TurboTax DRM Writes to Your Boot Sector?!

ltwally writes "As reported on Slashdot (amongst other sites) recently, the latest version of TurboTax is laden with DRM software. Even worse, however, is that it apparently writes to your hard drive's boot-sector , as reported at Extreme Tech here. As I'm sure most Slashdotters already know, the boot-sector is often times used for silly things like boot-loaders and such. "

Heh, silly me.

[numbski]

I came *this* close to installing TurboTax on my Mac via VirtualPC or Bochs (cheaper) and then I read the box closely.

"Will not work on the Macintosh Platform using Windows emulation software."

I took it back and used TaxAct instead. I nearly installed it on my fiancee's PC instead. Ick.

You have to be on some sort of crack to write to a person's boot sector. Period. That's just off limits.

Re:Heh, silly me.

Just stay broke and without assets.

It took me 45 whole minutes to complete and
check my taxes.

Last year(the first year I had to file) it took 1h 30m.

Being a college student roxxors.

Re:Heh, silly me.

[Junior+J.+Junior+III]

And, most virus protection programs condition users to disable them before attempting to install software. So probably most people will allow TurboTax to do whatever it wants, because they think it's trustworthy.

Wincrash

My Windows partition crashed two years ago. And, to my surprise as it was frustrating at the time, I don't miss it very much.

My .doc-files now are .sxw-files.

Re:Wincrash

[Jugalator]

Hmm... If you replace "Windows" with "Linux", would you still be modded as +1 Interesting?

Re:How Appropriate

[Pike65]

Yeah. Isn't this going to cause my virus checker to go apeshit?

I would rather hope that Norton would spot something writing to my boot sector . . .

Analog tax returns

[PizzaFace]

Folks, the forms are no more complicated than the software. To the extent the forms are more complicated, the software is oversimplifying the law. Save yourself a few bucks and just fill in the forms by hand.

Re:Analog tax returns

[koreth]

Translation: Folks, your time is less valuable than the cost of tax preparation software. Spend a few hours to save yourself a couple bucks.

Err, no thanks. It's worth $30 to me to save several hours of sifting through stacks of paper, re-checking my calculations and making sure I've copied the correct numbers from form A to form B.

Re:Analog tax returns

[swb]

The forms themselves aren't hard, but the rules governing stuff certainly can be, and the IRS docs aren't always helpful. On more than one occasion I've found myself tossing a coin over something, since the IRS documentation isn't always clear.

Presumably the electronic forms and the "choices" they make have been analyzed by someone who really understands the tax code, but for all we know the coin tossed was a Rupee in India by someone who has never filled out American tax forms! No offense to Indian programmers, but I'm sure my guesses of Indian tax law would be just as bad.

I also kind of like the neo-luddite feel of mailing in my taxes on paper. It feels subversive for some odd reason.

Re:Analog tax returns

[Blackhalo]

I'm sure that if all that you are filling out is a 1040EZ, then yes it is eaiser to fill out by hand. But those of us with "real" jobs, 401k's, employee stock purchace plans, online brokereages, IRA's and other finantial complexites, this software makes tax time much less painful. I disturbs me that a company that had such a good brand recognition with me, i.e. it's not microsoft, would stoop to such a draconian DRM strategy. I wonder how they are going to handle all the support calls generated by the anti-virus software flagging this as a virus?

Re:Analog tax returns

I'm so sick of this "it's only less if your time is worth nothing" garbage. For some, it might work, but when you spend hours on slashdot, I can't give you any credit to that statement.

Um...

[Millennium]

Why didn't you just get the Mac version? That would likely have worked.

Linux interop?

[robbo]

The comments so far are pretty inane and clearly come from windows users.. any word on how it impacts a dual-boot box? does it render your lilo or grub setup useless? I would personally be very upset if it screwed up my boot setup, and reasonably so, I think. imho, hese kinds of things should raise the hackles of the tech community, and linux users in general enough to give the vendor some serious shit.

what does it do to wine?

BIOS to the rescue!

Just enable virus detection in the bios... Then nothing can write to the boot sectors without your permission!

Nothing to be afraid of

[xFallenAngel]

It looks like Turbotax programmers just had a sneaky idea on how to make it hard to crack their program. They just thought it was a cool idea, not thinking about the consequences.

Sure its not really a good idea and if lots of companies do that, it would lead to conflicts. Especially since 33 is a nice number, being in the middle. But is it really something we should be "afraid of" ?

The article had its worries about Tax software forgetting its licence just before you are done and have to send them off to the gov't. But that isn't too new with computers. Murphy's Law would apply regardless of what kind of copy protection that software has.

