TurboTax DRM Writes to Your Boot Sector?!

ltwally writes "As reported on Slashdot (amongst other sites) recently, the latest version of TurboTax is laden with DRM software. Even worse, however, is that it apparently writes to your hard drive's boot-sector , as reported at Extreme Tech here. As I'm sure most Slashdotters already know, the boot-sector is often times used for silly things like boot-loaders and such. "

Well, if they're writing...

[spazoid12 (525450)]

to my boot sector...I hope it's a really lovely story. Maybe a romance novel would be nice.

Corporate hax0rs?

[DoraLives (622001)]

How, precisely, are these people any different from some pimply-faced cracker bent over a keyboard, scanning ports, and swilling Mountain Dew? They're doing things on the sly that potentially can wreck your system, negate your privacy, or god only knows what else, and they're definitely not on the up and up with it.

How can ANY of us expect the hax0rs to behave themselves when Pillars of the System are behaving just as badly or worse?

Heh, silly me.

[numbski (515011)]

I came *this* close to installing TurboTax on my Mac via VirtualPC or Bochs (cheaper) and then I read the box closely.

"Will not work on the Macintosh Platform using Windows emulation software."

I took it back and used TaxAct [taxact.com] instead. I nearly installed it on my fiancee's PC instead. Ick.

You have to be on some sort of crack to write to a person's boot sector. Period. That's just off limits.

Re:Heh, silly me.

[Bert64 (520050)]

Infact, only an os installer should write to the boot sector, anything else should be considered a virus. Infact many bioses have the option to detect and block attempts to write to the bootsector under the name of bootsector virus protection.

Re:Heh, silly me.

[Junior J. Junior III (192702)]

And, most virus protection programs condition users to disable them before attempting to install software. So probably most people will allow TurboTax to do whatever it wants, because they think it's trustworthy.

I loooove TaxAct

[ChrisCampbell47 (181542)]

TaxAct [taxact.com] is accurate and full of features. I've been using it for years (the paid version, which is still cheap). The UI is super slick and anybody's grandma could figure it out. Vote against DRM bullsiht like this with your wallet.

Re:Um...

[by Anonymous Coward]

...and the Mac version has no "DRM" at all.

~jeff

No thanks

[iamacat (583406)]

I expect some integrity from the authors of my financial software. If it does dangerous operations without my permission, how do I know it doesn't send my e-mail address, with my income level and home ownership status, to Intuit for inclusion in a spammer's dream list? Or worse, charges back a few bucks from my electronic refund.

Anyone knows if TaxCut makers are known for some dishonest practices. They bought CompuServe and tried to push it to people who came to H&R block. Hmmm...

How Appropriate

[yukster (586300)]

Virii write to boot sector

DRM writes to boot sector

hmmmm...

Re:How Appropriate

[crawling_chaos (23007)]

The install instructions for TurboTax state that it will not install correctly with a virus checker enabled. Now we know why.

Never disable your anti-virus software...

[Kjella (173770)]

...maybe it's just my opinion, but if at anytime I *don't* disable my anti-virus software, it's when a program tells me to. Particularly one that should have no business doing virus-like behavior.

This goes rigth up there with those trojans that cliam that it won't work "right" with firewalls/anti-virus/whatever active. If it does show up on your anti-virus scanner, take it back to the store and return it as being infected. Remember to note what anti-virus program you're running and version, in case they ask. And don't take "no" as in "no, there's no virus on it, disable your antivirus" or "no, must be your machine that's already infected" for an answer.

Kjella

Rebii? Apparatii? Cactii? Octopii? Walrii?

[Wee (17189)]

I'm not afraid of virii. It's the trojii and worii that really scare me [monkeygumbo.com].

-B

Turbotax naughtiness

[Neophytus (642863)]

What smartarse decided to put registration data in such a volatile place such as the MBR. Heck, any program that performs low-level operations on your hard disk should be banned, because of the risks involved with writing blindly onto one area. Turbotax are treading shallow water, especially after their licencing 'policy'

As has been pointed out. . .

