GFI Apologise To Samsung Over False Keylogger Claims

Samsung was reported by Computerworld’s sister publication, Network World. In the report, Mohammed Hassan, an IT security consultant in Toronto, claimed that he had found a keylogger called Starlogger in a couple of brand new Samsung laptops they had purchased in Canada.

On March 31, 2011, it was claimed the false alarm on Samsung keyloggers.

Alex Eckelberry, who is general manager of GFI Security, a maker of e-mail and Web security products, said “I was really interested in the story. I thought if someone had found a keylogger, that’s pretty hardcore,”

The truth is that Samsung wasn’t secretly installing keyloggers on its systems, but that GFI’s security software, VIPRE, was mistakenly reporting that the laptops contained the malware. VIPRE is technology that was developed by Sunbelt Software, a company GFI purchased last year.

In the keylogger reporting article, the security program VIPRE was used and mistook a folder created by Microsoft’s Live Application for a key logging software, during a virus scan. The directory that caused the confusion was C:\WINDOWS\SL. While that is the Slovenian language directory for Windows Live, it is also the directory path used by the Starlogger keylogger. So when VIPRE encountered the SL directory on the Samsung laptops, it automatically flagged it as Starlogger, Eckelberry said.

After investigating the claims, it was said that the allegations were false.

“I want to emphasize ‘rarely’, as these types of detections are seldom used, and when they are, they are subject to an extensive peer review and QA process,” Eckelberry wrote, while apologizing to Samsung and the researcher who reported the problem.

Though folder path detections are fairly commonly used by many anti-malware products, the practice is generally frowned upon because of the potential it holds for generating false positives — as happened this time, he said.

“It’s such a rarely used detection method,” Eckelberry said. “To have this type of heuristic create the issue for us is a big embarrassment for us.”

More reading http://www.computerworld.com/s/article/9215396/GFI_apologizes_for_false_alarm_on_Samsung_keyloggers?taxonomyId=17

Tags: , , , ,

Category: News and Events