News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

ISSUE 17.20.0 • 2020-05-25

Logo
The AskWoody PLUS Newsletter

In this issue

WINDOWS 10: Cheap Windows 10 product keys — Are they legit?

BEST OF THE LOUNGE: DNS dragging its feet

LANGALIST: Security risks: Wired Ethernet vs. Wi-Fi

WINDOWS BASICS: Setting up a new PC: The first steps

WEBSITE DEVELOPMENT: Security basics for small-business websites


WINDOWS 10

Cheap Windows 10 product keys — Are they legit?

Richard HayBy Richard Hay

No. Nope. Not even on Fridays.

That could be the end of the discussion, but I wouldn’t want to leave you hanging. So let’s dive into this weird phenomenon of cheap Windows 10 product keys — and shine some light on the issue.

In addition, I’ll share with you a legit and legal avenue for upgrading to Windows 10.

First, some background: Woody asked me to discuss this topic because I’m quite vocal on social media when I see supposedly legitimate technology websites championing “cheap and legal” Win10 licenses — either through ads or as part of a partnership.

If you see one of these promotions, and you ask yourself whether they’re for real, you’ve already answered the question.

Reddit is another place where questions about cheap licenses come up — frequently. My answer is always the same: “No! They’re not legitimate.”

Invariably, some commenters argue that the keys are simply hardware vendors (Dell, HP, Lenovo, etc.) selling off excess licenses.

But that won’t hold water. Sure, the OEMs purchase Windows licenses in bulk and at a significant discount, but the keys don’t have a “use by” date — so there’s no need for vendors to sell off their Win10 “inventory” at bargain-basement prices. (The price OEMs pay for Windows is rarely made public.)

Product-key sticers
Figure 1. Sample OEM product-key stickers (courtesy of Microsoft)

Another speculated “source” is abandoned Win10 systems. But a Win10 OEM key is tied to the original PC — and only that machine. You can’t transfer it to a replacement system. (Retail versions of Win10 may be transferable.)

Note that not all “cheap” OEM licenses come from dubious websites. Components such as motherboards and disk drives sometimes include a Win10 key. Are they legitimate? Yes and no. They’re real keys and will probably activate on your system. But they’re still not legitimate; Microsoft never intended that they would be tied to a separate component.

As you ponder how a Win10 license might cost only USD $10 or $20, you might ask:

Why would OEMs risk their contract and partnership with Microsoft just to sell a few keys for almost nothing? Undoubtedly, the revenue from selling new PCs far outweighs the few dollars they would earn from these sideshow deals.

And if there were such a thing as excess or expiring Win10 keys, wouldn’t an OEM simply sell them from its official website?

Those observations should make you go “Hmmmmm.”

Buying a “cheap key” can have serious consequences. If Microsoft discovers that a key is stolen or being improperly used, Windows can be deactivated by the company’s validation servers. In that case, your system will report that it might not be running genuine Windows software. According to the MS support page “About Genuine Windows,” you’ll experience the following:

“Until you correct the issue, you’ll receive periodic reminders that Windows is not genuine. Your desktop may also turn black to emphasize the messages. You can reset it, but it will return to black every 60 minutes until the issue is resolved.

“Windows will always be able to get critical security updates, even if your version isn’t genuine. However, other updates and benefits are available exclusively for genuine Windows software.”

Living with that is certainly not worth a $10 gamble.

But here’s where things get confusing — and it’s mostly due to Microsoft’s inconsistent application of its own licensing. If you purchase one of these “cheap” Win10 keys, it’ll probably work — and continue to do so for possibly days, weeks, months, or even years!

There are, of course, a significant number of Win10 users who’ll take their chances and try to beat the clock. And when the current copy suddenly deactivates and makes the machine virtually unusable, they’ll simply purchase another $10 OS license. That’s the only explanation for the never-ending stream of Windows 10 “deals” pervading the Web.

The cottage industry’s strategy for illegitimate Win10 licenses is akin to that of scammers and phishers: If you send out many thousands of come-ons and just a few percent respond, it’s profitable.

