Lenovo demonstrates that malware is big business

With retail profit margins shrinking, the consumer PC has become a collection of auctionable software elements

"User feedback was not positive," Lenovo acknowledged on its website this week - while also trying to explain how customers could protect themselves against a serious security risk.

"Visual Discovery/Superfish was previously included on some consumer notebook products shipped in a short window between October and December to help customers potentially discover interesting products while shopping," explains its web page where it also explains how to remove Superfish, which has been tagged by multiple security researchers as a serious risk to user credentials.

Related: Lenovo accused of compromising user security by installing adware on new PCs

Having been privy to OS bundling for products, I can assure you there is lengthy contracts, and negotiations, about exactly what is happening. You do not simply walk up to Lenovo and have your "software" installed into the OS without a very detailed contract and pay structure. There also looks to be Javascript injected into pages, which is serving up the ads, and a comment [in the Javascript] about Lenovo. Think about what that means. There was a project at this company, where they had meetings, project plans, testing to make sure it worked, and a very detailed idea of what was going on. Never mind all the ramping up capacity due to new Lenovo's boxes coming online. There is zero chance this was some low level junior programmer fly by night operation.

Related: Lenovo apologises for security-busting adware, offers 'incomplete' removal instructions