Slashdot Mirror
Samsung Keylogger Stories a False Alarm
Trailrunner7 writes "The panic that arose yesterday about Samsung allegedly shipping laptops that contained a pre-installed keylogger turns out to have been a complete mistake after further investigation by security researchers and the company itself. In fact, the controversy was the result of a false positive from one commercial antimalware suite and nothing else. Several outlets reported on Wednesday that Samsung laptops had been found to contain a keylogger known as StarLogger right out of the box from the factory. However, upon closer inspection by security companies, the folder on the laptops that supposedly contained the malware was actually a directory that is part of Windows' multi-language support."
We believed someone who used a 3rd rate antivirus and didnt verify with a kernel debugger? FAIL on all our parts especially the "security researcher" who so thoroughly researched this one
Because SRAT likes to live in the IME folder ... and that's definitely a keylogger.
But the original writer and now famous Security researcher is MSIA, CISSP, CISA ... That must say something no ?
what do you mean Security Certification are worthless ?
SURE it's just for multilanguage support. SURE it is. :)
infoworld / networkworld got their click throughs, some people will never publish a retraction, spreading fud earns support from sponsors and readers can get their outrage glands working. Everyone wins, everyone loses.
Unless people want to stop taking unconfirmed near-zero evidence postings seriously?
The following fortune quote accompanied this story for me:
Disturbingly appropriate, considering the story is about people jumping all over a false assumption. But I'm constantly surprised at the number of times a Windows installation with full multilingual support trips anti-malware or anti-virus software. Don't these guys even use their MSDN subscriptions to get a full set of Windows installs to test against?
At least Samsung is not a Chinese company.
Quick! Call the worldwide boycott off before the entire company loses its 13.5Billion revenue.
On a related note, could Samsung sue the journalists for libel?
At least Slashdot has the journalistic ethics to post the follow-up. Good for them. I note that Network World is doing the same.
Yes, I said "journalistic" in the same sentence as "Slashdot." It's important.
Never attribute to malice that which can be explained by mere idiocy.
The earlier article quoted Samsung as admitting to placing the software on their computers to gather information. Either that part of the earlier story is false or the current one is. This is not good journalism.
That was certainly one way to get moved up in the queue and get a real answer out of samsung.
I still hate the keylogging bastards that they are, and I want to see the whole company in jail...
Urgh. This seems such a stupid mistake, so much panic was created simply by the existence of a folder. I'm annoyed at myself for believing the hype and swearing off Samsung products yesterday. Sorry Samsung, forgive and forget?
is a Microsoft product?????
Rick B.
And the 2010 Foot in Mouth award goes to...
The writer AND the "security researcher" both of whom put the credibility of their school, degree, and certifications at risk.
I sense two egos deflated for the better.
http://yro.slashdot.org/comments.pl?sid=2061772&cid=35672358
Where did this quote come from, then?
monitor the performance of the machine and to find out how it is being used
Technoli
Pick up milk and eggs
Pick up dry-cleaning
Don't use VIPRE.
Loading...
My wife has a Samsung R580 which is almost a year newer than the laptops the guy mentioned in the article. I was going to scan it with some decent rootkit programs (like f-secure blacklight or rootkit revealer) only to find out some of my favorites don't work with 64bit Win7. I wrote to the guy who wrote the article, asking about the name of the "commercial security scanner" he installed. He never replied back. I booted my wife's laptop into Linux last night using a Live CD, and performed some find commands for supporting files of the StarLogger program (which showed up in a google search). Nothing. I was thinking if this was true, hers was exempt because it was almost a year older. Turns out, I find out today, I did more research than this supposedly "phd security expert" had.
FLR
Inb4 all of the commenters from the previous Samsung article come in here and act like they didn't assume that the keylogger was real, didn't yell about how Samsung should/will be persecuted for this, and didn't ask for people to boytt Samsung ;)...
I always hear Slashdotters complaining about "moral panic" and complaining about the "idiots" who don't do their research before making claims... How is this any different? Really, it's no different. Is the level of "corporate hate" on Slashdot really that high as to exclude any common sense (apparently not so common) when dealing with a subject like this where it's impossible to tell whether he was right? He said he was right in the previous article, but why did you blindly trust him? All it takes for a simple, non-assuming comment is to add "If this is true," to the beginning of your comments. It isn't very hard and it doesn't make you look like an idiot when the entire reason you said those things turned out to be bullcrap.