DRM schemes for dummys..

[k98sven]

It's just another example of how stupid most DRM schemes are.

Ok, maybe this one isn't so stupid, it might take the cracker, oh say..
a few minutes longer to figure this out than if they'd written to the system registry instead.

Perhaps futile is a better word?
Even managment should be able to figure this out:
The user has the same degree of control over his machine as software does.
Either you seperate these freedoms (read: Palladium) or you do something non-standard
(e.g. non-redbook-CD protection methods), in the latter case you will break something.

Now selling broken software is one thing, but selling software likely to clobber the
rest of your system, that's just plain crapware.

(Hmm, and what if some other piece of software uses the same DRM scheme
and writes over the same sector again, then what does Joe Sixpack do?)

Re:win4lin and vmware

[nsayer]

I have my copy of TurboTax running on a VMware guest system. The only sector 33 it's going to be able to scribble on is the one in the guest. It works just fine, and I am told it also works fine with the very latest version of VirtualPC for the mac (it didn't at first - Connectix actualy had to make changes so it would).

If Connectix pulls this nonsense next year, I am definately switching. I only bought it this year because I was unaware at the time. This is definately just too much to bear.

Evil

[sepluv]

This is just crazy...it will just piss off their customers and is not even effective (in fact it is extremely easy to circumvent). If they do not prominently warn about this then it is criminal. People who have programs (e.g.: AV software) to stop this or replace their boot sector after TurboTax FUBAR it will not be able to use the software and othe people will have their machines ruined by it. Many mundane M$ W*nd*ze users have dual-boot or utilities in the boot sector. Basically it looks like a virus and quacks like a virus. We should treat it as such.

Re:only in danger if you dual-boot

[jdkincad]

Not true. My parent's machine got fscked up after installation of TurboTax, they had a system restore utility that refused to work aand let the computer boot afterwards. At least this would go a long way to explain the problem.

I filed a bug report :-)

[dbc]

here
that said something like "TurboTax writes to boot sector"

In a past life, I managed a software product validation team. Nothing would have shipped past me with this in it. It's a bug. File a report. You do not need to be a registered user to file a bug report, it turns out.

Re:3D Studio Max does a similar thing.

[Inda]

Makes me wonder why people copy then crack and patch software.

Re:Stupid DMCA

Yah, but you aren't digital, so you can't use the DMCA.

Never disable your anti-virus software...

[Kjella]

...maybe it's just my opinion, but if at anytime I *don't* disable my anti-virus software, it's when a program tells me to. Particularly one that should have no business doing virus-like behavior.

This goes rigth up there with those trojans that cliam that it won't work "right" with firewalls/anti-virus/whatever active. If it does show up on your anti-virus scanner, take it back to the store and return it as being infected. Remember to note what anti-virus program you're running and version, in case they ask. And don't take "no" as in "no, there's no virus on it, disable your antivirus" or "no, must be your machine that's already infected" for an answer.

Kjella

Re:CDilla

[EvlG]

I also switched this year, and in the registration comments for TaxCut, I wrote something to the effect of:

I switched from TurboTax because of their lame DRM schemes. As long as you don't do this, I'll keep buying your software.

Here's hoping they listen.

And just as anything else that won't install. . .

[kfg]

with a virus checker enabled, you probably shouldn't install it.

Preventing this sort of nonsense is what it's *intended* to prevent.

N'est pas?

KFG

ROI on an Accountant

[Eric_Cartman_South_P]

Unless you are a student (any maybe even IF you are?) the return on investment in a good accountant is worth every penny. A good accountant here in New York City will cost you $200. And there is NO WAY even a W2 earner (sitting in a cubicle working for someone, you're W2) can not save $200 by having a good accountant do their taxes. It also makes you as audit proof as possible, and you don't do any of the work! I highly recomend you do it.

And if you have an S or a C corp for you consultants out there, you have NO EXCUSE. No amount of coffe-sippin-while-reading-tax-books will replace the mountain of cash a good accountant will save you! The $200 investment is CHEAP! Get a good accountant, and let him do all the hard work and educate you on deductions, etc.

I loooove TaxAct

[ChrisCampbell47]

TaxAct is accurate and full of features. I've been using it for years (the paid version, which is still cheap). The UI is super slick and anybody's grandma could figure it out. Vote against DRM bullsiht like this with your wallet.

Re:I just bought that yesterday!

[GreyPoopon]

12) Have bill returned with letter expaining politely that it's not their problem.

