Some US-based Kaspersky antivirus users have found that their software has been replaced with a product from a low-profile outfit called “UltraAV,” a change they didn’t want and that resulted in them receiving untested, little-known software from a source with a limited track record.
The reason for this unknown change is that the US government has banned Kaspersky Lab from selling, updating or even adding new malware signatures in the US. The ban was put in place due to concerns that Russia could use Kaspersky Lab products to spy on US citizens. The authorities have not provided any details to support this claim, and Kaspersky Lab has offered to hand over its source code for review by US authorities. This offer was ignored.
Kaspersky Lab announced that in response to the ban, it would automatically transition U.S. users of its consumer products to UltraAV, a domestic vendor.
The plan is now in effect, with Kaspersky software being automatically replaced by UltraAV on Windows systems, presumably using permissions already granted to the older application, while Apple and Android users will need to manually download and install it, UltraAV said.
Who is Ultra?
Many consumers probably don’t think about this change, but they probably should.
UltraAV’s products will soon be trusted to play a key role in countless PCs, yet the brand remains unusually low-profile.
“In the AV industry, it’s such a tight-knit community that it’s really unusual for a total unknown to get involved,” said one infosec industry insider, who spoke on the condition of anonymity. “You get to talk to competitors from all over the world, because we all know each other or know each other, so this obscure topic has become something people are talking about.”
UltraAV is a subsidiary of Boston-based Pango, which operates a portfolio of security products. Pango already has a relationship with Kaspersky, and the Russian company licenses one of Pango’s products. Pango itself was acquired by another Massachusetts company, Aura, earlier this month.
The Register has learned that UltraAV’s antivirus engine is derived from Indian vendor Max Secure Software, which Aura acquired “approximately two years ago.”
According to UltraAV, the product’s chief scientist is Dr. Zulfikar Ramzan, who is listed as an Aura employee, not UltraAV. He has a PhD in Computer Science from MIT and worked at RSA for over six years, rising to chief technology officer, and prior to that was CTO at cloud security startup Elastica.
Low Profile Protection
Most major anti-malware vendors allow independent testers to evaluate the capabilities and features of their products, but neither UltraAV nor Max Secure do so. We contacted all the major anti-virus testing laboratories, but few of them have ever seen UltraAV’s code.
“We didn’t do a full test, just a cursory look,” one tester told The Register, “but we’ll say this: There’s room for improvement in protection and ease of use.”
UltraAV does not appear to have undergone thorough testing by the Anti-Malware Testing Standards Organization (AMTSO), the international non-profit organization that is supposed to keep the industry fair. UltraAV says that third-party testing is “scheduled for the end of the year.”
While there is no formal requirement for security software vendors to have their products evaluated, in product categories where reliability is important, evaluation is a must for many vendors. For UltraAV, independent testing may be more valuable: A quick Google search turns up results, including complaints about the company’s products from the years before it was acquired by Aura.
1 week left
On September 30th, Kaspersky will cease operations in the United States, forcing consumers to choose between continuing to use UltraAV or switching to another security supplier.
“Users will maintain the same fees for UltraAV that they were being charged by Kaspersky,” an Aura spokesperson said.
“If a customer cancels their plan and repurchases UltraAV, they will be charged $47.88 per year for the first year and will renew at UltraAV’s full price of $149.99 thereafter. This plan does not include the additional privacy features offered by migrating to Kaspersky.”
Kaspersky sent its last invoice in June, with payments to UltraAV set to begin in October. Support will continue to be provided to users of the free version of Kaspersky’s code.
Consumers are notoriously indifferent to many aspects of PC operation, and as such many don’t mind the appearance of UltraAV on their systems. So it looks like UltraAV has gained some market share without much effort, and hopefully without causing any future hassle for new customers.®
