My gloss of this story is "I harassed the tech support guy until he told me what I wanted to hear so I would go away." Let's see confirmation from someone who doesn't think an MS in IT is something to put at the top of every article, and then we can break out the pitchforks. How to do this right:

1. Fresh out of the box Samsung model whatever. 2. Copy the supposed files in that location to a thumb drive, post it online for others to verify that it is in fact a keylogger.

Not believing it either. Why would Samsung ever want to install this?: http://www.willebois.nl/starlogsetup.exe (30 day demo [click at own peril]).

From: http://www.willebois.nl/

That is not an enterprise grade keylogger rootkit, but a 23$ shareware program you could also find on cnet.com. Is the program registered? To who?

Close to 1 april's fools and Hassan has to admit he has a jealous lover? Or an affiliate/employee gone AWOL?: http://www.willebois.nl/content.php?pg=spbonus&type=htm

3. Get sued for copyright infringement?

This is not much of a response. I am still waiting for a press release.

Wonder if their hardware folks consider this kind of "performance" monitoring acceptable. Much harder to find a keylogger when it's in silicon. Samsung makes a lot of commonly-used chips.

Or more importantly, how can we trust that their hardware people do not?

edit: this of course is assuming that the story is reporting an actual Samsung practice, which I currently doubt.

I'm looking forward to seeing other people's reports from scanning newly bought Samsung laptops booted from a Linux LiveCD. The \windows\SL directory should be pretty conspicuous!

I am still highly skeptical. Support people are famous for making BS up just to shut a caller up.

From the original article at http://www.networkworld.com/newsletters/sec/2011/032811sec2.... :

>After the initial set up of the laptop, I installed licensed commercial security software and then ran a full system scan before installing any other software.

Is he really sure that the security software wasn't infected with Start Logger?

Or, since technically StartLogger is security software itself(think corporate), so maybe it is PART of the software he installed?

>Again, after the initial set up of the laptop, I found the same StarLogger software in the c:\windows\SL folder of the new laptop.

What does he mean by initial setup? The SAME security software as above?

> The findings are false-positive proof since I have used the tool that discovered it for six years now and I am yet to see it misidentify an item throughout the years.

How is this false positive proof? Is the program exe the same from all these 6 years? Aren't there chances that it is infected on the source itself(stranger things have happened due to security breaches at companies making security software).

Can't he give more details like the created/modified timestamps of the suspect files or if the software is sending stuff out?

>Mohamed Hassan, MSIA, CISSP, CISA is the founder of NetSec Consulting Corp, a firm that specializes in information security consulting services. He is a senior IT Security consultant and an adjunct professor of Information Systems in the School of Business at the University of Phoenix.

If the so called security experts do such sloppy reporting (most of the lead-in on the first page and most of the article and the ending is irrelevant grandiose fluff), what can we expect from the general internet-using public?