Samsung Plants Keyloggers On Laptops

← Back to Stories (view on slashdot.org)

Samsung Plants Keyloggers On Laptops

Posted by samzenpus on Wednesday March 30, 2011 @10:16AM from the terrible-marketing-ideas dept.

Saint Aardvark writes "Mohammed Hassan writes in Network World that he found a keylogger program installed on his brand-new laptop — not once, but twice. After initial denials, Samsung has admitted they did this, saying it was to 'monitor the performance of the machine and to find out how it is being used.' As Hassan says, 'In other words, Samsung wanted to gather usage data without obtaining consent from laptop owners.' Three PR officers from Samsung have so far refused comment."

362 of 515 comments (clear)

Min score:

Reason:

Sort:

WTF? by Anonymous Coward · 2011-03-30 10:18 · Score: 5, Insightful

Worst idea since Sony's rootkit. They should be prosecuted over crap like this.
1. Re:WTF? by Anonymous Coward · 2011-03-30 10:25 · Score: 1
  
  Yes they should, it is a felony after all.
2. Re:WTF? by FlatEric521 · 2011-03-30 10:26 · Score: 5, Informative
  
  They should be prosecuted over crap like this.
  They will be. Sony got hit with tons of lawsuits, and they weren't using software that could steal your password. This just took corporate big brother behavior to a whole new level of invasive.
3. Re:WTF? by matt_gaia · 2011-03-30 10:26 · Score: 2
  
  Probably worse idea, since, IIRC the Sony rootkit didn't collect all of the data that this keylogger could. Whatever the case is though, still an extremely douchey move, Samsung, and hopefully one they'll be sued to hell over.
4. Re:WTF? by spun · 2011-03-30 10:27 · Score: 4, Insightful
  
  Worse than Sony's rootkit. Both programs attempt to do something to your property without your consent, but only this one also takes the opportunity to spy on you. They won't be prosecuted, though. At the very worst, some sacrificial lamb from marketing will be fired. American corporate CEOs are above the law.
  
  --
  - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
5. Re:WTF? by amicusNYCL · 2011-03-30 10:29 · Score: 1
  
  Welcome to my shitlist, Samsung. I believe you already know Sony. I'm not sure if you've met Belkin. I'm sure you'll all become friends.
  
  --
  "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
6. Re:WTF? by Missing.Matter · 2011-03-30 10:32 · Score: 4, Informative
  
  Samsung's CEO is Korean. Samsung is Korean company, you know.
7. Re:WTF? by Nerdfest · 2011-03-30 10:34 · Score: 1
  
  Yes they should. This is why I wipe machines when I get them (with Linux these days as I'm not impressed with the information that a default Windows install phones home with). Is it going to take jail terms before these companies realize that the machines and software we're buying are ours, not theirs to do with as they please?
8. Re:WTF? by Just+because+I'm+an · 2011-03-30 10:35 · Score: 3, Interesting
  
  I often wondered whether as with food where there is a legal requirement to list the ingredients there should be a similar requirement for PC vendors to list all the bloat/crap/ad-ware they include on their products. Of course people may still not know what they're in for but at least there's a chance you can stop yourself getting affected by a keylogger if you bothered to check it was there. Also if this was a legal requirement then a failure to disclose its presence would lead to a relatively strightforward penalty. I know most of the readers here would probably install the system themselves and likely not even Windows but for the bulk of the consumers it might be useful to at least know what's coming and be able to make a choice *before* the purchase is made.
  -
  I'd like to see Samsung get into big trouble over this because it is inherently wrong, at least that's my position, but I am less sure if they have broken any actual laws. Maybe some digital eavesdropping provisions that are only allowed to be done by governments have been breached but I can see Samsung weaselling out of that one. There's probably a disclaimer in 5point font 100 pages into the agreement that the buyer agrees to by opening the box.... of course that's wrong too. Oh where to start...
9. Re:WTF? by metrometro · 2011-03-30 10:36 · Score: 1
  
  What's Belkin's deal?
10. Re:WTF? by Anonymous Coward · 2011-03-30 10:40 · Score: 2, Insightful
  
  Shh, it's better to trash "American CEO's" and "American Coporations" Stop with your facts
11. Re:WTF? by Wyatt+Earp · 2011-03-30 10:44 · Score: 1
  
  Sony and Samsung are not American companies.
12. Re:WTF? by Anonymous Coward · 2011-03-30 10:51 · Score: 2, Informative
  
  Sony America and Samsung America are actually separate financial entities. They can be sued in one area and not another for example they can be sued in the U.S. but the same suit may not apply to the EU.
  I wonder if they are doing this with their phones also?
13. Re:WTF? by lgw · 2011-03-30 10:51 · Score: 3, Interesting
  
  Sony paid over half a billion to settle their FTC lawsuit, and who knows how muchmore for other lawsuits. And that was the little stuff. Because Sony's rootkit made it onto many government-owned computers, the DoJ got pissed with them , and basically said "we're giving you the benefit of the doubt this once that you didn't intend to extract sensitive information from government computers, but keep in mind that penalties for doing so could include a ban on sales of all Sony products in America, and siezure of all Sony assets in America". You'd think that would get everyone's attention.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
14. Re:WTF? by sqlrob · 2011-03-30 10:54 · Score: 2
  
  Inserting ads into http streams in their routers.
15. Re:WTF? by spun · 2011-03-30 10:54 · Score: 2
  
  Sorry, typed that wrong. Meant "In America, corporate CEOs are above the law." Applies to any and all CEOs, if the company is big enough. Have any banksters, from any country, been prosecuted in America for any crime relating to the recent depression?
  
  --
  - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
16. Re:WTF? by GeeBee · 2011-03-30 10:55 · Score: 1
  
  And don't forget this:
  Help! my Belkin router is spamming me
  Nagware promotes censorware
  http://www.theregister.co.uk/2003/11/07/help_my_belkin_router/
17. Re:WTF? by lgw · 2011-03-30 10:59 · Score: 5, Interesting
  
  If you make a habit of punishing "the CEO", then "the CEO" will be a fall guy hired by whoever actually runs the company. Sony's rootkit got Sony threatened with ending the presence of Sony in America - while America may let corporations slide on many issues, actual espianage involving a foreign corporation and sensitive government data won't be ignored.
  Samsung should be very thankful that the US Government in general avoids foreign-built computers out of a strange fear that there might be keyloggoers or similar installed on them at the factory: an idea that many /.ers once dismissed as crazy paranoia, back when Thinkpad shifted to Lenovo.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
18. Re:WTF? by Wyatt+Earp · 2011-03-30 11:02 · Score: 3, Informative
  
  Umm, yea.
  http://en.wikipedia.org/wiki/Bernard_Madoff
  http://www.bloomberg.com/news/2011-03-30/ex-taylor-bean-official-ragland-to-enter-plea-in-1-9-billion-fraud-case.html
  And this dude is in court right now
  http://en.wikipedia.org/wiki/Raj_Rajaratnam
  Theres alot of cases going on, have ended in pleas if you just google.
19. Re:WTF? by erroneus · 2011-03-30 11:18 · Score: 5, Informative
  
  Oh please. Take it from me -- I work for an "American Company" that is completely owned by a Japanese company and is completely run by employees of that same Japanese company. It's a lie. It's a huge lie. It's a lie on the scale of saying "santa claus is real." It's clearly and obviously not the truth.
20. Re:WTF? by camperslo · 2011-03-30 11:24 · Score: 2
  
  "Facts are stupid things" - Ronald Reagan during a speech at a convention
  Perhaps some of these PC vendors think that people are so used to malware that a little more doesn't matter?
21. Re:WTF? by MickyTheIdiot · 2011-03-30 11:26 · Score: 1, Insightful
  
  And me without mod points AGAIN...
22. Re:WTF? by JoeF · 2011-03-30 11:29 · Score: 1
  
  Forgive the A/C post. Can you toss up a link to that http ad stream, I'd never heard of it.
  http://www.theregister.co.uk/2003/11/07/help_my_belkin_router/
23. Re:WTF? by Coeurderoy · 2011-03-30 11:31 · Score: 4, Interesting
  
  There was a title for this in germany before WW1 it was called the
  - Sitz DIrector (or Redactor for a news paper) Sitting Director
  They has also the "früshtuck director" Breakfast Director
  THe first one is the one supposed to go to jail in case of problems, and the second one is usually an aristocrat with a nice title he takes the VIP to breakfast and other "meetings", so the real directors do not need to loose time...
  But somehow the IRS equivalent tends to think that whoum ever is making the most money in the company is the one that should go to jail....
  (not that it happens very often unfortunatelly)...
  So basically you should investigate the money trail and this gives you the "effective CEO" and that person should be the one sued...
  About the security of foreing built computers this is b**t ALL computers a build by an handfull of ODM in china, if the US government is not basically trashing the preinstalled software of any sensitive machine to install their own their clueless...
  And since they know how easy it was for them to stop various categories of foreing computers they cannot really ignore this...
  So buying US computer is purelly lobbying and nationalism...
24. Re:WTF? by Zaphod+The+42nd · 2011-03-30 11:33 · Score: 1
  
  Sadly, Sony was not required to admit fault in the issue.
  
  --
  GCS/MU/P d- s:- a-- C++++$ UL++ P+ L++ E+ W++ N o K- w--- O M+ V- PS+++ PE Y+ PGP t+ 5- X R++ tv+ b++ DI++ D++ G+ e++ h-
25. Re:WTF? by Anonymous Coward · 2011-03-30 11:34 · Score: 1
  
  Obviously the prosecution target would be the top level decision maker of a company, which is not exactly something you can hide for the publicly traded ones.
  After all, the only reason the fall-guy scenario works for lesser positions is because the top leadership is allowed to push the blame downwards. A sleazy tactic like that only works if you allow yourself to be content with that, though. A parallel leadership-based example would be militaries; you could foolishly just go after the bottom level soldiers after an atrocity, or you could, you know, work up the chain of command to the levels that were knowingly giving those orders. Same deal in a business. If you decide to prosecute all the way to the top, the top doesn't get to slap a CEO/General tag on someone else.
26. Re:WTF? by PCM2 · 2011-03-30 11:38 · Score: 2
  
  the US Government in general avoids foreign-built computers out of a strange fear that there might be keyloggoers or similar installed on them at the factory: an idea that many /.ers once dismissed as crazy paranoia, back when Thinkpad shifted to Lenovo.
  Thinkpads were being built by Lenovo long before they carried Lenovo's branding on them.
  
  --
  Breakfast served all day!
27. Re:WTF? by lgw · 2011-03-30 11:39 · Score: 4, Interesting
  
  That bit of German history is very cool, thaks.
  If the final assembly and sale of a laptop is done in the US by a US company, then the government can hold the company responsible for making sure there are no rootkits, in software, firmware, or BIOS. And that is one case in which not just the CEO, but any engineer knowingly involved in espianage, would go to jail for a very long time. They can't hold a foreign company similarly responsible (though they could ban the company from America and sieze all its American assets, which sounds to me like enough of a threat).
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
28. Re:WTF? by number11 · 2011-03-30 11:39 · Score: 5, Interesting
  
  If you make a habit of punishing "the CEO", then "the CEO" will be a fall guy hired by whoever actually runs the company.
  True. What needs to be done is, find the corporation guilty, and give it 30 days. Now, 30 days in the slammer is only a slap on the wrist, as punishments go. And of course, you can't actually put the corporation in the local jail, but you can put it under "house arrest". Send the marshalls around to padlock their premises, and freeze their bank accounts for 30 days.
  The economic consequences to the corporation would be vastly greater than any fine that could be levied. But nobody worries about other criminals who won't be able to meet their financial commitments if they do a stretch in the workhouse, so why should we worry about that when it's a corporate "person"?
29. Re:WTF? by lgw · 2011-03-30 11:48 · Score: 1, Insightful
  
  nobody worries about other criminals who won't be able to meet their financial commitments if they do a stretch in the workhouse, so why should we worry about that when it's a corporate "person"?
  Like Soylent Green, corporations are made of people. How many innocent investors and employees are you willing to punish for the malicious actions of a few? What if the company provides a vital service to its customers? Draconian solutions rarely work out well in practice. A fine many times larger than any possible profit creates the same disincentive, without suddenly telling a bunch of unrelated workers "sorry, no paycheck for you this month".
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
30. Re:WTF? by contrapunctus · 2011-03-30 11:50 · Score: 1
  
  if you replace windows with linux then make sure you get your windows tax back otherwise microsft still makes money from you and they don't care if you don't use it.
  or get a linux machine to begin with.
31. Re:WTF? by Chris+Mattern · 2011-03-30 11:59 · Score: 2
  
  Congratulations, you've just made everyone who works at that corporation, everyone who depends on that corporation's product, everyone who owns stock in that corporation, a willing, an *enthusiastic* accomplice to whatever crimes they may commit. Because they sure as hell won't want the corporation to ever be convicted of it.
32. Re:WTF? by znerk · 2011-03-30 12:11 · Score: 1
  
  the wayback machine has more information, but you have to go way back to get it. here's a link.
  
  --
  This work is licensed under a Creative Commons Attribution 3.0 Unported License.
33. Re:WTF? by IICV · 2011-03-30 12:12 · Score: 1
  
  Because "four legs good, two legs bad" has become "four legs good, two legs better."
34. Re:WTF? by Anonymous Coward · 2011-03-30 12:16 · Score: 5, Insightful
  
  Draconian solutions remind everyone of their personal responsibility. Rest assured that if investing in corporations that break the law came with actual monetary costs, pretty soon people would be avoiding the stocks of those corporations like the plague. And nothing of value would be lost.
35. Re:WTF? by clang_jangle · 2011-03-30 12:17 · Score: 2
  
  I often wondered whether as with food where there is a legal requirement to list the ingredients there should be a similar requirement for PC vendors to list all the bloat/crap/ad-ware they include on their products. Of course people may still not know what they're in for but at least there's a chance you can stop yourself getting affected by a keylogger if you bothered to check it was there.
  
  Unfortunately, that wouldn't fix the problem. Just as they're now lobbying for the right to pass of HFCS as "corn sugar", they'd find some agreeable euphemism for their spyware to.
  
  --
  Caveat Utilitor
36. Re:WTF? by clang_jangle · 2011-03-30 12:19 · Score: 1
  
  o
  
  ok better now. :P
  
  --
  Caveat Utilitor
37. Re:WTF? by DeadCatX2 · 2011-03-30 12:20 · Score: 1
  
  Instead of punishing "the CEO", we should punish the person with the highest salary. That will probably be the person who "actually runs the company."
  
  --
  :(){ :|:& };:
38. Re:WTF? by bidule · 2011-03-30 12:27 · Score: 1
  
  What if the company provides a vital service to its customers?
  What if I provide a vital service to my customers? Should I not be jailed too?
  It's the same problem with the same solutions: I will find someone else to cover my liability or I will have to reimburse my customers.
  
  --
  ID: the nose did not occur naturally, how would we wear glasses otherwise? (apologies to Voltaire)
39. Re:WTF? by number11 · 2011-03-30 12:46 · Score: 5, Interesting
  
  How many innocent investors and employees are you willing to punish for the malicious actions of a few?
  They don't get "punished". Criminal behavior often hurts innocent bystanders, are you saying that somebody with a spouse and three kids should be exempt from jail because to jail them would hurt their dependents? Hell, the investors will be hurt if the corporation makes a marketing blunder, why not if the corporation commits a crime? Yes, it's unfortunate. Maybe we should give the investors and employees standing to sue the corporation for any damages they suffer.
  What if the company provides a vital service to its customers?
  What if I provide a vital service to my customers? Does that mean I should be exempt from jail?
40. Re:WTF? by bill_mcgonigle · 2011-03-30 13:01 · Score: 3, Interesting
  
  These are good arguments for why big corporations are unmanageable. Too big to fail, too big to punish, too big to hold accountable.
  Perhaps we should stop allowing the the government to protect these giant corporations.
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
41. Re:WTF? by DuctTape · 2011-03-30 13:08 · Score: 1
  
  My list exactly. And right before I was going to purchase a 50+" LCD set from Samsung, too. Had it all picked out and everything.
  Hard to avoid Belkin these days, tho. And Sony's movies.
  DT
  
  --
  Is this thing on? Hello?
42. Re:WTF? by Rob+the+Bold · 2011-03-30 13:15 · Score: 1
  
  nobody worries about other criminals who won't be able to meet their financial commitments if they do a stretch in the workhouse, so why should we worry about that when it's a corporate "person"?
  Like Soylent Green, corporations are made of people. How many innocent investors and employees are you willing to punish for the malicious actions of a few? What if the company provides a vital service to its customers? Draconian solutions rarely work out well in practice. A fine many times larger than any possible profit creates the same disincentive, without suddenly telling a bunch of unrelated workers "sorry, no paycheck for you this month".
  Common human criminals have friends and families, too. So? Oh, yeah, they should have known better than to associate with a criminal . . .
  
