TurboTax DRM Writes to Your Boot Sector?! 749
ltwally writes "As reported on Slashdot (amongst other sites) recently, the latest version of TurboTax is laden with DRM software. Even worse, however, is that it apparently writes to your hard drive's boot-sector , as reported at Extreme Tech here. As I'm sure most Slashdotters already know, the boot-sector is often times used for silly things like boot-loaders and such. "
Re:How Appropriate (Score:1, Informative)
CDilla (Score:3, Informative)
No. (Score:4, Informative)
This is certainly a Bad Thing, but not nearly as bad as writing to the boot sector would be.
Just file your taxes electronically for free (Score:5, Informative)
If you insist on using TurboTax, use their web-based vesion; it's alway current and no software gets installed on your PC.
Personally, even though I've been using TurboTax for over 10 years, I will be using a different tax preparerer this year. I find their association with this kind of DRM crap distastful.
Re:Um... (Score:5, Informative)
~jeff
Administrator (Score:5, Informative)
As I understand it, a program running as Administrator on NT can elevate its privileges to LocalSystem and do just about anything, such as write sectors to physical drives.
Re:VMWare? (Score:4, Informative)
If that's the case, this boot-sector thing might be a major part of the reason why.
~Philly
Re:Linux interop? (Score:3, Informative)
Intuit's still a bunch of SOBs for doing such a dangerous thing, though.
If you have to use Turbo Tax.... (Score:2, Informative)
Comment removed (Score:5, Informative)
Re:CDilla (Score:5, Informative)
I'm one of the legions of long-time TurboTax users who switched to TaxCut this year. Glad I did, TaxCut works just as well, costs half as much, and has no DRM or other installation games. As a bonus, it imports TurboTax data flawlessly.
We went through this before, in the early days of the PC (early 80's). Companies kept using more and more obnoxious forms of copy protection, making software more brittle, and more and more difficult to install and use. Finally enough consumers revolted and the software companies wised up. Looks like Intuit needs a history lesson.
Don't know about you, but it's TOO complicated (Score:3, Informative)
Anyhow, just doing minimum compliance with the law, no massively complicated deductions, you have to do things like calculate "minimum alternative taxes", and such... it's taken my wife since December, 2 hours or so each day, about 3 days a week... so I guess that would be 36 hours so far. She's still not done.
Yeah, she's doing it analog. I don't think turbo tax *would* help a whole lot, especially since a major part of her job is reading and rereading all the IRS documents to find out their new rules this year, and how she has to expense this, deduct that, cannot expense and *must* deduct t'other, *must* expense the third, or fill in a form explaining why she isn't expensing it, and so on and so forth.
I dunno. If you count the cost of her time as $20/hour, then without us owing anything, the cost of taxes would be $720 and counting.
Anyhow, lemme finish up with a link and a comment:
http://www.givemeliberty.org : absolutely right, legally correct based on written law, but it'd be incredibly stupid to join. Lots of our rules have nothing to do with law, if you get my drift. Better just to leave.
Re:only in danger if you dual-boot (Score:2, Informative)
Re:Heh, silly me. (Score:5, Informative)
Re:only in danger if you dual-boot (Score:3, Informative)
Huh? A sector on a disk does not contain other sectors. Therefore, there cannot be a sector 33 of the boot sector.
Perhaps you mean that that sector 33 in the boot-information track or cylinder is overwritten. That would seem to make more sense.
Re:VMWare? (Score:4, Informative)
Re:Heh, silly me. (Score:3, Informative)
Well ok, it doesn't write to the boot sector, but (Score:5, Informative)
Nothing belongs in that *track* other than boot information. Period.
KFG
As has been pointed out. . . (Score:5, Informative)
The problem is that since the entire track is reserved for boot information, not just the sector holding your MBR, things like LILO and GRUB may be residing there as well.
Boot loaders are legitimate boot records. Software registration codes are not. They don't belong in the boot track, whether they write to the MBR or not.
KFG
Re:VMWare? (Score:2, Informative)
Re:VMWare? (Score:5, Informative)
Yep, it works with VMware. That's how I installed it, after reading the earlier /. story. One thing, though, you need to turn off the "hardware acceleration" in the VM configuration while starting the program (after that, you can turn acceleration back on).
After reading the earlier stories about locking to a particular machine, and possibly installing spyware, I figured I'd either return the thing or install it under VMware. The geek in me won out, so I decided to see how it'd work under VMware. I'm sure glad I didn't install it on a PC directly.
