TurboTax DRM Writes to Your Boot Sector?!

ltwally writes "As reported on Slashdot (amongst other sites) recently, the latest version of TurboTax is laden with DRM software. Even worse, however, is that it apparently writes to your hard drive's boot-sector , as reported at Extreme Tech here. As I'm sure most Slashdotters already know, the boot-sector is often times used for silly things like boot-loaders and such. "

CDilla

[Epsillon]

CDilla's LMS does this too, although I'm not completely convinced it's the bootsector. Still, nothing short of a low level format clears it, so it probably is.

Re:CDilla

[Erik+Hollensbe]

If you had read the article, this is C-Dilla's LMS that they're using.

They also proved using a sector editor that the location is correct.

Re:CDilla

[Ldir]

They are the same thing. TurboTax uses the Macrovision C-Dilla (Safecast) license manager. It is covertly installed when you install TurboTax. It is not removed when you remove TurboTax, however. Intuit now offers a C-Dilla uninstaller on their web site.

I'm one of the legions of long-time TurboTax users who switched to TaxCut this year. Glad I did, TaxCut works just as well, costs half as much, and has no DRM or other installation games. As a bonus, it imports TurboTax data flawlessly.

We went through this before, in the early days of the PC (early 80's). Companies kept using more and more obnoxious forms of copy protection, making software more brittle, and more and more difficult to install and use. Finally enough consumers revolted and the software companies wised up. Looks like Intuit needs a history lesson.

No.

[cperciva]

This software does NOT write to your boot sector. It writes to sector 33 on the track which contiains the boot sector.

This is certainly a Bad Thing, but not nearly as bad as writing to the boot sector would be.

Just file your taxes electronically for free

[macemoneta]

Here is the intro page at the IRS, where you can select a tax preparer that will let you file and submit electronically for free. Check the criteria for qualification; most people qualify.

If you insist on using TurboTax, use their web-based vesion; it's alway current and no software gets installed on your PC.

Personally, even though I've been using TurboTax for over 10 years, I will be using a different tax preparerer this year. I find their association with this kind of DRM crap distastful.

Re:Um...

...and the Mac version has no "DRM" at all.

~jeff

Administrator

[yerricde]

As I understand it, a program running as Administrator on NT can elevate its privileges to LocalSystem and do just about anything, such as write sectors to physical drives.

Re:Administrator

[quantum+bit]

I'm not sure about this. NT uses a Hardware Abstraction Layer which should prevent any direct access to any hardware. In order to write a defragmenter for NT, Diskeeper had to write a kernel extension which would give them low level access to the disk.

No, the HAL does not prevent direct writes to the disk. An administrator can open the raw disk device ("\\.\PhysicalDrive0" -- the NT equivalent of BSD's /dev/ad0c or Linux's /dev/hda0) and read / write anything.

I suspect the reason that a defragmenter would need special kernel support is that the file system driver keeps internal state data and would react, um, badly to the data on the disk changing out from under it. Think blue screen and possibly corrupt filesystem.

However, for areas that aren't directly touched by the FS driver, such as the MBR, unallocated partitions, or partitions for which there is no filesystem driver loaded, like UFS or ext2, this method of access works just fine. A while back I wrote a quick utility to let me tell the FreeBSD bootloader (which lives in the MBR) which partition I want it to default to loading on the next boot. Real handy for accessing dual-boot systems remotely.

Re:VMWare?

[phillymjs]

I vaguely remember reading on a Mac site that the TurboTax packaging rather explicitly states that the product will not run in any kind of Windows emulator (the article of course was talking about Connectix Virtual PC).

If that's the case, this boot-sector thing might be a major part of the reason why.

~Philly

Re:Linux interop?

[Red+Warrior]

.. any word on how it impacts a dual-boot box? So far, so good. I've got TT installed in WIN98. I run a triple-boot WIN98/RH8.0/Mandrake9.0, using RedHat's Grub. Works fine, boots fine.
Intuit's still a bunch of SOBs for doing such a dangerous thing, though.

Re:Heh, silly me.

[Bert64]

Infact, only an os installer should write to the boot sector, anything else should be considered a virus. Infact many bioses have the option to detect and block attempts to write to the bootsector under the name of bootsector virus protection.

Re:VMWare?

[reynolds_john]

I would bet the farm on the fact you could do it with VMWare. I have found that OSes installed on VMware have no knowledge of their host operating systems, nor does any disk activity from the VMware OS have any affect on the host's partitions/drives, because the 'disk' is actually just a file.

Re:Heh, silly me.

[numbski]

Because the mac version was $10 more AND none of the rebates in store would apply.

Well ok, it doesn't write to the boot sector, but

[kfg]

it writes to the boot *track,* so it's not going to munge your partition table, but may well munge other important boot records.

Nothing belongs in that *track* other than boot information. Period.

KFG

As has been pointed out. . .

[kfg]

like, by the article and stuff, it doesn't write to the MBR. It writes to sector 33 of the boot *track.*

The problem is that since the entire track is reserved for boot information, not just the sector holding your MBR, things like LILO and GRUB may be residing there as well.

