Linked by Thom Holwerda on Thu 31st Mar 2011 11:32 UTC
Privacy, Security, Encryption Well, this clearly needs to get its own item. Yesterday we linked to a story about how Samsung is supposedly installing keyloggers onto its laptops to track user behaviour. Samsung immediately launched an investigation into the matter, and has come to a rather humbling conclusion: the guy coming up with the story is incompetent, and Samsung has the evidence to prove it.
Order by: Score:
MajorTom
Member since:
2005-07-09

I'm not going to infect my computer with antivirus software [...]

I like the way you worded that, Thom. I agree 100% with the fact that antivirus software are infectious (I often say myself that they are worse than viruses) and I'd love to read an article from you on the topic.

Reply Score: 3

bouhko Member since:
2010-06-24

Actually, the only antirivus software I tolerate is MS security essentials. Contrary to all the other over-bloated antivirus, it has a minimal GUI and never gets in my way.

But yeah, I've been running an XP machine for 10 years without an antivirus and haven't got any problems. I guess that's because I don't install every .exe that pass by.

Reply Score: 4

mtzmtulivu Member since:
2006-11-14


But yeah, I've been running an XP machine for 10 years without an antivirus and haven't got any problems. I guess that's because I don't install every .exe that pass by.


Not being aware of a problem does not necessarily mean you dont have one.

Not all problems found their way into people's machine through installing shaky programs, some find their way through exploits of bugs found on pretty high profile and widely used applications.

The best way to be sure is to reinstall and start afresh, you should do that as soon as possible :-)

Reply Score: 5

Bill Shooter of Bul Member since:
2006-07-14

If you haven't been infected you're lucky. You do minimize your risky behaviour which helps reduce the odds, but not installing anti-virus on windows is still a horrible idea.

Reply Score: 2

WereCatf Member since:
2006-02-15

If you haven't been infected you're lucky. You do minimize your risky behaviour which helps reduce the odds, but not installing anti-virus on windows is still a horrible idea.


It depends. If your home network is behind a firewall and you are using AdBlock and FlashBlock on your browser then you're already pretty secure. Most viruses and malware these days come from open ports on your network, or via ads, so blocking both of them goes a long way.

I personally hate using antivirus, they bog the PC down and slow everything, and with some common sense, a firewall and AdBlock+FlashBlock I have only gotten one malware attack so far. The one malware program that did get on my PC actually came through Windows Live Messenger and after that I quickly switched over to eMesene.

Reply Score: 2

Nico57 Member since:
2006-12-18

If you're not feeling comfortable not running any antivirus software on your PC, that's OK.
It doesn't mean that others have to feel that way, nor that they're taking any risk not doing so.
Saying so it actually quite insulting.

Reply Score: 1

Bill Shooter of Bul Member since:
2006-07-14

My opinion ( shared by many, many security experts and industry security standards) was a purely technical one. It was not in any way personal, and should not be taken as such.

Reply Score: 2

molnarcs Member since:
2005-09-10

Yeah +1 for that wording. I always say that you're probably better off with viruses than running Norton, for instance. But the best solution is of course, MSE - low resource use (unnoticable even on low-end ATOM netbooks), stays out of the way, does one job and does it well (one of the very few tools from MS that follow the UNIX philosophy).

Reply Score: 2

stereotype Member since:
2007-04-06

I second that too. I gave up on running antivirus for my personal workstations somewhere between Windows NT4 and 98 and never looked back (and by workstations, I mean, nobody else but me touches them). I did manage to get infected maybe twice in all that time, but that was a long time ago, and nothing that grants changing my position on the subject matter...

However I would NEVER recommend that to anybody I know - I think it is something that a true power user has to naturally come to the conclusion him/herself. So I duly install it for anyone that asks for my help reinstalling Windows, and also try to keep track of the best ones, even though I don't use them myself...

Reply Score: 1

Samsung's first (or second) reply
by tomi on Thu 31st Mar 2011 12:15 UTC
tomi
Member since:
2009-10-08

What was it with Samsung saying "yes, we did put a key logger there" as linked in the first article? Sounds odd to say something like that right away, unless they confused this finding with some other "performance monitoring" program they install.