A valid upgrade technique

I’m sure this article won’t convince everyone using an unauthorized copy of Windows 10 to come clean. But let me offer a method that could let you legally upgrade to Windows 10. It’ll help you avoid that every-60-minutes-black-desktop disruption on your PC.

Here’s the real deal: If you’re running a legitimate and genuinely activated consumer PC with Win7 or Win8 installed, you can still upgrade for free to Windows 10. The new copy will activate under what Microsoft calls a Digital Entitlement (more info). The new license will be tied to that one device and associated with your Microsoft account.

There are two methods for performing this upgrade. Begin by visiting the Microsoft Download Windows 10 website (see Figure 2).

Download Windows 10 page
Figure 2. Microsoft’s Download Windows 10 website

1) Click the Update now button to initiate an immediate in-place upgrade of your current device. You’ll be guided along the upgrade path, which will include choosing whether to keep your files and other options.

2) Click on the Download tool now button if you would prefer to create installation media so that you can do a clean install of this device. Make sure you have the Windows 7 or Windows 8 product key, most likely on a Certificate of Authenticity sticker on the device, before you start a clean installation.

Either method will install a legitimate copy of Windows 10 — with no worries about black desktops.

If you were unaware of that option and bought one of the “cheap” Win10 licenses, you can possibly still make things right. Just get the original Win7 or Win8 product key off the PC and use one of the two aforementioned upgrade methods from Microsoft. Enter the key when prompted.

Now when someone asks whether your Windows 10 installation is legit, you can answer:

“Why, yes! It is.”

Questions or comments? Feedback on this article is always welcome in the AskWoody Lounge!

Richard Hay is the owner and operator of windowsobserver.com and WinObs.com. He is also a senior content producer at ITPro Today. Richard served for 29 years in the U.S. Navy, specializing in telecommunications, and retired as a Master Chief Petty Officer


Best of the Lounge

DNS dragging its feet

Getting “Cannot find the DNS server” messages while searching the Internet is similar to getting the recorded phone message “The number you have dialed is not in service at this time.” A Domain Name System server is essentially a phone book for Web addresses, and some phone books are considerably better than others.

When faced with that DNS server error, Plus member Nibbled To Death By Ducks decided to change his router’s default settings in order to use the Open DNS service (more info) rather than what his ISP provides. Finding the settings was one problem; another was checking whether the change “stuck” by using Windows’ “ipconfig” command. But the new DNS server wasn’t listed. Of course, Nibbled turned to the Lounge for help. It turns out that things aren’t always as they appear, as a quick verification on Open DNS’s website proved.


UPGRADING

Plus member WSlfh003 intended to “save myself from the aggravation of Win10” by doing an in-place upgrade from Win7 Pro to Win8.1 Pro. Whoa, there! As PKCano pointed out, there’s no direct upgrade from Win7 to Win8.1. But there are ways to achieve that end. Unfortunately, WSlfh003 soon realized that what first appeared to be a simple task had become a bad dream, concluding that “these are surely trying times.” We don’t know the path ultimately taken.


SECURITY

New Plus member gwt10 uses a VPN while surfing the Internet. But access to the AskWoody site gets blocked, and gwt10 wants to know why. That leads to a long and interesting discussion about “clean” and “dirty” IP addresses. Forum members also note the security features AskWoody incorporates to protect us from bad actors.


TROUBLESHOOTING

Plus member GarthP‘s second-hand machine works fine immediately after bootup. But soon it repeatedly stalls — initially for a few seconds, then freezing up entirely after about 30 minutes of use. Rebooting starts the cycle all over again. Is it an overheating problem? Failing components? So far, suggested causes have been eliminated.


ANTI-MALWARE

Plus member daddybear wondered why a full virus scan on a ThinkPad notebook would take almost two hours longer than on a desktop. Both machines are running Win10 Home. Numerous theories and suggestions are put forth — but in the end, it might be a simple problem of comparing apples to oranges.


