Earlier this week, some US customers who use Kaspersky Lab antivirus software were surprised to find that the Russian software had disappeared from their computers and been replaced with a new antivirus called UltraAV, owned by the US company Pango.
The move comes after the U.S. government imposed an unprecedented ban on Kaspersky Lab, completely banning the company from selling any software in the country, which took effect on July 20, and a ban on providing subsequent security updates to existing customers on September 29.
A spokesperson for Pango, the cybersecurity company that owns UltraAV, defended the automatic migration, which essentially meant that roughly 1 million Kaspersky customers in the U.S. became UltraAV customers overnight. Technically, this means that Kaspersky was uninstalled from customers' machines and UltraAV was installed automatically, without user intervention.
The lack of user interaction, or request for consent, has left some former Kaspersky customers confused and uneasy.
“Basically, on my computer, Kaspersky forced me to uninstall Kaspersky products and forced the automatic installation of UltraAV and UltraVPN,” former Kaspersky customer Avi Fleischer previously told TechCrunch. “They should have given me the choice to accept UltraAV or not.”
“You should never force software onto someone's computer without their explicit permission,” Fleischer said.
“The migration process began in early September and was notified via email to all eligible U.S. Kaspersky Lab customers,” Kaspersky spokesman Francesco Tius told TechCrunch. For Windows users, Tius said the migration “happened automatically.”
Tius said in an email that this was done to ensure that Windows users “would not have a gap in protection if Kaspersky were to withdraw from the market.” (Windows 10 and 11 include their own built-in antivirus from Microsoft, called Defender. Microsoft says that if a Windows user uses a third-party antivirus and uninstalls it, Defender will automatically turn back on.)
Meanwhile, users of Mac, Android and iOS devices “had to manually install and activate the service by following email instructions,” Tius said.
Tius blamed some users for not being aware of the transition because they “did not have their email address registered with Kaspersky.”
“These users were only notified of the transition through an in-app message,” Tius said, pointing to an FAQ posted on UltraAV's website. Neither the in-app message nor UltraAV's website state that Windows users will experience an automatic uninstallation of the software and the installation of an entirely different piece of software. Moreover, UltraAV is a brand new antivirus software with no prior track record or published security audits, adding to customer concerns.
Pango spokesperson Sydney Harwood echoed many of Tius's points in a series of emails with TechCrunch.
Rob Joyce, a former director of cybersecurity at the National Security Agency, wrote in a series of posts on X that the automatic transition shows why giving Kaspersky software trusted access to someone's computer is a “huge risk.”
“They had complete control over your machine,” Joyce wrote.
“After all, when you install software, it may automatically update to something entirely new or change brand or ownership,” Martijn Grooten, a cybersecurity consultant and former editor of Virus Bulletin, a publication that has covered the antivirus industry since 1989, told TechCrunch.
“These are all risks we implicitly accept, and they all happen regularly,” he said, adding that he couldn't remember another instance where antivirus software had done the same thing. “Given that security software is based on trust, they probably should have informed people more, but even then, people would have ignored the warnings.”