While setting up a new Samsung computer laptop with model number R525 in early February 2011, I came across an issue that mirrored what Sony BMG did six years ago. After the initial set up of the laptop, I installed licensed commercial security software and then ran a full system scan before installing any other software. The scan found two instances of a commercial keylogger called StarLogger installed on the brand new laptop. Files associated with the keylogger were found in a c:\windows\SL directory.This is double-plus ungood, from a security perspective. The fact that a vendor would record your passwords without your knowledge or consent is a huge breach of trust. So far, the Samsung PR flacks are ducking the issue.
According to a Starlogger description, StarLogger records every keystroke made on your computer on every window, even on password protected boxes.
My recommendation is that anyone considering buying one of these reconsider.
Update 31 March 2011 11:17: An anonymous commenter says this is a false alarm. El Reg adds some detail:
Samsung has issued a brief denial, in which it said the researcher has identified an innocuous directory as the keylogger in error. Its statement says that the researcher's security program "mistook a folder created by Microsoft Live Application for a key logging software, during a virus scan."If this is an antivirus false positive event, I wonder if Samsung could sue for damage to reputation.
I hate to say it but I recommend building your stuff from scratch. It used to be cheaper, but not any more. Fresh components from different manufactures and a clean install of an OS of your choice will work wonders.
ReplyDeleteUm, you want to try to build a laptop from off-the-shelf components?
ReplyDeleteI hope Samsung gets a bloody nose for this, PR wise. No, a whole bloody face. They deserve it. How friggin' stupid can you get, betraying your own customers' trust this way?
Whoops! Sorry wolfwalker you are absolutely correct!
ReplyDeleteI stand corrected! Since I deal with desktops my view was skewed.
Definitely crosses Samsung off my list of computers to buy. But if they are doing it, I wouldn't put it past any of the other companies to be doing it to.
ReplyDeleteKeads: I should add that WRT desktops I agree, to a large extent. Building my own PCs is a very satisfying activity. The only problem is the occasional hardware/software inconsistencies one encounters. But I think that's made up for by the certainty that I know what's in that box, and what's on that hard drive, because I'm the one as put it there.
ReplyDeleteBut laptops are a different animal. I'd as soon try to build my own laptop as build my own car or dSLR.
@wolfwalker- I concur!
ReplyDeleteSamsung has no interest whatsoever in what you do, so they question is who told them to do this and why and can we trace where the data is being sent?
ReplyDeleteHas some paranoid government agency insisted all Laptops in the USA have this installed all in the name of puppies, kittens and of course the children.
Or on reflection Samsung will not make the laptops themselves or install the software so either the third party probably Chinese manufacturer did it on instruction from their Government. Samsung will license an OEM version of Microsoft OS and other products to install all it takes is something to be added without their knowledge.
ReplyDeleteI used to work for a company way back in the day that made that software under license for shipment with PC's. It would be easy to change the master copy with a modified one. Just some thoughts or Samsung really is so dumb that they have now broken lots of federal laws if any data has been taken without permission.
False alarm: not a keystroke logger at all.
ReplyDeletehttp://www.engadget.com/2011/03/31/samsung-reportedly-installing-keylogger-software-on-r525-privac/
The danger of the Internet (one of them) is that a story can fly around it instantly and have undeserved credibility.
ReplyDeleteTurns out it was bad security software. http://tinyurl.com/46ewrer
Lawyers will be forthcoming.