Slashdot Mirror

← Back to Stories (view on slashdot.org)

Samsung Keylogger Stories a False Alarm

Posted by CmdrTaco on from the everyone-sit-down-and-chill-out dept.

Trailrunner7 writes "The panic that arose yesterday about Samsung allegedly shipping laptops that contained a pre-installed keylogger turns out to have been a complete mistake after further investigation by security researchers and the company itself. In fact, the controversy was the result of a false positive from one commercial antimalware suite and nothing else. Several outlets reported on Wednesday that Samsung laptops had been found to contain a keylogger known as StarLogger right out of the box from the factory. However, upon closer inspection by security companies, the folder on the laptops that supposedly contained the malware was actually a directory that is part of Windows' multi-language support."

14 of 183 comments (clear)

  1. epic FAIL by pasv · · Score: 5, Insightful

    We believed someone who used a 3rd rate antivirus and didnt verify with a kernel debugger? FAIL on all our parts especially the "security researcher" who so thoroughly researched this one

    1. Re:epic FAIL by cf18 · · Score: 5, Interesting
      Indeed.

      - an antivirus software that rise alarm base on a two letter directory name inside \Windows , even when it is empty.

      - a "security researcher" that take the alarm at face value and never check if is actually there, check if the process run, what kind of content it was logging and where it is sending them.

      - a low level support manager confirm the software's existence, probably thinking about the fan speed and temperature monitoring software.

    2. Re:epic FAIL by John+Saffran · · Score: 4, Insightful

      Not to blow my own horn, but there were some of us who were sceptical of the story until it was proven by independent sources (http://slashdot.org/comments.pl?sid=2061772&cid=35673170).

      Basically the qualifications of the author aren't technical and he's commenting on a technical topic and the story was lacking on details so such a big claim couldn't (and shouldn't) be taken at face value without independent validation.

      In this case the independent validation seems to very strongly refute the claim, which is unfortunate for the author's reputation .. I hope he's learned a lesson from this, nobody needs security people talking about things they don't understand.

    3. Re:epic FAIL by ifrag · · Score: 4, Funny

      It could have been worse, they could have scanned it with McAfee and rendered the machine unable to boot.

      --
      Fear is the mind killer.
  2. Appropriate quote by _merlin · · Score: 4, Insightful

    The following fortune quote accompanied this story for me:

    It is not good for a man to be without knowledge, and he who makes haste with his feet misses his way. -- Proverbs 19:2

    Disturbingly appropriate, considering the story is about people jumping all over a false assumption. But I'm constantly surprised at the number of times a Windows installation with full multilingual support trips anti-malware or anti-virus software. Don't these guys even use their MSDN subscriptions to get a full set of Windows installs to test against?

    1. Re:Appropriate quote by mlts · · Score: 4, Informative

      I have found that AdBlock does far more to keep malware off a system than any antivirus program out there. Couple that with a decent firewall/NAT box/router, common sense about not running downloaded stuff, and a solid backup system, and that will pretty much make for malware-free computer usage. Using sandboxie doesn't hurt either.

  3. Good for Slashdot for following up by HawkinsD · · Score: 4, Insightful

    At least Slashdot has the journalistic ethics to post the follow-up. Good for them. I note that Network World is doing the same.

    Yes, I said "journalistic" in the same sentence as "Slashdot." It's important.

    --
    Never attribute to malice that which can be explained by mere idiocy.
  4. I don't care about facts. by mevets · · Score: 4, Funny

    I still hate the keylogging bastards that they are, and I want to see the whole company in jail...

  5. Re:Oh noes by MarkGriz · · Score: 4, Insightful

    Could? More like should.

    The title of the article was not "Did Samsung install keylogger on its laptop computers?"

    No, the title was "Samsung installs keylogger on its laptop computers", though it looks like they've updated it now to
    "UPDATE: Samsung keylogger could be false alarm"

    Great journalism there. Leap out of the gate screaming "keylogger!!!!" with zero fact checking, but later back off and say "oops we could be wrong"

    --
    Beauty is in the eye of the beerholder.
  6. Slovenian StarLogger by BitterKraut · · Score: 4, Insightful

    From Samsung's comment at http://www.samsungtomorrow.com/1071 it seems that the security program used identified the folder as StarLogger based solely on the fact that the folder's name is SL for Slovene. Incredible.

    1. Re:Slovenian StarLogger by jcla · · Score: 4, Informative

      I checked my newly purchased Samsung laptop last night after I saw the article and it had the /sl folder on it, but it took about half a second and an ounce of brainpower to notice that there was a large number of similar directories that all looked like language/country codes. And they all had the same kind of non-executable file in them. I'm not Slovenian. J

  7. Re:Oh noes by LordLimecat · · Score: 4, Insightful

    Everyone who left a comment decrying Samsung in the last article is just as much to blame. You give approval to such antics by your reaction.

  8. Re:So much for being a CISA CISSP MSIA ... by sglane81 · · Score: 5, Insightful

    Not to mention these gems:

    I installed ... security software ... The scan found two instances of a commercial keylogger called StarLogger ... This key logger is completely undetectable ...

    So, this program found something which couldn't be found. Check.

    After an in-depth analysis of the laptop, my conclusion was that this software was installed by the manufacturer, Samsung. I removed the keylogger software, cleaned up the laptop

    Removed the keylogger by removing the folder? Check.

    I found the same StarLogger software in the c:\windows\SL folder of the new laptop. The findings are false-positive proof since I have used the tool that discovered it for six years now and I am yet to see it misidentify an item throughout the years.

    So, "false-positive proof." Good to know that your extensive experience running an anti-virus program has yielded perfect results. Don't worry about the fact that you don't actually know what you're talking about.

    ... logged incident 2101163379 with Samsung Support (SS). First, as Sony BMG did six years ago, the SS personnel denied ... SS changed its story ... SS personnel relented and escalated the incident ...

    Can we claim Godwin here? I have a feeling Samsung Support doesn't refer to itself as the SS.

    You obviously have some kind of agenda, Mohamed Hassan, MSIA, CISSP, CISA. I know now to never trust anything NetSec Consulting Corp does. Also, congrats on being an "adjunct professor of Information Systems in the School of Business at the University of Phoenix."

    --
    This is the Internet. You can say "fuck" here. - AC
  9. Knee-jerk response is awesome by ashidosan · · Score: 5, Informative

    John Graham-Cumming has an excellent, level-headed response to Mohamed Assan's entire "research."

    Also confirmed at F-Secure.