Months after the US government banned Kaspersky Lab products, some users report that their antivirus software was replaced without notice by “UltraAV,” a relatively unknown program.
“For enterprises, permissions that allow for such sweeping changes are rarely given, and (ideally) any version change or upgrade is tightly governed,” said Sanchit Vir Gogia, chief analyst at Greyhound Research. “This is especially true for large enterprise customers who seldom depend on one vendor alone, plan and react to such announcements well ahead of time, and, most importantly, use the country of origin as a critical aspect of their decision-making.”
Small and medium enterprises, along with retail consumers, will be most affected by the change, according to Gogia.
Trust is likely to erode, with many users struggling to remove the software and manage permissions to avoid future issues. Some have reported that UltraAV reinstalls itself even after being uninstalled.
“Most importantly, some might even face losing critical data in trying to resolve this issue, as they have to reinstall the OS drive to get rid of this new software before installing a new one,” Gogia added.
CSO.com
Additional comments by Greyhound Research analyst:
Even before we assess the potential risks to customers and enterprises, it must be highlighted that the antivirus space is highly sacred since it’s the first line of defence against most attacks. This is particularly important in recent times, given the literal explosion in device numbers and types and the increased nature of scams and other cybersecurity risks.
Buying antivirus software works like purchasing health insurance – you don’t need it until an emergency strikes, and when it does, you want it to cover most, if not all, of your issues.
Tweet
While Kaspersky tried to communicate to consumers about the upcoming change, they could have done a better job of explicitly calling out the details; otherwise, it wouldn’t have surprised most users. It is also critical to note that this communication would have never reached users, for spam filters may have blocked it. Instead, it was as easy for Kaspersky to issue this advisory via their application and notifications on the machines. The company wasn’t proactive in offering transparency in communication and advisory.
For enterprises, permissions that allow for such sweeping changes are rarely given and (ideally) any version change or upgrade is tightly governed. This is especially true for large enterprise customers who seldom depend on one vendor alone, plan and react to such announcements well ahead of time, and, most importantly, use the country of origin as a critical aspect of their decision-making.
However, small and medium enterprises and retail consumers will be caught off guard and impacted most by this change. While erosion of trust is a definite outcome, many can face issues around deleting the software and understanding the permissions they must not allow to avoid a similar problem in the future. Most importantly, some might even face losing critical data in trying to resolve this issue, as they have to reinstall the OS drive to get rid of this new software before installing a new one.
One tip most users should remember is that while they delete UltraAV, they must also delete Ultra VPN installed separately. Another tip users must remember is to cancel auto-renewal and get an official confirmation. It might also help to contact the bank/card companies and let them know about this cancellation.
While this has been a blow for Kaspersky, it’s also an incident that Microsoft must consider more deeply about. Threat actors and scammers can use sweeping permissions in myriad ways, and Microsoft must introduce new ways to educate users when such permissions are being given. It would also help users to be reminded of these permissions on an ongoing basis and the impact such permissions can have. Lest we forget, CrowdStrike users faced massive outages globally only recently when a new faulty update was pushed to customers.
Tweet
Copyright Policy. All content contained on the Greyhound Research website is protected by copyright law and may not be reproduced, distributed, transmitted, displayed, published, or broadcast without the prior written permission of Greyhound Research, or, in the case of third-party materials, the prior written permission of the copyright owner of that content. You may not alter, delete, obscure, or conceal any trademark, copyright, or other notice appearing in any Greyhound Research content. We request our readers to not copy Greyhound Research content and not republish or redistribute them (in whole or partially) via emails or republishing them in any media, including websites, newsletters, or intranets. We understand that you may want to share this content with others, so we’ve added all relevant links and tools under each content piece that allow you to share the content. If you have any questions, please contact our Community Relations Team at connect@thofgr.com.
Discover more from Greyhound Research
Subscribe to get the latest posts sent to your email.