"Our country is not nearly so overrun with the bigoted as it is overrun with the broadminded." -Archbishop Fulton Sheen
And this is a surprise?
Turn on the TV. Go to any "News" site. Everything is designed to make you react in some way. They especially like to find the most "outraged" person and interview them. /., where is the outrage for things that matter?
It is a bit sad. People will freak out about stuff like this and demand action, yet your government erodes your rights and destroys your country a little bit more each day and the same people are quite.
Tell me
The tagline for VIPRE AntiVirus is 'Finally Antivirus Software That Won't Slow Down Your PC!'.
I guess we know why. Who wants to spend all those CPU cycles searching through binaries both in RAM and on disk, comparing them against a database of virus patterns, and performing advanced heuristics checks when it's so much easier to match directory names and call it a day?
I suppose this slovene language is not specific to samsung. Do we have any slovene speaking people here to run vipre on their machines (laptop/desktop/server)?
Oh, [weaselwords] "Security Researchers" [/weaselwords] and the company who supposedly put it there in the first place (and admitted it was there) say it's not really there even though the new evidence is bullshit?
That sounds legitimate. It must be a false alarm.
Oh, the bank robber who robbed the bank and his "Legitimate businessmen" gangster buddies say he didn't rob the bank even though he confessed and the new evidence is circumstantial?
That sounds legitimate. Bank robber is free to go.
From Samsung's comment at http://www.samsungtomorrow.com/1071 it seems that the security program used identified the folder as StarLogger based solely on the fact that the folder's name is SL for Slovene. Incredible.
My initial reaction was more along the lines of "That sounds unlikely" than "Burn them!".
My initial response was;
It's a Network World/IT World article, so its probably made up garbage that will be debunked within hours.
And look at that... it was. Shocking.
I have a friend who likes to sent me IT World articles. It's become a running joke how bad their articles are written. Well, a joke to me at least, he still thinks they are some sort of reputable news source for all things IT and that I am just 'picking on them'.
University of Phoenix.
I've seen a few people mention it already in previous articles but I'm actually beginning to wonder myself if this is an orchestrated FUD campaign against Samsung. The actors story was, well, a complete fucking non-story too.
Rogue Apple fanboy, or Apple PR getting a bit twitchy about Android and Samsung's Galaxy phones and tablet perhaps?
Will be interesting to see if this anti-Samsung FUD continues or if it's mere coincidence that two FUD stories have been posted about Samsung in such a short period.
Seriously?
"Mohamed Hassan, MSIA, CISSP, CISA is the founder of NetSec Consulting Corp, a firm that specializes in information security consulting services. He is a senior IT security consultant and an adjunct professor of Information Systems in the School of Business at the University of Phoenix. "
Goes to show you all that credentials do mean a thing.
And according to Register "Hassan investigated the matter before working on a story for NetWork World that compared the incident to the infamous Sony BMG rootkit fiasco of 2005."
LOL that's some amazing investigation skill for a security consultant. Turns out he was using a 3rd rate antivirus software, didn't bother to verify the result is correct (finding actual evidence of the keylogger program or use another antivirus to verify), and it was Microsoft software and not Samsung related at all.
He needs to hang up his jacket as a security "expert"
But I'm constantly surprised at the number of times a Windows installation with full multilingual support trips anti-malware or anti-virus software.
Right on spot, but I think we are witnessing the precursors of auto-immune diseases. The point at which the relations between attacker and defendant become too complex for an immune system to keep it straight all the time.
Interesting times indeed.
(captcha was: security, btw)
They ship CarrierIQ on their Android phones on Sprint. It's hooked in to read all sms messages, button presses, etc.
http://forum.xda-developers.com/showpost.php?p=11763089
promises to be more trusting and less vigilant in the future.
This line
"Mohamed Hassan, MSIA, CISSP, CISA is the founder of NetSec Consulting Corp, a firm that specializes in information security consulting services. He is a senior IT Security consultant and an adjunct professor of Information Systems in the School of Business at the University of Phoenix."
And is now the laughing-stock of the IT security world.
Nice job moron!