HARDWARE

Lounger 7ProSP1 wanted to add 4GB of RAM to a laptop but was stumped when a salesperson asked what voltage the machine required. 7ProSP1 had the same response as most other users: “Huh?” Forum members helped unravel the mystery of varying voltages.


PATCHING

Plus member Paul L‘s keyboard acted oddly after an update to Win10 1909. A few keys started inserting incorrect characters. Was it a keyboard-remapping problem? Suggestions from forum members and Dell didn’t resolve the problem. Turns out the failure was simply coincidence — after 10 years of use, the keyboard chose that moment to give up the ghost.


If you’re not already a Lounge member, use the quick registration form to sign up for free.


LANGALIST

Security risks: Wired Ethernet vs. Wi-Fi

Fred Langa

By Fred Langa

Fundamental differences in wired and wireless networking mean that neither can provide the same level of data security. Here’s why.

Plus: Win10 has a hidden “packet-sniffer” tool for examining raw network traffic. Also, can you install Win10 via USB from an Android phone?

Pondering networking’s relative risks

A reader who requested anonymity asked:

  • “Is a computer that’s attached to the Internet by wired Ethernet really safer than one using Wi-Fi?”

Yes! Usually.

Wi-Fi is a two-way radio that broadcasts your data to any antenna within about 150 to 300 feet (46 to 91 meters). In most setups, anyone within that vicinity can, at the very least, tell that your Wi-Fi is up and running — and potentially hackable.

Because a Wi-Fi transmission can literally be plucked out of thin air from some distance, hackers can stake out a location that’s comfortable and out of sight: in a car down the road, in a nearby building, on another floor, etc. Using packet sniffers (Wikipedia info), they can then take all the time they need to listen in on and analyze revealed Wi-Fi connections. And there’s almost zero risk of detection.

In contrast, a wired Ethernet connection’s data is confined within physical, point-to-point cables. The data is never broadcast to the four winds. A snoop would need to gain physical access to a targeted network’s wiring (undetected and probably multiple times) in order to hack the system and collect data. Moreover, just the act of accessing the physical network will leave traces — stripped insulation, new or moved data taps/junctions, a clamp-on sniffer device, and so forth.

In short, tapping into a wired network is possible, but it’s almost always far more difficult and prone to detection than passively “sniffing” broadcast signals is — from up to a block away!

So Wi-Fi’s lack of physical security makes its logical security extremely important. Your data privacy is completely dependent on whether your SSID is publicly broadcast — and on the encryption standard in use, router security, use of a VPN, and so on. SSIDs (Service Set Identifiers, the public name for our network) can be set to “hidden,” but specialized Wi-Fi sniffers will still detect the Wi-Fi signal.

For some general tips on safely setting up Wi-Fi, see the Microsoft support page “Setting up a wireless network” or the U.S. Federal Trade Commission Consumer Information article “Securing Your Wireless Network.”

Of course, Ethernet needs software-based safeguards, too, so that data packets remain private at every step along their journey.

Nevertheless, Ethernet’s physical barriers to access do make it intrinsically safer than Wi-Fi.

Surprise! Win10 has a built-in network sniffer

Network or “packet” sniffing is the process of examining the contents of each digital packet of information passing between a source and a destination (Wikipedia info).

Packet sniffers can be used for benign applications such as tracing networking problems … or for nefarious means such as digital eavesdropping.

Packet sniffing usually requires a specialized app such as Wireshark (free; site), Free Network Analyzer (site), or NirSoft’s SmartSniff (free; site).

However, Windows 10 also contains a basic packet sniffer — added way back in 2018! And somehow, I missed it. That’s not surprising; I could not find, nor did a Google search turn up, any official word about the tool on Microsoft.com. Information about it is just now trickling out through various third-party tech sources — including a post on askwoody.com.

The tool is called PKTMON (think “packet monitor”), and it’s usually located at C:\Windows\system32\pktmon.exe.

It’s not something you’re likely to run across, because it’s an admin-level command-line tool with almost no help files or explanation. Enter pktmon.exe help at a command-window prompt, and you’ll see what scant help there is.

