You have certainly done the right thing not granting this process access to your computer through the Windows Firewall, as with any suspicious process (where you do not know what the process does or its origin) you should be safe rather than sorry and err on the side of caution. When doing some research on the “netsession_win” process it has become evident that this is a bit more of a tricky process to track down, since there are quite a few conflicting reports regarding the purpose of the file and whether it is legitimate. This is not uncommon since malware and other infections have been known to masquerade using the filenames of legitimate programs and processes. That’s not saying that the “netsession_win” process installed on your computer is malicious – it is just a word of warning that we should always keep this possibility in mind when processes that we don’t recognise start requesting exceptions through the Windows Firewall.

Rather than delving into the possibilities of this being malicious we will start with checking out whether the process is actually legitimate and serving a proper purpose. Even though you are telling the Windows Firewall to “Ask again later” regarding the access which the “netsession_win” has to your computer, it is likely that the process is still running on the computer – it just does not have all the access which it requests. This gives us an opportunity to investigate the process further to find out its true nature. There is a very good article at www.hanselman.com/blog/CSIMyComputerWhatIsNetsessionwinexeFromAkamaiAndHowDidItGetOnMySystem.aspx which deals with tracking down the purpose of the “netsession_win” process on a computer to determine its legitimacy. As a first step you should follow through the excellent instructions given at this website. These will step you through the procedure to find the “netsession_win” process in the Task Manager and then trace that process through to its actual executable file on the computer and then check for a digital signature which will help indicate whether the process is legitimate and from a legitimate vendor. Be aware that the instructions given on the website are written for Windows 7. While the instructions should generally be applicable without modification to a computer running Windows, be aware that some of the file paths are likely to be different. For example, the article refers to the “netsession_win” process being located in the directory: C:\Users\\AppData\Local\Akamai . On a Windows XP computer it would instead be most likely in the folder: C:\Documents and Settings\\Application Data\Akamai .

As you will read in the article, it is designed to determine whether the “netsession_win” process is legitimate and related to an application called Akamai which is a download accelerator used within other products to help assist with downloading updates (amongst other things). In particular, from the research that I have conducted, the “netsession_win” process is the “Akamai NetSession Interface”. In addition to downloading content to your computer, this adds functionality as a peer-to-peer delivery service so that your computer can transmit data to other computers. This doesn’t mean that any data can be sent from your computer, but instead just data that is distributed by the Akamai network (such as updates) which has already downloaded to your computer can then be re-distributed to other client computers. This is designed to make the distribution of content across their network much quicker, because rather than each client having to download content from the Akamai servers they can instead connect to other clients to download the content. In principle, this is similar to other peer-to-peer services. You can read more about the Akamai Netsession Interface at www.akamai.com/html/misc/akamai_client/netsession_interface.html which also provides other articles with information about the technical details.

If you determine that the “netsession_win” process on your computer is legitimate, as it has all the correct and valid digital signatures, then it does seem to be the actual Akamai file. However, this does not necessarily mean that you may wish to unblock this service. As you have read above (and may have read further on the Akamai website) this seems to be a peer-to-peer content delivery system, so if you do not wish for your computer to be used in this manner (to assist in the delivery of content to other clients) then you may wish to block the process at your firewall. If you do decide that you wish to block the process, as you do not wish to partake in distributing content on the Akamai network, then you may also wish to uninstall the Netsession Interface. Before doing so it would be worthwhile to determine exactly which program installed this, as if you update or reinstall that software it is likely that the Netsession Interface will return. Fortunately, the Netsession Interface includes a utility which will provide you with all this information. Go to the “Start” menu > “Run” and type in “C:\Program Files\Common Files\Akamai\AdminTool.exe”. Hopefully this should launch the administration tool which will provide you with information about which program installed Akamai and also all the data which has been downloaded using the Netsession Interface.

Should you wish to proceed with uninstalling the Netsession Interface, instructions are provided on the Akamai website at www.akamai.com/html/misc/akamai_client/csd_faq.html . However, you should be aware that some applications may require the Netsession Interface so it would be worthwhile noting down those programs (when you look in the administration utility during the previous procedure) so that you can keep an eye out for any strange behaviour in those applications as a result of uninstalling the Netsession Interface.

