Kaspersky’s US customers receive ‘UltraAV’ swap, raising red flags

Months after the US government banned Kaspersky Lab products, some users report that their antivirus software was replaced without notice by “UltraAV,” a relatively unknown program.

Users took to online forums, including Kaspersky’s support platform, to express concerns that UltraAV was installed on their computers without prior consent or notification.

Earlier this year, the Biden administration prohibited the sale of Kaspersky products in the US, citing national security risks tied to the Russian company.

In response, Kaspersky notified its US employees that it would begin winding down its operations in the US starting July 20.

The company partnered with UltraAV to ensure continued service for its US customers, according to UltraAV’s website.

The absence of testing sparks concerns

UltraAV does not seem to have undergone testing by the Anti-Malware Testing Standards Organization (AMTSO), an international body responsible for industry oversight, according to The Register. A third-party test is scheduled for later this year.

Security software vendors are not obligated to have their products independently tested, but in a trust-driven industry, such assessments may be considered essential.

That UltraAV replaces Kaspersky, which was banned for national security concerns, makes a third-party test even more critical.

“The recent Crowdstrike / Windows BSOD incident shows what can happen if an antivirus program misbehaves,” said Keith Prabhu, founder and CEO of Confidis. “Any unknown product, let alone a critical security tool like an antivirus, must prove itself in the market before it is installed.”

“To top it off, this product was installed without user consent!” Prabhu added. “Users should weigh the risks of using this software and switch to an alternate solution after making a comparison with other similar products.”

Options for enterprises

Independent testing or third-party assurance is crucial in building user trust in products. For enterprises that previously relied on Kaspersky, the transition to UltraAV presents a difficult decision.

“For enterprises, permissions that allow for such sweeping changes are rarely given, and (ideally) any version change or upgrade is tightly governed,” said Sanchit Vir Gogia, chief analyst at Greyhound Research. “This is especially true for large enterprise customers who seldom depend on one vendor alone, plan and react to such announcements well ahead of time, and, most importantly, use the country of origin as a critical aspect of their decision-making.”

Small and medium enterprises, along with retail consumers, will be most affected by the change, according to Gogia.

Trust is likely to erode, with many users struggling to remove the software and manage permissions to avoid future issues. Some have reported that UltraAV reinstalls itself even after being uninstalled.

“Most importantly, some might even face losing critical data in trying to resolve this issue, as they have to reinstall the OS drive to get rid of this new software before installing a new one,” Gogia added.

Users now have two options either live with a less capable and lower trust software for their security or switch vendors, according to Neil Shah, partner & co-founder at Counterpoint Research.

“The latter is highly likely, especially for enterprises and prosumers. The churn rate is going to be higher, and until UltraAV ramped up its capabilities or certifications, it would be too late,” Shah said.