[kfg (145172)]

like, by the article and stuff, it doesn't write to the MBR. It writes to sector 33 of the boot *track.*

The problem is that since the entire track is reserved for boot information, not just the sector holding your MBR, things like LILO and GRUB may be residing there as well.

Boot loaders are legitimate boot records. Software registration codes are not. They don't belong in the boot track, whether they write to the MBR or not.

KFG

Re:As has been pointed out. . .

[Moonshadow (84117)]

Well, I know my girlfriend's parents bought TurboTax this year, and definitely used it. They also tend to be pretty concerned about digital privacy and such like this - I'm sure they'd be interested in getting it off their machine For one untrained in the ways of the boot track, how might I go about removing it? I've played with the MBR and such, and even had a virus infect my boot record before, but what's the proper method for removing this thing? Assembly? ;)

Do the virus scanners catch this? If so, can they restore an untouched copy of the boot track?

Re:As has been pointed out. . .

[Flakeloaf (321975)]

For one untrained in the ways of the boot track, how might I go about removing it? I've played with the MBR and such, and even had a virus infect my boot record before, but what's the proper method for removing this thing? Assembly? ;)

Sector editor. I prefer BreakPoint's Hex Workshop [bpsoft.com]. Be sure you know exactly wtf you're doing though, or you could be in for a mighty long evening.

By the same token, anyone with access to a sector editor can mimic TurboTax's copy protection and install it on pretty much any PC at will.

that settles it

[dubiousmike (558126)]

Now I am defintely NOT doing my taxes...again.

TurboTax XP

[Openadvocate (573093)]

Hmm seems to me like this product rather should be called Turbotax XP.

only in danger if you dual-boot

[ltwally (313043)]

TurboTax's DRM software only modifies sector 33 of your boot-sector. Basically what this means is that for Windows only users, you're safe.

If, however, you use other boot-loaders or "alternative" OS's, you might be in for an unpleasant surprise as things suddenly stop booting. YIKES!.

Anyhoo.. just thought that I'd point out that any of you that just have to run TurboTax should be "safe" unless you run something non-M$.

Re:only in danger if you dual-boot

[Pius II. (525191)]

This is software targeted at average users, meaning that it is easily possible that some of them still use hard drives which store additional enablers in the MBR to overcome all those silly BIOS limits (512 mb ought to be enough for everyone. No wait. Shit. Well, then let's extend this to 2 GB. Oh, damn. 8 GB. Oh, there goes another. 32 GB. Oh no, wrong again. 128 GB. To be continued...).
I don't think I have to mention what overwriting those drivers means to the users data; plus, you aren't even likely to be able to restore those drivers.

Re:only in danger if you dual-boot

[jdkincad (576359)]

Not true. My parent's machine got fscked up after installation of TurboTax, they had a system restore utility that refused to work aand let the computer boot afterwards. At least this would go a long way to explain the problem.

Analog tax returns

[PizzaFace (593587)]

Folks, the forms are no more complicated than the software. To the extent the forms are more complicated, the software is oversimplifying the law. Save yourself a few bucks and just fill in the forms by hand.

Re:Analog tax returns

[koreth (409849)]

Translation: Folks, your time is less valuable than the cost of tax preparation software. Spend a few hours to save yourself a couple bucks.

Err, no thanks. It's worth $30 to me to save several hours of sifting through stacks of paper, re-checking my calculations and making sure I've copied the correct numbers from form A to form B.

Re:Analog tax returns

[by Anonymous Coward]

Let me clarify: if you're on slashdot, your time means nothing to you.

Re:Analog tax returns

[khuber (5664)]

I'm so sick of this "it's only less if your time is worth nothing" garbage. For some, it might work, but when you spend hours on slashdot, I can't give you any credit to that statement.

I imagine you'll be doing your taxes by hand then. I suppose you beat your clothing against rocks in the river and hand knit your clothing using wool sheared from sheep you raise in your backyard.

