Slashdot Mirror

← Back to Stories (view on slashdot.org)

TurboTax DRM Writes to Your Boot Sector?!

Posted by ryuzaki0 on from the now-that-ain't-cool dept.

ltwally writes "As reported on Slashdot (amongst other sites) recently, the latest version of TurboTax is laden with DRM software. Even worse, however, is that it apparently writes to your hard drive's boot-sector , as reported at Extreme Tech here. As I'm sure most Slashdotters already know, the boot-sector is often times used for silly things like boot-loaders and such. "

14 of 733 comments (clear)

  1. Just file your taxes electronically for free by macemoneta · · Score: 5, Informative
    Here is the intro page at the IRS, where you can select a tax preparer that will let you file and submit electronically for free. Check the criteria for qualification; most people qualify.


    If you insist on using TurboTax, use their web-based vesion; it's alway current and no software gets installed on your PC.


    Personally, even though I've been using TurboTax for over 10 years, I will be using a different tax preparerer this year. I find their association with this kind of DRM crap distastful.

    --

    Can You Say Linux? I Knew That You Could.

  2. Re:Um... by Anonymous Coward · · Score: 5, Informative

    ...and the Mac version has no "DRM" at all.

    ~jeff

  3. Administrator by yerricde · · Score: 5, Informative

    As I understand it, a program running as Administrator on NT can elevate its privileges to LocalSystem and do just about anything, such as write sectors to physical drives.

    --
    Will I retire or break 10K?
    1. Re:Administrator by quantum+bit · · Score: 4, Informative

      I'm not sure about this. NT uses a Hardware Abstraction Layer which should prevent any direct access to any hardware. In order to write a defragmenter for NT, Diskeeper had to write a kernel extension which would give them low level access to the disk.

      No, the HAL does not prevent direct writes to the disk. An administrator can open the raw disk device ("\\.\PhysicalDrive0" -- the NT equivalent of BSD's /dev/ad0c or Linux's /dev/hda0) and read / write anything.

      I suspect the reason that a defragmenter would need special kernel support is that the file system driver keeps internal state data and would react, um, badly to the data on the disk changing out from under it. Think blue screen and possibly corrupt filesystem.

      However, for areas that aren't directly touched by the FS driver, such as the MBR, unallocated partitions, or partitions for which there is no filesystem driver loaded, like UFS or ext2, this method of access works just fine. A while back I wrote a quick utility to let me tell the FreeBSD bootloader (which lives in the MBR) which partition I want it to default to loading on the next boot. Real handy for accessing dual-boot systems remotely.

  4. Re:CDilla by Erik+Hollensbe · · Score: 5, Informative

    If you had read the article, this is C-Dilla's LMS that they're using.

    They also proved using a sector editor that the location is correct.

  5. Re:CDilla by Ldir · · Score: 5, Informative
    They are the same thing. TurboTax uses the Macrovision C-Dilla (Safecast) license manager. It is covertly installed when you install TurboTax. It is not removed when you remove TurboTax, however. Intuit now offers a C-Dilla uninstaller on their web site.

    I'm one of the legions of long-time TurboTax users who switched to TaxCut this year. Glad I did, TaxCut works just as well, costs half as much, and has no DRM or other installation games. As a bonus, it imports TurboTax data flawlessly.

    We went through this before, in the early days of the PC (early 80's). Companies kept using more and more obnoxious forms of copy protection, making software more brittle, and more and more difficult to install and use. Finally enough consumers revolted and the software companies wised up. Looks like Intuit needs a history lesson.

  6. Re:Heh, silly me. by Bert64 · · Score: 4, Informative

    Infact, only an os installer should write to the boot sector, anything else should be considered a virus. Infact many bioses have the option to detect and block attempts to write to the bootsector under the name of bootsector virus protection.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  7. Well ok, it doesn't write to the boot sector, but by kfg · · Score: 4, Informative

    it writes to the boot *track,* so it's not going to munge your partition table, but may well munge other important boot records.

    Nothing belongs in that *track* other than boot information. Period.

    KFG

  8. As has been pointed out. . . by kfg · · Score: 5, Informative

    like, by the article and stuff, it doesn't write to the MBR. It writes to sector 33 of the boot *track.*

    The problem is that since the entire track is reserved for boot information, not just the sector holding your MBR, things like LILO and GRUB may be residing there as well.

    Boot loaders are legitimate boot records. Software registration codes are not. They don't belong in the boot track, whether they write to the MBR or not.

    KFG

    1. Re:As has been pointed out. . . by Flakeloaf · · Score: 4, Informative

      For one untrained in the ways of the boot track, how might I go about removing it? I've played with the MBR and such, and even had a virus infect my boot record before, but what's the proper method for removing this thing? Assembly? ;)

      Sector editor. I prefer BreakPoint's Hex Workshop. Be sure you know exactly wtf you're doing though, or you could be in for a mighty long evening.

      By the same token, anyone with access to a sector editor can mimic TurboTax's copy protection and install it on pretty much any PC at will.

      --

      Am I the only one who heard Roxette to sing "I'm gonna get blitzed for some sex"?

    2. Re:As has been pointed out. . . by Sheetrock · · Score: 4, Informative
      I wouldn't touch it. From the article, it sounds like it's dropping a key that is only of importance to Intuit and the TurboTax software. If it's on their system, the damage is already done to whatever previously inhabited sector 33 (probably nothing important). It won't execute by itself, and it's probably data and not executable code anyway -- you've got more to worry about whatever Intuit is dumping into the Windows install.

      At best, you can wipe something that will be indecipherable to anybody but Intuit (and break the TurboTax installation in the process) -- at worst, you could inadvertently clean out your partition table. I'd recommend ignoring it, but if you don't mind flirting with disaster you might be able to use the same Norton tool they mentioned in the article.

      --

      Try not. Do or do not, there is no try.
      -- Dr. Spock, stardate 2822-3.




  9. Re:VMWare? by youngsd · · Score: 4, Informative

    Yep, it works with VMware. That's how I installed it, after reading the earlier /. story. One thing, though, you need to turn off the "hardware acceleration" in the VM configuration while starting the program (after that, you can turn acceleration back on).

    After reading the earlier stories about locking to a particular machine, and possibly installing spyware, I figured I'd either return the thing or install it under VMware. The geek in me won out, so I decided to see how it'd work under VMware. I'm sure glad I didn't install it on a PC directly.

    -Steve

    --
    Democracy is a poor substitute for liberty.
  10. Macrovision by Eraser_ · · Score: 5, Informative

    Get This.

    TurboTax also broke my DX8.1 install. Turns out, those fancy movies that come with it are Macrovision encoded. NT user? check your Services for a magical new service (I can't remember the name, I've long since ripped it a new one) which even if you disable it, running turbotax fires it right back up to automatic. Lord this gives me a new reason to get a full refund from them. How can one tell if their bootsector has some extra bits in it?

  11. My Logitech mouse drivers installed spyware by OneInEveryCrowd · · Score: 4, Informative

    A year ago I bought the then new Logitech dual pickup optical mouse and installed the drivers from the included CD. The install looked kind of suspicious so I ran ad-aware. It reported some kind of spyware components so I removed them. The system was clean before I installed the drivers.

    This really blew my mind at the time. I can see someone who provides free software doing that using the excuse that they need to make money and pay the employees, etc. But spyware with a $49.99 USA mouse ! Jeez...............