I don't think it will ever be appropriate to remove the hyphen from "anti-malware". "Antivirus", sure, but "antimal" will always be too close to "animal" for easy parsing as a compound word.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
John Graham-Cumming has an excellent, level-headed response to Mohamed Assan's entire "research."
Also confirmed at F-Secure.
Good work, Slashdot. Maybe you'll be a tad more cautious before reported bogus news, eh?
As for individual posters: How many of the people who screamed vitriol at Samsung will now apologize? How many of those who vowed to boycott Samsung in yesterday's thread will admit they were wrong?
I'll bet very few.
We live in a society where people treat indignation like a drug, always ready to believe the negative, always looking to be a victim. Sad times for the species indeed. Will people learn from this, and stop believing everything they read? One can only hope (a fool's hope, but hope nonetheless.)
All about me
I think the part that gave the most merit to the original claim is that Samsung "admitted" to it. However, in retrospect, it's easy to see what may have happened... here is the quote about Samsung admitting to the problem:
"The supervisor who spoke with me was not sure how this software ended up in the new laptop thus put me on hold. He confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, "monitor the performance of the machine and to find out how it is being used.""
What seems to have happened is the person called technical suppport at Samsung... people trained to help you with your computer not booting, overheating, optical drive malfunctions, dead pixels on the LCD, etc, etc, etc and asked something that they would have of course known nothing about. I'm going to go out on a limb and make some assumptions... I may be completely wrong, but I've seen this played out in the phone support industry when I worked there more times than I can count. I'm sure, like every other phone based support line, they are trained that when they don't know the answer to something, to make a ticket and someone more knowledgeable will call them back. I assume that because the person was escalated to a supervisor, he did not find that option satisfactory and wanted an answer to his odd request RIGHT THAT MOMENT. Enter the supervisor. At this point, the supervisor will say whatever it takes to appease the upset customer... I'm sure something in the Samsung support database about their performance monitoring software lined up in the tiniest way with the customers finding, so the supervisor gave him that info, and there we go... an "admission" by Samsung.
If you hate corporations, I'm sure that's enough for you... and someone paid by Samsung saying something about a Samsung product is the be all end all of any situation... but realistically... if they want to provide you with affordable devices with reasonable support, they can't afford to put a "lawyer technician IT superman" on the receiving end of every call...
tl;dr if you try and whine hard enough, you can get a phone support tech to say anything you want
The post from yesterday had this line in it. "After initial denials, Samsung has admitted they did this, saying it was to 'monitor the performance of the machine and to find out how it is being used."
Is buying a Harley Davidson as your first motorcycle since you were 16 at age 49 a midlife crisis issue?
Oh shut up. There was a quote in the original article saying that Samsung confirmed it. So there was at least some reason to believe it was real.
Get off your soapbox.
That's what they'd like you to believe . . .
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
Several commenters have suggested that there still might be something to this story because someone at tech support allegedly admitted that there was monitoring software on the computer. To this I say: get real. Have *you* ever worked in an entry-level call center? We're talking about people earning $8.00 an hour and reading off of scripts. If the call center is located overseas, English may not be their first language. And these people probably don't get their paycheck from Samsung, but from an outsourcer, and they certainly are not privy to Samsung's innermost secrets.
The fact that the call was ostensibly handled by a "supervisor" means *nothing*. At almost all call centers, any sufficiently skilled employee (and that's a pretty low bar) is allowed to take a "Sup Call." Handling of these calls emphasizes getting the customer off the line, NOT resolving technical issues. They may have just been telling the customer what they wanted to hear. Or they may have been referring to more innocuous monitoring software, like "Samsung Magic Doctor" (which one review site says "promises to fix any PC problems and then recover your system should anything go wrong").
that corporations have become so powerful and governments so blase about the rule of law that a goodly chunk of even this crowd accepted this story as quite possibly true.
If I were Samsung I would sue the hell out of them, that'll teach those loosers for putting information out on the internet without actually verifying their conclusions, this is one of a good example what's wrong with internet, too many other sites actually just copy the news without verifying it, in the end it could hurt your business enormously..
I'd been typing on my Samsung machine will never get to the beautiful key log reader? I'm so alone Slashdot!
"What makes you think she is a witch?"
"She turned me into a newt!.........Well I got better."
CISSP has a Code of Ethics:
https://www.isc2.org/ethics-complaint-procedures.aspx
https://www.isc2.org/ContactUs/default.aspx
Oh, I see, so Microsoft international language support is the keylogger!
