App Review UltraAV Antivirus 2024

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra

BarrierMaze

New Member
Sep 23, 2024
2
I'm guessing that it lacks any kind of application control which was one of Kaspersky's shining features (such granular controls and the user could add more, I mean stellar interface for it) or at least any with any level of significant control like Kaspersky Internet Security/Total Security/Premium?

Personally that's why I liked Kaspersky, that and the online network reputation system. I'd check all new files in it for how much they'd been seen. Even something that evades detection by heuristic analysis is bound to look a little weird if it's masquerading as something else that should have a larger install base. It's true the heuristics were pretty good too of course but default-deny is more my speed or at least informed allow which Kaspersky helped with.

This leaves a sour taste. The fact that it wasn't a choice given to customers definitely speaks to a selling of customers in a way you rarely see (they'd get more if they forced all customers onto this software as opposed to making it a choice customers have to exercise). I'd have definitely chosen to keep the Kaspersky software installed but without updates with application control set to auto-assign to low or untrusted as I have over this. I didn't blame Kaspersky for all the US targeting because they didn't play ball with western intelligence like all the western AV companies (whether by hook or crook, whether by the fact their top people are "ex" NSA/CIA/FBI or via national security letters) and after the anger from Stuxnet and the embarrassment of their Vietnamese contractor (sheesh, back in the day governments used their own citizens for intelligence operations) who had Kaspersky installed, but this is a choice.

It's a betrayal of customers who in the end were not responsible for the actions of their government and who via keeping Kaspersky installed long after the smear campaign against it began showed trust. From a purely mercenary point of view of maximizing profit this was a good decision, they sold out their customers and made additional money before being kicked out rather than walking away with nothing. Those customers who know nothing of AV's and quality may even see this as a positive. They burned their bridges with technically proficient users in a market they're realistically never returning to anytime soon.

These people look like a untrustworthy company AT BEST (VPN with low privacy ratings held by a holding company in the US also doesn't scream trustworthy company that cares about its reputation to me which is a big no-no for something that has complete and unfettered access to my system and all files and activities, seem like at the very least like the kind of mercenary people who'd sell access to customer data to intelligence or anyone with a bag full of money. And I never forget the existence of In-Q-Tel or the fact that the NSA/CIA ran CryptoAG which means holding companies are immediately even more suspicious). Kaspersky was actively able to fend off state actors attacking their company network and uncover sophisticated hacking campaigns against their iPhones, they uncovered Stuxnet/FLAME, their products consistently ranked highest in independent testing, that's who I paid.

Ah well, back to default deny and shopping around for more hardening software and an on-demand scanner.
 

bazang

Level 8
Jul 3, 2024
359
The fact that it wasn't a choice given to customers definitely speaks to a selling of customers in a way you rarely see (they'd get more if they forced all customers onto this software as opposed to making it a choice customers have to exercise).
Every subscriber was sent multiple emails that explained that they could stop the auto-install of UltraAV. All the complainers either paid no attention to the emails or they don't even use Kaspersky and are strawman outraged - as is typical of social media (and forums like MT are a form of social media) - without knowing the facts or willfully ignoring the facts.

I didn't blame Kaspersky for all the US targeting because they didn't play ball with western intelligence like all the western AV companies (whether by hook or crook, whether by the fact their top people are "ex" NSA/CIA/FBI or via national security letters) and after the anger from Stuxnet and the embarrassment of their Vietnamese contractor (sheesh, back in the day governments used their own citizens for intelligence operations) who had Kaspersky installed, but this is a choice.
Kaspersky was not targeted. The decisions are based upon real-world, irrefutable facts. Everybody keeps thinking this about software, but it is not.

You do realize that the Russian government uses Kaspersky for its goals & objectives, right? Kaspersky has actively supported those goals and objectives. He has even publicly made statements that he assists and supports his home country's intelligence and security services. Kaspersky is not a stand-by spectator that just happened to get caught-up in a global struggle between two of the world's super powers.

