Kaspersky software replaced by ‘UltraAV’ on some US PCs

Some US-based users of Kaspersky antivirus products have found their software replaced by product from by a low-profile entity named “UltraAV” – a change they didn’t ask for, and which has delivered them untested and largely unknown software from a source with a limited track record.

The reason for the unheralded change is the US government ban on Kaspersky selling its products stateside, updating them or even adding fresh malware signatures. The ban was implemented over fears Russia could use Kaspersky’s products to spy on US citizens. Authorities have not offered details to back that assertion, and Kaspersky offered to hand over its source code for checking by US officials. That offer was ignored.

Kaspersky complied with the ban, and announced it would automatically transition US-based users of its consumer-grade products to UltraAV, which is provided by a domestic vendor.

That plan is now in force, and Kaspersky software is currently being automatically replaced by UltraAV on Windows systems – presumably using the permissions already granted to the old application. Apple and Android users will have to download and install it manually, UltraAV told us.

Ultra who?

Many consumers won’t pause to think about this change, but perhaps they should.

UltraAV’s wares will soon be trusted to do an important job on myriad PCs – yet the brand has an unusually low profile.

“We’ve a very close knit community in the AV business, so having a complete unknown is really unusual,” a source at one infosec biz told us on condition of anonymity. “I can talk to competitors around the world because we all know, or know of, each other – so this under-the-radar stuff got people talking.”

UltraAV is part of Boston-based Pango, which runs a portfolio of security related products. Pango and Kaspersky already had a relationship, with the Russian biz licensing one of the former’s products. Pango itself was bought by another Massachusetts entity, named Aura, earlier this month.

The Register has learned that the antivirus engine in UltraAV is derived from Indian vendor Max Secure Software, which Aura acquired “about two years ago.”

UltraAV told us its chief scientist for the product is Dr Zulfikar Ramzan – he’s listed as an employee of Aura rather than UltraAV. He holds a PhD in computer science from MIT and spent over six years at RSA, rising to the role of chief technology officer, and before that was CTO at cloud security startup Elastica.

Low profile protection

Most major anti-malware vendors allow independent testers to assess their products to demonstrate their abilities and features – something neither UltraAV nor Max Secure has done. We contacted all the major antivirus testing laboratories and almost none of them had even seen UltraAV’s code.

“We did not run a full test – we only had a quick look,” one tester told The Register. “But let’s put it this way: There is room for improvement in the protection and usability.”

UltraAV doesn’t appear to have been put through its paces by the Anti-Malware Testing Standards Organization (AMTSO), the international non-profit that is supposed to keep the industry honest. UltraAV tells us a third-party test “is planned for the end of this year.”

There’s no formal requirement for security software vendors to have their products assessed – but in a product category that’s all about trust, doing so is table stakes for many vendors. For UltraAV, an independent test could be more valuable – a little light Googling yields results including complaints about its products in the years before its acquisition by Aura.

You have one week left

On September 30 Kaspersky will cease its US operations, leaving its consumer customers a choice: stick with UltraAV, or go to another security supplier.

“Users will maintain the price for UltraAV that they were being billed for Kaspersky,” an Aura spokesperson told us.

“If any customers were to cancel their plan and then repurchase UltraAV, it would cost them $47.88 per year, billed annually for the first year and then would renew at the full price of UltraAV, $149.99. This plan would not include the added identity protection features being offered under the Kaspersky transition.”

Kaspersky sent out its last set of bills in June, and payments to UltraAV will begin in October. Users of the free version of Kaspersky’s code will still be supported.

Consumers are infamously indifferent to many aspects of their PCs’ operations, so many won’t care about the appearance of UltraAV on their systems. UltraAV therefore appears to have acquired itself some market share without much effort – and hopefully without creating future hassles for its new customers. ®