Mohamed Hassan wrote in Mich Kabay’s Security Strategies newsletter that as soon as he received his Samsung R525 laptop, he ran a full system scan and found a commercial keylogger called StarLogger. StarLogger claims it records every keystroke made on the computer, even on password-protected boxes, starting up whenever the computer starts up. The software emails results at intervals to a specified email address and will even include screen captures.
Hassan ended up buying a second Samsung laptop, a model R540, and found the same keylogger installed on that one "The fact that on both models the same files were found in the same location supported the suspicion that the hardware manufacturer, Samsung, must know about this software on its brand-new laptops," he writes.
According to CrunchGear, a supervisor at Samsung admitted that the keylogger was installed by the manufacturer: "He confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, “monitor the performance of the machine and to find out how it is being used.”
They advise that if you have a Samsung laptop, you should look in C:\Windows for a \SL directory.
Update: An anonymous commenter at the NetworkWorld link above said "what this Network Security Expert found was a legitimate language file installed by Window's live...the software installed
was in fact Vipre, not the commerical keylogger called StarLogger. The confusion arose because Microsoft's Live Application multi-language support folder, "SL" folder, was mistaken for StarLogger." A commenter at Crunchgear offered a link to a ZDNet post offering the same rebuttal.