From a purely mercenary point of view of maximizing profit this was a good decision, they sold out their customers and made additional money before being kicked out rather than walking away with nothing.
Eugene Kaspersky and Kaspersky companies are only prevented from selling Kaspersky software in the US. They are not banned nor prevented from doing other business operations within the US. So your statement that Kaspersky was "kicked-out" of the US is incorrect. For one thing, Kaspersky does not just publish security software. It does a lot more than that. The company is not a one-dimensional, one-trick pony.

They burned their bridges with technically proficient users in a market they're realistically never returning to anytime soon.
This is not a correct statement either.

These people look like a untrustworthy company AT BEST (VPN with low privacy ratings held by a holding company in the US also doesn't scream trustworthy company that cares about its reputation to me which is a big no-no for something that has complete and unfettered access to my system and all files and activities, seem like at the very least like the kind of mercenary people who'd sell access to customer data to intelligence or anyone with a bag full of money.
Another false statement. The people behind The Pango Group and AURA are all leading Indian technology executives and venture capitalists. They have been in the IT security markets for decades. Their business model is to sell their software as white-label.

Kaspersky VPN is rebranded HotSpot Shield VPN which has been owned by The Pango Group, and before that the parent of Pango - the AURA group of companies. Eugene Kaspersky had decades long relationships with these various Indian technology executives and companies. That is why he chose to use them. He was very happy with the white-label products and services he purchased from them over the years.

You just don't know about these people and companies because 1) they are all Indians and India-based and 2) their business model is low-profile selling of their products to companies like Kaspersky (and other big name antivirus companies that you would be shocked to learn uses AURA, Pango, and Max Secure products and services).

Kaspersky was actively able to fend off state actors attacking their company network and uncover sophisticated hacking campaigns against their iPhones,
Kaspersky has been hacked and breached multiple times by multiple nation-states including DPRK as well as Anonymous type hackers working out of their parents' basement.

Kaspersky uncovered Stuxnet/FLAME
The individual who uncovered Stuxnet was Sergey Ulasen and he owned VirusBlokAda. This was June 2010. There were also Norton and other researchers who began the public discussion about Stuxnet on Wilders Security forum. By the time Kaspersky made the public report in September of 2010 that "Stuxnet is so sophisticated that it could only have been the effort of a nation state" other researchers had already long been discussing it as a nation-state targeting of the Siemens industrial controller system.

The Iranian client was using VirusBlokAda software, not Kaspersky. Ulasen's team researched and figured-out major aspects of Stuxnet before Kaspersky ever took a look at it. Ulasen's first post on Wilders Security forum was in July 2010, and that is after he had contacted Microsoft to share the VirusBlokAda team findings. It was only then that Kaspersky scrambled to obtain a Stuxnet sample. However, by time Kaspersky published its findings in September 2010, Symantec researchers had already figured out Stuxnet at an operational level. This was completed in August 2010 - a full month before Kaspersky's report.
 

Mike_Ancona

New Member
Oct 1, 2024
1
I'm not sure, but since August of this year, my Kaspersky antivirus has been informing me that on the 29th of September, it will no longer update. It prompts me to install Ultra AV, but I was not forced to install it, and still haven't, as I want to research more about it before I switch over.
Moreover, I have been using Kaspersky since like 2016 now, and it really sucks to have to switch, but I guess that's how things go.

I don't know where people are getting "forced updating" like I said, I never changed any settings or anything, and over the last 2 months, I've received numerous notifications from Kaspersky about this switch and deadline of the 29th of September. They have given me an "offer to switch to their US partner" but I was not forced into it at all. Not sure what your settings are set too for it to automatically install on your computer, that would have freaked me out too, tbh.
 

Keyang556

Level 1
Nov 7, 2021
32
Eugene Kaspersky is a capitalist and the UltraAV group offered him a very profitable deal. There is nothing surprising nor sinister about the decision.

Eugene purchased a licensed a white-label (re-branded) version of Pango VPN for his Kaspersky product. Anyone using Kaspersky VPN has been using the Pango VPN and did not even know it. Pango re-labeled HotSpot Shield to Kaspersky VPN.