-Kevin

Re:Analog tax returns

[swb (14022)]

The forms themselves aren't hard, but the rules governing stuff certainly can be, and the IRS docs aren't always helpful. On more than one occasion I've found myself tossing a coin over something, since the IRS documentation isn't always clear.

Presumably the electronic forms and the "choices" they make have been analyzed by someone who really understands the tax code, but for all we know the coin tossed was a Rupee in India by someone who has never filled out American tax forms! No offense to Indian programmers, but I'm sure my guesses of Indian tax law would be just as bad.

I also kind of like the neo-luddite feel of mailing in my taxes on paper. It feels subversive for some odd reason.

Linux interop?

[robbo (4388)]

The comments so far are pretty inane and clearly come from windows users.. any word on how it impacts a dual-boot box? does it render your lilo or grub setup useless? I would personally be very upset if it screwed up my boot setup, and reasonably so, I think. imho, hese kinds of things should raise the hackles of the tech community, and linux users in general enough to give the vendor some serious shit.

what does it do to wine?

3D Studio Max does a similar thing.

[dnaumov (453672)]

3DS Max like to keep it's registration information in the boot-sector and of course it's ONLY compatible with the Windows bootloaders.. This means that if you have a dual-boot system with Linux using GRUB to boot Windows, the moment you register 3DS Max from within your Windows install, your bootloader will be practically wiped out. If you reinstall the bootloader again, 3DS MAX will complain that you have to re-register and obviously, if you do so, your bootloader will be wiped yet again.

Re:3D Studio Max does a similar thing.

[Inda (580031)]

Makes me wonder why people copy then crack and patch software.

Re:3D Studio Max does a similar thing.

[Semi-Psychic Nathan (563684)]

No problem, as long as you don't need to boot your computer.

This is a wonderful way to do things . . .

[D1rtbag (650553)]

I can just imagine every piece of software writing its particular attempt to defeat piracy in our boot sectors; finally, we'd have a regular mosh-pit of games and apps regularly crashing our systems and giving virus-checkers fits of apoplexy. Bravo to Intuit for being a trendsetter .

Just file your taxes electronically for free

[macemoneta (154740)]

Here [irs.gov] is the intro page at the IRS, where you can select a tax preparer that will let you file and submit electronically for free. Check the criteria for qualification; most people qualify.

If you insist on using TurboTax, use their web-based vesion; it's alway current and no software gets installed on your PC.

Personally, even though I've been using TurboTax for over 10 years, I will be using a different tax preparerer this year. I find their association with this kind of DRM crap distastful.

UK online returns

[larien (5608)]

Here in the UK, we're being encouraged to do returns online. As I had to fill one in for 2001/2002 (things like having a private pension etc & being in the higher tax bracket meant I was due a refund), I figured I might as well. From the web site, I was able to enter details for all my incomings & outgoings in forms. At the end of it all, it calculated my tax due & tax paid (via PAYE and tax deducted at source) and offered to give me a refund either by cheque in the mail, a higher tax code for next year (to recover it) or even by direct bank transfer (which I chose).

All in all, pretty painless as well as free...:)

How many other programs do this?

[wiggys (621350)]

I installed Autocad 2000i on a computer a couple of years ago. Anyway, the user managed to completely screw up his computer in such a way that we had to reformat and reinstall Windows 2000 (even FDISK was used). When the OS was reinstalled we tried installing Autocad but the software informed us that our 30-day trial period had ended and we must contact Autodesk to register. So... where was the info written to?

But that's not all. Recently The Register ran a story [theregister.co.uk] which talked about how a stolen tablet PC had been traced over the net. The security software installed on this notebook (Computrace) supposedly "involves a tamper resistant agent that resides on the hard disk of PCs. Even formatting a drive will not erase this agent."

Now, I for one doubt those claims (Partition Magic would surely be able to zap the software, and the software wouldn't run if Linux was installed etc) but if it is true then who knows what else could be written to inaccessible (by the user at least) parts of the hard-disk?