The tool’s options are safe to explore. Entering pktmon.exe start loads a special network driver that sniffs and logs a PC’s network activity. (By default, there’s no visible display of the logging activity.) Entering pktmon.exe stop ends the logging and displays the collected summary stats (see Figure 1). When you’re completely done, enter pktmon.exe unload to remove the special sniffing driver.

PKTMON.exe
Figure 1. Win10’s undocumented PKTMON packet monitor is bare-bones — but it’s built in and free.

You’ll find a bit more information in two recent articles. (This really is just now coming to light!)

  • “Windows 10 quietly got a built-in network sniffer, how to use” – BleepingComputer
  • “Windows 10 has a secret network packet sniffer — here’s where to find it and how to use it” – BetaNews

PKTMON‘s collected information is extremely sparse. And until Microsoft produces some real documentation, it’s an obtuse tool to use. Why Microsoft even added it to Windows 10 is a complete mystery. So whether you’re new to packet-sniffing or you’re a networking pro, one of the free tools mentioned above is still a far better choice.

Install Win10 via Android and USB?

Gilberto Ferreira asked:

  • “Is it possible to install or repair Windows 10 using just an Android phone (without root) and a standard USB cable? My broken laptop currently boots directly to the Windows 10 Recovery Environment.”

Whoa, there! That’s way too hard, complicated — and completely unnecessary!

You can simply and quickly reset, rebuild, or reinstall Win10 directly from the Windows Recovery Environment (WinRE) your PC is already booting to! (Microsoft WinRE info.)

To reinstall Windows from the Windows Recovery Environment, select Troubleshoot (see Figure 2).

Windows Recovery Environment
Figure 2. WinRE makes it easy to reset, rebuild, or reinstall Windows 10, starting with the Troubleshoot option.

On the next page, select Reset My PC. You can then choose Keep my files, which sets up Windows without altering your user files, or Remove everything, which is a nearly full and fresh reinstall of Windows. (For more on Win10’s Reset/Reinstall options, see “Removing bloatware and OEM mods from new machines,” 2019-12-09 AskWoody Plus newsletter.)

Either way should get the PC going again — no phones, no USB cables, no external stuff needed!

However, if the Reset fails for any reason, or you just don’t want to do it that way, the next-simplest option is to visit Microsoft’s free “Download Windows 10” page and follow the instructions under “Create Windows 10 installation media.” You’ll need a 5GB (or larger) flash drive to hold the installation files. (If you don’t have a suitable flash drive sitting in a drawer, you can buy a brand-new one for just a few bucks (Google search examples).

You can then set up the PC afresh with the new Windows installation files; Windows should automatically find and use the PC’s existing Win10 license. (It’s stored in the PC’s low-level firmware. You usually don’t have to enter a product key anymore.)

This is vastly simpler than trying to boot a PC from a phone (likely impossible) — or trying to squirt a full operating system from phone to PC via USB.

Try the built-in tools. They’re almost always the easiest and fastest option!

Send your questions and topic suggestions to Fred at fred@askwoody.com. Feedback on this article is always welcome in the AskWoody Lounge!

Fred Langa has been writing about tech — and, specifically, about personal computing — for as long as there have been PCs. And he is one of the founding members of the original Windows Secrets newsletter. Check out Langa.com for all of Fred’s current projects.


Windows Basics

Setting up a new PC: The first steps

Susan BradleyBy Susan Bradley

Many Windows 7 users are upgrading to Win10 by simply purchasing a new PC.

And that makes good sense. Not only are you moving to a more secure OS, you’re matching it with the latest PC hardware technology.

So now that you have your shiny new system, what’s next? Here are the steps I typically take to get a new PC fully up and running, ready for work.

Step 1 – Do an initial cleaning

After unboxing, setting up, and completing the Windows 10 setup, I start the configuration process by reviewing what came with the machine. (Note: I initially set up the system with a non-Microsoft — i.e., local — account by not allowing it to connect to the Internet.)

