I've spoken before about how bloatware still "infects" computers. The Federal Trade Commission (FTC) in the US just handed Lenovo a significant smackdown over adware they pre-installed on PCs that made systems vulnerable.
The FTC charged that from August 2014 Lenovo began selling consumer laptops in the United States that came with a preinstalled “man-in-the-middle” software program called VisualDiscovery that interfered with how a user’s browser interacted with websites and created serious security vulnerabilities.
Part of the sneakiness of VisualDiscovery, which is developed by Superfish, is that when you closed the application, you "consented" to installing adware that inserted pop-up ads when you visited websites. The software did this by "listening in" on your activity. That included confidential information like usernames and passwords, social security numbers, and other PII.
Lenovo's penalty for this - a US$3.5M fine which is probably pocket change given their CEO is on a touch over $19M per year.
In addition to the fine, which I think is little more than a slap on the wrist with a limp celery stick, the company has to implement a comprehensive software security program for most consumer software preloaded on its laptops for the next 20 years The security program will be subject to third-party audits.
All of this was decided through a negotiated settlement - Lenovo disagrees with the allegations made by the FTC and the 32 US states that bought the complaint up.