It gets worse. The Computrace software creates a backdoor in your system which allows Computrace (and anyone else who figures out how to use it) to silently delete files from your drive). It also uses cloaking software which "is silent and invisible and will not be detected by looking at the disk directory or running a utility that examines RAM."

Claims are also made that it can worm its way through firewalls. Big claims indeed (perhaps too big without some clarification... the devil's in the details) but if this software is sold to the public by a private firm, what the heck could Government departments install on our computers to track what we do?

The ultimate tax software!

[InfinityWpi (175421)]

Yes, our new tax software does to your hard drive what the IRS is going to do to you!

I filed a bug report :-)

[dbc (135354)]

here [intuit.com]
that said something like "TurboTax writes to boot sector"

In a past life, I managed a software product validation team. Nothing would have shipped past me with this in it. It's a bug. File a report. You do not need to be a registered user to file a bug report, it turns out.

Not the boot sector!

[steveha (103154)]

This annoying DRM junk does not involve the boot sector. According to the actual article (which I actually read), they found it writing to track 0, sector 33.

Track 0, sector 0 is the boot sector. The partition table is stored in this sector. The rest of track 0 (sectors 1 through 63) is not officially used, so some DRM systems like to stash data there.

What makes this annoying is when you try to install another DRM-enabled product that also wants to write in the same place; after you install the second program, the first one will accuse you of being a pirate, and it will refuse to run anymore. Since there is no standard for using this space, its easy for two DRM systems to conflict with each other.

If there were a standard for using that space, presumably the DRM authors wouldn't want to use it! After all, someone would write a utility that showed you what programs were using that space, and for what... and then it wouldn't be obscure, and so it wouldn't be "secure" anymore. Feh.

I won't ever buy programs that pull stunts like this.

steveha

This is *NOT* DRM

[Twirlip of the Mists (615030)]

Guys, come on. We're all supposed to be geeks and nerds, right? Geeks and nerds pride themselves on being right all the time. Calling TurboTax's licensing scheme "DRM" is just plain wrong.

DRM stands for "digital rights management." It refers to systems for encoding, managing, or enforcing rights and clearances for digital media. It's not a general-purpose synonym for any copy-protection or piracy-prevention system.

I've come to expect this kind of blatant misattribution from the mainstream media, but on Slashdot? I've come to expect four things from Slashdot over the years: misspellings, flame wars, trolls trolls trolls, and accuracy. If this kind of thing keeps up, I'm going to have to take #4 off my list.

LEGALLY Circumventing (sortof) all this crap

[nurd68 (235535)]

1.) I just happen to have an inspiron 7500 with no screen (hinges broke off). Works fine when hooked to a CRT, though.

2.) It came with a Win98 license that I retained, but never used (it was a GNU/Linux box).

3.) Install legal copy of Win98

4.) Install copy of TurboTax

5.) Do taxes

6.) Pass laptop around to family and friends, who hook it up to their monitors and printers, but (as per the license) it is only installed on ONE machine. (The machine just happens to move around a lot...)

Administrator

[yerricde (125198)]

As I understand it, a program running as Administrator on NT can elevate its privileges to LocalSystem and do just about anything, such as write sectors to physical drives.

Re:Administrator

[quantum bit (225091)]

I'm not sure about this. NT uses a Hardware Abstraction Layer which should prevent any direct access to any hardware. In order to write a defragmenter for NT, Diskeeper had to write a kernel extension which would give them low level access to the disk.

No, the HAL does not prevent direct writes to the disk. An administrator can open the raw disk device ("\\.\PhysicalDrive0" -- the NT equivalent of BSD's /dev/ad0c or Linux's /dev/hda0) and read / write anything.

I suspect the reason that a defragmenter would need special kernel support is that the file system driver keeps internal state data and would react, um, badly to the data on the disk changing out from under it. Think blue screen and possibly corrupt filesystem.