Now that we have considered the situation where the “netsession_win” process is legitimate, we should turn our attention to the scenario where the process is not legitimate. It is also worth noting that such a situation is not just limited to a process with the name “netsession_win” but malware is well-known to masquerade as the name of Windows system processes as well, occasionally even going so far as performing the same function as the legitimate process but also having a malware payload included in the file. This is why digital signatures on files are very useful and important things to verify when installing software. The purpose of a digital signature is to verify that the file came from a particular source and that the file has not been subsequently changed by an unauthorised party. As an example, say that XYZ Corporate publishes a downloadable setup file on their website. They have digitally signed this file, which verifies that the file was produced by XYZ Corporation and that it has not been changed. When you download that file, assuming that the digital signature is intact, this provides a guarantee that the file was produced by XYZ Corporation and has not been changed. Be aware, this does not guarantee that the file doesn’t do anything malicious, just that it was produced by a particular source and has not been changed. However, if you download the file from a trustworthy source then you can probably be fairly certain that it isn’t a file with malicious intent. It is quite easy to verify a digital signature – simply right-click on the file and select “Properties”. In the window that appears, click the “Digital Signatures” tab. You will see the digital signature listed and can select it then click “Details” for additional information regarding what the signature actually guarantees, since different signatures offer different levels of protection and guarantee.

Another way to view the digital signature is when Windows shows the security warning the first time that you try to open a new executable file on your computer. This is a warning which is designed to let you know that you are about to run an executable file and asks whether you wish to proceed. The window also lists the software publisher, and you can usually click the name of the publisher (which is in blue text, underlined) to show the certificate. Be aware that digital signatures are generally only found on executable files and not other file types, such as images, since executable files pose the greatest security risk as they execute code (which could potentially be malicious) as opposed to image and other kinds of files which simply store content which can be displayed on your computer using an appropriate viewing application.

You should note that a large portion of software and executable files do not have digital signatures. This is because many software developers may not be able to afford the costs to have their software digitally signed. Just because a piece of software is not digitally signed does not necessarily make it insecure, although you just need to take extra precautions to ensure that you have downloaded such files from a reputable source (e.g. the software developer’s website, rather than some third-party website) so that you can have peace of mind that the download is legitimate and minimise the chance that the file has been changed or tampered with.

So, returning to the situation where the “netsession_win” process on the computer is not legitimate. It could be quite tricky to make the ultimate determination as to whether the process is legitimate if it lacks a digital signature, because it is possible that early versions of “netsession_win” lacked a digital signature. However, I would err on the side of caution and assume that if this does not have a digital signature it is suspicious and should be removed (as it is much better to be safe than sorry in these situations). As you may have read in my previous columns, when a computer has potentially become infected with a virus or malware then I am of the opinion that it can never be trusted again until the hard drive has been wiped and the operating system installed fresh. This is because you never know whether the removal of such infections has been completely successful, and there could be bits and pieces remaining behind which continue to compromise your security and the integrity of your data. Therefore, I would recommend backing-up all of your data and completing a reinstallation of Windows. While this does seem a bit heavy-handed I am generally very security conscious when it comes to computers, so this is my recommended course of action when you have had a suspected infection. When you come to reinstalling all the software on your computer make sure that you have the most up-to-date versions, since if “netsession_win” was legitimate then it is possible that through using the latest versions of your software it will reinstall the latest version of the Netsession Interface that will hopefully include the digital signature, verifying its authenticity.

Wireless 3G broadband internet is always a tricky item to troubleshoot, purely because wireless-based connections can be much more easily disrupted (compared with a wired broadband connection) since your connection relies on radio waves rather than a cable. Your diagnosis of the problem is correct – it is likely that your connection is dropping in and out due to signal loss (as you have described, the bars on your connection manager are tending to vary indicating the signal strength is variable) resulting in the inability to access your email. This is confirmed by the error messages being produced by Outlook which actually means (in English, rather than the relatively cryptic error codes): “The connection to the server has failed”. If this was happening all the time then we would need to look at your settings, since they would likely be incorrect. However, because this only happens intermittently, and we have established that your internet connection is probably not stable, that provides a much more plausible explanation for the problem – the unreliable internet connection is resulting in your computer losing internet access and thus being unable to reach the email (Gmail) servers.

