Hacker's ramblings

One day I came back to my computer and saw a firewall notice about netsession_win.exe requesting access to listen UDP-requests.

Ok, I thought, that happens sometimes. An application needs permission to access The Net. This time it was a permission to receive traffic. Wait a minute! I don't remember installing anything that would require building a server on my box.

Apparently I'm not alone with my question, Mr. Scott Hanselman at CSI: My Computer - What is netsession_win.exe from Akamai and how did it get on my system? is pondering the same issue. He chose to keep it running, I chose not to.

Reasoning:

• I confirmed the facts from Mr. Hanselman blog post: the Akamai signature in the binary is valid, at least it looks like a valid one to me. This alone is definitely not a reason to kill the app.
  
• I don't know any purpose for such an application.
  
• A server binary is located at my %LOCALAPPDATA%, definitely not the place for a piece of server software to be running from.
• Anybody who installed the application and made it run did not ask for my permission for doing so.
• The application will run on each login based on a registry setting placed into HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Mr. Hanselman located a service in his computer. My computer did not have that. I still don't like unknown applications to run all the time.
• It does not feel legit to me. All these combined make the application shady and it gives me chills.
  

Guys at Akamai:
This is not the way to do it! Revise your policy of putting spyware into people's computers.