Samsung cleared of false key logger allegations

False allegations in a Network World article about a key logger on the company's laptops have been traced to misfiring antivirus software.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
2 min read

Samsung has been cleared of false allegations lodged by a security specialist who claimed that keylogging software was installed on two of the company's laptops.

It turns out that a misfiring antivirus program called VIPRE, made by the GFI Software company, falsely identified a Microsoft Windows directory as malicious software.

GFI publicly apologized for the problem with VIPRE today in a post explaining that the directory used by Windows' Slovenian language files--C:\WINDOWS\SL--is the same path used by the StarLogger keylogger.

"At some point several years after the original detection was written, Windows Live started using that directory to install Slovenian language files," GFI Security General Manager Alex Eckelberry wrote. "Samsung started pre-installing Windows Live, including all the languages, and there you have the problem we're having today."

Eckelberry said the errant detection code has been fixed in VIPRE's latest update.

By the time Samsung released a statement last night explaining what really happened, hundreds of articles and blog posts had repeated the claim.

The false allegations against Samsung, one of the world's largest manufacturers, arose in a guest article by Mohamed Hassan on Network World's Web site yesterday that reported the laptops contained key logging software.

It's unclear why Network World, owned by IDG, didn't investigate Hassan's allegations independently--or test the Samsung laptops with other antivirus software--before publishing. The Network World article speculated that "Samsung's conduct may be illegal" and "we see a class-action lawsuit in your future." (Samsung's public relations department apparently didn't respond until the article was published.)

A post at CNET's sister publication, ZDNet, this morning said: "Replicating the false-positive is easy--simply create an empty folder called SL in the Windows folder and scan it."