  --
  I am not a crackpot.
43. Re:WTF? by shutdown+-p+now · 2011-03-30 13:20 · Score: 1
  
  often wondered whether as with food where there is a legal requirement to list the ingredients there should be a similar requirement for PC vendors to list all the bloat/crap/ad-ware they include on their products.
  
  What? It's there. See, says right in the list:
  - remote experience enhancement service
44. Re:WTF? by noc007 · 2011-03-30 13:22 · Score: 1
  
  Ditto. I'm starting to run out of companies I'm willing to buy from. Too many companies are either going on my shit-list or are known to put out crap.
  Damn you Samsung, I was going to buy some HDDs from you.
45. Re:WTF? by Rob+the+Bold · 2011-03-30 13:32 · Score: 1
  
  AFAIR, Belkin payed off bloggers/reviewers to post good reviews of their products...
  They did? Maybe so, but AFAICR, they must have paid too much.
  
  --
  I am not a crackpot.
46. Re:WTF? by Pharmboy · 2011-03-30 13:33 · Score: 5, Insightful
  
  That isn't a bad thing. It means the company will have trouble attracting quality talent unless it develops a system and policy to NOT do things like install root kits on computers. If you work for a company that does bad things, and you pay a price, you might want to go work somewhere else, or risk paying that price.
  Is it "fair" to all the low level employees? Maybe not, but it will be effective in protecting the general public, which means it is worth the price, since it creates an incentive for companies to NOT be asshats and install root kits on devices.
  What is fair is that companies (and shareholders) pay a price for breaking the law. This is the only way you can pressure stockholders and employees to pressure their management to do business in a fair and honest way, by having a "price" for not doing so.
  
  --
  Tequila: It's not just for breakfast anymore!
47. Re:WTF? by timeOday · 2011-03-30 13:36 · Score: 1
  
  the US Government in general avoids foreign-built computers out of a strange fear that there might be keyloggoers or similar installed on them
  No, the US government does not avoid foreign-built computers. Mainly because there is no other kind.
48. Re:WTF? by BitterOak · 2011-03-30 13:41 · Score: 2, Informative
  
  Yes they should, it is a felony after all.
  Technically it isn't. It is a felony to gain unauthorized access to someone else's computer, but there is no law against installing this sort of software before the computer is sold.
  A car analogy: I can't break into your car to install a GPS tracking device, but many new car manufacturers install devices with similar functions at the factory, eg. GM's ONSTAR system.
  
  --
  If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
49. Re:WTF? by mark-t · 2011-03-30 13:44 · Score: 2
  
  Flip it around... if you go to jail, would that vital service be lost? If so, there's a problem.
  Why should the people who may depend on that vital service, which may include many hundreds of thousands of people, or even millions, suffer because of your actions?
  I'm not saying that under no circumstances can any innocent people be inconvenienced or put out by the actions of another guilty party... I'm just saying you need to put it into perspective and consider the total damage to society as a whole that could arise if you deprive a vital service.
  Of course, manufacturers of consumer electronic devices and appliances don't exactly qualify as vital services in any sense of the word that would have legal merit in business law.
  
  --
  File under 'M' for 'Manic ranting'
50. Re:WTF? by Belial6 · 2011-03-30 13:55 · Score: 2
  
  It is sad how many people there are like you that actually WANT corporations out committing crimes. Individuals have people that rely on them too. If I got sent to jail for 30 days, it would financially devastate my wife and child. So, do I get a free pass to commit crimes without threat of prosecution? If not, why not?
51. Re:WTF? by Anonymous Coward · 2011-03-30 13:56 · Score: 1
  
  If the final assembly and sale of a laptop is done in the US by a US company
  Correct - and if your grandma had wheels, she'd be a wagon...
52. Re:WTF? by Sabriel · 2011-03-30 14:09 · Score: 1
  
  There's a difference between selling a car fitted with ONSTAR and advertising it as a feature, and selling a car fitted with (the corporate equivalent of) ECHELON and refusing to even admit its existence.
53. Re:WTF? by webdog314 · 2011-03-30 14:10 · Score: 1
  
  Don't you know, corporations in the U.S. are treated like people now. But that works both ways. I can't rob a convenience store and then say, "No, it was my HAND! Punish my hand, but you can't hold the rest of my body accountable for the action of one part..."
54. Re:WTF? by Belial6 · 2011-03-30 14:16 · Score: 1
  
  That is kind of funny. There was a time when people who worried that someone might be watching them through their TV were clearly insane. It doesn't seem all that inconcevable anymore. With newer TVs having internet connections, and companies that make TVs being caught spying on customers, how hard would it be to discreetly includ a video camera into a TV and have it stream back to the company.
  
  (I am not saying this is being done, but then I also wasn't saying that Samsung was using keyloggers on their laptops yesterday)
55. Re:WTF? by fuzzyfuzzyfungus · 2011-03-30 14:41 · Score: 2
  
  "Discretely" would be somewhat difficult. At best, if nobody examines the IR aperture for remote control all that closely, you'd have until the first backlight failed out of warranty and some geek cracked it open for a DIY repair.
  
  Now, on the other hand, it would be rather easier to hide the exfiltration of data gathered by a camera that was prominently trumpeted on the box as being related to a feature of some sort(New 'Dynadjust'(tm) technology automatically optimizes Your HD Home Theatre Experience, in real time!)... Given the low cost of a chintzy cellcam and an IR LED or two, a design that adjusts the 'virtual 5.1 surround sound' or whatever variant of nausea3D is currently in vogue based on viewer position would be (rightly) seen as a gimmick by serious home theatre types; but wouldn't raise any flags on plausibility grounds.
56. Re:WTF? by fuzzyfuzzyfungus · 2011-03-30 14:44 · Score: 1
  
  What's the problem, your honor? The trademarked name of the experience enhancement bundle we included is, in fact, twenty consecutive 'space' characters followed by a line break. The presence of exactly that name on our contents disclosure should be evident to the informed consumer.
57. Re:WTF? by SmurfButcher+Bob · 2011-03-30 14:44 · Score: 1
  
  Wholly untrue. If I'm building a house to sell, and install a hidden CCTV camera in each bedroom for my own use after the sale... all joking aside, there is no doubt what would happen to me when the buyer discovers them in 10 or 20 years. And that's without playing the "OMG there were children in that bedroom" card, and nevermind the "OMG they were MAKING children in that bedroom" card.
  
  --
  
  help me i've cloned myself and can't remember which one I am
58. Re:WTF? by drooling-dog · 2011-03-30 14:46 · Score: 1
  
  That would be a good idea, provided they were required to actually use the term "crapware" in their list. Otherwise, I suspect most people would see the long list of "free" extras as an enticement rather than a problem.
59. Re:WTF? by icebraining · 2011-03-30 14:47 · Score: 4, Funny
  
  http://hyperboleandahalf.blogspot.com/2010/04/alot-is-better-than-you-at-everything.html
  
  --
  Dilbert RSS feed
60. Re:WTF? by mysidia · 2011-03-30 14:47 · Score: 1
  
  Worst idea since Sony's rootkit. They should be prosecuted over crap like this.
  I think this is even worse than Sony's rootkit.
  Sony's junk wasn't a keylogger. And your PC didn't come with it preinstalled
61. Re:WTF? by mysidia · 2011-03-30 14:51 · Score: 1
  
  American corporate CEOs are above the law.
  Maybe so... but Samsung is not. They just made my decision of a new major electronics purchase easy, though... I was debating Samsung vs another model.
  After this charade; I will not be buying the Samsung.
62. Re:WTF? by mysidia · 2011-03-30 14:55 · Score: 2
  
  but I am less sure if they have broken any actual laws. Maybe some digital eavesdropping provisions that are only allowed to be done by governments have been breached but I can see Samsung weaselling out of that one.
  Wait... Google did this on ACCIDENT (while collecting WiFi access point SSIDs).. and still got slapped with required biannual privacy audits and other penalties.
  Imagine if Google had said that was intentional and tried to defend the practice like the report says Samsung people did?
63. Re:WTF? by Nyder · 2011-03-30 14:59 · Score: 1
  
  Worst idea since Sony's rootkit. They should be prosecuted over crap like this.
  If you bought one of their devices with the keylogger on it, then by all means, sue.
  If you didn't, then start a class action lawsuit, or call your senator and complain to him.
  otherwise, no shit sherlock.
  
  --
  Be seeing you...
64. Re:WTF? by johncandale · 2011-03-30 15:00 · Score: 1
  
  rootkits can be installed to avoid a standard formant or be in Read Only memory. fyi
65. Re:WTF? by Bob9113 · 2011-03-30 15:01 · Score: 1
  
  "If you make a habit of punishing "the CEO", then "the CEO" will be a fall guy hired by whoever actually runs the company."
  When that happens, we should adapt, and start prosecuting the President, or the Chairman, or the Third Scullion's Maid, or whomever is in charge. The hypothesis that maybe, in the future, "CEO" may not mean senior decision-maker does not have any bearing on whether he should be held accountable now.
  We, as a global society, heap a great deal of accolades, accommodations, and compensation on those who successfully guide their corporations through the marketplace. That is as it should be. Likewise, when they turn their corporation into a pirate ship, we should hold them accountable for what happens.
  
  --
  Stop-Prism.org: Opt Out of Surveillance
66. Re:WTF? by Si · 2011-03-30 15:08 · Score: 1
  
  CEO-in-name-only salary: $1,000,000
  Actually-runs-the-company-CEO salary: $999,999.99
  -or-
  CEO-in-name-only salary: $1,000,000
  Actually-runs-the-company-CEO salary: $1. The rest is made up in bonuses and stock, and other "non-salary" compensation.
  Your suggestion is not really practical.
  
  --
  
  Why is it that many people who claim to support standards have such atrocious spelling and grammar?
67. Re:WTF? by socsoc · 2011-03-30 15:10 · Score: 1
  
  Like those C level execs who take $1 in salary?
68. Re:WTF? by grolschie · 2011-03-30 15:23 · Score: 1
  
  You mean like the ones that currently support Skype cameras?
69. Re:WTF? by arth1 · 2011-03-30 15:35 · Score: 2
  
  Innocent? Ignorance does not make one innocent.
  Sure, tough shit if you work for a tiny company where the owner gets thrown in jail for 30 days. You probably won't be able to do your job. But the law doesn't care about that when it's one guy. Why should it care about it when it's a corporation who otherwise has the same legal privileges as a person (and in many cases more)?
70. Re:WTF? by arkane1234 · 2011-03-30 15:46 · Score: 1
  
  American, Korean, Venezuelan, Iraqi, whathaveyou... if they do business in America, they follow American rules. Just because someone is thinking outside of the borders in no way changes things if they operate inside of American borders.
  Unless they're Mexican.
  
  --
  -- This space for lease, low setup fee, inquire within!
71. Re:WTF? by arkane1234 · 2011-03-30 15:57 · Score: 1
  
  I think the proper question would be "which part?" since most computer parts are not built in one country.
  I mean, Intel processors are manufactured in Singapore & Malaysia...
  
  --
  -- This space for lease, low setup fee, inquire within!
72. Re:WTF? by arkane1234 · 2011-03-30 15:59 · Score: 1
  
  Misc computer parts come from China.
  Taiwan, Singapore, Malaysia, and various other countries are where most physical computer parts are manufactured.
  Occasionally you might hit a USA part.
  
  --
  -- This space for lease, low setup fee, inquire within!
73. Re:WTF? by LordLimecat · 2011-03-30 16:03 · Score: 1
  
  It would be nice if we had more to a story than a link that doesnt work, a nameless and ID-less supervisor, and an utter lack of any other relevant details.
  I mean, I get that corporations can be scummy. And I get that theres a mentality of "bloggers are the underdogs and therefore the good guys". But come on, are we really so naieve as to take every story posted to slashdot at face value?
74. Re:WTF? by syousef · 2011-03-30 16:30 · Score: 1
  
  Job security is important. Employees need to be protected. Otherwise the knock on effects include further crime. (People need to feed their family. Laws are only respected where they are perceived as just). You're advocating protecting the consumer and sacrificing the employee and society to do so. Your solution is socially destructive.
  tl;dr -> Try again. Your idea SUCKS!
  
  --
  These posts express my own personal views, not those of my employer
75. Re:WTF? by Anubis+IV · 2011-03-30 16:37 · Score: 5, Informative
  
  Wow. [citation needed] much? Let's go down the list, shall we?
  1) Not only can I find no evidence of a $500M figure ever having existed before your comment, but if they had made a settlement for a half billion dollars, Sony wouldn't exist today. Their operating income last year was just $342M (source). Fat chance that Sony could survive a $500M settlement hit. By all indications (i.e. because it's not mentioned in their annual filings from that year and there are no followup stories to be found), this did not impact their bottom line in any sort of meaningful way.
  2) As for what the settlement actually was, they paid up to $150-175 per customer that damaged their PC in an attempt to remove the rootkit (see here), plus $5.75M in settlements to various states (source). That's it. It probably cost them less than $10M to settle the whole thing.
  3) For a quick example of a company that can take a hit like the one you talked about, we all remember the Microsoft EU antitrust case from a few years back, right? The one regarding media players, where they were fined roughly $600M, and had followup fines of roughly $250M and $1.44B, all of which were extensively covered in the news since they were, at the time, the largest fines ever handed down by the EU (more info). But Microsoft was able to absorb the hit. Of course, they could do that since their operating income last year was about $24B (source), which is roughly 70x that of Sony's.
  4) As for your DOJ claims, I can't find anything about government computers being infected (though I wouldn't doubt it) or the DOJ being involved at all. In fact, they never got involved, despite the public outcry and requests that a criminal investigation be launched.
  Aside from government computers getting infected, is anything you said true, or are you just routinely off by a few orders of magnitude when quoting figures, as well as prone to making up stories that have little basis in fact?
76. Re:WTF? by Anubis+IV · 2011-03-30 16:41 · Score: 2
  
  Of course, it occurs to me now (always after I hit the Submit button, of course) that maybe you meant yen for your figure. If that were the case, your estimate is pretty close. Hmm...
77. Re:WTF? by hrtserpent6 · 2011-03-30 16:49 · Score: 2
  
  Fail - these people had very little if nothing to do with the Global Financial Crisis.
  
  Madoff was convicted for a Ponzi scheme. Ragland tried to steal money from TARP. Raj is being indicted for insider trading.
  
  As heinous as their crimes were, they had NOTHING to do with the GFC caused by:
  1. the packaging, re-packaging, marking up and selling of bad assets based on fraudulent mortgage originations
  2. the completely opaque dark market of what amounted to naked bets on other people's assets
  
  Dimon, Blankfein, Mozilo, Fuld, Schwartz, Sullivan, Pandit, Thain, Lewis, and all the rest of the CEOs, CFOs, CROs and CRMOs who 'didn't see it coming' are still sipping Crystal and shopping at Bergdorfs. They just get to say "Oops, our bad" and move on. Some of them had to pay a fine, which of course was paid by their company. God forbid they have to pay out of their own pocket.
  
  And we thought Enron got off easy...
78. Re:WTF? by someoneOtherThanMe · 2011-03-30 17:38 · Score: 1
  
  What if I provide a vital service to my customers? Does that mean I should be exempt from jail?
  Of course. Have you never seen a movie when a spy or some such gets freed if he agrees to save the world?
79. Re:WTF? by SecurityGuy · 2011-03-30 17:44 · Score: 1
  
  Too big to fail, too big to punish, too big to hold accountable.
  Farces all. No company, hell, no country for that matter, is any of those.
  If we truly believe any of that nonsense, ALL such companies are too big to be allowed to exist, and should be broken into pieces small enough where entire economies are not dependent on their existence.
80. Re:WTF? by mug+funky · 2011-03-30 17:48 · Score: 1
  
  that argument applies to organised crime in general.
  perhaps the employer then has a responsibility to it's employees and must compensate them for any losses they incur as a result of the employer's crime(s)?
81. Re:WTF? by mug+funky · 2011-03-30 17:52 · Score: 1
  
  if a person with a family commits a crime, it is them who have let the family down, not the state. they need to think about the people who depend on them before committing a crime, or they're hurting more people than themselves.
  this is the reason most sane people actually don't commit crimes - it wont just hurt them if they're caught.
82. Re:WTF? by mug+funky · 2011-03-30 18:02 · Score: 1
  
  i always wonder how that will effect the power management shit that comes with it.
  probably not a huge amount on a competent system.
  but what about the little shortcuts that control screen brightness, volume, etc. most of those aren't hardware based.
83. Re:WTF? by mug+funky · 2011-03-30 18:05 · Score: 1
  
  just watch your bandwidth and you'll be fine.
  or explicitly ban all IP addresses you don't install yourself.
  or just use encrypted wifi and don't give your freaking TV the password...
84. Re:WTF? by mug+funky · 2011-03-30 18:06 · Score: 1
  
  you could always just stop buying stuff except from farmer's markets and 2nd-hand shops...
85. Re:WTF? by davester666 · 2011-03-30 18:48 · Score: 1
  
  Actually, it depends on entirely where you live and whether or not the camera's record audio as well as video.
  I recall an apartment manager who installed a video camera in a tenants show got off [both literally and figuratively] because he only recorded the video. The laws in place at the time specifically only referred to surreptitious audio recording. And since he was the manager, he also had the right to enter the apartment to install the camera.
  Of course, he probably was fired soon after this.
  