That review doesn’t include the keyboard or the monitor: rather, I take a close look at which third-party apps the vendor has installed. As a small-business owner, I tend to purchase OEM systems in ones and twos — and make only the modifications I deem necessary. In other words, I don’t follow the corporate practice of reformatting the hard drive and installing a set configuration designed for enterprise management.

That’s not to say I won’t do a fresh, from-scratch reinstall of Windows. It all comes down to the amount of junkware installed and driver availability. If the system came stuffed with unwanted bloatware and advertising apps, and if I can download the necessary drivers, I’ll do a clean install of Windows 10. But the business systems I purchase tend to come with less junkware than do consumer versions. If that’s the case, I’ll simply jump to the next step: tweaking the system.

Step 2 – Some initial tweaks

Here are two changes I make to every computer under my control. They help make the system more transparent, so users know which files are what.

Reveal file extensions: This step makes a file’s type obvious, and the change is exceptionally easy. In File Explorer’s left-hand file tree, click the This PC folder. Select the View tab near the top of the File Explorer window; then, in the Show/hide section, put checkmarks next to both File name extensions and Hidden items (see Figure 1).

File name extensions
Figure 1. Enable File name extensions and Hidden items in File Explorer’s View tab.

There’s a security aspect to this change. For as long as I can remember, Microsoft has always hidden file extensions by default — which malicious hackers know all too well. They might use that setting as a way to disguise their code. For example, with extensions hidden, you could see something called “trickyfilename.doc” (and might have forgotten that .doc should not appear). With extensions shown, that same file has now sprouted an extra .exe on the end (i.e., “trickyfilename.doc.exe“). That’s an immediate tip-off that it’s a potentially dangerous executable.

Hidden items: Just below File name extensions, put a checkmark next to the Hidden items option. By default, Windows hides certain folders that Microsoft believes users should not touch. But attackers might also use these folders as a convenient place to hide their malware. Enabling Hidden items reveals those otherwise invisible files and folders.

One of those hidden system folders is AppData (C:\users\yourusername\AppData), which is used by more and more apps to store personal data. That’s irritating if, say, you’d rather have your gigabytes of emails stored on the slow-but-huge D: drive rather than on the quick-but-small solid-state C: drive.

Keep in mind, however, that many apps store hidden files in folders alongside your working files — and you’ll see them if Hidden items is enabled. That can be both annoying and confusing. So you might want to enable Hidden items only when you want access to AppData or other hidden files.

With AppData revealed, you can search through its Local, LocalLow, and Roaming subfolders for files that are taking up huge amounts of disk space. You might be surprised by what you find. Two resources for information on AppData are Super User’s “What is ‘%AppData%’?” post and How-To Geek’s “What Is the AppData Folder in Windows?” post. (I also recommend JAM Software’s TreeSize Free for finding out what’s eating up drive space.)

Step 3 – Add menu management

Next I install Stardock’s inexpensive Fences for organizing desktop icons and shortcuts. Microsoft might believe we’ve all transitioned to Windows’ Start menu tiles, but I — and I suspect many others — still keep lots of application icons on my desktop. Moreover, my aging brain can’t handle the myriad browser bookmarks for cloud applications (and MS 365 admin websites) I use on a regular basis. So I create desktop shortcuts for them, too.

If you’re a longtime Win7 devotee moving to Win10, you might want to install Stardock’s Start10 or one of its competitors. But having used Win10 for a few years now, I’ve found that I no longer need a third-party menu utility. (Note: On systems without a touchscreen, Windows’s Tablet view won’t show up, so you’ll see only the familiar Windows PC desktop.)

As I install applications on the new machine, I organize their icons with Fences.

I also pin my most-used apps to the Windows taskbar. Note: If an app’s installer doesn’t offer to automatically create a taskbar or desktop shortcut, you can do so yourself. Simply find the app in the Start menu and right-click it. Click More and then Pin to taskbar and/or Open file location (see Figure 2). For the latter, right-click the app in File Explorer and select Create shortcut.

