I know my system backwards and forwards and I do not like noticing stuff running in the background that I don't recognize. Recently I was checking out the Task Manager (right click on the clock, and select Task Manager or press Ctrl-Alt-Del and click Task Manager) and noticed TWO copies of "netsession_win.exe" running with a peak memory working set of about 25 megs. Ok, what's this?
_23e03aa7-8647-46d9-b0d3-9622c4ebcef3.png "netsession_win.exe in my Windows Task Manager")
You can always right click on suspicious processes and click Open File Location. This little tip is often enough to jog your memory and go, "Oh, THAT."
_7a026eae-a5f7-4258-95ca-164e5f589b51.png "Open File Location in Task Manager's Context Menu")
Hm, that dropped me into C:\Users\scottha\AppData\Local\Akamai. I know who Akamai is. They are a download accelerator used by lots of companies. Kind of the first large Content Distribution Network or CDN.
Am I sure it's them and not someone evil trying to fake me out? Right click on netsession_win.exe, then Properties.
Well, they have a legitimate digital signature, interestingly they signed this on the 11th of November. Looks like this was recently installed automatically by something, perhaps Flash or Adobe Acrobat.
I wonder if someone needs to tell Akamai that their freshly installed service that just (kinda, a little) snuck on my system has a digital certificate that expires in 5 weeks. Are they or one of the companies that uses them going to update this client and cert soon?
_bca0d2fb-3949-409d-83bb-837177095f3f.png "Akamai's digital certiticate expires before Christmas")
Running services.msc from Start | Run tells me that this runs as an Automatic Service. At least it's a Delayed Start so it doesn't slow down my boot.
_ef8bc134-4d63-4674-9e8b-20ec6d6446e6.png "Services (158)")
The only thing I installed on my machine on the 11th was an automatic update to Adobe Flash. That's my #1 suspect right now as it's the only thing that I ran as Administrator that day.
For now, I'll keep it on my machine because it:
- Is from a reputable (so far) company
- Is known to be used by folks like Netflix, etc to speed up downloads
- Has an uninstall available in Installed Programs
- Feels legit
- Has a control panel icon and a Read Me with lots of info about what it does (except who installed them)
- Has a customer bill of rights online with details with test demo pages about their API.
I will say this, though. Whatever program installed it should have told me first before chaining it in. At least with Evil Toolbars I can see them. Not cool Akamai. Who installed you?
You're on notice.
© 2011 Scott Hanselman. All rights reserved.