  --
  Sleep your way to a whiter smile...date a dentist!
86. Re:WTF? by Sparrow1492 · 2011-03-30 19:00 · Score: 1
  
  When the crime causes public backlash and affects the company bottom line, there is nothing to compensate the employees with.
87. Re:WTF? by syousef · 2011-03-30 19:00 · Score: 1
  
  that argument applies to organised crime in general.
  perhaps the employer then has a responsibility to it's employees and must compensate them for any losses they incur as a result of the employer's crime(s)?
  If you can't tell the difference between an employee taking a above board legitimate job and getting involved in organised crime, you're not worth discussing this with because you are either stupid, or think I am. I bet you'd be the person who shouted loudest and longest if your employer made a mistake and you were punished for it, even though you had nothing to do with that mistake. But you clearly don't care how harshly OTHERS are treated.
  
  --
  These posts express my own personal views, not those of my employer
88. Re:WTF? by Rick17JJ · 2011-03-30 19:55 · Score: 1
  
  It is also possible to buy a computer with Linux pre-installed, instead of having to remove Windows. ZaReason and System 76 both offer PCs with Linux pre-installed. If I am not mistaken, Linux is the only choice that either company offers on any of their computers.
  In addition to not having to pay Microsoft for an OS that is not wanted, a Linux user could be confident that all of the hardware is totally Linux compatible. That would be good to know, even if a fresh clean install a different version of Linux was later done.
  http://zareason.com/
  http://www.system76.com/
89. Re:WTF? by nosferatu1001 · 2011-03-30 20:08 · Score: 1
  
  In the UK this would be a crime, under the CMA, as it is *using* the system that is the criminal offence - not just gaining access to it.
90. Re:WTF? by Eraesr · 2011-03-30 20:28 · Score: 1
  
  Shit. I have a relatively recent Samsung laptop at home. I think an investigation is in order.... :-(
91. Re:WTF? by nosferatu1001 · 2011-03-30 21:03 · Score: 1
  
  Simply change "salary" to "highest total renumeration"
  Not difficult.
92. Re:WTF? by MyLeftSock · 2011-03-30 21:11 · Score: 1
  
  South Korean. Not North. BIG difference.
93. Re:WTF? by thue · 2011-03-30 21:21 · Score: 1
  
  > if they had made a settlement for a half billion dollars, Sony wouldn't exist today. Their operating income last year was just $342M (source [sony.net]). Fat chance that Sony could survive a $500M settlement hit.
  If the $500m is 1.5 times their yearly operating income, as you said, then it would just mean they would make no profit for 1.5 years. Of course they would survive that.
94. Re:WTF? by evanism · 2011-03-30 22:25 · Score: 1
  
  What I don't get is why nobody in some government department didn't see this behavior at the firewall? Imagine some dude in DoD using their shiney new lappy and it's spewing key logged strokes back to samsung, and this didn't raise some serious alarms?
  
  --
  Just bought a new quantum computer, but I'm uncertain how it works.
95. Re:WTF? by niteshifter · 2011-03-30 22:58 · Score: 1
  
  You should read that pdf (from sony.net) again: The figure you cite is operating loss. Total sales and operating revenue for 2010 was $77.570 billion.
  As for your other points .... why bother, since you flubbed #1 egregiously.
96. Re:WTF? by Xest · 2011-03-30 23:33 · Score: 1
  
  The issue that arises though in the case of a company is what if a single individual or a small group of individuals commit the crime?
  If the board of directors does something underhanded that nets them big bonuses and then whatever they did comes out and is deemed illegal, why should the receptionist on minimum wage go without her pay for a month because the courts decided to "arrest" the company for that period? Should she really be punished for not knowing what was really going on in the board room? When companies keep secrets up top how do you go out about finding a company to work for whilst remaining sure it'll never fall foul of such a law?
  No, the reason we go for the CEO is precisely because the CEO should know exactly what is going on within their company and hence be able to stop it, and if they don't they're equally to blame for incompetence in not knowing what elements of their company are even doing. It doesn't harm the company which means it's doesn't harm innocent workers, which is surely a good thing unless you want people needlessly on benefits for having done nothing wrong.
97. Re:WTF? by erroneus · 2011-03-30 23:56 · Score: 1
  
  You simply couldn't be more wrong about that and without my more recent experience, I would have said the same things you are saying now. Here, not only do they continue doing things the Japanese way, they also have to contact Japan just to make a decision about anything. I could go on and on about the differences in approach to getting things done and the inability to make decisions until pressed at the last minute, but it wouldn't make any sense until you lived it for a while.
98. Re:WTF? by ph34rtheSAiNT · 2011-03-31 00:31 · Score: 1
  
  Except that it's not. Losses are denoted in brackets (). There was a net income loss attributable to stockholders but that's because Sony also had other liabilities. (Which may or may not have included the fine. I'm not sure where they would hide it within an Annual Report)
99. Re:WTF? by jpapon · 2011-03-31 00:49 · Score: 1
  
  Their operating income last year was just $342M (source [sony.net]). Fat chance that Sony could survive a $500M settlement hit.
  Except that Sony had equity in excess of $30 billion at the end of 09, assets in excess of $130 billion, and revenue in excess of $88 billion. Check wikipedia, it links to their financial statements. While their operating income was indeed less than a billion, operating income is a measure of profit. The lawsuit would have been a blow, but it hardly would have even come close to sinking a company the size of Sony.
  
  --
  -- Let us endeavor so to live that when we pass even the undertaker shall be sorry. -- M. Twain
100. Re:WTF? by Intron · 2011-03-31 01:17 · Score: 1
  
  Does ONSTAR tell you that they can listen to your conversations in the car without any indication? They can. I think its a lot like ONSTAR.
  
  --
  Intron: the portion of DNA which expresses nothing useful.
101. Re:WTF? by Coeurderoy · 2011-03-31 01:49 · Score: 1
  
  Worse, forgot to install the english spellchecker on my new machine, but you are right I miss spell in each of the five languages I'm fluent in....
  "Qui trop embrasse mal étreints"
  Or a bout of dislexia ...
102. Re:WTF? by AmiMoJo · 2011-03-31 01:57 · Score: 1
  
  Fuck fines, the OP said "prosecute", as in criminally. There should be jail time for this kind of shit.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
103. Re:WTF? by Coeurderoy · 2011-03-31 02:01 · Score: 1
  
  Is that you again ? congratulation you win the "GN" prize of the day.
  What has this to do with the conversation again ?
104. Re:WTF? by lgw · 2011-03-31 02:02 · Score: 1
  
  And if your customers will die without the service you provide? One-man companies generalls don't provide such services, and when they do you can bet it factors into sentencing (e.g., complete the surgeries on your schedule before reporting to jail).
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
105. Re:WTF? by lgw · 2011-03-31 02:05 · Score: 1
  
  I don't get it - what part of "fine so massive it wipes out years of profit" don't you think will deter a company (incorporated or otherwise) that is so obsessed with greed that all it cares about is profit? Explain your thought process to me - are you thinking anything beyond "evil evil corporation evil" here?
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
106. Re:WTF? by AmiMoJo · 2011-03-31 02:14 · Score: 1
  
  Only if they tell you it is there. Samsung don't mention the keylogging on the box or in the adverts.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
107. Re:WTF? by Belial6 · 2011-03-31 02:31 · Score: 1
  
  The first two are doable, but they add a whole bunch of annoying work in an effort to try to prevent someone from spying on you. Much like scanning rooms for bugs could be done. There certainly are countermeasure to spying. It is just creepy that there could be a need to explain to people how to keep a corporation from spying on them.
  
  The third suggestion would break features on the TV. It's pretty hard to play Netflix without an internet connection.
108. Re:WTF? by Kwpolska · 2011-03-31 02:49 · Score: 1
  
  The Sony rootkit was just fscking with your CD drive. This one is getting all your data, all your passwords and giving them to Samsung. I'll never buy any Scheissung device anymore.
  Note to the future self and everyone else who's interested: NEVER use the Windows installation brought to you by [insert manufacturer]. Lend a CD and install it with your key. You willn't have to bother with bloatware AND stuff like that.
109. Re:WTF? by surferx0 · 2011-03-31 03:27 · Score: 1
  
  Are you so naive to think that no one in your company could possibly ever do "bad things" regardless of its perfect policies? Also are you so priviledged to forget that not everyone can pick and choose where they work? Sometimes when it comes to putting food on the table you can't sit around and wait find a job with a company that is apprently as angelic and God-like such as yours.
  All it takes is a singular action of one higher up, which you have no knowledge or control over, and you think it's okay for you and all of your coworkers to say goodbye to your source of income? How would a regular employee ever have any knowledge of what was happening at that level of the company?
  If this is even true, the only ones who would deserve punishment would be the software engineer(s) who created the image and the executive(s) who decided this program should be on the computer. You don't punish innocent people, that does not uphold the spirit of our justice system whatsoever. Yes we have a problem with holding those in large corporations accountable for things like this, but you're trying to solve it by simply causing other problems that are even worse.
110. Re:WTF? by Anubis+IV · 2011-03-31 03:51 · Score: 1
  
  As has been pointed out, I didn't flub it. Parenthesis are used to denote loss is what that meant. Since there were no parenthesis on that line, it meant gain, not loss. Wikipedia's page for Sony backs up my interpretation of those numbers, which is also where I found the link to the original source in the first place.
111. Re:WTF? by mysidia · 2011-03-31 04:33 · Score: 1
  
  It turns out to be all bogus
  April fools came early this year, I suppose, and fooled Slashdot and others.
112. Re:WTF? by tomtomtom · 2011-03-31 05:49 · Score: 1
  
  are you saying that somebody with a spouse and three kids should be exempt from jail because to jail them would hurt their dependents?
  My impression is that this actually happens quite often in the real world... community punishments or suspended sentences are often used as alternatives in these circumstances.
113. Re:WTF? by lgw · 2011-03-31 06:17 · Score: 1
  
  Anyone who makes real money has some control over when, where, and how they get paid. The real decision maker may not even be an employee - he may own an unrelated company that the company in question does business with, to his benefit (I've seen exactly that before).
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
114. Re:WTF? by lgw · 2011-03-31 06:21 · Score: 1
  
  There's no need for the senior decision maker to have any direct links to the company in question. It's very easy to obfuscate control and compensation - and the government doesn't even have any mechanism to investigate that beyond shell company games (hiding ownership rather than control), as long as taxes are evenutally paid on that comensation however delivered.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
115. Re:WTF? by bidule · 2011-03-31 13:04 · Score: 1
  
  Considering it'd take 5-10 years before the case runs through, a company would have time to complete all the surgery it needs. And nobody would bet their lives on a single company unless they had alternatives.
  Could you at least think it through before replying?
  
  --
  ID: the nose did not occur naturally, how would we wear glasses otherwise? (apologies to Voltaire)
Get Ready by vldragon · 2011-03-30 10:19 · Score: 1

Samsung's legal and PR departments need to get ready for the shitstorm that is sure to come...

--
Eating the brains of your enemies does not make you smarter. But it's still fun.
First post! by Anonymous Coward · 2011-03-30 10:20 · Score: 1, Funny

But Samsung logged it :(
Not once, but twice by HomelessInLaJolla · 2011-03-30 10:23 · Score: 1, Interesting

The public exposure of this software keylogger which could be somewhat easily discovered by a general user is the decoy for the hundreds and thousands of idiosyncratic hardware exploits which are available on nearly all systems.
Those who designed the room sized adding machines knew the exploits and limitations of those. When room sized adding machines became room sized programmatic machines those who oversaw the development and migration knew the limitations and exploits of those. When room sized programmatic machines began to approach table sized microcomputers those who oversaw the development and migration knew the limitations and exploits of those. When table sized microcomputers developed external storage devices then those who oversaw the development and integration knew the limitations and exploits in those.
The obvious has escaped the notice of the overall computing community.

--
the NPG electrode was replaced with carbon blac
1. Re:Not once, but twice by desdinova+216 · 2011-03-30 10:26 · Score: 3, Insightful
  
  What?
2. Re:Not once, but twice by Anonymous Coward · 2011-03-30 10:28 · Score: 3, Funny
  
  I think he's trying to ask for more Peyote.
3. Re:Not once, but twice by Anonymous Coward · 2011-03-30 10:49 · Score: 3, Informative
  
  He's saying this is this is lame. the real shiza is in the chip.
4. Re:Not once, but twice by hairyfeet · 2011-03-30 12:06 · Score: 3, Interesting
  
  Wow ACs as far as the eye can see...does nobody have an account besides me anymore? While I'm not the crazy OP I'd say a good target would be GPUs, which now support running more generalized code thanks to Streams and CUDA, and while I can't say about CUDA since I haven't bought or sold Nvidia in awhile I know ATI installs the Streams SDK and support OOTB with the latest GPUs.
  Now considering the amount of horsepower and RAM built into the new GPUs I'd say that one is just waiting for a blackhat to exploit, oh and the fact nearly every X86-64 CPU now supports hardware VM acceleration, which if IIRC there has already been a demonstration called blue pill that showed that code hooking into the hardware VM was undetected by the OS.
  So while the OP does sound a "little off" I'd say...yeah, with all the crazy amounts of power the average machine has in all the support chips hardware nastiness is doable. And that of course don't count rogue governments, like say if China decided to plant a backdoor at the router factory for instance. How many of your average folks have ANY idea what the hell their router is doing? As long as they can hook to the net they're happy. So I'd say it is more a matter of when than if it will happen, and if someone cooks up a good GPU nasty I could see it spreading like a Code Red all over the damned place.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
5. Re:Not once, but twice by WhitetailKitten · 2011-03-30 13:13 · Score: 2
  
  Tortured analogy. Better drink my own piss.
6. Re:Not once, but twice by Anonymous Coward · 2011-03-30 14:05 · Score: 1
  
  Dell shipped motherboards with malware in their firmware http://it.slashdot.org/story/10/07/21/1354206/Dell-Ships-Infected-Motherboards .
  It happened, your claims that it doesn't happen are null and void.
7. Re:Not once, but twice by JoeCommodore · 2011-03-30 14:47 · Score: 1
  
  Reading a tad much Fred Saberhagen, eh? (octagon)
  
  --
  "Enjoy what you're doing! If it becomes drudgery, you're doing it wrong!" - Jim Butterfield
8. Re:Not once, but twice by lysdexia · 2011-03-30 15:27 · Score: 1
  
  Was that a Markov chain?
9. Re:Not once, but twice by lxs · 2011-03-30 19:35 · Score: 1
  
  In twenty years time you'll end like the Unabomber if you keep this shit up. Living in a shack in Montana, tinkering with electronics, blowing up innocent facebook employees. Get out now!
10. Re:Not once, but twice by AmiMoJo · 2011-03-31 02:10 · Score: 1
  
  GPUs are not really very useful for viruses because they can't directly access files, the PC's RAM, other processes or OS functions. They are not really general purpose CPUs either, i.e. you couldn't write an OS or word processor on one. At best you could try to exploit bugs in the DirectX/OpenGL APIs or the calling application with malformed data, but if you can get your code onto the GPU in the first place then you probably already have the facility to use those exploits anyway.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Re:I'm sure there's a... by Anonymous Coward · 2011-03-30 10:24 · Score: 1

hello
I would like to state that I have quite found a reasonable explaination for said matter and would like to praise Samsung Inc. for their bravery and courage as well as their quality product line. I can not wait to buy another Samsung product, it fills me with a great pride to own such a quality hardware.
--
Sent from my Samsung laptop
Yet another example by milbournosphere · 2011-03-30 10:26 · Score: 1, Informative

of why one should ALWAYS wipe the hard drive of a new machine and install a clean copy of Windows (or Linux).
1. Re:Yet another example by ebcdic · 2011-03-30 10:54 · Score: 1
  
  There's no such thing as a clean copy of Windows.
2. Re:Yet another example by jbezorg · 2011-03-30 11:15 · Score: 1
  
  I know. I felt like I crawled through an old chicken coup with the last install.
  