Your patchy internet is also somewhat confirmed since you mention that the connection manager occasionally indicates that you are “roaming”. From what I have been able to find, “roaming” indicates that you have moved out of the coverage zone of your wireless broadband provider and are actually now using a different telecommunications provider’s network. This is significant because it does indicate that perhaps you are on the edge of coverage for your broadband provider, since there is a need for roaming (albeit, occasionally). However, perhaps more importantly this could be related to the message which you receive about your credit. Generally when you roam onto a different broadband provider’s network you are charged a much higher access rate, since your broadband provider needs to recover your cost of access plus the fees which are imposed to use a different network. Therefore, this could be depleting your credit much faster than you anticipate. Without knowing the exact details of your wireless broadband provider I cannot provide specific information on whether you are being charged more or not, but this is something that you may wish to check with your broadband provider. You can generally disable roaming so that you are not charged these higher rates, but that will probably result in you not having internet access in that particular area (since if you are roaming then it is unlikely that your normal wireless broadband provider has coverage in that area).

You also mention that the “Sent” and “Received” columns of your connection manager still change even when your connection does not seem to be working. This is probably just the standard background network traffic that is used to establish connections and do the associated setup procedures to provide you with a stable internet connection. Unless the figures are going up massively then you can probably assume that nothing is really happening.

Regarding what we can do to resolve this problem, unfortunately there isn’t particularly much since we are somewhat reliant on the coverage of the 3G network. You could try moving around in the house. For example, if you are currently using the computer and broadband connection in the basement level of a house then moving to a higher level with windows could substantially improve your coverage. Apart from this, you may wish to research whether any other wireless broadband providers can give you better coverage in your particular area.

You will be glad to know that this is a fairly straight-forward process, and may not actually require you to do anything! The user-specific data for Firefox (such as bookmarks, saved passwords, etc) are stored on a per-user basis, within your Windows user profile folder. This is the same folder that holds information such as the My Documents and My Pictures for your user account. This means that you can reinstall or upgrade Firefox and your personal data related to Firefox should remain intact since it is not stored with the program files. When you reinstall Firefox all the settings for the program should also be remembered (including the location of your user data relating to Firefox, such as your bookmarks) and it should all magically appear in Firefox without you needing to do anything. In summary, on a good day you should be able to simply uninstall and reinstall the Firefox program without affecting your personal settings and data.

However, that is on a good day. While that should work fine in 90% of cases there is always a possibility that something may go wrong and your data is lost or becomes inaccessible. That’s why I always recommend taking a backup of your data just-in-case things don’t go as planned. In this case, I would strongly recommend that you take a backup of your bookmarks. The backup process should only take a few moments, and will save you from a huge headache should things not go to plan and your settings do not come back when you reinstall Firefox. This procedure is also useful in case you wish to transfer your bookmarks to a different computer.

In Firefox, go to the “Bookmarks” menu > “Organise Bookmarks”. This will open the Library window allowing you to organise and modify the bookmarks. In the toolbar there should be a button saying “Import and Backup”. Click the button to show a drop-down menu and select “Backup…”. This will export your bookmarks to a location of your choosing. The file format of the exported bookmarks is a JSON file – don’t try to open and read this yourself, as it won’t make much sense. However, if you do need to recover your bookmarks (or transfer them to a different computer) you just need to go back into the Library, click the “Import and Backup” button then select “Restore” > “Choose File…” and select the backed-up bookmarks file then click the “Open” button to import the bookmarks back into Firefox.

A common question which I am asked relates to keeping your bookmarks and Firefox settings synchronised between computers. Such a facility is particularly handy if you use multiple computers (such as a desktop and laptop) and don’t wish to constantly have to manually transfer these items between computers. Firefox Sync is a service that was launched mainstream early last year (you may recall that I mentioned this as a tip of the week) which allows you to do exactly this – synchronise data between Firefox installations on multiple computers. Your data (such as bookmarks, settings, etc.) is stored securely within your Firefox Sync account on the Mozilla servers and is then synchronised to any Firefox installations which you have linked to your Firefox Sync account. Likewise, if you make a change (such as add a bookmark) on a computer that is then updated to Firefox Sync so that the change can be propagated across to all your installations of Firefox on different computers. As you can see, this is quite a handy service. You can find out more about Firefox Sync at www.mozilla.com/firefox/sync with more technical details available at support.mozilla.org/sync .