Open file location option
Figure 2. You can easily create desktop shortcuts for applications via the Open file location context-menu option.

Step 4 – Setting up MS Office

Office is one of the first major apps I install on the new system. But instead of the standalone “MSI” edition that gets individual patches, I now download the Click-to-Run Microsoft 365 Business Premium release (more info; USD $20 per user/month). Click-to-Run patches update all Office apps in one go.

Although you can roll back a problematic MS 356 update, you’re better off setting your copy of Office to the Semi-Annual Enterprise Channel (formerly Semi-Annual Channel) or the new Monthly Enterprise Channel — not to the default Current Channel (aka Monthly Channel). (For more info on Office updating, see the MS Docs post ” Overview of update channels for Microsoft 365 Apps.”)

To see which version of MS 365 you’re currently running, open Word, click File and then select Account. On the right-hand side of the Account window, read the information under About Word. If you see Monthly Channel, follow the steps below to change channels. (An Erwin Bierens post provides more details.)

  • Launch a command window as an administrator.
  • Navigate to C:\Program Files\Common Files\Microsoft Shared\ClickToRun\.
  • At the prompt, enter OfficeC2RClient.exe /changesetting Channel=Broad to change Office to the Semi-Annual channel.

You’ll see Office 365 “reinstall” itself and then change to the less-disruptive channel.

Step 5 – Go Pro

If the machine I just purchased has Win10 Home installed, I immediately upgrade it to the Pro edition — which gives me more control over the updating process. You can, for example, defer both Feature updates and monthly Quality patches.

The Pro version also lets me control updating and other aspects for Windows via the Group Policy Editor. Yes, you have a good level of patching control through Windows Update, but GPEdit gives more consistent results (more info).

Step 6 – Drive encryption (optional)

So far, I’ve made all the above changes while still signed in to the original administrator-level, non-Microsoft account.

If I decide to use BitLocker encryption on the new machine, how I handle the de-encryption recovery key is vitally important. If you’re running an MS account, the recovery key is automatically stored online. If you start with a local account, you have more options for recording the key: on a printout or a USB flash drive, and others (more info).

In short, you must have a well-established process for recovering the key from a safe place. Should you run into a problem during patching or maintenance, Windows will probably request the recovery key — and you’ll need to know exactly where to find it. (If there’s any chance you’ll forget the location, I guarantee it’ll happen during the panic of a system failure.)

Note: When setting up an MS Surface device, I use a Microsoft-attached account from the start because of how the machine handles BitLocker. The recovery key will be automatically linked to your Microsoft account and uploaded online. If disaster strikes, follow the MS Support instructions for signing in to your Microsoft account from another device and obtaining the critical recovery key.

An unexpected request for a recovery key is no hypothetical occurrence. On two occasions, I’ve been prompted to enter a BitLocker key after a system reboot. Both times, I nearly panicked. So again, know where to find the key — write it down and place the paper in a safe but easily accessed place. And if you use another encryption method, check with the vendor for the best way to back up your recovery key.

Step 7 – Set up a backup system

I make sure I have a safe and reliable backup routine for every device I manage. Solid-state drives might be quick and reliable, but when they die, it tends to be spontaneously and completely with little or no warning. And, even if you have most of your apps and data backed up to or running from the cloud, restoring a system to its state at the time of a major failure will still be a pain.

So I still recommend using a third-party, full-disk backup application such as Acronis True Image, EaseUS ToDo Backup, or Macrium Reflect. There are many others to choose from, most offering both free and paid versions.

I typically set up a separate Windows account for the backup system, to help hide the backup drive from attackers. Keep in mind that ransomware will routinely delete any shadow copies and backups that it can access. But a malicious hacker who has compromised the account you use daily should not be able to access other accounts.

Step 8 – Limit your Windows rights

One of the oldest security practices for Windows is to avoid doing your daily computing activities in an admin-level account. So after I’ve finished making the initial system setup, I’ll create a new, rarely used administrator account and then downgrade the local account I started with — the one I will use every day — to non-administrator.

