The maker of the VIPRE anti-spyware tool is taking responsibility for a false positive that misidentified a legitimate Windows folder on Samsung laptops as a program that secretly logs keystrokes.
"Samsung laptops do not have a keylogger (and it was our fault)," says the GFI Labs blog about a Network World guest columnist's report that Samsung was installing the keylogger on its laptops as a way to find out how the machines were being used.
According to GFI, its VIPRE tool made a mistake. "Unfortunately (and to our dismay), the evidence was based off of a false positive by VIPRE for the StarLogger keylogger," the company says in its blog. "We apologize to the author Mohamed Hassan, to Samsung, as well as any users who may have been affected by this false positive."
Samsung says statements that it installs keyloggers on its laptops are false.
The problem stems from the way VIPRE looks for the StarLogger. Using folder path detection to find StarLogger leads VIPRE to flag a legitimate Microsoft folder called "C:\WINDOWS\SL", which is a Microsoft Live Applications support folder for the Slovenian language.
GFI says it has issued a fix that eliminates the false positive.
"The detection was based off of a rarely-used and aggressive VIPRE detection method, using folder paths as a heuristic," the GFI blog says. It says that when it is used, results are subjected to extensive peer review and quality assurance.
Evaluating the result was complicated by a statement from a Samsung support supervisor to the author of the Network World article that the company does install StarLogger to "monitor the performance of the machine and to find out how it is being used."
Samsung and Network World newsletter author Mich Kabay plan to retest a random Samsung laptop later today to see whether it contains StarLogger.
"The statements that Samsung installs keylogger on R525 and R540 laptop computers are false," Samsung says. "Samsung will continue to respect customer needs by providing the highest quality products and services."
Samsung investigated and came to the same conclusion that GFI did. "The confusion arose because VIPRE mistook Microsoft's Live Application multi-language support folder, 'SL' folder, as StarLogger," the company said in a statement.