A Slovenian language directory for Windows Live is causing us considerable headaches this morning, and we have no one to blame but ourselves.
A Network World article has alleged Samsung laptops of having a keylogger. Unfortunately (and to our dismay), the evidence was based off of a false positive by VIPRE for the StarLogger keylogger.
The detection was based off of a rarely-used and aggressive VIPRE detection method, using folder paths as a heuristic. I want to emphasize "rarely", as these types of detections are seldom used, and when they are, they are subject to an extensive peer review and QA process. (It's not common knowledge, but folder path detections are actually used by a good number of antimalware products, but are generally frowned upon as a folder that looks clearly like one for malware has the potential of generating just this kind of result - a false positive.)
The directory in question was C:\WINDOWS\SL, and is the Slovenian language directory for Windows Live. This same directory path is used by the StarLogger keylogger.
We apologize to the author Mohamed Hassan, to Samsung, as well as any users who may have been affected by this false positive.
False positives do happen, it's inevitable and like all antivirus companies, we continually strive to improve our detections, while reducing any chance of a false positive. This one (admittedly, an incredibly embarrassing one) made it through our processes, and I have met with the senior managers in the area this morning to handle what happened and to continue to improve our processes.
The false detection is fixed in definition set 8878.]
(Thanks to F-Secure's Mikko Hypponen for the suggestion that I try this out!)