Skip to main content

Samsung Vindicated In Keylogger Spyware Episode

GFI Software has apologised to Samsung after its scanning tool mistakenly labelled a Windows Live file on a brand new Samsung R-series laptop as malware.

The controversy was stirred when security researcher Mohamed Hassan reported that the two Samsung laptops he had bought contained keylogging malware after he scanned the devices using the VIPRE scanning tool created by GFI Software.

Samsung denied the allegation and did an internal investigation which revealed that the VIPRE tool had mistaken a Windows Live application for key logging malware. Other independent tests created by researchers confirmed Samsung's report.

“The statements that Samsung installs keylogger on R525 and R540 laptop computers are false. Our findings indicate that the person mentioned in the article used a security program called VIPRE that mistook a folder created by Microsoft’s Live Application for a key logging software, during a virus scan,” Samsung said in a statement.

In a blog post GFI Software explained that the path used by the Windows file in the Slovenian language, 'C:\WINDOWS\SL', is also the path used by some known keylogging malware called Star Logger or SL.

“We apologize to the author Mohamed Hassan, to Samsung, as well as any users who may have been affected by this false positive. False positives do happen, it’s inevitable and like all antivirus companies, we continually strive to improve our detections, while reducing any chance of a false positive,” the company said in a statement.