So Windows in Malware, what else is new?
Dammit, I so wanted to hate another company.
Lou
Calling him a 'researcher' might be a bit much for that matter. But that's neither here nor now - may he lose his position swiftly.
What I'm wondering, though.. WTF is Windows Live doing!?
Installing into the Windows folder?? The very thing that Microsoft have been discouraging since Windows 95? That they've gone to some lengths to prevent (Admin privilege elevation prompts) from happening in Vista+?
Even when something does install into the Windows directory, for whatever reason. WHY on EARTH would you put language-specific directories into the Windows root directory?
Somebody else here already noted that they saw a lot of other two-letters directories that they recognized as language things. Ugh.
I realize that this behavior is not the direct cause of either the false positive (pretty stupid scanner if it yells fire just 'cos of a folder name) or its wide reporting (stupid researcher who should lose his position and similarly stupid media for leaping on it), but it's still flabberghastingly idiotic that Windows Live would create its folders there.
I hope Samsung's image has not been damaged too badly. I'm sure their swift response has helped mitigate things (great job, PR department!), but there will always be media who will simply not report on this debunking, won't update their older articles, etc. and those who will be sceptical of Samsung based on this false report despite its debunking.
Did I mention yet that this 'researcher' needs to lose his position?
False positives are killing us, not only email and malware but also terrorists.
Because it doesn't install there. I just installed the Slovenian Windows Live Essentials, and there is no C:\Windows\SL directory, there is a C:\Windows\sl-SI directory though from installing the Slovenian language pack.
Modern Windows versions use languagecode-COUNTRYCODE for all of its localizations. There would never be a reason why a modern version of Windows would put localization data in C:\Windows\SL...
WARNING! This girl exceeds the MAXIMUM SAFE standards established by the FDA for BRATTINESS
Corrections: Windows Live Photo Gallery installs a Screensaver (which all have to be in C:\Windows, or Windows can't find them... retarded, right?) and that for some godforsaken reason uses a bare languagecode directory for its MUI files. (Even though the rest of Windows has moved on from that, since you know, pt-PT and pt-BR are actually both equally supported... I think they're tier three.)
WARNING! This girl exceeds the MAXIMUM SAFE standards established by the FDA for BRATTINESS
I agree!
All you sinners repent now! I'm talking to you Anonymous Coward!! Also:
matt_gaia (228110) "Samsung, and hopefully one they'll be sued to hell over."
amicusNYCL (1538833) "Welcome to my shitlist, Samsung."
noc007 (633443) "Damn you Samsung"
Quinn_Inuit (760445) "I don't think either of us would take a Samsung computer of any sort for free at this point"
metrometro (1092237) "The answer is criminal charges for wiretapping. Throw the CEO and their corporate council in jail,"
echucker (570962) "Samsung's tech support guy already admitted to it."
Lead Butthead (321013) "Don't buy their product, and let everyone you know why"
pclminion (145572) "I mean, literally, unbelievable. I do not believe it. And anyone else who believes it without some proof apart from what this dude says, is a god damned moron. Apparently that's most of the people in this thread."
How many more years will slashdot have an off-by-one error on your Score in your profile?
"falsepositive" WTF? Anyone who read yesterday's article read that dumbass nigga say, `and it can't be a false positive, 'cause, like, you know, I've been using this application whom I bought legally and licensed well like 6 years ago and it's been always reliable. And like, you know, further and shit, moreover I have an MSIA. You know.'
Well color me a dumb nigga too cauz, likez, I thought he was referring to his/a lil ole MS cert. But I redz all the wayz to the endz and found out 'twas a Master.
Oh shut up. There was a quote in the original article saying that Samsung confirmed it. So there was at least some reason to believe it was real.
Get off your soapbox.
Are you serious? You are making OPs point for him. That "quote" was, as the rest of the story, completely unsubstantiated. The "security consultant", who completely misunderstood everything about this, claimed that tech support (really!!??) had confirmed it to him. Even the original story had the official Samsung response as 'no comment' while they were investigating. Our willingness to believe an extraordinary claim like this based on no evidence whatsoever, and bring out our pitchforks and nerdrage, is quite interesting. People easily believe what they want to believe I guess.