Regarding how they knew he was using VIPRE, I cannot find the link anymore but after the first news I followed links and ended up in some forum where they discussed the VIPRE program. Maybe Samsung's people found that from there, too.

Reply Score: 1

darknexus Member since:
2008-07-15

What was it with Samsung saying "yes, we did put a key logger there" as linked in the first article? Sounds odd to say something like that right away, unless they confused this finding with some other "performance monitoring" program they install.


Well, it's conceivable that the original security "expert" could be lying about that. I'm not saying he is, but it's possible especially in an internet article. Anyone can fake an email header.

Reply Score: 2

Stratoukos Member since:
2009-02-11

I've read that the first was given by a bottom level support guy (though I've read it in /. comments, so I'm not sure).

If this is indeed true, it would support Samsung's case, since I doubt the would announce their evil masterplan to every single employee of theirs.

Reply Score: 2

Comment by kvarbanov
by kvarbanov on Thu 31st Mar 2011 12:37 UTC
kvarbanov
Member since:
2008-06-16

So, it turns out that the supervisor from Samsung's support seems to be incompetent, because he is the one that is confirming that (sort of, probably not knowing what this is). I wouldn't install any anti-virus, too, such software is written by the same people that write viruses ;) Thom, the blue eyes saying seems to be known all around the world, but for sure it works in Bulgaria. Made me laugh.

Reply Score: 1

RE: Comment by kvarbanov
by DHofmann on Thu 31st Mar 2011 13:51 UTC in reply to "Comment by kvarbanov"
DHofmann Member since:
2005-08-19

The correct phrase in English would be, "we have to take Samsung at their word," or, "we have to take Samsung's word for it." http://dictionary.reference.com/browse/take+someone+at+his+or+her+w...

Edited 2011-03-31 13:52 UTC

Reply Score: 2

RE[2]: Comment by kvarbanov
by tingo on Fri 1st Apr 2011 11:30 UTC in reply to "RE: Comment by kvarbanov"
tingo Member since:
2007-10-13

And in Norwegian the phrase would be to believe something on someone's "ærlige ansikt" which translates to "honest face".

Reply Score: 1

RE: Comment by kvarbanov
by t3RRa on Thu 31st Mar 2011 21:48 UTC in reply to "Comment by kvarbanov"
t3RRa Member since:
2005-11-22

No not that all around the world as you might think. It didn't work on me. It probably would not work on Asians at least. (I am not a racist. I myself am originated from Asia ;)

Reply Score: 2

Article quality
by zimbatm on Thu 31st Mar 2011 12:54 UTC
zimbatm
Member since:
2005-08-22

By reading the original text, it's clear that the author didn't bother to do any form of investigation. Based on the result of a tool and a statistic of two, he starts making wild unfounded claims. Why is this even mentioned on OSnews ?

Seriously, it's not hard to keep an archive of the offending binaries, it's not rocket-science.

Reply Score: 3

RE: Article quality
by libray on Thu 31st Mar 2011 20:42 UTC in reply to "Article quality"
libray Member since:
2005-08-27

And he definitely deserves the flack he is getting.

The findings are false-positive proof ...



...Samsung, must know about this software on its brand-new laptops.

Reply Score: 2

Vipre
by darknexus on Thu 31st Mar 2011 13:01 UTC
darknexus
Member since:
2008-07-15

I'm not sure which side to believe on this one, but if Hassan really was using Vipre, he deserves to be ridiculed. That program has a history of false positives worse than most. It's become famous in certain circles for misidentifying accessibility products, such as screen readers and magnifiers, as Malware and removing them without consulting the user.

Reply Score: 2

RE: Vipre
by Karitku on Thu 31st Mar 2011 13:05 UTC in reply to "Vipre"
Karitku Member since:
2006-01-12

I'm not sure which side to believe on this one, but if Hassan really was using Vipre, he deserves to be ridiculed. That program has a history of false positives worse than most. It's become famous in certain circles for misidentifying accessibility products, such as screen readers and magnifiers, as Malware and removing them without consulting the user.

