The misunderstanding began after Network World on Thursday published an article, written by security researcher Mohamed Hassan, in which he claimed he had purchased two brand new Samsung laptops that were infected with a commercial keylogger called “StarLogger.”
Adding to the confusion, Hassan said he placed an incident report with Samsung on March 1 and during the call a support supervisor said that the company put the software on the laptop to, “'monitor the performance of the machine and to find out how it is being used,'” according to the article.
Samsung has since denied that its laptops were sold with the keylogger program.
“Reports that a keylogger was installed in Samsung laptops are not true,” a Samsung spokesman told SCMagazineUS.com in an email statement Thursday. “Our findings indicate that the person mentioned in the article used a security program called VIPRE that during a virus scan mistook a folder created by Microsoft Live Application for keylogging software.”
VIPRE is an anti-virus program produced by GFI Software.
Anti-virus firm F-Secure also independently tested several Samsung laptop models and found no keyloggers. The firm tested six Samsung models, including R540, the model mentioned in Hassan's report, and all were clean.
“Until proven otherwise, we don't believe Samsung has been installing keyloggers on their laptops by default,” Mikko Hypponen, chief research officer at F-Secure, wrote in a blog post Thursday.
In the original Network World article, which has since been updated, Hassan said he became aware of the issue last month after purchasing a new Samsung R525 laptop. A security scan of the machine turned up two instances of the StarLogger keylogger, which he scrubbed off the machine. After experiencing problems with the laptop, Hassan said he brought it back to the store and purchased the more powerful Samsung R540 model laptop, on which he found the same keylogger.
“The findings are false-positive proof since I have used the tool that discovered it for six years now and I am yet to see it misidentify an item throughout the years,” the researcher claimed.
But according to GFI, Hassan's findings were indeed based on a false positive. The company has apologized.
“False positives do happen. It's inevitable, and like all anti-virus companies, we continually strive to improve our detections while reducing any chance of a false positive,” Alex Eckelberry, general manager of GFI Security, wrote in a blog post Thursday. “This one (admittedly, an incredibly embarrassing one) made it through our processes.”