  --
  I've lost all my marbles except one & It's fun to test angular & centripetal acceleration in my skull
3. Re:Yet another example by SmurfButcher+Bob · 2011-03-30 14:54 · Score: 1
  
  You do realize that they could simply throw a few OS-specific turds into the firmware, right? Or even bypass the OS entirely?
  
  --
  
  help me i've cloned myself and can't remember which one I am
Boycott by Lead+Butthead · 2011-03-30 10:27 · Score: 4, Insightful

Let them know their behavior isn't appropriate. Don't buy their product, and let everyone you know why you don't recommend buying their product.

--
ELOI, ELOI, LAMA SABACHTHANI!?
1. Re:Boycott by DreamArcher · 2011-03-30 10:31 · Score: 1
  
  Embargo on. I'm in the market to buy a laptop for my son's graduation gift. Samsung just removed them self from my list.
2. Re:Boycott by Quinn_Inuit · 2011-03-30 10:34 · Score: 1
  
  They just lost two customers here, probably for life. My wife's not particularly tech-savvy, but she just saw the post over my shoulder and there's no way she'd buy a Samsung now. And I'll definitely pay extra (if necessary) to know I'm not being monitored with a keylogger. So the price is immaterial...I don't think either of us would take a Samsung computer of any sort for free at this point. (I know I could theoretically wipe it and start fresh, but if it's the manufacturer doing it, who knows what kind of backups they might have built straight into the BIOS or somewhere else on the motherboard?)
  
  --
  
  Stop learning! Only you can prevent esoterrorism.
3. Re:Boycott by metrometro · 2011-03-30 10:35 · Score: 1
  
  A boycott is incredibly inadequate. The computers have already sold. The market didn't have this information at time of sale. And it doesn't have this information about any other product.
  The answer is criminal charges for wiretapping, amplified by the number of units shipped. Throw the CEO and their corporate council in jail, and I suspect it won't happen again.
4. Re:Boycott by Haedrian · 2011-03-30 10:40 · Score: 1
  
  Samsung:
  Net income US$ 13.8 billion (2009)
  Unless you know a few billion people, its not really going to work.
5. Re:Boycott by krazytekn0 · 2011-03-30 10:44 · Score: 1
  
  Criminal charges where? Korea?
  
  --
  Not all life is cyber. Extra Income
6. Re:Boycott by publiclurker · 2011-03-30 10:59 · Score: 2
  
  North if possible.
7. Re:Boycott by node+3 · 2011-03-30 11:13 · Score: 1
  
  Yeah, I think it might be difficult to get a few billion Americans to join in on a boycott...
8. Re:Boycott by CastrTroy · 2011-03-30 11:28 · Score: 1
  
  I'm all for punishing those responsible, but do you think the CEO really has knowledge of every piece of software that comes installed on every model of laptop they sell? Sure ultimately the CEO is the one in charge, but I don't think that every little decision is run by the CEO. It was probably some middle manager who ulimately signed off on the idea, and who rightfully should be punished.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
9. Re:Boycott by CastrTroy · 2011-03-30 11:31 · Score: 1
  
  Sadly, I live in Ontario, and hence can't rightfully boycott Samsung unless I get off the electrical grid. They recently set up a deal with the government to build a giant wind farm here.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
10. Re:Boycott by artor3 · 2011-03-30 11:58 · Score: 1
  
  It is the CEO's responsibility to make sure that shit like this doesn't happen under his watch. If you accept the argument that some middle manager did it, then every corporate crime will end with some poor sap getting thrown under the bus.
  Investigate the company. Subpoena all of their emails, their memos, minutes from their meetings, and try to establish that the CEO knew about it. If he did, or reasonably could have, then lock him up. If the investigators are satisfied that it really was just a rogue employee, then fine, but past behavior by corporate "citizens" have made it naive to give them the benefit of the doubt.
11. Re:Boycott by dakameleon · 2011-03-30 12:23 · Score: 1
  
  The Samsung Group is distinct from the electronics division - with revenues of $172bn in 2009, they're not really going to notice a boycott at that level, but certainly targeting the electronics division might be more noticeable.
  
  --
  Man who leaps off cliff jumps to conclusion.
12. Re:Boycott by Lou57 · 2011-03-30 16:04 · Score: 1
  
  I have been doing this for years with Sony. After spending countless nights cleaning computers of their ill-written rootkit, I became quite set that I would never buy another Sony product, and I tell others about it to this day. I haven't had to touch a Sony infected computer in years, but I can guarantee you that my vendors all know not to even mention the name to me. What a shame that such a talented group of engineers was saddled with such a poorly envisioned marketing department.
  However, this event seems to be quite different. Sony BMG was trying to prevent people from copying their music. (grrr - that statement alone is the nicest thing that I've said about Sony in years, and it SO inadequately describes how they failed)
  Samsung is trying to do ... what? Simply gain marketing information? You could gain more information by targeting a specific demorgraphic and going through their trash! Something else is going on here, and it smells a lot worse than Sony.
  Would you connect one of their internet ready TV sets up to the net? If so, get your wireshark up and running and start changing channels! Let us know.
  
  --
  Lou
13. Re:Boycott by Neil+Boekend · 2011-03-30 17:51 · Score: 1
  
  It is possible to ban a company from selling it's products in your country. If the US and the EU threaten with that the company will gladly pay a very high fine. As for throwing the CEO and the council in jail: it's a bad plan due to fall guys. See some enlightening posts further up in the thread.
  
  --
  Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
14. Re:Boycott by fervus · 2011-03-30 20:45 · Score: 1
  
  The thing abou boycott is that I am slowly but surely loosing trust in all the big corporations. If I stop buying Apple because they are evil with their tight control on what you do on your device (and I agree), Samsung because they install keyloggers, Sony because of the PS3 other OS crap (and GeoHot lawsuit), Microsoft, Google, Toshiba, Dell... Guys! I'm starting to run out of options here! Everybody pulls a lot of crap nowadays, and it seems that if they don't, they quickly loose market advantage and start pulling crappy products on the market. Can you help me name ONE big corporation that didn't try to screw their customers in one way or another?
15. Re:Boycott by js_sebastian · 2011-03-30 21:06 · Score: 1
  
  Let them know their behavior isn't appropriate. Don't buy their product, and let everyone you know why you don't recommend buying their product.
  I have a samsung laptop, but I don't really care what crapware, spyware, malware, or evilware they installed on top of the windows installation, as I use linux. So long as they don't do it in the bios or the hardware or something I don't care.
  
  Disclaimer: before someone flames, yes, this is evil, just doesn't affect me atm. You know, first they came for the...
16. Re:Boycott by nosferatu1001 · 2011-03-30 21:16 · Score: 1
  
  Samsung America would be my guess. Separate legal entity
17. Re:Boycott by pasv · 2011-03-31 01:10 · Score: 1
  
  I love how all this ruckus was caused by one "security researcher" who couldn't even confirm an actual keylogger was on the system produced by a second rate antivirus. It was a false positive as we find out but it's a big slap in the face to the guy who called it without verifying. All the Antivirus did afterall was spot a suspicious directory. A responsible security researcher would have gone further to confirm the issue rather than try to plaster his name against Samsung. If you've got a kernel debugger USE IT!
18. Re:Boycott by Trogre · 2011-03-31 11:45 · Score: 1
  
  See this.
  Will you retract your statement now?
  
  --
  "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
It must be INFORMED consent by realxmp · 2011-03-30 10:29 · Score: 2

If this is true then in the United Kingdom at least this is a criminal offence. It's a violation of the Regulation of Investigatory Powers Act and possibly the Computer Misuse Act. The fact that it's hidden deep in some EULA wouldn't fly, unless they made a deliberate effort to ensure users were aware.
Default Software by quorn_is_fungus · 2011-03-30 10:30 · Score: 1, Insightful

I'm surprised that Mr Hassan, having no fewer than 13 letters' worth of titles and certifications after his name, doesn't do what many informed users do immediately upon purchasing a Windows laptop: immediately format the HD and do a fresh installation of the OS. His discovery of a keylogger is yet more evidence of the necessity of doing so.
1. Re:Default Software by Wyatt+Earp · 2011-03-30 10:47 · Score: 2
  
  Macs don't come with a lot of crapware, they work just fine with the default OS instillation.
2. Re:Default Software by Wovel · 2011-03-30 11:02 · Score: 1
  
  If you are trying to make an argument that poorly written proprietary Adobe software is an industry standard, the industry is in worse shape then we thought.
3. Re:Default Software by node+3 · 2011-03-30 11:17 · Score: 2
  
  Exactly. Who on earth uses the default OS installation these days?
  Um, pretty much everyone. Unless you are going to be putting on a completely different OS (like Linux), very few people are going to go through the effort. Even most geeks will just uninstall the crapware instead of going through a full re-install.
  
  They're filled with crapware and even if not, are completely untrustable.
  Not Macs.
  
  On any new machine, you have to scrub the disk down and reinstall your own OS from scratch. I thought that was kinda computer-101 stuff these days.
  That's not even Geek 101 stuff.
4. Re:Default Software by cbhacking · 2011-03-30 11:25 · Score: 1
  
  Fine, so they move the keylogger into the BIOS/EFI. If you can't trust the hardware manufacturer (and clearly you can't, in the case of Samsung), there's nothing to do but examine every single component with an electron microscope to ensure that the RAM controller isn't shunting off everything coming from the keyboard buffer into a stream to the network card. I could write a rootkit that, installed on a hard disk's firmware microcontroller, is completely undetectable from the outside without physically removing the disk platters. If it sent info you might be able to intercept that info, but if it instead just did something like passively wait for a given date and then crash unrecoverably, you could (for example) bring down entire datacenters simultaneously - and there'd be no way a priori to know it was coming unless you directly examined the firmware (and not just what the FW reported itself to be, but the actual bits in the EEPROM or flash or whatever).
  
  --
  There's no place I could be, since I've found Serenity...
5. Re:Default Software by ColdWetDog · 2011-03-30 11:27 · Score: 1
  
  You do realize that it's just an app. You can delete it, send it back to Steve or bury it in your backyard. I'm running 10.6.6 and I can't even recall what I did with it. Better ask the dog if he's seen it.
  
  --
  Faster! Faster! Faster would be better!
6. Re:Default Software by Zaphod+The+42nd · 2011-03-30 12:02 · Score: 1
  
  Absolutely agreed; however, it shouldn't have to be this way. Its *wrong* that when you buy an HP laptop, you're either left with something so full of bloat-ware its has difficulty running software it is rated to perform well on. If you're savvy, you IMMIDEATELY fdisk and install your OS of choice. That shouldn't be! This means companies are ignoring their customers. When that happens in capitalism, the company is supposed to suffer the wrath of the consumers. Unfortunately, most people are unaware of this issue. We need to bring it to everyone's attention, so that it really starts to get the companies' attention.
  
  They change their attitude, or they can file bankruptcy.
  
  --
  GCS/MU/P d- s:- a-- C++++$ UL++ P+ L++ E+ W++ N o K- w--- O M+ V- PS+++ PE Y+ PGP t+ 5- X R++ tv+ b++ DI++ D++ G+ e++ h-
7. Re:Default Software by Remloc · 2011-03-30 12:09 · Score: 1
  
  -1 too much time on your hands.
  I've used an exacto knife to give my Apple ][+ lowercase. I've built 2 PCs from parts (and installed Windoze and Linux from scratch on them), I've edited the floppy driver on my Linux kernel to ignore the change line and always say the floppy is changed, recompiled and run the new kernel on a box with a broken floppy change line.
  The laptop I am typing this on has not had the OS reloaded since it came from Toshiba. Life is too short and I can't be bothered.
8. Re:Default Software by socsoc · 2011-03-30 15:36 · Score: 1
  
  Sadly I think that you're both right...
9. Re:Default Software by ColdWetDog · 2011-03-31 04:36 · Score: 1
  
  So they put in in a menu item. I think the MacStore or whatever was linked to some software they were selling was there. So instead of a regular web page it shows up as an app. Evil, nasty. Might even cause Herpes.
  
  --
  Faster! Faster! Faster would be better!
10. Re:Default Software by node+3 · 2011-03-31 07:35 · Score: 1
  
  That's not even Geek 101 stuff.
  then geek cred is watered down garbage nowadays. in my day, every geek I knew wiped new machines as a matter of course. I do to this day, even ones with oem installs. it's not difficult to back up the license files.
  You never had any real reason to reinstall DOS, AmigaOS, Macintosh System, Windows 3.x, Mac OS X, etc., out of the box.
  The only reason reinstalling the OS as standard suggestion exists is because of Windows. If that's a significant part of geek culture, I do agree with you that geek cred might very well be watered down garbage these days.
  But uninstalling crapware on Windows is fairly simple (much simpler and quicker then reinstalling from the bundled OS disc, which you don't always get in the first place), and accomplishes the same ends. If you're worried about bundled keyloggers, you shouldn't be buying from them in the first place. They could just as easily put the keylogger into the installation media, and OEM licenses from major PC makers are tied to discs from only those specific companies.
  "Geek Cred" was never about reinstalling your OS out of the box, unless you were a Windows-centric geek wannabe who couldn't build his own PC. Everyone else just used the OS that came preinstalled, or in the case of Linux, had to install it on their own since it's rarely bundled, and if it is, it's probably not the distro you want. But when it is (like VA Linux systems with RedHat, or Macs with Yellow Dog Linux), you would normally just keep the preinstalled distro.
  "Geek Cred" did include being adept at reinstalling the OS when things went south, which, again, was predominantly a Windows thing, or performing a first install on homebuilt hardware.
  And all of this is a distraction from your (I assume) initial claim that reinstalling your OS out of the box is "computer-101 stuff these days". I'd be amazed if it even approaches happening a million times a year total (outside of perhaps the enterprise, where IT often pushes out their own corporate OS image when deploying new PCs).
Free Disaster Recovery by Anonymous Coward · 2011-03-30 10:30 · Score: 4, Funny

I had a longer comment, but my machine crashed before I was able to submit. Just read it back at http://logger.samsung.com/mhassan/20110330log.txt
Re:Without obtaining consent? by v1 · 2011-03-30 10:30 · Score: 4, Informative

They can put anything they darn well please into the EULA, it doesn't guarantee it to be binding or legally enforceable.
They could sneak a line in somewhere in the middle of page 28 of 45 that says by using this software you're required to send them a check for $500. It would be very hard to enforce.
The practice of installing hidden software like that already has been condemned by the FTC. (from TFA: In the words of the of former FTC chairman Deborah Platt Majoras, "Installations of secret software that create security risks are intrusive and unlawful." (FTC, 2007).) So they're probably going to get hammered on this. And rightfully so.
Usually when their legal department refuses to reply when you're requesting comments before someone goes public, it's because they're busy batoning down the hatches and polishing up their resumes.

--
I work for the Department of Redundancy Department.
Stop it by MrEricSir · 2011-03-30 10:32 · Score: 5, Insightful

If you don't get outraged when outrageous stuff happens, then don't be surprised when more outrageous things happen. It's your own damn fault for not standing up for what's right.

--
There's no -1 for "I don't get it."
1. Re:Stop it by CrazyDuke · 2011-03-30 10:46 · Score: 3, Insightful
  
  ...not to claim him, you, or myself more right or righteous. But, I often find when I stand up for the rights of myself and others, I usually end up standing alone. ...with a few shoe prints and knife blades in my backside for good measure.
  Did you ever get the feeling that the reason the things in life that suck are allowed to continue is because so many people want it that way?
  
  --
  Any sufficiently advanced influence is indistinguishable from control.
2. Re:Stop it by arkane1234 · 2011-03-30 16:14 · Score: 1
  
  It's not anger, it's frustration. Using the word "friend" when attempting to verbally subjugate a person makes you an apologist.
  
  --
  -- This space for lease, low setup fee, inquire within!
3. Re:Stop it by nahdude812 · 2011-03-30 23:13 · Score: 1
  
  Unsurprisingly, Samsung professes that the claim itself (of keylogger software being installed) is outrageous. According to them, it's a false positive caused by the inclusion of the Slovene language, which gets included in a "SL" folder in C:\windows. Apparently the existence of a folder with this name is all that's needed to make VIPRE flag you as having StarLogger installed, which they demonstrate by creating an empty "SL" folder in C:\Windows.
  