This is a very good question and has a lot to do with the evolution of computer-based threats and infections. Back in “the day” (which translates into a few years ago, when talking about the IT industry) viruses were certainly not new, but a new emerging threat was malware such as spyware and adware. Given the novelty of these new threats they could usually not be detected by antivirus software, whose primary objective was to detect viruses not this kind of malware. However, more recently the line between malware and viruses has blurred and often these terms can be used interchangeably to describe infections on a computer. As a result, most antivirus packages (including Microsoft Security Essentials and NOD32) can now detect malware in addition to viruses and have therefore somewhat reduced the need for specialist anti-malware software, unless you are trying to detect and remove a very particular threat which you know can be found using the anti-malware software.

Interestingly enough, software which used to be primarily for detecting malware now also includes antivirus functions. For example, Ad-Aware is now both an anti-malware and antivirus scanner, having incorporated an antivirus engine into the software package (the free version of Ad-Aware is now called Ad-Aware Free Antivirus). As you can see, anti-malware software has now evolved into antivirus software, and antivirus software has also evolved into anti-malware software.

Regarding the particular recommendations for the free Microsoft Security Essentials and the commercial NOD32, while I try to avoid recommending particular products these are two utilities which I have had experience with and found to be good and fit-for-purpose (depending on whether the user is looking for a free or commercial package) and could at least provide a good starting point for your own research into the area. I am sure that there are many other similarly good products available, and I would certainly encourage you to read reviews and find a product which suits your needs.

Before investigating this problem I need to confirm a few things regarding your question. When you say that you are using the “32-bit version” I assume that this refers to the 32-bit version of Internet Explorer which is present in Windows 7 64-bit installations. Additionally, I also assume that the process which you need to manually kill in the Task Manager is the “iexplore.exe *32” process which represents the 32-bit version of Internet Explorer which you are running. Now that we have got these assumptions out of the way we can continue to investigate the problem being experienced.

From your description of the problem it seems like high memory usage could be slowing down the computer. You didn’t mention whether this only happens when visiting web pages with Flash content, but I assume that this is the case given that you suspect something related to Flash as the cause of the issue. It is probable that you are running a very old version of Flash Player on your computer, which is likely to be the root cause, and we will discuss this possibility later. However, before going any further we need to understand some more background on this issue, particularly the need to use 32-bit vs. 64-bit Internet Explorer and the availability of a 64-bit version of Flash which could resolve the issues you are experiencing.

As most users of Windows 7 64-bit would be aware, there is a 32-bit version of Internet Explorer included. This is present to help maximise compatibility with existing add-ins (such as toolbars) for Internet Explorer since many add-ins are not 64-bit compatible, but instead require a 32-bit browser. Until recently this was also the case for Flash player, as it did not have a version completely compatible with 64-bit browsers. However, you will be glad to hear that on 4 October 2011 (so not that long ago) Adobe released Flash Player 11 which supports 64-bit browsers on Windows, Mac, and Linux. As such, you should be able to stop using the 32-bit version of Internet Explorer and move fully across to the 64-bit version.

To make the transition to the new version of Flash Player I would recommend that you first uninstall the current version of Flash Player from your computer. Go to the Start menu > “Control Panel” and select “Uninstall a program”. In the list of programs find the entry for Adobe Flash Player and uninstall this from your computer. Once the uninstallation has completed, restart the computer to clear any remaining elements of the installation. Next, open the normal 64-bit version of Internet Explorer and visit the Adobe Flash download page: get.adobe.com/flashplayer . Follow through the instructions to install Flash Player on your computer. Once this has installed, check whether you experience the same slow down on the computer when viewing pages that contain Flash-based content.

If the slow down no longer occurs (and the memory consumption of Internet Explorer remains within an acceptable range) then I would put the previous behaviour down to potentially something wrong with the Flash installation on your computer. Previously I have found some instances where Flash content can slow down the computer, but that has generally pointed towards particular Flash content on a specific website rather than all Flash content in general. It is also worthwhile pointing out that Flash does not automatically upgrade itself but instead notifies you that an upgrade is available and offers you the ability to download the latest version. However, this notification can be turned-off. If you have not seen an upgrade notification lately then it is possible this was turned-off for your installation of Flash Player and therefore you were never being notified that a new version was available. Since you have not been keen on reinstalling Flash yourself, as you were under the impression that it automatically updated, it is likely that you have not updated your Flash player since the original installation and therefore could have been running a very old version and not the latest version (which could have potentially fixed your problem, if it was related to Flash Player itself). Now that you have the latest version of Flash Player installed it would be worthwhile checking that the upgrade notifications are enabled to ensure that you receive such notifications. Visit the following webpage: www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager05.html . This has a piece of Flash content on the page which will actually show you the settings for your installation of Flash on the computer. When you visit this page the settings manager should be on the “Global Notification Settings” page. Make sure that “Notify me when an update to Adobe Flash Player is available” is ticked and you should probably check for updates every 7 days, which is the default setting.