I also decide how I’ll sign into the new system. Along with the standard password, Win10 offers numerous sign-in options: Picture Password and security keys, plus the Hello-based fingerprints, facial recognition, and PINs.

So how do you set up a new system?

I’ve detailed my steps for configuring a new system. I’d love to hear how you handle this task. So please share your favorite tweaks using the AskWoody comments link below. I’ve worked with PCs for many more years than I’d like to admit, but I still learn much from fellow Loungers. Join the discussion!

Questions or comments? Feedback on this article is always welcome in the AskWoody Lounge!

In real life, Susan Bradley is a Microsoft Security MVP and IT wrangler at a California accounting firm, where she manages a fleet of servers, virtual machines, workstations, iPhones, and other digital devices. She also does forensic investigations of computer systems for the firm.


WEBSITE DEVELOPMENT

Security basics for small-business websites

Nathan Segal

By Nathan Segal

Your company website is truly the digital front door to your business. It’s often potential customers’ first impression.

If you’re building an online presence, security is a top priority; here are some tips for keeping both your website and your business safe.

Local security

Before you dive into website security, you need to make sure your local systems are protected from ransomware, phishing, and other forms of malware. The Web is, of course, the most common source for malicious attacks on both your in-house network and your Web presence.

Excellent third-party anti-malware products include Avast, AVG, Bitdefender, and Malwarebytes. Most AV vendors offer free editions, but the paid business or premium versions may add ransomware protection and enhanced firewalls.

You should also consider using a virtual private network (VPN) if your hosting service doesn’t provide it.

VPNs are a good defense against hacks targeting your Internet connections. They keep your Web-based activity private, letting you download torrents, P2P files, and other data anonymously. They also provide robust security on public Wi-Fi and hotspots.

Moreover, if you travel frequently, you can set your “location” as, say, the continental United States. This can give you access to information that might be blocked in other localities (Mexico, for example, as I know from personal experience). Some of the more popular VPN services are ExpressVPN, CyberGhost, and Surfshark.

Website hosting

Most small businesses will have their new online presence “hosted,” meaning the files that make up the website reside on a third-party server somewhere in the cloud. Building a site typically comes down to these options: design and create it yourself, using a service that provides step-by-step instructions and templates; or have a Web-development service do everything for you. Or use some combination of the two (i.e., you started it yourself but soon realized you were in way over your head). As always, it’s simply a matter of time and money — yours or theirs.

Popular DIY sites include GoDaddy, Wix.com, Squarespace, and others. To find a full-service website provider, look for well-designed sites built for your business associates and ask who created them.

If you plan to regularly publish new blogs, images, and other content, check whether the Web host offers WordPress as part of the service. This platform offers numerous paid and free templates, has broad capabilities, and includes solid security features. If you’re not a code wrangler, you can use the templates to create very simple sites. But most businesses will soon want help from a WordPress professional.

Wherever you have your site hosted, you need to ensure it’s secured with a TLS/SSL certificate (the “s” in HTTPS; more info). Some hosts charge extra for an SSL certificate, while others offer it for free as part of the service — see, for example, SiteGround (Figure 1), bluehost, and A2 Hosting.

SiteGround website
Figure 1. SiteGround is one example of a service that offers low-cost Web hosting and free SSL certificates.

The importance of an SSL certificate goes beyond basic security: it indicates whether you take website security seriously. Without SSL, people visiting your site will see a tiny “lock” icon to the left of the domain address. If they click on it, they may see a message similar to “Your connection to this website isn’t encrypted. This makes it easier for someone to steal sensitive information like passwords.” (“Yikes! I think I’ll try someone else.”)

Another important security feature a host should offer is Secure File Transfer Protocol (SFTP) rather than the older and unsecure FTP. This will ensure secure file uploads and downloads.

Email address

Most hosting companies include hosted email, but you’ll want to define the actual address or addresses. In most cases, it will be [someone]@[your domain].com — e.g., “salesguy@askwoody.com” (fictitious). For staff security, it’s best not to use specific names on the website (plus, employees come and go). On the other hand, don’t use numbers or generic names such as “info” or “admin” — they look too much like email rabbit holes. Also avoid any sexual or religious references.