  --
  Slay a dragon... over lunch!
Only one case? by demonbug · 2011-03-30 10:32 · Score: 5, Insightful

A quick search didn't turn up any other reports of this besides discussion pointing back to the linked Network World article. Considering it seems very easy to detect (an SL folder in the main windows directory, accompanied by an automatic uninstall program?) it seems like people wouldn't have any trouble finding it if it is there. Anyone have any confirmation? Anyone besides Mr. Hassan finding this on their new Samsung?
1. Re:Only one case? by echucker · 2011-03-30 10:38 · Score: 3, Informative
  
  Some of the comments on the article reach the same conclusion. One even suggests it was someone at the store where they were purchased that installed the logger. Problem is, Samsung's tech support guy already admitted to it.
2. Re:Only one case? by cobrausn · 2011-03-30 10:38 · Score: 4, Interesting
  
  I was actually wondering the same thing myself. The article links to another discussion where a user's root kit scan caused a 'total freeze' on a samsung netbook, but this seems like something that needs verification before we grab the torches and pitchforks.
  
  --
  How does it feel to be a liar with pants constantly on fire?
3. Re:Only one case? by metrometro · 2011-03-30 10:42 · Score: 1
  
  If only this could get posted to a forum full of thousands of angry nerds. Oh wait! Slashdot: get on this, please.
4. Re:Only one case? by Andrevan · 2011-03-30 11:03 · Score: 1
  
  I have a Samsung RF510-S02 and I can't find the SL folder in my Windows directory.
  
  --
  "All it takes to fly is to hurl yourself at the ground... and miss." - Douglas Adams
5. Re:Only one case? by mgiuca · 2011-03-30 11:20 · Score: 1
  
  Yes I'd like to see something a bit more scientific than "I bought two, and after setting it up they both had this program." Firstly, a scientific approach would take a byte-for-byte image of the hard drive before booting the machine even one time. That means you can investigate exactly the state of the machine as it arrived. Who knows? Maybe he was unlucky and using a dodgy network and someone on his network was injecting the software onto his machine some time after bootup?
  Secondly, I'd like to see a packet capture to see if this software is really sending it out, and if so, how much? Obviously it's still bad even if it wasn't sending it out, but that would give some idea as to the severity of the crime.
6. Re:Only one case? by Anonymous Coward · 2011-03-30 11:29 · Score: 1
  
  But a low-level script-reader at the Indian call center that Samsung contracts with to provide zero-tier product support claimed that key loggers were official Samsung policy. Because, low-level script-readers in Indian call centers are privy to this type of decision.
  It's exactly like the time that my postman told me that Obama was born in Kenya. And since he's an employee of the government, he learns about all sorts of conspiracies like that first.
  (But seriously, if you bought two computes at the same store, and they both had the same malware installed, don't call the low-level script-readers in Indian call centers. Let the people at the store know, and let them complain to their sales reps.)
7. Re:Only one case? by LesFerg · 2011-03-30 11:51 · Score: 1
  
  Well in his article he does say...
  The supervisor who spoke with me was not sure how this software ended up in the new laptop thus put me on hold. He confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, "monitor the performance of the machine and to find out how it is being used."
  
  --
  If I had a DeLorean... I would probably only drive it from time to time.
8. Re:Only one case? by number11 · 2011-03-30 12:01 · Score: 1
  
  A quick search didn't turn up any other reports of this besides discussion pointing back to the linked Network World article.
  Exactly. TFA doesn't seem to say where Mr. Hassan acquired that computer. But if it wasn't just randomly picked off the shelf, one wonders if maybe the presence of a keylogger could be related to the fact that the buyer has a Middle Eastern name. It would be very interesting to know just where the keylogger was going to phone home to.
  Or, if from a store, if they sold him as "new" a computer that had been returned by another buyer, who had installed some free bonus software for the next owner.
9. Re:Only one case? by lwsimon · 2011-03-30 13:45 · Score: 1
  
  I find it funny that you guys hear that a guy in the US with an Arabic-sounding last name discovers a keylogger on his new PC, and you assume it was the OEM that did it.
  
  --
  Learn about Photography Basics.
10. Re:Only one case? by vik · 2011-03-30 16:34 · Score: 1
  
  Oh yes there are, dating back to June last year at least. Look harder.
11. Re:Only one case? by opposabledumbs · 2011-03-30 17:02 · Score: 1
  
  And you're anonymous.
Jail time, not just a fine... by traindirector · 2011-03-30 10:37 · Score: 1

Whoever approved this needs some jail time. Merely a fine for the "corporate person" guilty of this would just mean this sort of thing will continue if there's a chance of profitability.
1. Re:Jail time, not just a fine... by lgw · 2011-03-30 11:12 · Score: 1
  
  For people there is jail time, but for corporations there is "gross negligence". I hope it's not the same /.ers calling for criminal law for corporations and complaining about McDonalds being fined to much for serving cofee at a needlessly dangerous temperature.
  The "chance of profitability" is a very legitimate concern, and is countered in law by extreme fines when a company crosses a line that would be criminal if a person did it. According to TFA, Sony paid $575 million to settle just one of the lawsuits over their rootkit fiasco - Sony Music's operating income was about $100 million last year, so that was a heck of a disincentive.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
And we do this how? by jeko · 2011-03-30 10:40 · Score: 5, Insightful

How do you recommend we install a clean copy of Windows, short of buying your own copy for $189.00? PC manufacturers don't even include a "recovery disk" any more, let alone a copy of the OS you just bought and paid for. Not that I disagree with you at all, but the average consumer isn't going to buy their PC for $500-1200, and then cough up $200 for a clean copy of the OS, and then another couple hundred to find someone to wipe and install it for them.

--
He put his boots up on the table and made a face. "The sig," he smirked. "You can waste your life in search of the sig."
1. Re:And we do this how? by h4rr4r · 2011-03-30 10:42 · Score: 1
  
  I never would recommend an installation of Windows, but if you are going to do it a retail copy would be the way to go.
  Otherwise don't be surprised to find all kinds of crummy software and maybe even crap like this installed.
2. Re:And we do this how? by Nos. · 2011-03-30 10:45 · Score: 1
  
  They do however, come with the product key. Acquire an install disc and do the install yourself.
3. Re:And we do this how? by Tigger's+Pet · 2011-03-30 10:47 · Score: 2, Insightful
  
  Well, in my case it's simple as I use Linux for everything nowadays - I do still have a Win XP partition on this laptop, as it makes it easier to support my Dad when he gets problems, but I never use it.
  If I was buying a new laptop and needed Windows on it then I'd 'obtain' one. It isn't software piracy as I already own the license through buying the hardware with the COA on it, so it's not illegal. The only problem is that you would still need to download the hardware-specific drivers from Samsung's website - and who can say that they don't bury the keylogger software inside one of them? Then you're shit out of luck I guess, unless you're ready to reverse-engineer the downloaded code.
4. Re:And we do this how? by RLiegh · 2011-03-30 10:51 · Score: 1
  
  *reads post*
  *looks at my 2008 dell laptop*
  *looks at the bundled vista installaiton cd [not os image, actual installation cd]*
  *reads posts*
  *shakes head and keeps reading*
5. Re:And we do this how? by chrisj_0 · 2011-03-30 10:57 · Score: 2
  
  Download it and use the OEM key on the bottom of your laptop.
6. Re:And we do this how? by node+3 · 2011-03-30 11:06 · Score: 1
  
  I never would recommend an installation of Windows, but if you are going to do it a retail copy would be the way to go.
  Otherwise don't be surprised to find all kinds of crummy software and maybe even crap like this installed.
  No, I think it's appropriate to be surprised that a major corporation like Samsung includes a keylogger with their computers. Crapware/bloatware is one thing, but a keylogger goes far beyond reason. In fact, it's not just unreasonable, but is quite likely criminal.
7. Re:And we do this how? by mgiuca · 2011-03-30 11:11 · Score: 2
  
  Dell is pretty good. I got mine in 2008 as well with installation media. I would hope they still do that. I don't think many other vendors include it.
  Honestly, we are in such a huge scam. When buying a computer, we are forced to pay Microsoft for an operating system we may not want (good luck purchasing a blank PC*), and even after having purchased it, we often don't get the actual CD so we just paid for a one-time OS that needs to be re-purchased to install a "clean" copy.
  Of course, Windows is included in the price of the PC, so most people don't even realise they've paid for it.
  *Yes, you can buy PC parts and build it yourself, but it's pretty hard to do with a laptop.
8. Re:And we do this how? by Anonymous Coward · 2011-03-30 11:15 · Score: 3, Insightful
  
  You can get iso's of Windows on the net
  Oh yeah, that's a great way to avoid keyloggers.
9. Re:And we do this how? by cbhacking · 2011-03-30 11:19 · Score: 1
  
  There are even several legit places to get the install DVD image. It's the license key that MS is really concerned about, not the bits. You can also use somebody else's DVD just fine, even if it's for a different edition (so long as it's for the correct architecture).
  
  --
  There's no place I could be, since I've found Serenity...
10. Re:And we do this how? by ColdWetDog · 2011-03-30 11:21 · Score: 1
  
  Take it to a Microsoft Store nearby and they will install a clean copy of Windows as long as your machine has the license code that it shipped with
  A Microsoft Store? Son, you're just a tad confused.
  
  --
  Faster! Faster! Faster would be better!
11. Re:And we do this how? by CastrTroy · 2011-03-30 11:25 · Score: 2
  
  That's what I did with my latest laptop. Days after getting my new laptop I downloaded a Windows 7 disc, used my new product key, and I was up and running in no time. It's amazing how much better a computer runs without all that crap on there. Don't know if I'm a special case, but Windows 7 has gotten really good with product keys. No special OEM only product keys where you have to find a special install CD. My Product key worked with a standard off the shelf windows 7 disk.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
12. Re:And we do this how? by erroneus · 2011-03-30 11:25 · Score: 1
  
  Dell still provides CDs and DVDs.
13. Re:And we do this how? by scot4875 · 2011-03-30 11:28 · Score: 1
  
  At least back in the XP days, all you had to do was get your hands on a generic OEM install disc. It would work with any of the license keys from any of the OEMs. Go ask any (real) PC repair or custom builder for a copy of the install media. Hell, you could probably even download it straight from Microsoft.
  --Jeremy
  
  --
  Jesus was a liberal
14. Re:And we do this how? by Anonymous Coward · 2011-03-30 11:30 · Score: 1
  
  That does not work.
  I've tried.
  I end up w/ failed auth and instruction to call up automated line which fails, talk to MS tech support which gives me run around.
  Dell was no help either.
  In the end I just used my Linux partition only, and VirtualBox with one of the corp Windows images.
15. Re:And we do this how? by drpimp · 2011-03-30 11:30 · Score: 1
  
  I think the keyword most are missing here is "clean" OS (interpret that as you will) ... not a Dell/Samsung/HP laden disc with all kinds of "other" non-driver software you might not want on there, which was the point TFA anyway.
  
  --
  -- Brought to you by Carl's JR
16. Re:And we do this how? by sexconker · 2011-03-30 11:32 · Score: 1
  
  Dell is pretty good. I got mine in 2008 as well with installation media. I would hope they still do that.
  They don't.
  I have no idea how you got it in 2008, even.
  Dell laptops I ordered for other didn't come with shit other than the 3 extra partitions on the hard drive.
  1 for the image, 1 for the diagnostic utilities, 1 for the who knows what.
17. Re:And we do this how? by erroneus · 2011-03-30 11:35 · Score: 1
  
  I can't speak for the non-business versions of Dell stuff, but the business line is VERY clean and without even the most necessary drivers -- you have to download those or use the driver CD. It's actually a little bit of a pain, but you get to create your system load as you want it. You haven't owned a Dell before? If you do, get the business models only and if it's a laptop, get the warranty. My experiences tell me this is the only way to go.
18. Re:And we do this how? by infolation · 2011-03-30 11:35 · Score: 1
  
  Recently bought an HPz800 visual workstation, £7k + vat
  
  No Win7 installer disk supplied by default - took a month for HP to 'custom order' the OS disk.
  
  HP didn't charge... but what the hell? A £0.25 piece of plastic.
  
  What exactly is the point of withholding an OS disk on a £7k machine? HP support couldn't answer this one by the way.
19. Re:And we do this how? by AmberBlackCat · 2011-03-30 11:37 · Score: 1
  
  The suggestion of installing a clean copy of Windows also assumes Microsoft isn't doing the same thing Samsung did. And suggesting Linux or Android assumes they're not doing the same thing.
20. Re:And we do this how? by mgiuca · 2011-03-30 11:41 · Score: 1
  
  Weird. Yeah I got the crazy partitions too which I have since erased (the 1 for the "who knows what" is, I believe, a shitty stripped down version of Windows XP designed to boot fast and play DVDs; I never used it).
  But to their credit, I have since wiped the machine completely (in fact I purchased a new hard drive) and installed a fresh copy of Windows XP from the CD that came with the laptop.
  I am in Australia. Does this make a difference?
21. Re:And we do this how? by stenWolf · 2011-03-30 11:45 · Score: 1
  
  OEM key won't work with retail editions, same as retail key won't work with OEM editions.
22. Re:And we do this how? by calmofthestorm · 2011-03-30 11:48 · Score: 1
  
  For their sake I sincerely hope none of their computers were sold to the Government.
  
  --
  93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
23. Re:And we do this how? by trapnest · 2011-03-30 11:49 · Score: 1
  
  Find an OEM ISO on a torrent site, burn it, then use the key included with the computer.
24. Re:And we do this how? by artor3 · 2011-03-30 11:54 · Score: 1
  
  Use one of many free programs to extract your product key from the registry.
  Download a copy of the OS from dubiously-legal website of your choice.
  Install OS, using your own key instead of whatever crack was provided.
  I've done it myself, it's very easy. Not easy enough for grandpa, but that's what grandkids are for, and you certainly don't need to cough up the extra $200.
25. Re:And we do this how? by sqlrob · 2011-03-30 11:59 · Score: 1
  
  Not that confused
26. Re:And we do this how? by SCPRedMage · 2011-03-30 12:08 · Score: 3, Informative
  
  He didn't say download it from a "warez" site; you can download it from Microsoft's own servers.
  
  --
  My sig can beat up your sig.
27. Re:And we do this how? by matrim99 · 2011-03-30 12:11 · Score: 2
  
  This isn't always a valid option. I had an Windows product key that only worked with the OEM version of Windows that came on an HP machine (via their hard disk recovery image or seperate install disk I paid $30 for (I ordered the "Windows Install CD" thinking it would just be a bare Windows install), both of which included all of their bloatware). When I tried this product key with a "Full Version" of Windows (100% legit, bought it for another PC) that I installed on that same HP machine (after formatting the HD), the product verification (phone home) didn't accept the HP product key for the full version of Windows (but same level, both were "home premium" if I recall correctly). The error that I got back specifically stated that my product key was only good for the HP OEM version.
  Man did that piss me off...
  Moral of the story is that not all OEM product keys work on unbloated generic Windows versions of the same level of OS.
  
  --
  Right. No, your other right. No, the other other right.
28. Re:And we do this how? by Trogre · 2011-03-30 12:25 · Score: 1
  
  Sweet Frodo's cloak, no!
  If the aim is to have a clean Windows XP install then at least get the media from a more reputable source than a "dubiously-legal website". There's a good chance such ISOs are stocked to the gills with spyware.
  
  --
  "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
29. Re:And we do this how? by blacklint · 2011-03-30 12:27 · Score: 1
  
  Business vs consumer lines. The Dell computers sold under their business headings come with install disks (the one my college purchased three years ago had a Vista install disk, drivers, and the applications that came preloaded all on physical disks in the box), and generally have less crap and better support.
30. Re:And we do this how? by Kittenman · 2011-03-30 12:40 · Score: 1
  
  What exactly is the point of withholding an OS disk on a £7k machine? HP support couldn't answer this one by the way.
  Ooh ...I know, I know.
  1: User buys new HP PC
  2: Time goes by, things get installed, uninstalled, some stuff happens...
  3: Windows gets slower and slower
  4: User rings HP and says "hey, my PC is slow"
  5: HP say "Oh, you need a new PC".
  6: Go to 1 (and by the way, HP PROFITs)
  
  --
  "The greatest lesson in life is to know that even fools are right sometimes" - Winston Churchill
31. Re:And we do this how? by DavidRawling · 2011-03-30 12:56 · Score: 1
  
  For our sake, I sincerely hope many of their computers were sold to the Government. Memo to God: Please make it so. Please make it so. Please make it so.
32. Re:And we do this how? by RobbieThe1st · 2011-03-30 13:05 · Score: 1
  
  That's what md5's are for. Google turns up a number of md5 lists; I'm sure you can find one that's trustworthy. Then, just check your iso and make sure it matches.
33. Re:And we do this how? by dave420 · 2011-03-30 13:09 · Score: 1
  
  Did you try using Microsoft's automated phone activation number? I've done that after installing retail Windows of the same version, and the OEM keys always work. For me at least.
34. Re:And we do this how? by dave420 · 2011-03-30 13:15 · Score: 1
  
  It worked for me a few times. Using the phone number worked a treat.
35. Re:And we do this how? by lwsimon · 2011-03-30 13:38 · Score: 1
  
  Who is this "they" you speak of for Linux?
  
