Kaspersky Faces Backlash Over Auto-Update of Security Software
In a surprising turn of events, Kaspersky faced backlash from some of its U.S. customers earlier this week when they discovered that the Russian-made antivirus software had been automatically replaced with a new antivirus named UltraAV, owned by American company Pango. This move was a result of the U.S. government’s ban on Kaspersky, which prohibited the sale of any Kaspersky software in the country. The ban on selling the company’s software took effect on July 20, with a subsequent ban on providing security updates to existing customers set to go into effect on September 29.
For roughly a million U.S. Kaspersky customers, this automatic migration meant that Kaspersky uninstalled itself from their computers, and UltraAV installed itself without any user interaction. This lack of user consent sparked confusion and concern among former Kaspersky customers who felt that they should have been given the option to accept or decline UltraAV.
Justification for the Automatic Migration
A spokesperson for Pango defended the automatic migration, stating that the process started at the beginning of September and that all eligible U.S. Kaspersky customers were informed via email communication. The spokesperson explained that for Windows users, the transition was done automatically to ensure that users would not experience a gap in protection upon Kaspersky’s exit from the market. On the other hand, Mac, Android, and iOS users were required to manually install and activate the service following the instructions provided in the email.
The spokesperson attributed the lack of awareness among some users to not having an email registered with Kaspersky. Those users were informed of the transition via an in-app message and were directed to an FAQ on UltraAV’s website. However, neither the in-app message nor the website explicitly mentioned that Windows users would experience an automatic uninstallation and installation of a completely different software.
Expert Insights on the Situation
Rob Joyce, the former director of cybersecurity at the National Security Agency, expressed concerns about the automatic migration, highlighting the risks associated with granting trusted access to Kaspersky software. He emphasized that the software had total control over users’ machines, raising security implications.
Martijn Grooten, a cybersecurity consultant with a background in the antivirus industry, noted that while software updates can bring about changes in branding or ownership, the automatic replacement of an antivirus with a new program was unprecedented. He acknowledged the importance of informing users adequately, especially when it comes to security software that relies on trust.
Despite the justifications provided by Pango and Kaspersky, some customers remained skeptical about the sudden transition to UltraAV. The lack of transparency and user consent in the migration process raised questions about data privacy, security risks, and the overall trustworthiness of the new antivirus.
Addressing Customer Concerns and Building Trust
To address the concerns raised by customers, cybersecurity companies like Pango and Kaspersky should prioritize transparency and user consent in software migrations. Providing clear communication, detailed explanations, and options for users to choose their preferred security software can help build trust and ensure a smoother transition process.
Additionally, conducting thorough security audits, sharing information about the new antivirus’s features and capabilities, and offering support to users during the migration process can enhance the overall user experience and alleviate fears about the automatic update.
Ultimately, cybersecurity companies must prioritize customer trust and data protection in all aspects of their operations, including software updates and transitions. By listening to customer feedback, addressing concerns promptly, and upholding transparency and user consent, companies can foster a stronger relationship with their user base and maintain a positive reputation in the cybersecurity industry.
