What is Pango's UltraAV, which rose from the ashes of Kaspersky's US Exit?


After Kaspersky was forced to leave the US, millions of Americans unknowingly boarded a new ‘ship’ – UltraAV, an antivirus offering by Pango. Dr. Zulfikar Ramzan, Pango's CTO, explains they had little choice. Otherwise, millions would’ve been left without protection. The new ship is being built on a reliable 20-year-old foundation and will continue to improve as it sails.

UltraAV's name is new in the antivirus market, but the technology builds on decades-long experience.

“UltraAV is an engine that we’ve obviously built for this migration of customers. It's actually based on an antivirus engine that's been around for over 20 years, probably 22–23 years,” Ramzan told Cybernews.

ADVERTISEMENT

“And that was a technology that was developed by a company called MaxSecure. MaxSecure was acquired by Aura a few years ago.”

Aura – offering a popular all-in-one digital safety and protection solution – and Pango used to be sisters companies that previously shared the owner’s structure.

“Up until recently, Aura and Pango were part of the same entity. A few weeks ago, Pango and Aura were split into two separate entities. But because they’ve been together for such a long time, there are partnership agreements now between the two of them. So MaxSecure, which is an Aura product, is currently licensed by Pango.”

Ramzan, who previously held roles at Aura, is now extensively focusing on Pango and its antivirus efforts.

Abrupt switch

Pango now has “several million” customers who have transitioned from Kaspersky to UltraAV. Cybernews reported that the switch seemed abrupt – users found the new antivirus solution installed automatically without explicit consent.

“You have to look at the context,” Ramzan explained.

“We were in a situation where we had a very limited amount of time to make sure that millions of users were going to have protection. Our biggest worry was the fact that you have millions of users who potentially would lose protection. And more importantly, if you think about it, most threat actors today, the sophisticated ones, know that these millions of users are going to be unprotected.”

ADVERTISEMENT

He explained that the company had less than three months after the US government “told Kaspersky that they had to essentially vacate the premises” in June.

“Once you look at that situation, the options are not great. Because you're either going to have some kind of a more forced upgrade path, which is going to cause a lot of issues among people, or you're going to have a situation where you may have millions of people who have no protection.”

“They were literally going to be coming out with a target on their backs.”

Ramzan noted that the consumers are not advanced in most cases and won’t even notice the change.

“They're people like my parents, who have consumer technology running on their systems. I can tell you that if I ever asked my parents to reinstall or uninstall something and make decisions about how that happens, there's about a 99% chance that whatever they do will not result in them having protection,” Ramzan said.

Dr. Zulfikar Ramzan, Pango's CTO
Dr. Zulfikar Ramzan

So, the company chose to simplify the transition for the average consumer.

Ramzan noted that Kaspersky drove this process and released a series of communications starting in early September, including emails and in-app notifications about the transition. Many likely missed them, as users rarely pay attention.

While some people are upset about the automated switch, Ramzan believes that many more people would complain if the companies chose the other way around.

“Our focus has been on how we protect these consumers, the vast majority of whom don't even know what antivirus solution is. They don't know what a signature is or what a heuristic is. All they know is that they turn their computer on, and they expect it to work.”

ADVERTISEMENT

Has a feature parity

The UltraAV engine has “mostly feature parity” with Kaspersky's antivirus. While Pango is still working on public third-party testing, the company has also conducted private third-party tests. However, due to an agreement, it couldn’t officially disclose the results.

“There are a couple of things that they had that we don't have and vice versa, but nothing that was significant. In terms of core antivirus, I would say they're very comparable,” Ramzan said. It's a new brand but not a new technology by any stretch.”

Ramzan explained that Pango had been a Kaspersky partner for many years and that made the transition easier.

“If you look at some of Kaspersky's technologies, actually they are Pango technologies that are being licensed by Kaspersky. So, for example, our VPN technology at Pango is licensed by Kaspersky,” Ramzan said.

“They took a look at our engine and felt that it was good enough to use as a replacement.”

Many antivirus vendors have attempted to capitalize on Kaspersky's exit by offering free switches to customers. However, Ramzan noted a significant challenge: most antivirus consumers have a “set it and forget it” mentality.

“Our perspective has always been that we have to make sure we have a really good offering for these consumers in the first place.”

What will be the distinction between Pango and Aura?

After separating from Aura, Pango will focus on individual technologies and products. Aura is “much more focused on bundling technologies together and providing a single suite for customers primarily in the consumer space.” According to Ramzan, those are very different operating models.

ADVERTISEMENT

In addition to antivirus, Pango offers VPN, a password manager, enterprise breach management, and legal support services under different brands.

“The emphasis is on the brands of the different things. Most people here know about UltraVPN. They know about Hotspot Shield. They know about these other offerings. They don’t realize it’s all part of one thing called Pango, and Pango's name is rarely mentioned anywhere. In contrast, with Aura, the goal is to build a brand around the name Aura.”

Ramzan believes Pango will compete effectively in the antivirus market, which has become stagnant with incumbent vendors. He focuses on innovation and improving its AI/ML capabilities for threat detection.

“Even Norton, for example, does not even have its own engine anymore. They had to buy another engine to fit in,” Ramzan noted. “We really believe that we can build something that's going to be really incredible in terms of being able to detect new threats. I'm very excited about what the future holds.”

Ramzan also said Pango plans to introduce more brands in the future.

AI won't change malware creation that much

When discussing the current threat landscape, Ramzan highlighted that generative AI tools can make malware creation more accessible. However, they will not be very sophisticated.

“I can tell you that every malware author that I've encountered in the last 15 years already has a robust set of tools they have been using,” Ramzan said.

“They had tools for taking a piece of malware and generating polymorphic variants of it on the fly, that could evade detection. And it's not difficult. In a few hours, you can put a tool together that would do a pretty good job without using any AI.”

He suggested that AI’s most significant impact may be in enhancing social engineering attacks rather than in malware creation itself.

ADVERTISEMENT

“AI right now adds a significantly new dimension,” said Ramzan. “The fact that you can generate emails and text messages that sound legitimate, the fact that you can quickly build new tools and that sort of thing is the bigger worry.”

Ramzan explained that modern antivirus solutions typically employ a combination of signature-based detection, heuristics, and machine-learning approaches. Malware authors use advanced packing and encryption to evade traditional signature-based detection, so vendors are emphasizing the importance of heuristics and machine-learning techniques in combating evolving threats.

“We have a really strong threat intelligence team. We reverse engineer malware daily, analyze threats, and study trends in the threat landscape. What we haven't done a lot of yet is those findings up and making them more publicly available – having a dedicated, publicly facing threat intelligence practice,” Ramzan stated.

Pango is considering expanding its public-facing threat research and blogging efforts to share its insights on the threat landscape and new malware trends.