  --
  Learn about Photography Basics.
36. Re:And we do this how? by lwsimon · 2011-03-30 13:39 · Score: 1
  
  Yeah, but at least with a pirated copy, you're not paying someone to fuck you.
  
  --
  Learn about Photography Basics.
37. Re:And we do this how? by RzUpAnmsCwrds · 2011-03-30 13:41 · Score: 1
  
  It's trivial to get a Windows DVD image, and in Vista/Win7 there are no special OEM product keys so you can re-use the product key from the sticker on the bottom of the machine.
38. Re:And we do this how? by JustNilt · 2011-03-30 14:10 · Score: 1
  
  http://en.wikipedia.org/wiki/Microsoft_Store
  I'm not sure the GP realized there are such a limited number of these but they do exist. I can't speak as to the service the AC mentioned but it's within the realm of possibility, I suppose.
  
  --
  You know the thing about UDP jokes? I don't care if you get it or not.
39. Re:And we do this how? by Gumbercules!! · 2011-03-30 14:32 · Score: 1
  
  The download trail from the MS website is not an OEM install and therefore the OEM key won't work with it. Unlike Office, which MS allows you to download a copy of if you can provide the OEM key, there is no such luck with Windows. Therefore you'd need to "obtain" a copy from Bittorrent, which may or may not prove to be better than the recovery crap from your laptop vendor. Then it would need to be the same release level as your key - i.e. if your CD key was for Windows 7 release 1 it may not work on a downloaded Windows 7 with SP1 release disk.
  
  So it's a real pain to get the media we should be entitled to.
40. Re:And we do this how? by NotSanguine · 2011-03-30 14:49 · Score: 1
  
  Not that confused
  I live in NYC (yes, the place so nice they named it twice) and according to Microsoft, the closest store to me is in Chicago. For you geographically challenged types, that's 790 miles
  That's one hell of drive to the mall! Assuming I even own a car (which I don't).
  
  --
  No, no, you're not thinking; you're just being logical. --Niels Bohr
41. Re:And we do this how? by Nyder · 2011-03-30 15:05 · Score: 1
  
  How do you recommend we install a clean copy of Windows, short of buying your own copy for $189.00? PC manufacturers don't even include a "recovery disk" any more, let alone a copy of the OS you just bought and paid for. Not that I disagree with you at all, but the average consumer isn't going to buy their PC for $500-1200, and then cough up $200 for a clean copy of the OS, and then another couple hundred to find someone to wipe and install it for them.
  Ain't that the truth? My dad recently got a new computer, from HP, so you know it barely ran decently out of the box. He was amazed at the difference when I installed a clean copy of Windows (7) on his computer without all the extra bloatware and stupid manufacture settings.
  
  --
  Be seeing you...
42. Re:And we do this how? by drooling-dog · 2011-03-30 15:17 · Score: 1
  
  Thanks. I was thinking of playing the Linux card here myself, but I've learned it's of no use. Nothing against Windows as an OS, mind you, but the ecosystem that surrounds it is an absolute cesspool. You can tell the people swimming there that there's a clean, fresh, sparkling pond just over the hill, but they've grown accustomed to all of the turds floating around and think nothing could be finer.
  Don't knock FUD, it works.
43. Re:And we do this how? by socsoc · 2011-03-30 15:24 · Score: 1
  
  Seriously? Never? Get off your high horse, not everyone has your mad leet skillz.
  That said, I ordered off Dell last week and it wasn't very much extra at all to include the media.
44. Re:And we do this how? by socsoc · 2011-03-30 15:26 · Score: 1
  
  OEM keys won't work on RETAIL Windows. Do the caps help? It's weird, diesel doesn't work in my gasoline car either, but they're both fuels!
45. Re:And we do this how? by socsoc · 2011-03-30 15:29 · Score: 1
  
  I just bought 4 Dells, all with installation media. Go through the business part of the site even if it is just for yourself. You can even get rid of most the bloatware, just not fucking whatever DVD player of the month software is there.
46. Re:And we do this how? by socsoc · 2011-03-30 15:30 · Score: 1
  
  go on.... where are these legit places? piratebay? or do you mean going back in time to the purchase date?
47. Re:And we do this how? by socsoc · 2011-03-30 15:32 · Score: 2
  
  oh really? cause i'd really like you to explain further where I can magically download a windows iso for free and have it accept the OEM key on the machine without pirating it or borrowing a similar restore cd.
48. Re:And we do this how? by socsoc · 2011-03-30 15:33 · Score: 1
  
  I agree it's clean to the point that it is annoying. Really, not even NIC drivers? Gee thanks...
49. Re:And we do this how? by Kakari · 2011-03-30 15:47 · Score: 1
  
  Presuming you're referring to XP, there's a .ini file you can edit in the root of the CD to tell it it is whatever you want it to be. A quick googling gives: http://windows-tips-trick.blogspot.com/2007/01/unlocking-winxps-setupini.html .
50. Re:And we do this how? by Kakari · 2011-03-30 15:52 · Score: 1
  
  That does not work.
  Except for XP when you adjust the setup.ini file on the CD.
51. Re:And we do this how? by Lord_Jeremy · 2011-03-30 17:18 · Score: 1
  
  It's unbelievable. I go to a well-respected technology institute and the school all but required us to purchase a ThinkPad T410 from them. The hardware wasn't the best, but it was decent. I was surprised to find that my three-year-old C2D MacBook Pro ran Win7 better than this i5 machine. Then I looked under the hood. These laptops come imaged with all sorts of craptastic crapware and really necessary shit. They came with this incredibly annoying background thing called Intel Active Management Technology. I had never heard of it, but according to wikipedia this software that routinely ate about %15 CPU time does absolutely nothing I or nearly any other student would ever have any use for.
  My girlfriend here isn't doing much in the technical field so she didn't have any use for any of the preinstalled CAD or embedded control software. I stopped by the campus help desk and purchased a student-discounted windows 7 upgrade disk for $20. I loaded some XP I had lying around and then the Win7 upgrade. Then I only installed the essential drivers from the Lenovo website. She and I were both amazing by how snappy her machine is now. It also stopped randomly shutting down, which she and many other students had often complained to me about. Yeesh. You think they could make a good computer decision at a tech school.
52. Re:And we do this how? by Neil+Boekend · 2011-03-30 17:44 · Score: 1
  
  In Europe: Yes, the Pirate bay. Dunno about the US, but here the source of the bits are not important (unless you beat up an old lady to get them). The key is what matters.
  
  --
  Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
53. Re:And we do this how? by Neil+Boekend · 2011-03-30 17:45 · Score: 1
  
  Just download the NIC drivers from the internet. It's what Windows tries so it's bound to work!
  
  --
  Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
54. Re:And we do this how? by jones_supa · 2011-03-30 18:48 · Score: 1
  
  Would the key work across different language versions?
55. Re:And we do this how? by earl_sven · 2011-03-30 19:44 · Score: 1
  
  That worked for me on my Toshiba laptop, I needed to do it anyway to install 64bit as it stupidly came with 32bit installed. Got the ISOs from some link to digital river.
56. Re:And we do this how? by earl_sven · 2011-03-30 19:52 · Score: 1
  
  Should probably have added this was Windows 7 I was talking about (anyone using an older version of Windows should really upgrade - it is worth it!)
57. Re:And we do this how? by nosferatu1001 · 2011-03-30 21:13 · Score: 1
  
  There arent any OEM keys on Win7
58. Re:And we do this how? by L4t3r4lu5 · 2011-03-30 21:35 · Score: 1
  
  They're called System Builder licenses now. Same thing.
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
59. Re:And we do this how? by evanism · 2011-03-30 22:40 · Score: 1
  
  Yeah, here we don't tolerate the kind of crap that goes down almost daily in America-land.
  This is going to turn into an absolute A-grade mega cluster fuck for samsung.
  
  --
  Just bought a new quantum computer, but I'm uncertain how it works.
60. Re:And we do this how? by sexconker · 2011-03-31 05:42 · Score: 1
  
  Yeah, we always buy from small business and we still never get the media.
61. Re:And we do this how? by node+3 · 2011-03-31 06:38 · Score: 1
  
  You replied to the wrong guy. Those were my words.
  Anyway, by "surprised", I mean it shouldn't be anywhere near normal, thus a surprise.
  I don't normally get $100 out of the blue, but it can happen. When it does, it's appropriate to be surprised. Likewise, keyloggers most assuredly exist and are deployed, but it's generally going to be a surprise when you find one. This is especially true if the keylogger was deliberately installed by a major corporation like Samsung.
  If this isn't supposed to be surprising, are you saying that you think it's fairly normal? That it's likely that at least one of Sony, HP, or Dell includes a keylogger as well?
62. Re:And we do this how? by SCPRedMage · 2011-03-31 07:52 · Score: 1
  
  Except that with Windows 7, a product key is a product key; you don't need a special "OEM" disc for an "OEM" product key, which is what the GP was trying to say.
  
  --
  My sig can beat up your sig.
63. Re:And we do this how? by mgiuca · 2011-03-31 11:06 · Score: 1
  
  Or for Hassan, if it turns out to be false.
  Oh wait... (Slashdot lost my above comment before I could post it ... good thing, as I found this story in the meantime.)
64. Re:And we do this how? by AmberBlackCat · 2011-03-31 11:14 · Score: 1
  
  The source of your Linux or Android installation.
65. Re:And we do this how? by trapnest · 2011-04-03 12:22 · Score: 1
  
  I haven't tried personally, but it -should-. What language are you looking for?
North v South by xkr · 2011-03-30 10:40 · Score: 1

Is Samsung now a NORTH Korean company?

--
I will create a sig when innovation restarts in the U.S.
1. Re:North v South by shutdown+-p+now · 2011-03-30 13:23 · Score: 1
  
  No. The difference, you see, is that in South Korea, you have keyloggers on your computers. Whereas in North Korea, you don't have computers.
2. Re:North v South by rossy · 2011-03-30 16:03 · Score: 1
  
  Great leader in North Korea is working with Samsung Marketing. Successes with key loggers and the Galaxy tablet marketing campaign are making great strides!
  
  --
  Ross Youngblood
Nothing new here. by Hotweed+Music · 2011-03-30 10:40 · Score: 1

http://fearthegovernment.com/keystroke_logger.html
1. Re:Nothing new here. by egranlund · 2011-03-30 10:59 · Score: 1
  
  What? I don't understand this guy's story - every laptop I've disassembled from 1990 on has a ribbon cable going from the keyboard to the mobo not full on insulated cables - not to mention most laptops are packed so tight that a device like that wouldn't fit. I mean, if they really wanted to hide a keylogger they'd put it on the mobo somewhere. It'd be way harder to find than the pictures of the device he has.
2. Re:Nothing new here. by CrazyDuke · 2011-03-30 12:54 · Score: 1
  
  Personally, if I where doing something like that, I'd hide it in the south bridge package in between the pin-outs and the actual silicon. This would work especially well in models where the silicon is covered over by that plastic packaging. You'd have to x-ray the sucker to find it unless it's too "loud" and gets noticed. Heck, if device where complex enough, someone could also have it sniff and/or pull data off of the disk drives plugged into that controller and pull audio, especially an open mic.
  
  --
  Any sufficiently advanced influence is indistinguishable from control.
3. Re:Nothing new here. by Rakishi · 2011-03-30 16:57 · Score: 1
  
  God, you conspiracy nuts are utter bloody morons:
  http://www.snopes.com/computer/internet/dellbug.asp
little bit early? by mug+funky · 2011-03-30 10:41 · Score: 1

i looked at the date... March 31st. so close.
so now i'm not sure whether to believe this or not.
i'm'a gonna watch and see if anybody else in the world of Samsung laptops finds the same thing. i'm sure many are searching for it now.
1. Re:little bit early? by metrometro · 2011-03-30 10:44 · Score: 1
  
  If this is a joke, it is begging for a libel suit. I mean, financial damages much? And it's not very funny. I'm waiting for confirmation, but it doesn't look good.
2. Re:little bit early? by xclr8r · 2011-03-30 16:13 · Score: 1
  
  International date line? I didn't read where the article originated from.. this is slashdot right?
  
  --
  Beware of those who profit off the docile and persecute the unbelievers.
Now I feel justified by vlueboy · 2011-03-30 10:47 · Score: 1

I get the feeling that my disabling all those update services that my HP and Toshiba laptops are bundled with can be justified better now. It's not just a performance issue anymore, but a security one. How much longer till others come forward and admit they've been doing the same?
I've never fresh installed a new laptop on purchase day unless other than for business purposes, but this is getting scary.
1. Re:Now I feel justified by Just+Some+Guy · 2011-03-30 11:00 · Score: 1
  
  I get the feeling that my disabling all those update services that my HP and Toshiba laptops are bundled with can be justified better now.
  You need a justification for configuring your own computer the way you like it?
  
  --
  Dewey, what part of this looks like authorities should be involved?
2. Re:Now I feel justified by cbhacking · 2011-03-30 11:26 · Score: 1
  
  Why spend all that time configuring when a clean install (of newer Windows versions) is about as fast, gets rid of *all* the crap as opposed to just the stuff you find, and gives you the disk space back as well?
  
  --
  There's no place I could be, since I've found Serenity...
Re:Without obtaining consent? by Anonymous Coward · 2011-03-30 10:49 · Score: 2, Funny

batoning down the hatches
It's "battening down the hatches", though you might legitimately feel the urge to baton Samsung right now.
BP's lost laptop by olsmeister · 2011-03-30 10:50 · Score: 1

Maybe the laptop the BP lost with personal information from thousands of people who've filed claims related to the Deepwater Horizon disaster was a Samsung. Just wait for someone to connect it to the internet.... voila. See? It's a FEATURE.
verified? by Jeek+Elemental · 2011-03-30 10:55 · Score: 1

any other sources on this, it seems an incredibly stupid thing to do for a non-microsoft company.
1. Re:verified? by donutface · 2011-03-30 11:32 · Score: 1
  
  any other sources on this, it seems an incredibly stupid thing to do for a non-microsoft company.
  I've seen how Microsoft does Business Intelligence and there is huge emphasis on not collecting any personally identifiable information. Things like submitting the path to a certain file is not allowed due to the possibility that the file might be stored in a users home directory and thus give out a user name/something that could possibly be tracked back to the actual user.
  If you have any examples of Microsoft logging personally identifiable information I'd love to know though
2. Re:verified? by donutface · 2011-03-30 11:53 · Score: 1
  
  The one exception I'd like to make to this is Dr Watson crash reports. A full dump may contain PII due to the very nature of a process dump. These are rarely submitted and the user is made aware of the fact that PII may be contained in the report. Most of the time, in the event of a process crashing a microdump is sent containing not much more than a call stack and a report on the hardware the application is being run under.
3. Re:verified? by Drummergeek0 · 2011-03-30 12:44 · Score: 1
  
  The file in the pic is not StarLogger. According to a Google search it is a Windows system file. I think the SL folder location is coincidental. It seems to be a driver file of some sort. CNET's removal information does not list that file as part of StarLogger
  
  --
  http://en.wikipedia.org/wiki/First_Amendment_to_the_United_States_Constitution
Samsung and Sprint do this with Android phones too by chrisj_0 · 2011-03-30 10:56 · Score: 5, Informative

http://forum.xda-developers.com/showpost.php?p=11763089&postcount=3
It's not your hardware! by Anonymous Coward · 2011-03-30 10:59 · Score: 1

How many times do companies have to beat it in to your head? You don't *own* the hardware you buy. Therefore they don't need your permission, and any attempt to circumvent it is illegal!
Re:Without obtaining consent? by node+3 · 2011-03-30 10:59 · Score: 1

Consent implies the person giving consent is aware of what they are agreeing to. If I mumble, "if you ask me 'what?', you agree to immediately pay me a million dollars", and you ask me, "what?", that does not mean you actually agreed to pay me a million dollars.
Re:Oh say it isn't so... by node+3 · 2011-03-30 11:03 · Score: 5, Insightful

"Meh, corruption isn't news, stfu" == "give me more corruption", in the end.
If you don't get upset over these sort of things, you just invite more. Sure, making a fuss won't necessarily stop it from happening again, but remaining silent certainly won't.
Re:There are no words to describe it. by Tailhook · 2011-03-30 11:11 · Score: 1

I'll try.
Does Samsung have some sort of mass key-logger analysis software that can correlate keystrokes with arbitrary activity? How else would they make use of thousands or potentially millions of key-logger streams? If so, from whom did they get it? The most plausible source of a key-logger analysis system is either a criminal outfit or an "intelligence" organization (assuming you draw distinction between the two.)
Is it possible that the tech support guy just made up this 'monitor the performance of the machine and to find out how it is being used' stuff because they routinely use that excuse for other things, it sounds plausible and might seem to him to be less heinous than 'we shipped an infected operating system'?
Given Sony you have to discount the latter.

