

Samsung responds to installation of keylogger on its laptop computers - anon1385
http://www.networkworld.com/newsletters/sec/2011/040411sec1.html

======
kevinpet
My gloss of this story is "I harassed the tech support guy until he told me
what I wanted to hear so I would go away." Let's see confirmation from someone
who doesn't think an MS in IT is something to put at the top of every article,
and then we can break out the pitchforks. How to do this right:

1\. Fresh out of the box Samsung model whatever. 2\. Copy the supposed files
in that location to a thumb drive, post it online for others to verify that it
is in fact a keylogger.

~~~
blauwbilgorgel
Not believing it either. Why would Samsung ever want to install this?:
<http://www.willebois.nl/starlogsetup.exe> (30 day demo [click at own peril]).

From: <http://www.willebois.nl/>

That is not an enterprise grade keylogger rootkit, but a 23$ shareware program
you could also find on cnet.com. Is the program registered? To who?

Close to 1 april's fools and Hassan has to admit he has a jealous lover? Or an
affiliate/employee gone AWOL?:
[http://www.willebois.nl/content.php?pg=spbonus&type=htm](http://www.willebois.nl/content.php?pg=spbonus&type=htm)

------
IgorPartola
This is not much of a response. I am still waiting for a press release.

------
derobert
Wonder if their hardware folks consider this kind of "performance" monitoring
acceptable. Much harder to find a keylogger when it's in silicon. Samsung
makes a lot of commonly-used chips.

Or more importantly, how can we trust that their hardware people do not?

edit: this of course is assuming that the story is reporting an actual Samsung
practice, which I currently doubt.

------
kragen
I'm looking forward to seeing other people's reports from scanning newly
bought Samsung laptops booted from a Linux LiveCD. The \windows\SL directory
should be pretty conspicuous!

------
recoiledsnake
I am still highly skeptical. Support people are famous for making BS up just
to shut a caller up.

From the original article at
[http://www.networkworld.com/newsletters/sec/2011/032811sec2....](http://www.networkworld.com/newsletters/sec/2011/032811sec2.html)
:

>After the initial set up of the laptop, I installed licensed commercial
security software and then ran a full system scan before installing any other
software.

Is he really sure that the security software wasn't infected with Start
Logger?

Or, since technically StartLogger is security software itself(think
corporate), so maybe it is PART of the software he installed?

>Again, after the initial set up of the laptop, I found the same StarLogger
software in the c:\windows\SL folder of the new laptop.

What does he mean by initial setup? The SAME security software as above?

> The findings are false-positive proof since I have used the tool that
> discovered it for six years now and I am yet to see it misidentify an item
> throughout the years.

How is this false positive proof? Is the program exe the same from all these 6
years? Aren't there chances that it is infected on the source itself(stranger
things have happened due to security breaches at companies making security
software).

Can't he give more details like the created/modified timestamps of the suspect
files or if the software is sending stuff out?

>Mohamed Hassan, MSIA, CISSP, CISA is the founder of NetSec Consulting Corp, a
firm that specializes in information security consulting services. He is a
senior IT Security consultant and an adjunct professor of Information Systems
in the School of Business at the University of Phoenix.

If the so called security experts do such sloppy reporting (most of the lead-
in on the first page and most of the article and the ending is irrelevant
grandiose fluff), what can we expect from the general internet-using public?

