{"id":343,"date":"2024-09-24T11:31:13","date_gmt":"2024-09-24T11:31:13","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=343"},"modified":"2024-09-24T11:31:13","modified_gmt":"2024-09-24T11:31:13","slug":"kasperskys-us-customers-receive-ultraav-swap-raising-red-flags","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=343","title":{"rendered":"Kaspersky\u2019s US customers receive \u2018UltraAV\u2019 swap, raising red flags"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Months after the US government banned Kaspersky Lab products, some users report that their antivirus software was replaced without notice by \u201cUltraAV,\u201d a relatively unknown program.<\/p>\n<p>Users took to online forums, including Kaspersky\u2019s <a href=\"https:\/\/forum.kaspersky.com\/topic\/kav-ultraav-software-no-notification-automatically-installs-and-cant-remove-it-50628\/\">support platform<\/a>, to express concerns that UltraAV was installed on their computers without prior consent or notification.<\/p>\n<p>Earlier this year, the Biden administration <a href=\"https:\/\/www.csoonline.com\/article\/2437595\/us-bans-kaspersky-labs-over-national-security-concerns.html\">prohibited the sale of Kaspersky products<\/a> in the US, citing national security risks tied to the Russian company.<\/p>\n<p>In response, Kaspersky notified its US employees that it would begin <a href=\"https:\/\/www.csoonline.com\/article\/2518227\/kaspersky-lab-shuts-down-us-operations-in-wake-of-national-security-ban.html\">winding down its operations<\/a> in the US starting July 20.<\/p>\n<p>The company partnered with UltraAV to ensure continued service for its US customers, according to UltraAV\u2019s website.<\/p>\n<h2 class=\"wp-block-heading\">The absence of testing sparks concerns<\/h2>\n<p>UltraAV does not seem to have undergone testing by the Anti-Malware Testing Standards Organization (AMTSO), an international body responsible for industry oversight, according to <a href=\"https:\/\/www.theregister.com\/2024\/09\/24\/ultraav_kaspersky_antivirus\/?utm_source=dlvr.it&amp;utm_medium=twitter&amp;s=08\">The Register<\/a>. A third-party test is scheduled for later this year.<\/p>\n<p>Security software vendors are not obligated to have their products independently tested, but in a trust-driven industry, such assessments may be considered essential.<\/p>\n<p>That UltraAV replaces Kaspersky, which was banned for national security concerns, makes a third-party test even more critical.<\/p>\n<p>\u201cThe recent Crowdstrike \/ Windows BSOD incident shows what can happen if an antivirus program misbehaves,\u201d said Keith Prabhu, founder and CEO of Confidis. \u201cAny unknown product, let alone a critical security tool like an antivirus, must prove itself in the market before it is installed.\u201d<\/p>\n<p>\u201cTo top it off, this product was installed without user consent!\u201d Prabhu added. \u201cUsers should weigh the risks of using this software and switch to an alternate solution after making a comparison with other similar products.\u201d<\/p>\n<h2 class=\"wp-block-heading\">Options for enterprises<\/h2>\n<p>Independent testing or third-party assurance is crucial in building user trust in products. For enterprises that previously relied on Kaspersky, the transition to UltraAV presents a difficult decision.<\/p>\n<p>\u201cFor enterprises, permissions that allow for such sweeping changes are rarely given, and (ideally) any version change or upgrade is tightly governed,\u201d said Sanchit Vir Gogia, chief analyst at Greyhound Research. \u201cThis is especially true for large enterprise customers who seldom depend on one vendor alone, plan and react to such announcements well ahead of time, and, most importantly, use the country of origin as a critical aspect of their decision-making.\u201d<\/p>\n<p>Small and medium enterprises, along with retail consumers, will be most affected by the change, according to Gogia.<\/p>\n<p>Trust is likely to erode, with many users struggling to remove the software and manage permissions to avoid future issues. Some have reported that UltraAV reinstalls itself even after being uninstalled.<\/p>\n<p>\u201cMost importantly, some might even face losing critical data in trying to resolve this issue, as they\u00a0have to reinstall the OS drive\u00a0to get rid of this new software\u00a0before installing a new one,\u201d Gogia added.<\/p>\n<p>Users now have two options either live with a less capable and lower trust software for their security or switch vendors, according to Neil Shah, partner &amp; co-founder at Counterpoint Research.<\/p>\n<p>\u201cThe latter is highly likely, especially for enterprises and prosumers. The churn rate is going to be higher, and until UltraAV ramped up its capabilities or certifications, it would be too late,\u201d Shah said.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Months after the US government banned Kaspersky Lab products, some users report that their antivirus software was replaced without notice by \u201cUltraAV,\u201d a relatively unknown program. Users took to online forums, including Kaspersky\u2019s support platform, to express concerns that UltraAV was installed on their computers without prior consent or notification. Earlier this year, the Biden [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":344,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-343","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/343"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=343"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/343\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/344"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=343"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=343"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=343"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}