Like many of you, I spend my nights, weekends, and holidays working on indie programming projects in the feeble attempt to be the next Minecraft. I was checking my Windows security logs the other day, and I realized that I don't know anything about this stuff. Immediately I got worried that some hacker is accessing my computer at night and stealing all my stuff (crazy, right).

So, two questions. This is a Audit Success. It looks fishy, but I had no luck googling this to figure out what it is. Any thoughts?

An account was successfully logged on.

Subject:
	Security ID:		NULL SID
	Account Name:		-
	Account Domain:		-
	Logon ID:		0x0

Logon Type:			3

New Logon:
	Security ID:		ANONYMOUS LOGON
	Account Name:		ANONYMOUS LOGON
	Account Domain:		NT AUTHORITY
	Logon ID:		0x64435
	Logon GUID:		{00000000-0000-0000-0000-000000000000}

Process Information:
	Process ID:		0x0
	Process Name:		-

Network Information:
	Workstation Name:	
	Source Network Address:	-
	Source Port:		-

Detailed Authentication Information:
	Logon Process:		NtLmSsp 
	Authentication Package:	NTLM
	Transited Services:	-
	Package Name (NTLM only):	NTLM V1
	Key Length:		0

I googled the NtLmSsp, and it looks like a security program, but I'm paranoid.

My second questions is what do you do for security while working on super-secret indie stuff? Is there some website or book about securing your computer that I should know about?

Wrapping your computer in tinfoil is a good first step.

What are you running that would allow a remote user to access your filesystem?

Wrapping your computer in tinfoil is a good first step.

I don't know if I can find foil made of tin. Does aluminum foil work?

If there is a way for someone to login and/or access my file system, it would be through some weird security flaw I don't know about, or some service that I don't realize should be disabled. I didn't see an file access, but I don't think I would recognize suspicious behavior if I saw it.

The NT AUTHORITY and the fact that no account name, no network information, and only generic login credentials are provided hints that this is probably just a local system service elevating itself to perform some maintenance (updates or other). There is more than one account on your system.

But if you are so paranoid about people stealing your code, you should just get peace of mind by developing on a machine not connected to the internet and looking up information on a second machine. Not that your concerns are necessarily justified, but if that helps... to be fair if someone or something did manage to log into your system, I doubt he or it would make a beeline to your code. It'll probably just add your computer to some botnet and start churning out spam emails. It might also do a filesystem search for credit card info, that sort of stuff, ..

grep "teh monies" *.*

grep "teh monies" *.*

You'd be surprised how many people put their passwords in a plain text file. Or even a keepass database with a crappy master passphrase.

Not even Microsoft gets hacked for source code. The worst they had was a leak (some Win 2000 sources I think?) from another company, and its not Linux devs were all like "OMG LETS STEAL THEIR SECRETZ!" Hell, if you're using C#/Java, there is a big chance that someone will get usable sources of your stuff anyway (*cough* Minecraft modding *cough*).

Besides, hackers are usually more interested in DRM code rather than the actual game code :D

My second questions is what do you do for security while working on super-secret indie stuff?

I do nothing as I have enough stuff to think about already. I just keep OS and AV updated, firewall on and I feel fine.

But if you want to be paranoid, look at your NTFS file access permissions for network shares, I guess those could be a start.

It isn't that I'm paranoid and ready to wrap me head in foil. I was looking at the security logs and thinking "I don't know anything about these logs. I wonder if I should be doing something else for security?" After scanning the logs, I realized that I wouldn't know what to look for, and thought there may be some good resources out there for learning more about security.

I also did not realize a question about security would be mark me as a super-paranoid conspiracy theorist. That's interesting.

Not really no, on a non server computer running windows it just boils down to keep your windows up to date, don't install third party stuff unless you know about it and downloaded it from the publisher, don't run web browser plugins you don't need and keep those you need up to date, and don't click on stuff you shouldn't.

OSes are pretty secure by default nowadays so it's not much about "what should i do", but "what should i avoid doing", if you're not looking for trouble launching randomly downloaded stuff as an admin or clicking those nice weird extention links in viagram spam mails, you shouldn't really worry.