Follow-up:
HP issues fix for 'keylogger' found on several laptop models
Apparently the 2016-and-forward models are fixed, with a Windows Update all you need to remove the code and the log file. 2015 models will have something out friday (today as of this writing).
Hard to find it on HP's website (probably easier if you can put in a specific laptop serial number), but if it's on Windows update, people should be OK.
Oh and as for my personal feelings on this, I think it's sloppy, but not malicious. It's EASY to leave in test code that shouldn't be there in release. That's what reviewers are for, so that other sets of eyes look at your code, but even then if you have a sprawling update, things can get missed. That something of this magnitude was missed for so long is a whole other thing, but again, not hard to see how it happens. It's against best practices, and bad for all those kinds of reasons, but I doubt malice.
I'll actually give credit for a quick response on this one, as long as they didn't know prior to publication. If they did, then publication should have
been the fix. If they knew before but didn't care
until publication, then that's bad, but there's no way to know which it was.