Email hacks can devastate a small business, so for email-account passwords, the usual rules apply: use complex passphrases that include alpha, numeric, and special characters and are at least 12 characters long. (Mine are 30 characters!)

The best option is a good third-party password manager — it’ll include a password generator. Two excellent apps are LastPass (Figure 2) and RoboForm. Both offer free and paid editions.

LastPass app
Figure 2. Sure, you’ve heard it a thousand times; but strong passwords are perhaps the most important protection against email intrusions and other forms of attack. LastPass is an excellent choice for managing unbreakable credentials.

For more-secure business/customer communications, consider a service such as ProtonMail (Figure 3), an email system that incorporates end-to-end encryption. Paid plans let you integrate it into your domain.

ProtoMail website
Figure 3. With services such as ProtonMail, maliciously intercepted email remains secure.

Can spam

Company email addresses are a magnet for spam. Here again, encryption can help. For example, the @guy site offers Javascript code that lets you post a “Mailto” form without revealing your business email address. When spam bots visit your site, they won’t be able to harvest the address and use it for phishing attacks.

@guy email form
Figure 4. The @guy site offers simple code for secure business-contact email.

Hosting images and video

You can store website images and videos on your host account, but it might slow a heavily trafficked site to a crawl.

If you use lots of media, consider services such as SmugMug or Flickr. They include image-security options such as password protection, viewing options/restrictions, and digital watermarking. (For these advanced features, you might need to sign up for a paid account.) Watermarking can be helpful for preventing the theft of your image assets — see these SmugMug instructions for an introduction to the topic.

Sites such as YouTube and Vimeo are obvious choices for hosting videos. You can do so for free, but smooth and reliable streaming can be a challenge — and video interruptions are simply not going to leave a good impression. For more reliable streaming, use a paid account on sites such as Vimeo, Wistia, or Amazon AWS.

Protecting digital assets

A common question I get from business owners setting up new sites is “Can I protect my intellectual property from theft?” The short answer is not easily. But there are many ways to discourage thieves, including tagging your content so that if it is stolen, you can prove it belongs to you and there’s some legal recourse. Here are some techniques to consider.

1) Register all printed and digital work. This is an essential first step for bringing legal action against someone who uses your content without permission. Copyright laws vary widely from country to country; in the U.S., visit Copyright.gov for some basic tips.

2) If you want to control who sees the contents of documents, you can turn them into encrypted ZIP files. For PDFs, you can also use built-in password protection (assuming you use a strong password).

3) If you have a membership site (e.g., AskWoody), you can make use of content dripping. Properly implemented, users will see new content only if, for example, they’ve paid for the current month. Options for this type of service include MemberPress and WishList Member — both subscription-based WordPress plugins. The more expensive subscriptions let you manage member activity by granting/revoking access to posts, pages, videos, categories, tags, feeds, communities, digital files, and much more.

4) Another tool for protecting downloaded intellectual property is DLGuard. It provides a secure sales link for products and services you provide via your website. The service handles all aspects of online sales, including payment validation, a secure shopping cart, and customer-download tracking. The site is comprehensive, but the interface looks somewhat dated.

Bottom line: A small business’s online presence can run the gamut from simple who-we-are and where-to-find-us pages to full Web-based stores. But whatever level you choose, security is, and always will be, your highest priority. Hopefully, this article will give you a starting place.

Questions or comments? Feedback on this article is always welcome in the AskWoody Lounge!

Nathan Segal has been a technical writer for 21 years. His articles have appeared in many popular publications covering technology, photography, and design. His specialties include computer graphics and photography.


Publisher: AskWoody LLC (woody@askwoody.com); editor: Tracey Capen (editor@askwoody.com).

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody LLC. All other marks are the trademarks or service marks of their respective owners.

Your email subscription:


Copyright © 2020 AskWoody LLC, All rights reserved.