--
Maw! Fire up the karma burner!
False dichotomy by jbn-o · 2011-03-30 11:12 · Score: 1

There's no need to choose between boycotting the manufacturer and criminal prosecution. Both are available to all of us and both should be used.
"The computers have already sold" makes it sound like future sales with keyloggers are impossible. Samsung is not the only organization who can do this either.

--
Digital Citizen
Extremely Sceptical by pmc · 2011-03-30 11:13 · Score: 5, Insightful

OK - we have a keylogger that is plainly visible in the windows directory on his machine and.... that's it. Where is the rest of the evidence? It phones home - I presume he has wireshark traces in the acticle with IP addresses that are owned by Samsung.... Nope. Any network traces showing the activity? .... Nope. Naturally he bought another laptop and, without attaching it to any network, discovered the same keylogger.... Nope. Now he has announced this lots of people have looked at their Samsung laptops and found the keylogger... Nope.
But wait - he has the admission of the company itself! Well, actually, a junior helpdesk driod who probably had no idea what he was actually talking about and was just agreeing with him to get him off the phone. Because the alternative is that every junior helpdesk droid in Samsung knows about the highly illegal secret keylogger that is install on every laptop, but none of them thought "I'm tired of being a helpdesk droid, I think a class action suit is a better way of making a living".
There is also nonsense statements - "the keylogger is completely undetectable": Really? Apart from the c:/windows/SL directory, the entries in the registry and everything else that will make any sensible AV product go beserk that is.
1. Re:Extremely Sceptical by Swave+An+deBwoner · 2011-03-30 12:09 · Score: 1
  
  I find it difficult to believe that Samsung would intentionally install a keylogger on their consumer devices. My bet is that it was either installed via security breech by one or more co-opted employees (industrial or government espionage is a possibility) or else that it was configured as an engineering sample that mistakenly got shipped for sale.
  
  So far I have seen nothing about how the keylogger was configured. Was it actually "phoning home" (and if so, where is that "home") or was it just installed but inactive?
2. Re:Extremely Sceptical by DigiShaman · 2011-03-30 12:18 · Score: 1
  
  Uh oh. We have a problem here. You're using logic and deductive reasoning. Surely you're going to get modded into oblivion for that. You poor bastard you.
  
  --
  Life is not for the lazy.
3. Re:Extremely Sceptical by John+Saffran · 2011-03-30 12:20 · Score: 3, Insightful
  
  Agree with your scepticism .. While the author seems to have good security qualifications, they're mostly non-technical or managerial level and the articles are awfully devoid of details and I'm concerned that he starts with attempts to equate his accusations with the Sony incident before even providing his evidence .. it sounds like he's experiencing confirmation bias.
  
  If this is part of the standard install it should be easy to duplicate and with the publicity this is sure to generate it's likely to be attempted.. personally I'll wait for a technical person to comment on this and more importantly provide the details rather than "After an in-depth analysis of the laptop, my conclusion was that this software was installed by the manufacturer, Samsung" (that's not good enough imho).
4. Re:Extremely Sceptical by jordan314 · 2011-03-30 23:14 · Score: 2
  
  Exactly. How is it undetectable if an antivirus detects it? And the guy's rationale for it not being a false positive is "it's never failed me before"? As many users below have pointed out, the story is false: http://samsungtomorrow.tistory.com/m/1071 It was a false positive with a language pack that came with windows.
Google tried something similar... by Readycharged · 2011-03-30 11:18 · Score: 1

You think that's bad? Google were setting their analytics cookie to expire after *38 years* without seeking the surfer's permission They only backtracked when they got busted....
1. Re:Google tried something similar... by LordLucless · 2011-03-30 12:01 · Score: 1
  
  All cookies require user permissions. Just because people generally automatically allow them doesn't mean they must. Also, cookies don't intercept your bank password and transmit it to a third party.
  TL;DR: You're wrong.
  
  --
  Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
2. Re:Google tried something similar... by shutdown+-p+now · 2011-03-30 13:33 · Score: 1
  
  Are you seriously comparing a browser cookie with a hardware keylogger?
3. Re:Google tried something similar... by Neil+Boekend · 2011-03-30 18:04 · Score: 1
  
  My bank password and signing code are different each time. A keylogger wouldn't help to get useful passwords
  
  --
  Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
Re:what happened to you Samsung by snkiz · 2011-03-30 11:31 · Score: 1

I was just talking to my wife last night about how I liked Samsung products. Its getting harder to find anything from a company that Hasn't fucked its customers somehow.
Monitor performance? by parlancex · 2011-03-30 11:35 · Score: 3, Interesting

Installing a keylogger that also does screen captures to "monitor the performance" of their laptops would be like a homebuilder installing secret video cameras all over your house that relay the pictures back to him telling you he needs to "monitor the performance" of the house.
1. Re:Monitor performance? by woolio · 2011-03-30 14:02 · Score: 1
  
  Imagine if the performance of the master bedroom were a major area to be monitored...
2. Re:Monitor performance? by Scott+Scott · 2011-03-30 20:50 · Score: 1
  
  And leeching off your electric bill for as many years as it takes you to find the bugs.
3. Re:Monitor performance? by js_sebastian · 2011-03-30 21:09 · Score: 1
  
  Installing a keylogger that also does screen captures to "monitor the performance" of their laptops would be like a homebuilder installing secret video cameras all over your house that relay the pictures back to him telling you he needs to "monitor the performance" of the house.
  At least if he said he wants to monitor the performances of your wife he would be more honest...
4. Re:Monitor performance? by SmilingSalmon · 2011-03-31 01:54 · Score: 1
  
  Could I have a car analogy, please?
It's OK. by hymie! · 2011-03-30 11:56 · Score: 1

He's got a Muslim name, so it's ok to have a keylogger on his machine.
Samsung's official response by Google85 · 2011-03-30 12:01 · Score: 1

"Samsung takes Mr. Hassan's claims very seriously. After learning of the original post this morning on NetworkWorld.com, we launched an internal investigation into this issue. We will provide further information as soon as it is available." posted here
So by sjames · 2011-03-30 12:04 · Score: 1

So, how many bank passwords did they capture and do they have a complete audit trail of everyone who may have accessed that data? Did any of those laptops get sold to government?
This was a seriously stupid move on their part, do they give the same amount of "thought" to their other engineering decisions?
Re:bye bye customer by infoseek · 2011-03-30 12:04 · Score: 1

Ya, they're only selling commodity hardware for the most part. Why buy anything from a company I now know to be untrustworthy?
Not sure I buy it by Drummergeek0 · 2011-03-30 12:11 · Score: 2

It seems like it was relatively easy to find, and both laptops were purchased at the same store so it could easily be the source, some kid in the stock room could have installed it thinking they could steal someones identity or that it made them 'leet' hackers. Taking the admittance from a customer support rep is not reliable, so I don't really count that one. Also, new computers come with various pieces of crapware installed that could also be the source without Samsung being aware(if that is the case, they need to screen the software better). I seriously doubt this was intentional on Samsung's side, if they are even responsible to begin with. It is even quite possible that the keylogger was part of debugging and QA that made it into the production image. Would like to see more data on this, at least try and capture it phoning home. That would tell you a lot about who the responsible party is.
Network World should have at least done the due diligence of purchasing the same model and verifying the existence of the logger, and considering they are networking magazine, I am surprised they didn't test to see where the data is going.

--
http://en.wikipedia.org/wiki/First_Amendment_to_the_United_States_Constitution
Samsung have acknowledged concern by Squiff · 2011-03-30 12:20 · Score: 1

From Engadget 'official quote: "Samsung takes Mr. Hassan's claims very seriously. After learning of the original post this morning on NetworkWorld.com, we launched an internal investigation into this issue. We will provide further information as soon as it is available."' http://www.engadget.com/2011/03/30/samsung-reportedly-installing-keylogger-software-on-r525-privac/
Re:If ever there was ... by Xtifr · 2011-03-30 12:28 · Score: 1

I was literally going to shit my balls. Yes, I'm being facetious
Pick one, you retard. "Literally" does not mean "here comes some hyperbole!"
Yes, yes it does. Despite what peevologists[1] claim, the use of "literally" as an intensifier dates back hundreds of years, and can be found in formal and academic writing as regularly as in casual speech. The American Heritage dictionary lists this as a "usage problem", but still lists it. Collier's lists it without comment. Note that the "usage problem" doesn't say it's wrong, it merely observes that this is something some people complain about.
Words often have multiple meanings in English. Do you jump up and call someone a retard because they use "cool" to mean something other than "has a low temperature"? If not, why not? It would be no less silly.
If you want to complain about the ambiguity, don't worry. Linguists who have studied the use of "literally" have found that it's almost never used in ambiguous contexts. Nobody (not even you, no matter how much you might pretend) thought for a second that GPP actually meant that his testicles would be expelled via his anus. People naturally avoid the ambiguous cases.
And if it's not the ambiguity that bugs you, then why on earth does it bother you any more than the uses of "cool" or "hot" to refer to something other than temperature? I really am curious.
[1] I prefer the term "peevologist" to the term "grammar nazi" because the latter term implies that the peevers actually know something about the language they claim to defend, even though this is usually not the case, as here.
Fuck them assholes sue the shit outta them! by BlackBloq · 2011-03-30 12:33 · Score: 1

What a bunch of fucknuts!
Re:Love you too Samsung by Remloc · 2011-03-30 12:34 · Score: 1

Yeah you did! They've got the keylog to prove it!
It's the ultimate in backup! by Snaller · 2011-03-30 13:14 · Score: 1

Forget what you wrote? We back it up wholesale!

--
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
This is not believable. by pclminion · 2011-03-30 13:32 · Score: 2, Insightful

I mean, literally, unbelievable. I do not believe it. And anyone else who believes it without some proof apart from what this dude says, is a god damned moron. Apparently that's most of the people in this thread.
(The fact that someone at Samsung seems to have "confirmed" it just means that someone got hold of an idiot somewhere and he said some stupid crap, probably without even understanding what he was saying.)
Re:There are no words to describe it. by lwsimon · 2011-03-30 13:42 · Score: 1

I thought of this - I also thought that the guy might have been under scrutiny by said criminal/intelligence outfit, and the "tech support" call might have been routed to a nice guy in an unmarked van.
That said, based on my experience in the corporate world, I'm blaming Marketing. It's almost always Marketing when something embarrassing and stupid happens.

--
Learn about Photography Basics.
DHS Involvement? by tgrigsby · 2011-03-30 13:44 · Score: 1

How much you wanna bet someone very high up at Samsung, upon seeing this story hit the 'net, snatched up the phone, dialed up a memorized phone number, and feverishly whispered to the high mucky muck at the Department of Homeland Security that the deal was off....

--
*** *** You're just jealous 'cause the voices talk to me... ***
1. Re:DHS Involvement? by Culture20 · 2011-03-30 14:27 · Score: 1
  
  What, you think there's a bin of Samsung laptops that they sell to guys named Mohammed, and a bin for everyone else?
  "Boss, there's a Mohammed here, and we're out of the keylogger laptops."
  "Just put a GPS tracker in a regular one. DHS will sort it out"
Re:This one is a hoax. by Hotweed+Music · 2011-03-30 14:02 · Score: 1

Thanks. Obvious fake is obvious
Microsoft needs more control over the OEMs by jonwil · 2011-03-30 14:12 · Score: 1

Microsoft should be saying "if you want the best possible OEM pricing, you are not allowed to do xyz" where xyz might be "knowingly install keyloggers, rootkits, spyware, or malware"
Typical hoax and false claims by alphiefox · 2011-03-30 14:13 · Score: 1

Nothing about this story even closely resembles the truth. He has no evidence? He doesn't know how to create a disk image or ask professionals for help documenting this?
Trust... by kleuske · 2011-03-30 14:36 · Score: 1

Ok. Along with Sony, Samsung is now on my personal purchase blacklist. I just don't get it, do these guys think they'll get away with stuff like that? Have the marketing&management clowns that came up with and approved of this crap even considered what this does to the firms credibility? Have they an IQ that exceeds their shoesize? (rethorical question).

--
Timeo hominem unius libri
Independent discovery of keylogger on new Samsung by vik · 2011-03-30 14:40 · Score: 1

I browsed around a bit and found this thread in a forum: http://www.pctools.com/forum/archive/index.php/t-66173.html
In which Bianca150 last year posted that they had discovered Stealth KeyLogger 5.0 on a brand new Samsung laptop but assumed it was legit because you could download it from CNET!
Coincidence or corroboration?
Vik :v)
Re:Without obtaining consent? by drooling-dog · 2011-03-30 14:52 · Score: 1

Does seem like a reasonable thing to do with a baton if your hatches are stuck, though...
Re:Samsung and Sprint do this with Android phones by assassinator42 · 2011-03-30 15:00 · Score: 1

Wow, just checked my Intercept and sure enough I have this spyware on my phone as well. It is everywhere. Trying to disassemble/reassemble everything like that poster to remove it now...
Apparently LG phones have this as well. How about the EVO line?
Shareholders by Anonymous Coward · 2011-03-30 15:14 · Score: 1

The economic consequences to the corporation would be vastly greater
As would the economic consequences to the poor sods who happen to work for it on minimum wage and whom had absolutely no part in the decision which caused the problem.
What about going after the shareholders instead? Levy a fine per share and allow shareholders the option of surrendering shares to cover the fine. Since it is often claimed that CEOs do all the creative accounting to make themselves look good to their shareholders perhaps making the shareholders suffer will help keep the CEOs inline.
This should also be coupled with a law to allow companies that are fined to break the contract of any company officer without penalty. This is so the shareholders are not prevented from going after the officers by clever employment contracts as seemed to happen with the bankers.
Welcome from the future! by jeko · 2011-03-30 15:29 · Score: 1

Hello 2008! Greetings from 2011!
So good to hear from you. It's been an eventful three years. Now, I mean, right exactly now, could you please tell Japan to shore up their nuclear reactors against the possibility of a 8.biggish tsunami? Also, that Hope and Change? Yeah, not so much...
(thanks and credit to XKCD)

--
He put his boots up on the table and made a face. "The sig," he smirked. "You can waste your life in search of the sig."
Your PC comes with a list by MasterOfGoingFaster · 2011-03-30 15:41 · Score: 1

> ".... there should be a similar requirement for PC vendors to list all the bloat/crap/ad-ware they include on their products. "
Your PC already comes with such a list.
To see it, run this command:
dir c: /s /a

--
Place nail here >+
Great leader triumphs again! by rossy · 2011-03-30 16:01 · Score: 1

Our Great Leader Kim Jung Ill, has installed these key loggers to discover why citizens have not yet placed orders for the great leaders Galaxy Tablet, or downloaded the new apps of the great leader using a laptop with the key logger installed.
Thank you Samsung for implementing our great leaders wishes!

--
Ross Youngblood
Re:Oh say it isn't so... by arkane1234 · 2011-03-30 16:10 · Score: 1

The fact that it repeatedly happens in no way makes it an acceptable practice.
Complacency is losing, in this case. This is actually borderline data theft. Not borderline, it IS.
I know myself and millions of others that type their bank info into their computer. That goes into the wrong hands, and it's bad.
Acting like it's an accepted practice means you've accepted it as normal appropriate business acumen.

--
-- This space for lease, low setup fee, inquire within!
Samsung monitor by Tablizer · 2011-03-30 16:21 · Score: 1

I have a Samsung monitor. Does this mean they watch the same kinky pr0n I do........I mean that my brother does?

