Let’s start with BleepingComputer’s headline: “Kaspersky deletes itself and installs UltraAV antivirus without warning”. Ask yourself what you would think if something completely new and totally unknown suddenly appeared in your computer. And when you went to check on it using the A/V system you had purchased and installed… that A/V solution was nowhere to be found! Talk about mishandling a transition.
On Thursday, September 19th, Russian cybersecurity company Kaspersky deleted its anti-malware software from customers’ computers across the United States, automatically replacing it with UltraAV’s antivirus solution. This comes after Kaspersky decided to shut down its U.S. operations and lay off U.S.-based employees in response to the U.S. government, in June, adding Kaspersky to the Entity List, a catalog of “foreign individuals, companies, and organizations deemed a national security concern.”
On June 20 of this year, citing potential national security concerns, the Biden administration announced a ban on sales and software updates for Kaspersky A/V software in the United States beginning September 29, 2024.
In July, Kaspersky announced that it would begin closing its business and lay off the staff on July 20 because of the sales and distribution ban. In early September, Kaspersky also emailed customers, assuring them they would continue receiving “reliable cybersecurity protection” from UltraAV (owned by Pango Group) after Kaspersky stopped selling software and updates for U.S. customers. However, those emails failed to inform users that Kaspersky’s products would be abruptly deleted from their computers and replaced with UltraAV without warning. According to many online customer reports, UltraAV’s software was installed on their computers without any prior notification, with many rightly concerned that their devices had been infected with malware.
One user wrote: “I woke up and saw this new antivirus system on my desktop and I tried opening Kaspersky but it was gone. So I had to look up what happened because I was literally having a mini heart attack that my desktop somehow had a virus which had somehow uninstalled Kaspersky.”
To make things worse, while some users could uninstall UltraAV using the software’s uninstaller, those who tried removing it using uninstall apps saw it reinstalled after a reboot, causing further concerns about a potential malware infection. Some also found UltraVPN installed, likely because they had a Kaspersky VPN subscription.
Not much is known about UltraAV besides being part of Pango Group, which controls multiple VPN brands (e.g., Hotspot Shield, UltraVPN, and Betternet) and Comparitech (a VPN software review website).
For its part, UltraAV says on its official website, on a page dedicated to this forced transition from Kaspersky’s software: “If you are a paying Kaspersky customer, when the transition is complete UltraAV protection will be active on your device and you will be able to leverage all of the additional premium features. On September 30th, 2024 Kaspersky will no longer be able to support or provide product updates to your service. This puts you at substantial risk for cybercrime.”
A Kaspersky employee also shared an official statement on the company’s official forums regarding the forced switch to UltraAV, saying that it “partnered with antivirus provider UltraAV to ensure continued protection for US-based customers that will no longer have access to Kaspersky’s protections. Kaspersky has additionally partnered with UltraAV to make the transition to their product as seamless as possible, which is why on 9/19, U.S. Kaspersky antivirus customers received a software update facilitating the transition to UltraAV. This update ensured that users would not experience a gap in protection upon Kaspersky’s exit from the market.”
Okay. Now anyone would take issue with the use of the term “facilitate.” This wasn’t a facilitation, this was an abrupt and unsupervised “switch”. I suppose they felt they were covered by sending that email notification in advance. It may have said, in the fine print, that if you did not want to have your A/V and VPN services switched from Kaspersky to the Pango Group you could terminate your subscriptions first.
What’s clear is that for something as important as a system’s Anti-virus protection, users should have been in the loop. A user interface should have popped up explaining that today was the day that Kaspersky was going to be uninstalled and then giving the user the option of replacing it with UltraAV or uninstalling Kaspersky without replacement. I would bet that didn’t happen because Kaspersky almost certainly made a bunch of money selling their entire paying A/V and VPN subscriber base to this Pango Group. So – no one wanted to give anyone a button they could push to say “No thanks” and opt-out of a continuing paying subscriber relationship with UltraAV and UltraVPN.
Note that a continuing subscription relationship with these entities implies that Kaspersky also transferred their entire U.S. subscriber database – with all relevant billing information – to the Pango Group owned UltraAV and UltraVPN companies.
UltraAV is a relative unknown in the A/V industry. I couldn’t find any reviews or recommendations for it either. If you did have an active Kaspersky subscription, I recommend cancelling the credit card you used for the Kaspersky subscription to keep UltraAV from automatically renewing your subscription to their A/V.
BleepingComputer
https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/
PC Magazine
https://www.pcmag.com/news/kaspersky-antivirus-abruptly-replaced-with-ultraav-in-the-us-angering-users
NOTE: I’ve been unable to access any Ultra A/V websites lately…. Doesn’t look good!!!
https://ultrasecureav.com
https://ultravpn.com
This is the message our security protections give us when we try:
The domain ultrasecureav.com is blocked by ACTSmart IT because it’s associated with the Phishing & Deception category.
For more than 20 years, David Snell’s Tech Talk has been a regular spot on The South Shore’s Morning News on 95.9 WATD fm. At 8:11, David chats with show host Rob Hakala about what’s happening in IT today. The subjects range from computer viruses, scams and cybercriminals to what Amazon, Apple or Microsoft are planning next.
He often shares new product information and reviews software that may help you, especially when there is a free version to try!
On this blog, he provides links, sources and other necessary information. And, on the Tuesday before Christmas, you can expect his annual NORAD Santa report!
If you have a question that you’d like him to answer on the show, please email him.