Earlier this week, some U.S. users of Kaspersky’s antivirus software were surprised to find that it had been automatically replaced by UltraAV, a new antivirus product from the American company Pango. This change followed the U.S. government’s ban on Kaspersky, which took effect on July 20, preventing the sale of any Kaspersky software in the country. Another part of the ban, which prohibits providing security updates to current users, is set to begin on September 29.
A Pango representative explained that the automatic switch affected around a million U.S. customers, as Kaspersky uninstalled itself and UltraAV was installed without any user input. This lack of consent frustrated many former Kaspersky customers, including Avi Fleischer, who told TechCrunch that he would have preferred to have the option to accept or decline UltraAV.
Kaspersky’s spokesperson, Francesco Tius, clarified that the transition started in early September, and all eligible U.S. customers were notified via email. Windows users had the process happen automatically, while Mac, Android, and iOS users needed to follow manual instructions to install the new software. Tius added that the automatic migration aimed to prevent any gap in security protection for Windows users.
However, some customers missed the email notification, as their contact information wasn't updated with Kaspersky. These users only received in-app notifications, which did not clearly explain that their antivirus software would be replaced without warning. The fact that UltraAV is a brand-new product with no established security record further heightened concerns.
Pango spokesperson Sydney Harwood echoed Tius’s points in emails with TechCrunch, while cybersecurity experts like Rob Joyce of the National Security Agency noted that this automatic migration highlighted the risks of giving a company like Kaspersky full access to users’ machines. Martijn Grooten, a cybersecurity consultant, added that while software updates changing branding or ownership are not uncommon, clearer communication would have been ideal in this case due to the trust involved in security software.