It's not just Vipre it seems, some other never heard AV-tools are also mistaking SL-folder as virus.

Epic failure from 2 people who claim to be security experts!

Reply Score: 2

RE[2]: Vipre
by darknexus on Thu 31st Mar 2011 13:36 UTC in reply to "RE: Vipre"
darknexus Member since:
2008-07-15

Epic failure from 2 people who claim to be security experts!


Well, it always seems that those willing to call themselves experts are usually the least knowledgeable.

Reply Score: 3

v Not really..
by gonzo on Thu 31st Mar 2011 13:58 UTC
Expert...
by vasper on Thu 31st Mar 2011 14:36 UTC
vasper
Member since:
2005-07-22

I believe this guy just changed jobs! If he is still a security expert, then Websters dictionary should redifine the word "expert".

Reply Score: 2

That was really unfair...
by Innominandum on Thu 31st Mar 2011 15:31 UTC
Innominandum
Member since:
2005-11-18

It's not fair to publicly label someone as incompetent on a news site. Hassan jumped to conclusions too early and made a terrible mistake. Literally, everyone makes mistakes. The next time you make a hasty mistake, I will write an public new article calling you incompetent. :-)

There's also a lesson to be learned; bringing this 'issue' to Samsung's attention first would have been a classier method of resolution and saved embarrassment.

Reply Score: 1

RE: That was really unfair...
by Thom_Holwerda on Thu 31st Mar 2011 15:36 UTC in reply to "That was really unfair..."
Thom_Holwerda Member since:
2005-06-29

The next time you make a hasty mistake, I will write an public new article calling you incompetent. :-)


And you'd be right. I've been incompetent on several occasions in the past, and I sure as hell will be incompetent in the future.

Reply Score: 2

RE: That was really unfair...
by vasper on Fri 1st Apr 2011 10:36 UTC in reply to "That was really unfair..."
vasper Member since:
2005-07-22

I beg to differ. An expert cannot afford to make childish mistakes like this.

Reply Score: 2

RE: That was really unfair...
by steogede2 on Sat 2nd Apr 2011 13:26 UTC in reply to "That was really unfair..."
steogede2 Member since:
2007-08-17

It's not fair to publicly label someone as incompetent on a news site. Hassan jumped to conclusions too early and made a terrible mistake.


He made a stupid mistake and unfortunately he publicised his findings on the Internet. There is no way to correct this with publicly printing a correction highlighting the stupidity of the mistake.

OSNews is, to some extent, labelling themselves as incompetent - they should really have checked that there was good evidence to backup the claims. I don't think they will be making the same mistake any time soon.

It is a little worrying that this story got any credence. The author has spent years (at least 18 months) studying for a masters degree in Information Assurance and what skills has he come out with at the end of it?
Again, after the initial set up of the laptop, I found the same StarLogger software in the c:\windows\SL folder of the new laptop. The findings are false-positive proof since I have used the tool that discovered it for six years now and I am yet to see it misidentify an item throughout the years.


He has learnt how to run a virus scanner. It seems he has also learnt that they can sometimes provide false positives. How does he verify that it isn't a false positive? Well, he doesn't need to, because the software has never (to his knowledge) reported a false positive in his experience. I don't think I will bother pointing out all the holes in that piece of Swiss cheese reasoning.

The letters after his name are curious, he has an MSc in Information Architecture and a couple of certs CISSP and CISA (a systems auditing degree, primarily for accounts who already hold a CIMA). I wonder what his bachelors was in, if he holds one?

Reply Score: 1

Comment by fran
by fran on Thu 31st Mar 2011 16:01 UTC
fran
Member since:
2010-08-06

People should wait a bit before linking stories like this hot off the press.

For a list of false positives performance see below.

http://www.virusbtn.com/index (Virus Bulletin)
http://www.av-comparatives.org/ (AV Comparatives)

Reply Score: 2

No bother
by Drunkula on Thu 31st Mar 2011 16:06 UTC
Drunkula
Member since:
2009-09-03

In the past month I bought a Samsung laptop. Nice lappy. Don't use Vipre, though. NIS2011 didn't flag it.

Reply Score: 2

RE: No bother
by jello on Thu 31st Mar 2011 17:05 UTC in reply to "No bother"
jello Member since:
2006-08-08

Yesterday I checked the Samsung laptop I bought in November and there was no "C:\Windows\SL" directory.

This said: I did not find any evidence for such a keylogger...

Reply Score: 1

Comment by OSbunny
by OSbunny on Thu 31st Mar 2011 19:41 UTC
OSbunny
Member since:
2009-05-23

I didn't even know that samsung made laptops.

Reply Score: 1

This is good news
by marcus0263 on Thu 31st Mar 2011 22:12 UTC
marcus0263
Member since:
2007-06-02

Well this is good news, now I don't have Samsung Lappy's but I do have their Plasma, a few monitors, drives, etc. I really like their products and this news threw me for a spin.

Now for network world to report this without really basic validation of the claims does throw serious egg in their face.

Reply Score: 1

Seemed to be a little fishy anyway...
by UltraZelda64 on Thu 31st Mar 2011 22:40 UTC
UltraZelda64
Member since:
2006-12-05

Did anyone really believe it? I never did (and probably never will) buy a Samsung computer, but really... even though I barely read into the original article, it seemed like something was up with it. I didn't care anyway (couldn't care less about their computers, really), so I didn't think much of it, but I thought the whole claim seemed a bit far-fetched.

The whole Sony rootkit situation was ridiculous and it's amazing that a company (ANY company) could have let that go, but this one seems (to me) even worse if it were to be true. And this is not Sony, so it's a bit less likely in my opinion. Samung, unlike Sony, has always seemed to me like a relatively decent company compared to many of them out there. While Sony practically shot themselves in the foot, this would be like amputating a leg. That's just not exactly something I could imagine a more trustworthy company like Samsung doing.

Reply Score: 2

Comment by atsureki
by atsureki on Fri 1st Apr 2011 01:59 UTC
atsureki
Member since:
2006-03-12

We have to believe Samsung on their blue eyes here, I guess (Dutch saying, no idea if it works in English).


Not at all... especially since you're talking about Koreans...

Incidentally, American surveys have found that people in general envy blue and green eyes, but judge their owners as dishonest. Maybe the Dutch have a different perception on the latter, one more aligned with the hypotheses of evolutionary psychology (American surveys aren't terribly fond of evolution, either).

http://www.psychologytoday.com/blog/the-scientific-fundamentalist/2...

We also posted the story, so we contributed to that, so apologies from us, too. We did have a question mark though, so, yeah.


In journalism, that's not a question mark; it's a cavuto. Named for Neil Cavuto of Fox News, the cavuto allows lazy and/or intentionally deceptive journalists to make up any alarming statement with little or no connection to reality and present it as a headline.

http://www.thedailyshow.com/watch/wed-september-13-2006/the-questio...

With the pace of Web news, it's inevitable that more and more stories will just provide the lead with a cavuto on it rather than investigating, determining, and writing up the actual story. It's all in the name of keeping up with the headlines.

Reply Score: 5

Comment by lucifer
by lucifer on Fri 1st Apr 2011 03:27 UTC
lucifer
Member since:
2006-08-20

phd students these days are not what they used to be. it's a good think he screwed up and make a fool of himself while still a student, rather than as someone with actual responsibility.

Reply Score: 1

Good Learning Experience for the Public
by benali72 on Fri 1st Apr 2011 04:11 UTC
benali72
Member since:
2008-05-03

Most consumers have no clue that many anti-malware programs miss important infections, while many others yield false positives. The lesson -- always install and use more than one anti-malware program for good cross-checking and results verification.

The public seems to have been lulled into a sense of security with MSE and rely on it alone to protect their Windows systems. MSE is an excellent product! But relying on it alone violates the fundamental principle that you need more than a single product to avoid false positives and negatives.

Unfortunately this public attitude guarantees malware problems will continue in the years ahead with Windows computers.

Reply Score: 0