Boot loaders are legitimate boot records. Software registration codes are not. They don't belong in the boot track, whether they write to the MBR or not.

KFG

Re:As has been pointed out. . .

[Flakeloaf]

For one untrained in the ways of the boot track, how might I go about removing it? I've played with the MBR and such, and even had a virus infect my boot record before, but what's the proper method for removing this thing? Assembly? ;)

Sector editor. I prefer BreakPoint's Hex Workshop. Be sure you know exactly wtf you're doing though, or you could be in for a mighty long evening.

By the same token, anyone with access to a sector editor can mimic TurboTax's copy protection and install it on pretty much any PC at will.

Re:As has been pointed out. . .

[Koyaanisqatsi]

Back in the day, a "format /mbr" from a DOS disk would restore the MBR (not sure about the rest of the boot track). It doesn't do anything besides this, and it's safe with Win9x and probably Win2000 too.

However, if you're using lilo, this will wipe it out, so you'll need to boot from floppy and run lilo as root again to re-create the MBR.

Re:As has been pointed out. . .

[Sheetrock]

I wouldn't touch it. From the article, it sounds like it's dropping a key that is only of importance to Intuit and the TurboTax software. If it's on their system, the damage is already done to whatever previously inhabited sector 33 (probably nothing important). It won't execute by itself, and it's probably data and not executable code anyway -- you've got more to worry about whatever Intuit is dumping into the Windows install.

At best, you can wipe something that will be indecipherable to anybody but Intuit (and break the TurboTax installation in the process) -- at worst, you could inadvertently clean out your partition table. I'd recommend ignoring it, but if you don't mind flirting with disaster you might be able to use the same Norton tool they mentioned in the article.

Re:VMWare?

[youngsd]

Yep, it works with VMware. That's how I installed it, after reading the earlier /. story. One thing, though, you need to turn off the "hardware acceleration" in the VM configuration while starting the program (after that, you can turn acceleration back on).

After reading the earlier stories about locking to a particular machine, and possibly installing spyware, I figured I'd either return the thing or install it under VMware. The geek in me won out, so I decided to see how it'd work under VMware. I'm sure glad I didn't install it on a PC directly.

-Steve

Re:Does the HAL prohibit going around the FS?

[arkanes]

The defragger runs as a native NT application, not a win32 application - it needs this because it needs to be able to run before the win32 layer is loaded up. You don't need to do that kind of thing to write to the boot track, you just need Admin privledges. Details on the difference between the NT API and the win32 wrapper API for it can be found at Sysinternals.com. You can do some nifty stuff with an NT-native application, like writing Registry entries that can only be removed or modified by other NT applications, and not by anything running in the win32 layer.

Contact their PR dept.

[pyros]

I just sent this to public_relations@intuit.com, if other people do the same, InTuit will get the message that the upsets customers. No garauntee they will stop, but at least they'll no it upsets us.

"I'm a potential customer for TurboTax software. A recent discussion held at the Slashdot forum indicates that TurboTax is laden with DRM (Digital Rights Management) components, and even goes so far as to write to the boot sector of the hard drive. I wanted to know how InTuit responds to this. I can't support a company who would include such measures in their software. I understand the need to prevent piracy, but writing to the boot sector is something that only disk partitioning software and operating system installers should do. I'm eager to hear InTuits response on this matter, as it will be the deciding factor in whether I buy InTuit software.

Here are some links to the sites I am obtaining information from.

Original article claiming the action:
http://www.extremetech.com/article2/0,397 3,881243, 00.asp

Pursuant discussion on Slashdot:
http://slashdot.org/articles/03/02/16/1 549232.shtm l?tid=185

PS - I'm posting a copy of this to the Slashdot forum, and intend to forward the reply to Slashdot as well."

I filed a "product suggestion" and got a reply

I filed a "product suggestion" at http://altserv.intuit.com/orien/turbotax_enhance.c gi (saying that I'd used TurboTax for several years but would not use it this year because of the DRM issues). I got the following reply:

Thank you for contacting Intuit Inc.

We received your e-mail concerning TurboTax(R) Product Activation. Product Activation is designed to help reduce unlicensed use of TurboTax software. It ties a single copy (a license is tied to a pc, not a copy of the software) of TurboTax to a single PC. Product Activation is completely anonymous; no personal data is collected or transmitted to Intuit. Product activation does not prevent TurboTax customers from preparing tax returns for themselves and their family members or from giving the CD to someone else who can then purchase their own product license. TurboTax customers can prepare their return from more than one computer but will only be able to activate, print or e-file their tax return from a single PC.

However, you may install the trial version on other computer and work on your returns but you can Efile and print from the computer where you have first installed the program.

Product activation helps to ensure TurboTax customers use the product in accordance with the license agreement. The key terms of the License Agreement have been the same for the past several years. It restricts the licensed use of TurboTax software to a single computer. With product activation your privacy is safe. We do not transmit any personally identifiable information about you or your computer.

Product activation transfers nothing but a Product Key and Request Code. The code and key are matched together and a confirmation is sent to Intuit which enables TurboTax to be activated on your computer. Product activation does not monitor any activities on your computer such as what Web sites you visit, etc. It will not prevent you from using your CD-R or CD-RW drives.

