12:33 AM  Shubham Yadav  No comments

When Alex Eckelberry first read news reports on Wednesday that some of Samsung's R Series laptops contained keylogging software, he was as astounded as everybody else.

"I was really interested in the story. I thought if someone had found a keylogger, that's pretty hardcore," said Eckelberry, who is general manager of GFI Security, a maker of e-mail and Web security products.

The only other known instance of a vendor secretly installing similar software was Sony BMG, which got into all sorts of trouble for the infamous rootkit brouhaha in 2005.

Eckelberry's surprise at Samsung quickly turned to acute embarrassment when he began getting reports from colleagues that the evidence for the supposed keyloggers was based on a false positive from VIPRE, a malware-detection product sold by GFI.

The problem wasn't that Samsung was secretly installing keyloggers on its systems, but that GFI's software was mistakenly reporting that the laptops contained the malware.

"We just fell on our sword on this," Eckelberry said in an interview today. "It's just mud on our face."

VIPRE is technology that was developed by Sunbelt Software, a company GFI purchased last year.

In a statement today, Samsung denied that its computers contain keylogging software.

The company was responding to a report by Computerworld's sister publication, Network World on Wednesday. In the report, Mohammed Hassan, an IT security consultant in Toronto claimed that he had found a keylogger called Starlogger in a couple of brand new Samsung laptops they had purchased in Canada.

The researcher's claims prompted speculation that Samsung could be in legal trouble if it were installing keylogging software on products sold to the general public. The story was later picked up by the IDG News Service, which is owned by IDG, Computerworld's parent company.

After investigating the claims, Samung said that the allegations were false.

"Our findings indicate that the person mentioned in the article used a security program called VIPRE that mistook a folder created by Microsoft's Live Application for a key logging software, during a virus scan," the company said. "The confusion arose because VIPRE mistook Microsoft's Live Application multi-language support folder, "SL" folder, as StarLogger," Samsung said.

The directory that caused the confusion was C: