GFI sorry for false Samsung spyware scan

A security professional’s erroneous report that new Samsung computers contained software for monitoring user behaviour was triggered by a mistaken reading from his scanning program, illustrating some of the continuing challenges in an industry beset by malicious hacking.

The maker of the VIPRE scanning program, GFI Software, said on Thursday the program had misidentified a Microsoft-made Windows Live application installed on the Samsung machines as keystroke-logging software called StarLogger.

The confession came after Samsung investigated the published claim of a Toronto researcher, Mohamed Hassan, who had depended on VIPRE, and said that the scanner might have been part of the problem.

“We have no one to blame but ourselves,” wrote Alex Eckelberry, general manager of GFI’s security business unit. “We apologise to the author Mohamed Hassan, to Samsung, as well as any users who may have been affected by this false positive. False positives do happen, it’s inevitable,” he said.

In this case, Mr Eckelberry said, the confusion sprang from the fact that StarLogger creates a Windows directory called C:\WINDOWS\SL. After that directory was coded into the security program as a red flag, Microsoft began using it as directory for Slovenian language support, and VIPRE wasn’t updated.

Samsung might continue to suffer from consumer confusion, because the initial report circulated on social networks before the company realised what had gone wrong. More serious false positives have resulted in shutdowns of major corporations’ computers, as happened in April 2010 with Windows XP machines running some McAfee virus-detection software.

The latest incident comes as security companies are increasingly finding themselves outwitted by hackers who penetrate both computers of customers and even the security companies themselves.

Copyright The Financial Times Limited 2017. All rights reserved. You may share using our article tools. Please don't cut articles from and redistribute by email or post to the web.