The parent company of The Pango Group was AURA. AURA purchased Pango years ago, but it recently split Pango off. Pango Group brought its own set of IT security and related products with it after the split.


The UltraAV scan engine was developed by an Indian firm named Max Secure Software, and purchased by AURA years ago.


The executives and investors behind AURA, The Pango Group, Max Secure Software - they all have been involved in white-label products for a long time. They have also been technology investors that have grown their companies through purchases of smaller companies. These company and product line names are well-known to those in-the-know.

AURA, The Pango Group, Max Secure Software and others are valued in excess of $3 billion USD. The people behind AURA have been at the game for over 20 years.


The key executives behind AURA and The Pango Group are not information system security experts. They are business development, finance and financial management wizards. The top executives have ties to investment banking firms and regional finance markets.

All of the top executives at AURA, The Pango Group, Max Software and investors are Indian.They are all India-based companies or have origins in India or continued support operations based in India (Hyderabad, Bangalore, Chennai, etc). US companies have been doing business with these various companies for decades, particularly the AURA group and its subsidiaries.


No. This will not happen.

Kaspersky software is banned. That is it. Eugene Kaspersky and his companies are not banned from conducting business within the United States. He will generate just as much profit as he did before without Americans installing his security software. He does not need people to install his software to generate profit.

The problem is not Kaspersky software. The problem is Eugene Kaspersky's very close relationship with the Russian Federal Security Service (FSB) and the significant number of Kaspersky staff that previously worked within Russian intelligence and security services or have continued ties to the FSB - as in they have personal relationships (e.g. married to current personnel or familial connections - brothers, sisters, fathers, mothers, etc that work for the FSB, for example) with FSB and other Russian military or security agency personnel.


Kaspersky sent multiple emails to all those with active subscriptions. Those emails explained in detail the transition to UltraAV. As is typical of most users, they paid no attention to the emails.
Why hotspot, touchvpn, betternet, bitdefender, kaspersky are using same vpn company?
 

Sandbox Breaker

Level 11
Verified
Top Poster
Well-known
Jan 6, 2022
530
Revenge of the Eugene
1000024342.jpg
 

ShadowPulse

New Member
Oct 2, 2024
6
Hey! Thanks for such a detailed review of UltraAV, it's really helpful. From what you’ve shared, it seems like the product is still quite raw and needs significant improvements, especially if they want to compete with established solutions on the market. The shift from Kaspersky to a less proven engine like MaxSecure clearly impacted the quality of the product.
What concerns me the most is that UltraAV failed to detect RemcosRAT and didn’t block malware properly. This shows that post-execution protection is seriously lacking
The payment page during installation is also odd. Security software should offer a trial period to build trust with the user, not ask for payment upfront.
In conclusion, I agree with your assessment. As of now, UltraAV definitely doesn't seem like a serious antivirus, and I wouldn't recommend it either.
 

SpiderWeb

Level 13
Verified
Top Poster
Well-known
Aug 21, 2020
609
Some fascinating revelations in this thread. I haven't really heard of UltraAV. But, I am familiar with AURA. There seems to be a movement to a new generation of "AVs" like AURA, Clario, Guardio, that spend a lot of money on marketing and promise to provide 360 degree security (AV, VPN, Password Manager, IoT, Identity Theft Protection, etc). I found those to have very beautiful, simple and easy to understand UI that feel intuitive and responsive. But, the AV engines beneath provide mediocre or even downright terrible malware protection. It is a dangerous trend because people conflate a modern front-end with state-of-the-art back-end and that is just not true.
 

Shadowra

Level 37
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,630
Just to be clear - did you check each sample before the test to see whether it is really malicious and its C2 servers were alive? We have really huge experience with MalwareBaazar, ViruSign feeds, and many samples are dead. Not all, but many.

All samples are checked before I create the archive.
I may make an error during sampling, but this is becoming increasingly rare, or the C&C server may shut down while it was running...
So I always try to find other samples that deploy the same Payloads (this happens for example on vbs that install GuLoaders or AgentTesla).
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top