One day I came back to my computer and saw a firewall notice about netsession_win.exe requesting access to listen UDP-requests.
Ok, I thought, that happens sometimes. An application needs permission to access The Net. This time it was a permission to receive traffic. Wait a minute! I don't remember installing anything that would require building a server on my box.
Apparently I'm not alone with my question, Mr. Scott Hanselman at CSI: My Computer - What is netsession_win.exe from Akamai and how did it get on my system? is pondering the same issue. He chose to keep it running, I chose not to.
Reasoning:
- I confirmed the facts from Mr. Hanselman blog post: the Akamai signature in the binary is valid, at least it looks like a valid one to me. This alone is definitely not a reason to kill the app.
- I don't know any purpose for such an application.
- A server binary is located at my %LOCALAPPDATA%, definitely not the place for a piece of server software to be running from.
- Anybody who installed the application and made it run did not ask for my permission for doing so.
- The application will run on each login based on a registry setting placed into HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Mr. Hanselman located a service in his computer. My computer did not have that. I still don't like unknown applications to run all the time.
- It does not feel legit to me. All these combined make the application shady and it gives me chills.
Guys at Akamai:
This is not the way to do it! Revise your policy of putting spyware into people's computers.