Recent reports that “Samsung installs keylogger on its laptop computers” are likely to have been a false alarm, caused by a directory named C:WINDOWSSL being found on the newly purchased Samsung laptops. The mere existence of this folder causes some anti-virus software to incorrectly report the presence of the commercial Starlogger keylogging software, even if the software is not actually installed.
The Samsung Tomorrow website states that any claims of a keylogger on R525 and R540 laptops are false, pointing out that Microsoft’s Live Application multi-language support legitimately creates this folder. Netcraft tested this by creating an empty C:WINDOWSSL folder on a malware-free Windows computer. VIPRE Antivirus Premium subsequently reported an elevated risk, claiming that the commercial Starlogger software had been found:
F-Secure’s Chief Research Officer, Mikko Hypponen, was one of several security experts who found the original keylogging reports hard to believe. He solved the mystery for himself by going to a local computer shop and checking a range of Samsung laptops, none of which were running any keyloggers.