In the situation that the slow down still happens using the 64-bit version of Flash Player and Internet Explorer then we should look whether the same problem happens in different browsers. Some users have reported that Flash operates slowly in particular browsers, but runs fine in other browsers. As a first troubleshooting step download Mozilla Firefox (www.mozilla.com/firefox) which is an excellent free, open-source web browser. Alternatively, you may also want to try Google Chrome (www.google.com/chrome) which is another very good web-browser. If the problem does not occur in either of these browsers then there seems to be an issue with Flash and Internet Explorer on your computer. Unfortunately this will be a fairly complex problem to troubleshoot without access to your computer, as there could be many reasons for this occurring. In this case I would recommend staying with the new web browser that does not suffer from the problem. Additionally, I recommend both Firefox and Chrome as two of the best web-browsers for the Windows platform, given that they are compliant with many of the latest web standards (so they should render web-pages quite well), lightweight and quick, and also updated often (meaning that they include many emerging web-standards, allowing you to view web pages which use these new standards and gain the full benefits).

When searching the web for the “ioctlvdd.dll” file, all the results mention virus and malware infection instances. Given that I have not heard of this file before I am guessing that it is related to the particular virus on your computer. I am unsure why the installer is attempting to access or modify this file, since it seems like the file is purely related to the previous infection on your computer as opposed to being any kind of system file included in Windows (otherwise there would have been a lot more search results for that particular file). This leaves me concerned that there still may be portions of the infection remaining on the computer.

As you may have read in previous columns, I consider that once a computer has been infected with a virus or malware that computer can never be trusted again until the hard drive has been wiped and the system reinstalled from scratch. This is due to the risk of something remaining behind – even though virus scanners try their hardest to remove any detected threats, it would be impossible to guarantee that the infection is completely removed simply because there are too many variants and variables at play with such infections. In this case because the only references I could find to that file relate to a virus infection, and there doesn’t seem to be any other reason that file would be on your computer or any reason it would affect the installation process of another program, signs point to parts of the infection remaining behind. Unfortunately, my research into this clue has not yielded the name of the infection on your computer but only generic information about this file.

Given that we simply don’t know why this error is occurring, but we have good evidence indicating that the file in the error message is related to a virus or malware infection, the safest course of action is to backup all data on the computer that you wish to keep, then format the hard drive and complete a clean reinstallation of Windows. I realise that this is not a particularly convenient task to complete, but it always pays to be safer than sorry particularly when dealing with IT security and potential infections. I am also unaware of which antivirus package you are running at the moment, but if you are in the market for a new antivirus package then Microsoft Security Essentials (windows.microsoft.com/mse) is a good, free antivirus package provided by Microsoft. Alternatively, if you would like a more fully-featured commercial antivirus product, then ESET NOD32 Antivirus (eset.com.au) is a good product which has a relatively light footprint and is not too resource intensive on your computer. Make sure that you fully update Windows, install antivirus and update the antivirus before transferring your files back onto the new installation of Windows (just in case there are any remaining infected files on your backup medium, as hopefully the antivirus on-demand scanner should pick those up before they are copied to your computer).

Also, a word of warning. If you search for the “ioctlvdd.dll” file in Google (or other search engines) you will likely be presented with a whole host of websites which have claimed to have “scanned” your computer for problems and detected various issues, particularly with the “ioctlvdd.dll” file (amongst other things). These sites are bogus and do not actually scan your computer, so please ignore any such messages or fake scans. They are simply picking-up on the keyword which you have used in the search engine (in this case, ioctlvdd.dll) and then putting that into placeholders on their web pages to give the impression that they are there to fix that particular problem and try to charge you for the privilege! As a rule of thumb, never ever purchase something from a website which claims to provide a solution to your very specific computer problem. As a more general rule, never purchase anything over the internet unless it is from a known reputable source.