-Steve
Here's the response I received from them (Score:3, Informative)
I am sorry that it took us so long to respond to your e-mail. You expressed concern about how product activation will impede your ability to access your tax files in future years.
You are a valued customer and your opinion matters. If I can answer any additional concerns that you may have, please let me know.
Sincerely,
AnnabelG
Tax Development, TurboTax
Re:As has been pointed out. . . (Score:5, Informative)
Sector editor. I prefer BreakPoint's Hex Workshop [bpsoft.com]. Be sure you know exactly wtf you're doing though, or you could be in for a mighty long evening.
By the same token, anyone with access to a sector editor can mimic TurboTax's copy protection and install it on pretty much any PC at will.
Re:Does the HAL prohibit going around the FS? (Score:4, Informative)
Re:Administrator (Score:5, Informative)
No, the HAL does not prevent direct writes to the disk. An administrator can open the raw disk device ("\\.\PhysicalDrive0" -- the NT equivalent of BSD's
I suspect the reason that a defragmenter would need special kernel support is that the file system driver keeps internal state data and would react, um, badly to the data on the disk changing out from under it. Think blue screen and possibly corrupt filesystem.
However, for areas that aren't directly touched by the FS driver, such as the MBR, unallocated partitions, or partitions for which there is no filesystem driver loaded, like UFS or ext2, this method of access works just fine. A while back I wrote a quick utility to let me tell the FreeBSD bootloader (which lives in the MBR) which partition I want it to default to loading on the next boot. Real handy for accessing dual-boot systems remotely.
Re:win4lin and vmware (Score:3, Informative)
Contact their PR dept. (Score:4, Informative)
"I'm a potential customer for TurboTax software. A recent discussion held at the Slashdot forum indicates that TurboTax is laden with DRM (Digital Rights Management) components, and even goes so far as to write to the boot sector of the hard drive. I wanted to know how InTuit responds to this. I can't support a company who would include such measures in their software. I understand the need to prevent piracy, but writing to the boot sector is something that only disk partitioning software and operating system installers should do. I'm eager to hear InTuits response on this matter, as it will be the deciding factor in whether I buy InTuit software.
Here are some links to the sites I am obtaining information from.
Original article claiming the action:
http://www.extremetech.com/article2/0,39
Pursuant discussion on Slashdot:
http://slashdot.org/articles/03/02/16/
PS - I'm posting a copy of this to the Slashdot forum, and intend to forward the reply to Slashdot as well."
Right of first sale? (Score:2, Informative)
"Digital rights management" in this form essentially strips me of the right of first sale (the doctrine that makes it legal for video stores to rent out videos that they have purchased or for you to resell a book once you are done reading it). Once I purchase this software I should be free to do whatever I darn well please with it, *and* once I'm done with it, I should be free to sell it, give it away, or whatever I wish as long as I don't keep a copy for myself. By preventing any of these actions, "DRM" tramples on consumers' rights and should be resisted any without technical flaws that could render your computer unbootable.
I sure am glad I have procrastinated in doing my taxes... Looks like I'll be checking out Intuit's competition this year.
Re:I just bought that yesterday! (Score:2, Informative)
Even worse: In otherwords, no, you can't sue them. They can do whatever the heck they want to your computer and it is not their responsibility to fix it. That's the *cough* beaty of EULAs...
I filed a "product suggestion" and got a reply (Score:3, Informative)
Macrovision (Score:5, Informative)
TurboTax also broke my DX8.1 install. Turns out, those fancy movies that come with it are Macrovision encoded. NT user? check your Services for a magical new service (I can't remember the name, I've long since ripped it a new one) which even if you disable it, running turbotax fires it right back up to automatic. Lord this gives me a new reason to get a full refund from them. How can one tell if their bootsector has some extra bits in it?
Re:CDilla (Score:2, Informative)
My Logitech mouse drivers installed spyware (Score:4, Informative)
This really blew my mind at the time. I can see someone who provides free software doing that using the excuse that they need to make money and pay the employees, etc. But spyware with a $49.99 USA mouse ! Jeez...............
Why not more OUTRAGE at SafeDisk? (Score:3, Informative)
A few lawsuits for system damage by SafeCast right now wouldn't hurt either.
So what is a good utility to inspect and clean all this crap off of boot sectors 1-63, even if it does make limited-time demos forget their earlier installs?
answer (Score:3, Informative)
So no, nothing more nefarious than making games work.