You can still prepare multiple returns from your computer and prepare your return using multiple computers at no additional cost. You can remove/delete Macrovision SafeCast (C-Dilla) folders and components associated with TurboTax.

We sincerely apologize for the inconvenience this may have caused you. We hope new arrangements will not affect our business relationship in any way but will continue to grow. We have forwarded your comments to the TurboTax Management and Development Teams for consideration. Although we cannot guarantee that your feedback will result in a change to our guidelines, we assure you that we take all advice seriously because it contributes to the improvement of our products and services, and we appreciate your honesty.

To obtain additional information about product activation, please visit us at http://www.turbotaxsupport.com/default.asp?platfor m=1&docid=815.

Further, Intuit respects and protects customer information. We integrate privacy in to everything we do. That is why privacy and security were key considerations when implementing the product activation technology in federal TurboTax for Windows desktop products for Tax Year 2002.

The Macrovision SAFECAST(R) product activation technology used by Intuit installs files on your computer when you install TurboTax. These files serve as your product license; in addition, they also manage and protect that license. These files interact only with TurboTax and with each other. Macrovision SAFECAST does not gather any personally identifiable information. It does not examine, modify, or gather information about your computer, your computer's contents, or your activities or behavior, nor does it transmit any such information to Intuit, Macrovision, or any other party.

C-Dilla is a company that was acquired by Macrovision in 1999. Some of the Macrovision SAFECAST technology used in TurboTax is derived from earlier C-Dilla products. "Spyware" is jargon for hidden programs that transmit user information to others (usually advertisers) without the user's knowledge. C-Dilla is not spyware.

If you have additional questions, please visit us at www.turbotaxsupport.com. We appreciate your interest and look forward to serving you in the future.

There is a new uninstaller for Macrovision Safecast/c-dilla. This requires that you first complete your taxes, uninstall TurboTax normally, and follow the process located here. http://www.turbotaxsupport.com/default.asp?platfor m=1&docid=836

If you need further assistance, or if there is any other way we may be of service, please contact us at http://www.intuit.com/service.

Respectfully,

Nidhi

Intuit Customer Service

Macrovision

[Eraser_]

Get This.

TurboTax also broke my DX8.1 install. Turns out, those fancy movies that come with it are Macrovision encoded. NT user? check your Services for a magical new service (I can't remember the name, I've long since ripped it a new one) which even if you disable it, running turbotax fires it right back up to automatic. Lord this gives me a new reason to get a full refund from them. How can one tell if their bootsector has some extra bits in it?

My Logitech mouse drivers installed spyware

[OneInEveryCrowd]

A year ago I bought the then new Logitech dual pickup optical mouse and installed the drivers from the included CD. The install looked kind of suspicious so I ran ad-aware. It reported some kind of spyware components so I removed them. The system was clean before I installed the drivers.

This really blew my mind at the time. I can see someone who provides free software doing that using the excuse that they need to make money and pay the employees, etc. But spyware with a $49.99 USA mouse ! Jeez...............

Why not more OUTRAGE at SafeDisk?

[Nom+du+Keyboard]

If you read the Extreme Tech article completely, it reminds us that the companion product (not used in TurboTax yet) SafeDisk is even more insidious. That it replaces your CD-RW drivers with its own and monitors (prevents?) how you use your CD-RW drive after that. Now there is something that ought to be the target of lawsuits left & right.

A few lawsuits for system damage by SafeCast right now wouldn't hurt either.

So what is a good utility to inspect and clean all this crap off of boot sectors 1-63, even if it does make limited-time demos forget their earlier installs?

Possible alternatives

Don't thank me, thank Google Sets. :)

TaxACT
TurboTax
TaxCut
Taxslayer
Taxcut Deluxe
TurboTax Deluxe
HD Vest
E1040 com
TaxBrain
CompleteTax
e1065
TaxesByCPA
104 0Form
TaxLogic
FileSafe
eTax YourPace
EZTaxMachine
Tax Engine
AccuTax
TaxConnection
TaxGaga
FileYourT axes com
1040 net
Taxes1 com

I installed it.

It fucked up my f-prot installation.

On top of that, the one-click update just sat there, so I had to download the update program and run it manually. That farked up the turbotax installation entirely. It wouldn't even run anymore. It was in the task list, but nothing worked.

Uninstalled it and reinstalled it a few times, but it didn't help. Followed the instructions on the website completely, but no luck. I spent the entire day yesterday trying to get turbotax to work.

I *had* planned on getting my taxes done this weekend. That plan was shot to hell.

I uninstalled it, and took it back to Walmart today. They didn't give me a hassle over the fact that it had been opened. I was surprised but pleased about that, since the in2it web site refund page seems to require an order number.

I hope they ship it back rather than selling it to someone else, since the drm activation took place. That serial number won't work for anyone else now.

I will never purchase turbotax again. All this hassle for a stinking $20 one-use product. They might eliminate the 5-20% piracy that might have existed, but only at the cost of losing 60% of their sales.