However, for areas that aren't directly touched by the FS driver, such as the MBR, unallocated partitions, or partitions for which there is no filesystem driver loaded, like UFS or ext2, this method of access works just fine. A while back I wrote a quick utility to let me tell the FreeBSD bootloader (which lives in the MBR) which partition I want it to default to loading on the next boot. Real handy for accessing dual-boot systems remotely.

Re:CDilla

[Erik Hollensbe (808)]

If you had read the article, this is C-Dilla's LMS that they're using.

They also proved using a sector editor that the location is correct.

Re:CDilla

[Ldir (411548)]

They are the same thing. TurboTax uses the Macrovision C-Dilla (Safecast) license manager. It is covertly installed when you install TurboTax. It is not removed when you remove TurboTax, however. Intuit now offers a C-Dilla uninstaller on their web site.

I'm one of the legions of long-time TurboTax users who switched to TaxCut this year. Glad I did, TaxCut works just as well, costs half as much, and has no DRM or other installation games. As a bonus, it imports TurboTax data flawlessly.

We went through this before, in the early days of the PC (early 80's). Companies kept using more and more obnoxious forms of copy protection, making software more brittle, and more and more difficult to install and use. Finally enough consumers revolted and the software companies wised up. Looks like Intuit needs a history lesson.

Re:CDilla

[Nogami_Saeko (466595)]

Erm, ya.

It's farking TAX software, it's not CAD, it's not 3D animation or video editing. It's for doing TAXES.

It's like installing a sophisticated electronic ignition interlock system in a Yugo or something. Why bother?

It's this sort of thing that permanently alienates me on a product. I will NEVER buy a product that uses low-level writes on my system for copy protection purposes, especially if they try and keep it secret.

N.

Re:CDilla

[EvlG (24576)]

I also switched this year, and in the registration comments for TaxCut, I wrote something to the effect of:

I switched from TurboTax because of their lame DRM schemes. As long as you don't do this, I'll keep buying your software.

Here's hoping they listen.

Re:Tax preparation for Macintosh

[titzandkunt (623280)]

How, in the name of God, does a post which consists of three questions get modded "5 Informative"?

"5 Interrogative", would be more appropriate, no?

T&K.

Re:I just bought that yesterday!

[TheRaven64 (641858)]

1) Install a bootloader.
2) Remove floppy drive from computer.
3) Install TurboTax.
4) Shut down computer.
5) Remove CD drive.
6) Power up.
7) Ooops. Unable to boot, MBR corrupt.
8) Return to shop, and demand compensation for 'destruction' of computer.
9) Be refused compensation.
10) Hire ludicrously overpriced consultant to fix MBR (say $300).
11) Send bill to TurboTax.
12) Have bill returned with letter expaining politely that it's not their problem.
13) Forward bill and letter to national news services who love to publish this kind of crap.
14) Watch the bottom drop out of TurboTax's share price, and smile.

Note: Paying the consultant is optional.

Re:I just bought that yesterday!

[GreyPoopon (411036)]

12) Have bill returned with letter expaining politely that it's not their problem.

The sad thing is that I think the EULA allows them to make this statement, as I believe it explicitly states that they are not responsible for damage done to your machine or software as a result of using their product. Warranty only guarantees you what you paid for their product.... I'd love to see how well it would stand up in court in a case like this, where their product did something known to be destructive in some cases without bothering to inform you of it ahead of time.

Well ok, it doesn't write to the boot sector, but

[kfg (145172)]

it writes to the boot *track,* so it's not going to munge your partition table, but may well munge other important boot records.

Nothing belongs in that *track* other than boot information. Period.

KFG

Re:VMWare?

[youngsd (39343)]

Yep, it works with VMware. That's how I installed it, after reading the earlier /. story. One thing, though, you need to turn off the "hardware acceleration" in the VM configuration while starting the program (after that, you can turn acceleration back on).

After reading the earlier stories about locking to a particular machine, and possibly installing spyware, I figured I'd either return the thing or install it under VMware. The geek in me won out, so I decided to see how it'd work under VMware. I'm sure glad I didn't install it on a PC directly.

-Steve