--
Table-ized A.I.
Keylogger on new Samsung Laptop 3 months ago by vik · 2011-03-30 16:42 · Score: 1

"Okay so.. This Samsung Laptop is brand new.. It has Kaspersky for Anti-Virus and it detects four Keyloggers.. three Keyloggers are detected in Samsungs programs.. Samsung Support Center and two others"
http://answers.yahoo.com/question/index?qid=20101225135730AA0V8c6
Samsung's official? response in Korea by Anonymous Coward · 2011-03-30 16:53 · Score: 2, Informative

saw this posted on samsung blog.
http://samsungtomorrow.com/1070
What they are saying is that the user was using security program called Vipre which reports \SL folder (slovenian language) created by Microsoft Live app as keylogger.
Another user finds keylogger on Samsung Laptop by vik · 2011-03-30 16:54 · Score: 1

And another one:
"I literally just bought a new Samsung r540, guess its going back to newegg
Scary
UPDATE
Laptop has the SL directories and all affected files from the writeup
KEYLOGGER INSTALLED"
http://www.overclock.net/laptops-notebook-computers/978296-samsung-keylogger-confirmed-keylogger-installed-pics.html
Yet another new Samsung laptop with keylogger by vik · 2011-03-30 16:56 · Score: 1

And again. This guy says Samsung told him it came with the laptop. Dated 05-14-2010
http://www.pctools.com/forum/showthread.php?66173-Spyware-detects-stealth.keylogger-is-it-a-false-positive
1. Re:Yet another new Samsung laptop with keylogger by Just+because+I'm+an · 2011-03-30 21:16 · Score: 1
  
  Apparently there's an issue with their Android phones too... here
here is a post on samsung blog in korea .. by h4nc0 · 2011-03-30 17:06 · Score: 2

http://samsungtomorrow.com/1070 What they say is (keylogger) . The claim that a keylogger is installed on Samsung notebooks is false. , Vipre . we found out that the person was using a security program (av) called Vipre. Microsoft Live Application "SL" keylogger . this program reports \SL folder created by Microsoft Live App as keylogger (Live Application Microsoft , , . c:\windows "SL" , "KO" , "EN" .) something like this. If this claim is false, I see lawsuit the other way around. And please no bashing on Koreans.
1. Re:here is a post on samsung blog in korea .. by h4nc0 · 2011-03-30 17:13 · Score: 1
  
  I pasted the whole post in korean with translation but /. seems to filter out korean characters it seems. There is latest update on the blog. It says, the keylogger in question is called Starlogger, and apparently installing Windows Live Wave 4 and Slovenia language file will result in false detection of starlogger.
Samsung RF710 clean by ChaoticCoyote · 2011-03-30 17:35 · Score: 1

I purchased a Samsung RF710 a month ago, and am running the default OS install with zero problems. Sure, I scanned the machine, but it had almost NO crapware (as compared to HP and Gateway), and it has performed flawlessly. No key loggers or other problems. If anything, this has been the cleanest laptop I've every purchased. I wonder why Samsung did this? Has anyone other than the original author seen the same thing? It seems a strange move on Samsung's part.

--
All about me
it's all a lie. by herojig · 2011-03-30 18:25 · Score: 4, Informative

See http://www.samsungtomorrow.com/1071, from RTFA link.

--
I think therefore I can't be ~TTNH
1. Re:it's all a lie. by Douglas+Goodall · 2011-03-30 19:43 · Score: 1
  
  Now I am sure I don't have a clue who to believe. I just won't buy any more Sony products, even'' And I see no reason to buy a notebook from Samsung any way, seeing as how I buy Apple equipment for my computing needs. Once in a blue moon I do need to run Windows to blow a prom, but I just grit my teeth and hold my breath until next time. I wonder if LG put a keylogger in my washing machine?
2. Re:it's all a lie. by mea_culpa · 2011-03-30 23:24 · Score: 1
  
  Wish there was a way to promote this post to the top of the page.
3. Re:it's all a lie. by MarkGriz · 2011-03-31 01:18 · Score: 1
  
  Confirmed here as well.
  Mr. Hassan and NetworkWorld better hope Samsung doesn't sue their asses into oblivion for libel.
  
  --
  Beauty is in the eye of the beerholder.
4. Re:it's all a lie. by herojig · 2011-04-01 02:31 · Score: 1
  
  First time anything I have ever said has been marked "informative." I must be slipping...
  
  --
  I think therefore I can't be ~TTNH
Don't use a crap AV product by Anonymous Coward · 2011-03-30 19:22 · Score: 1

If you use a crap AV product such as VIPRE, which apparently cannot tell the difference between StarLogger keylogger, and a Slovenian language pack from Microsoft Live! you are destined to end up causing ridicule on /. homepage.
False positive by 1ini · 2011-03-30 19:53 · Score: 1

Samsung posted an explanation on a blog - http://www.samsungtomorrow.com/1071
"The confusion arose because VIPRE mistook Microsoft's Live Application multi-language support folder, "SL" folder, as StarLogger."
"(Depending on the language, under C:\windows folders "SL" for Slovene, "KO" for Korean, "EN" for English are created.)"
Re:Samsung and Sprint do this with Android phones by Scott+Scott · 2011-03-30 20:42 · Score: 1

According to k0nane, it's on the Evo as well. Thanks for calling attention to the presence of CarrierIQ on LG.
Source: http://forum.androidcentral.com/lg-optimus-s-rooting-roms-hacks/64914-carrier-iq-4.html
Backdoors are hard by js_sebastian · 2011-03-30 21:03 · Score: 1

That bit of German history is very cool, thaks.
If the final assembly and sale of a laptop is done in the US by a US company, then the government can hold the company responsible for making sure there are no rootkits, in software, firmware, or BIOS.
If you know how to "make sure", short of re-installing everything from scratch from trusted sources at the software, firmware, and BIOS level, you should patent it, publish some paper, and make a load of money out of it. I am pretty sure it can't be done in a general way. And what if you don't trust the company that wrote the firmware or drivers for a particular piece of hardware? Plan to re-write it yourself? And if you do re-install everything with trusted code, malicious hardware can still do whatever it wants, and the technology to detect it isn't there either.

The conclusion is that whoever put the backdoor there or knew about it is responsible (and should go to jail, be fined, etc as appropriate). But you cannot hold some random engineer accountable because he didn't spot the backdoor: bottom line is you can't spot backdoors in a reliable way.
1. Re:Backdoors are hard by Coeurderoy · 2011-03-31 01:58 · Score: 1
  
  Perfect security is imposible, but if you reinstall everything with "local" code you can lean on "local" companies.
  And you are right malicious HW is a problem, but at least having an "in house installation" gives you some level of protection and accountability.
  It also gives you the opportunity not to detect malicious HW but some of the effects of malicious HW.
  Although things like encoding messages in tiny time discrepencies in response times from some public server would be difficult to detect..
  My point was that basically there is no difference between an HP or Dell computer and a Lenovo or Haier in terms of "security"
  They all are variations of the same core "producer" China Inc.
2. Re:Backdoors are hard by lgw · 2011-03-31 02:00 · Score: 1
  
  You're thinking about the problem as a geek, not as a government procurment manager. I'm not saying that you're necessarily wrong, but if I were a government suit tasked with "only by laptops that you can be sure don't have a rootkit", then solving the problem by saying "anyone who wants me to buy $millions of laptops from me must make sure they don't have rootkits" would make perfect sense.
  And that process would have prevented the actual rootkit in TFA, so it's not a completely bad plan. And you can certainly hold some random engineer responsible if he knowingly inserted a backdoor, or conspired to do so.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
Grab your pitchfork by js_sebastian · 2011-03-30 21:07 · Score: 1

but this seems like something that needs verification before we grab the torches and pitchforks.
This is slashdot! Put on your tin foil hat and grab your pitchfork like a good slashdottie now...
Samsung denial by Barence · 2011-03-30 21:16 · Score: 1

Samsung has denied it's installed keyloggers on the machines. It claims Hassan's security software registered a false positive. http://www.pcpro.co.uk/news/366442/samsung-denies-installing-keyloggers-on-laptops
1. Re:Samsung denial by ChaoticCoyote · 2011-03-30 23:17 · Score: 1
  
  You're wasting your breath. The amateur pundits and doomsayers have already pronounced Samsung guilty, and are declaring in mighty tones their determination to boycott a company over a single report. No thought, no investigation, no waiting for the truth. Just charge ahead, demand a head on a bloody pike, and scream indignation... that's the Internet way. Should this prove to be a false positive, will Slashdot print a retraction? As for me, I was looking at an Acer model for my daughter; I think I'll buy her Samsung instead.
  
  --
  All about me
2. Re:Samsung denial by eyenot · 2011-03-31 00:34 · Score: 1
  
  It's not amateurish to take the accused at their word? Have you or anyone you know verified or disproved the accounts of either of the parties, at all?
  
  --
  "Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
Re:Without obtaining consent? by evanism · 2011-03-30 22:30 · Score: 1

I'd rather baton down windows!

--
Just bought a new quantum computer, but I'm uncertain how it works.
I'm now a former Samsung customer by Yaddoshi · 2011-03-30 23:08 · Score: 1

I've been shopping laptops for a while and Samsung keeps popping onto my list because I really like their monitors. I cannot give this company another penny, now that I know they do this.

Even though I would have erased the hard drive, destroyed the partitions and probably installed LINUX on it after the sale...the moral implications are there. If they thought installing a keylogger was a good idea, what else have they done with their products? I'd rather not have to be the person to find out.
Utter bullshit by igorthefiend · 2011-03-30 23:35 · Score: 4, Informative

False positive from a rarely used AV package - detects the same thing in an empty folder on a clean machine.
http://www.f-secure.com/weblog/archives/00002133.html
1. Re:Utter bullshit by Mr.+Haplo · 2011-03-31 00:03 · Score: 1
  
  You're right. I have Vipre Enterprise installed on a virtual machine that I use for work. I created a C:\Windows\SL directory then had Vipre scan the Windows folder. It claimed to have found StarLogger installed.
  If multiple antivirus products falsely report this, then that's just sad. I'm surprised just the presence of a directory would be considered a signature.
  Makes me trust antivirus products even less than I already do.
  
  --
  -- You have moved your mouse. Windows will now reboot.
2. Re:Utter bullshit by erroneus · 2011-03-31 00:26 · Score: 1
  
  This is simply amazing and I don't know what to think now. Okay, so an AV program generates a positive on a FOLDER? That's crappy as hell. That part seems to have been tested by others so I am inclined to believe it. But the person reporting claims to be a professional many times over and I find it difficult to believe he would rely on a single source of information to make his conclusion. Worse still is the response by Samsung's support who apparently acknowledged it? That's weird.
  I like all of my Samsung gear. Hard drives, my first and only bluray player, a monitor, my phone... I like their stuff. I don't want to think that my stuff could "turn on me." I don't want it to be true at all.
  But wow... why hasn't this "%SystemRoot\SL" issue been raised before? And the program that makes these folders is a Microsoft program?? That flies in the face of Microsoft's campaign to clean up and organize the file structure of Windows. I would seriously like to see more confirmation of this detail.
  I think we need to hear from Mohammed to confirm or deny that his findings were false.
3. Re:Utter bullshit by kbg · 2011-03-31 03:16 · Score: 1
  
  This VIPRE program is pure crap. It simply scans for "c:\windows\sl" folder and if found assumes it is a keylogger. The developers of this program should be taken outside and shoot, this is NOT how you design a security software. I would not recommend anyone to ever use any software from these morons.
Would anyone be surprised by ThatsNotPudding · 2011-03-30 23:38 · Score: 1

if the code also included cc: RIAA, FBI, NSA...
Assuming by ThatsNotPudding · 2011-03-30 23:55 · Score: 1

this permission wasn't granted deep in the EULA boilerplate.
take action by eyenot · 2011-03-31 00:21 · Score: 1

The more I read the more upset I am. There are now several different stories floating around about this.
Many sources are purporting that the Samsung Keylogger incident was a false alarm raised by an incompetent person. However, some of these sources are Samsung the company itself.
Two questions:
1. Why would Samsung self-implicate if they were innocent? According to the article, they did state to the author that they were complicit.
2. Why hasn't this been verified in a technically sound and competent manner? Most of the feedback I'm reading are a bunch of tweets and retweets either trying to create or destroy confidence in Samsung and/or in the story, with no technical backing and no apparent technical backGROUND. One dutch site takes hearsay for science and promotes itself as holding a definitive opinion. Etc.
IF it is true, here's what you do about that: tell everybody in every media you can about the incident. suggest that it would be wise to stop using or buying samsung computers as they are potential minefields of security nightmares and backdoors. tell everybody with samsung stock to sell samsung. don't buy it when the price dips -- just leave it alone. let them die miserable out in the cold -- teach companies a lesson not to do this to consumers.

--
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
Re:do some research before you speak by eyenot · 2011-03-31 00:26 · Score: 1

No, no, no, you don't go to the ACCUSED as the source! Jesus. WTF... they already admitted complicity!

--
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
PLEASE UPDATE FRONTPAGE WITH NEW REAL FACTS by faulteh · 2011-03-31 00:32 · Score: 2

I don't work for Samsung but I am a fan of their products.
It seems this so called 'IT consultant' used a crap, rarely used AV product called VIPRE which caused a false-positive, mistaking a SLovenian language pack from Microsoft Live! with a keylogger called StarLogger (both use C:\windows\SL apparently.. jeez I'd hate to use such a poorly written AV package!)
Please refer to posts by Sophos NakedSecurity blog http://nakedsecurity.sophos.com/2011/03/30/samsung-intentionally-shipping-laptops-with-keyloggerspy-software/
and Samsung Tomorrow http://www.samsungtomorrow.com/1071
NOW, can we please restore the integrity of /. frontpage news with actual facts instead of fear and obsolete debunked information.
PS - where did this "IT Consultant" get his training from? back of a cereal carton???
So much for that recommendation by Tridus · 2011-03-31 00:47 · Score: 1

I had been recommending Samsung laptops to people who asked me for advice after having a lot of good experiences with them... then they go and pull this BS?
Great way to alienate people, Samsung. No way I can give out recommendations now.

--
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
why did Samsung confirm this? by doperative · 2011-03-31 01:07 · Score: 1

'The supervisor .. confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, "monitor the performance of the machine and to find out how it is being used."'
UPDATE THE SUMMARY PLEASE! by Anonymous Coward · 2011-03-31 01:08 · Score: 1, Insightful

Hey fucking useless Slashdot editors... please update the summary so you don't continue to slander Samsung over this one guy's erroneous complaint.
Re:Independent discovery of keylogger on new Samsu by inviolet · 2011-03-31 01:20 · Score: 1

I browsed around a bit and found this thread in a forum: http://www.pctools.com/forum/archive/index.php/t-66173.html
In which Bianca150 last year posted that they had discovered Stealth KeyLogger 5.0 on a brand new Samsung laptop but assumed it was legit because you could download it from CNET!
Hey, congrats on making a bad situation worse! If you had actually read that webpage, you'd discover that it too was a false-positive. Somebody's cheap AV found a single registry key that was created by the Atheros driver, and flagged it as belonging to a keylogger... a keylogger which, curiously, was missing all of its other registry keys and files.

--
FATMOUSE + YOU = FATMOUSE
Story is bogus by MarkGriz · 2011-03-31 01:31 · Score: 1

FFS Editors, wake the hell up and update the summary.
This has been confirmed false by numerous sources.

--
Beauty is in the eye of the beerholder.
Well... by JustAnotherIdiot · 2011-03-31 01:34 · Score: 1

...looks like Samsung joins a long list of companies I refuse to buy from.

--
What do I know, I'm just an idiot, right?
no logger after all... Re:This is not believable. by Fubari · 2011-03-31 01:46 · Score: 2

You have good instincts :-)
Samsung 'keylogger' is a GFI VIPRE antivirus false-positive
Excerpt from link:

I’ve confirmed that the ‘keylogger’ that Samsung was accused of shipping with certain notebooks yesterday by NetworkWorld is, in fact, a false-positive result by GFI VIPRE antivirus software. Replicating the false-positive is easy simply create an empty folder called SL in the Windows folder and scan it.
False Alarm by lee1 · 2011-03-31 02:29 · Score: 1

Initial reports due to incompetence - there never was a rootkit: http://www.f-secure.com/weblog/archives/00002133.html
Things to Remember by s.whiplash · 2011-03-31 04:57 · Score: 1

Things to remember: 1. Mohamed Hassan - Remember not to read his articles or believe any gossip he spreads. 2. NetSec Consulting Corp - Remember not to ever hire them or trust any of their findings. 3. Norwich University - Remember not to let my children attend that university. 4. University of Phoenix - Same as number 3, except that I already knew this. Is the University of Phoenix the only place he could become an adjunct professor? To top it off, his position is in the School of Business and not an engineering based tract.
great! by cturiel · 2011-03-31 10:23 · Score: 1

Also, Samsung save the passwords, logins and personal data like backup service to their customers. They are so nice!