model. Instead, VIPRE security software incorrectly reported the Slovene language folder for some Microsoft software as StarLogger. The false positive was for the c:/windows/SL directory.Here is the full statement from a Korean Samsung site, along with a screenshot of VIPRE security software alerting the false positive.So while it is a great thing for customers who own these R525 and R540 products to know its a false positive, how much damage has potentially been done to Samsung? A Google search today of the directory in question (c:/windows/SL) pulled up the first result as " How to Find and remove StarLogger from Samsung Laptops " (they have since put a note on the page reflecting Samsung's denial and the explanation for the false positive, but perhaps the best course of action would be to remove the page entirely or at least change the title?). Perhaps more worrying is that (at the time of writing) a Google search for "Samsung R525" displays the networkworld.com article, titled, in the first 10 results.It is a tad surprising that with the credentials listed for Mr Hassan, as well as the fact that he is founder of, a firm that specializes in information security consulting services, he didn't suspect a false positive on the grounds that he has used the same commercial security software for six years and didn't get one yet? And why wasn't the VIPRE software mentioned (in the networkworld article) so other IT consultants could see for themselves if it was false positive by simply creating the c:/windows/SL directory on their clean systems?This all just seems to be a mistake/embarrassment that could have been completely avoided by some simple research. It's hard to see how Mr Hassan'sof his laptop led him to the conclusion that one of the biggest consumer electronics firms in the world would be so stupid as to pre-load spying software into customer's laptops. I mentioned the name dropping of the respectablefor a reason, his Sysinternals tools contain a bunch of tools that would have been very helpful in checking for such spying software, such as Process Monitor Process Explorer or Autoruns , none of which require any kind of specialist IT skills to use.Perhaps this is all just a big misunderstanding that got blown out of proportion. The good news is it is not true. We have not yet entered the terrifying world of pre-installed spy software on our OEM products: I am a tad bit surprised that networkworld.com isrunning this as a top story and has yet to even mention Samsung's statement clearing the issue up (14:15pm, GMT+1). The top news story on the site right now is, while a graphic (shown on the right and sourced on networkworld.com homepage) still asserts thatThis issue has been corrected almost everywhere onlinenetworkworld.com. What's going on guys? It's a two page article and it still doesn't even link to Samsung's latest response? Oh and that second page actually doesn't have any relevant content on it at time of writing either, it simply declares thatComments published to the article seem to be from pretty underwhelmed users.posted byon Thu, 03/31/2011 - 7:24am another comment from an "Anon" source reads, posted By Anon on Thu, 03/31/2011 - 8:59am : NetworkWorld seems to be caught up with the rest of us now . Along with the new news item, the first article that was attributed to Hassan and Kabay has been updated to reflect the change Immediate, positive and collaborative response? That is quite a tone change compared to thepredicted for their future in the second article. At least Samsung is being cleared of any wrong-doing, as with today's ruthless competition in the media, it is quite easy for reputations to be destroyed needlessly.