Possible alternatives (Score:3, Informative)
TaxACT
TurboTax
TaxCut
Taxslayer
Taxcut Deluxe
TurboTax Deluxe
HD Vest
E1040 com
TaxBrain
CompleteTax
e1065
TaxesByCPA
10
TaxLogic
FileSafe
eTax YourPace
EZTaxMachine
Tax Engine
AccuTax
TaxConnection
TaxGaga
FileYour
1040 net
Taxes1 com
Tried leaving Feedback at Intuit.com (Score:2, Informative)
Re:Well, if they're writing... (Score:1, Informative)
Re:As has been pointed out. . . (Score:4, Informative)
However, if you're using lilo, this will wipe it out, so you'll need to boot from floppy and run lilo as root again to re-create the MBR.
Re:As has been pointed out. . . (Score:5, Informative)
At best, you can wipe something that will be indecipherable to anybody but Intuit (and break the TurboTax installation in the process) -- at worst, you could inadvertently clean out your partition table. I'd recommend ignoring it, but if you don't mind flirting with disaster you might be able to use the same Norton tool they mentioned in the article.
Re:As has been pointed out. . . (Score:2, Informative)
Re:This is *NOT* DRM (Score:3, Informative)
DRM stands for "digital rights management." It refers to systems for encoding, managing, or enforcing rights and clearances for digital media. It's not a general-purpose synonym for any copy-protection or piracy-prevention system.
By that definition, this is in fact DRM--the right to use the software in its entirety is encoded by the contents of sector 33; your right to use the software is managed by the exchange between your computer and the Intuit product activation servers; and the license is enforced by the aforementioned encoding and management.
The old copy protection measures "back in the day" may not have been called DRM, but that's exactly what they were--primitive and relatively unsophisticated techniques for managing your right to use the software IAW the license.
I installed it. (Score:3, Informative)
On top of that, the one-click update just sat there, so I had to download the update program and run it manually. That farked up the turbotax installation entirely. It wouldn't even run anymore. It was in the task list, but nothing worked.
Uninstalled it and reinstalled it a few times, but it didn't help. Followed the instructions on the website completely, but no luck. I spent the entire day yesterday trying to get turbotax to work.
I *had* planned on getting my taxes done this weekend. That plan was shot to hell.
I uninstalled it, and took it back to Walmart today. They didn't give me a hassle over the fact that it had been opened. I was surprised but pleased about that, since the in2it web site refund page seems to require an order number.
I hope they ship it back rather than selling it to someone else, since the drm activation took place. That serial number won't work for anyone else now.
I will never purchase turbotax again. All this hassle for a stinking $20 one-use product. They might eliminate the 5-20% piracy that might have existed, but only at the cost of losing 60% of their sales.
Another VMWare detection mechanism (Score:2, Informative)
The undocumented VMWare I/O port communication mechanism [tripod.co.jp] can also be (and is) used to determine whether an application is running under VMWare. The relatively simple code to implement this was posted [securityfocus.com] to the Honeypots security list.
Re:The IRS can't forgive you of not paying your ta (Score:3, Informative)
If you already bought it ... (Score:2, Informative)
"60-Day Money-Back Guarantee: Try TurboTax software. If you're not satisfied, return it within 60 days of purchase with your dated receipt for a full refund."
So even those of you who already opened the box are covered! I recommend returning this nonsense at the first opportunity. If the salesman gives you any flack, just point them at this text on the box.
Re:How many other programs do this? (Score:1, Informative)
I installed Autocad 2000i on a computer a couple of years ago. Anyway, the user managed to completely screw up his computer in such a way that we had to reformat and reinstall Windows 2000 (even FDISK was used). When the OS was reinstalled we tried installing Autocad but the software informed us that our 30-day trial period had ended and we must contact Autodesk to register. So... where was the info written to?
Now, I for one doubt those claims (Partition Magic would surely be able to zap the software, and the software wouldn't run if Linux was installed etc) but if it is true then who knows what else could be written to inaccessible (by the user at least) parts of the hard-disk?
One way to get rid of copy protection like this is to first make a full file backup of your hard drive that you are going to modify.
Use a disk tool like drivepro to wipe the first 10 cylinders of the disk (this will completely destroy all data on your hard disk) you would then need to reinstall your os and restore your file backup (Do not allow it to write/overwrite any boot files or hidden files on your boot drive root directory, be aware that after the restore, running any program that writes to an area outside of the file system will probably re-install the copy protection data back to the sector.
*This is just personal opinion of how you could in theory, recover and reinstall a Copy Protected product and in no way should this opinion be taken as seriously or as fact. I also assume no responsibly for any damage, or legal action this interpretation of opinion may cause*