The sad thing is that I think the EULA allows them to make this statement, as I believe it explicitly states that they are not responsible for damage done to your machine or software as a result of using their product. Warranty only guarantees you what you paid for their product.... I'd love to see how well it would stand up in court in a case like this, where their product did something known to be destructive in some cases without bothering to inform you of it ahead of time.

Just filed mine...

[Lethyos]

I explained that my system running Linux and Win2K would not boot and after re-running my bootloader, the system would start but TurboTax would not run.

Even if you don't actually own TurboTax (I infact used it for the first time this year) I would file a bug report. We all know what the symptoms and causes are and they're valid no matter who reports them.

We must all make a stand to demonstrate consumers dislike and resist silly measures like this. Especially when these measures damage our computers!

Corporate hax0rs?

[DoraLives]

How, precisely, are these people any different from some pimply-faced cracker bent over a keyboard, scanning ports, and swilling Mountain Dew? They're doing things on the sly that potentially can wreck your system, negate your privacy, or god only knows what else, and they're definitely not on the up and up with it.

How can ANY of us expect the hax0rs to behave themselves when Pillars of the System are behaving just as badly or worse?

I use VMWare ESX Server..

[nurb432]

I want a refund since it wont install on a virtual machine.

I own MS-Windows legally, and i own ESX server legally..

I consider their product defective, so i want a refund, a class action law-suit, and out of this EULA that i never even had a chance to agree too.

Hehe.

I use an OS that won't allow that sort of behavior by programs run by normal users.

OK, but

[dr_labrat]

It's this sort of thing that permanently alienates me on a product. I will NEVER buy a product that uses low-level writes on my system for copy protection purposes, especially if they try and keep it secret.

whilst I sympathise with your sentiment there, if a company is successful in keeping low level writes secret, how will we know?

How many software packages have we bought in the past that have tried dumb things like that...?

Two problems with Intuit

[taustin]

First, federal law requires me to keep tax records for a minimum period of time, and to produce them on demand. If I keep my tax records in Inuit's software, I cannot be reasonably certain that I will be able to produce them on demand. It seems to me that it might actually be a federal crime for me to use Intuit's software to keep any financial records of any kind. (IANAL)

Second, in my experience, people tend to see in others what they see in themselves. Intuit sees dishonesty in others. I think it would be very, very foolish to give sensitive financial data to a company that sees dishonesty in itself. I could be wrong, of course, but the risk is simply too great. Never make a bet you can't afford to lose.

Make it clear

[evilpenguin]

This is a pattern, folks. Since C-dilla is a key based system, writing software to save, restore, or move cylinder 0 of your hard drive might be illegal under the DMCA. This has to be fought. Here's what I've done:

1. I wrote to Intuit telling them why I will not buy TurboTax ever again. They violated my trust. I will not trust them with my taxes again. I already stopped upgrading Quicken with Deluxe 2000 because it became noticably slower and because it is not available in a Linux version. Tell them you will buy TaxCut (if you plan to buy tax software again) next year and that this is why.

2. Join the EFF. I give them a small contribution every year.

3. Write your congressional delegation about your opposition to the DMCA. The existing laws are enough. The DMCA could be construed as making disk image backup software illegal!

Vote with your dollars. Intuit is never, EVER getting another dime from me.

If you feel the same way, great. But be sure to LET THEM KNOW.

And Windows allows this?

[jpt.d]

Any decent os (Win2k, WinXP in this case) should prevent any access to the boot sectors without authorization. I bet you would need to really bitch at linux or freebsd to let it do that crap. In MacOS X you definately would need authorization from the user.

Re:that settles it

[dubiousmike]

Actually, it is fairly easy to do one's own taxes. But generally, taxes in the US is about "over tax you" and let you try to pay less. There are many things that you can deduct from your gross income to give the appearance of an overall lower income so that you pay less taxes. Retirement funds (especially one out side of your workplace - they take it out of your pay pretax), certain medical expenses, ect. all need to have special attention payed to them at tax time. If you are self employed, doing your taxes is VERY involved, but of course, some folks can then fudge many personal expenses by attributing them to their business and thus not paying income taxes on money spent on particular expenses.

when its all said and done, I have a particularly low tax rate from a combination of being the sole income on the family, having a child, being married and being considered "head of household" (contribute more than 50% of household expenses, and part of my income from being self employed. Though its a pain to do taxes, if I keep receipts organized throughout the year, preparing my tax forms is not as painful as it could be.

Re:How many other programs...? Here's a list

[wiggys]

That reminds me. Had an email from a friend who couldn't play Red Alert 2 on his PC. It worked in his friends, but he kept getting a strange error message about a temp file.

In the end he had to get his mate to clone the CD so he could play the game - turns out his CD drive couldnt' read the copy protection properly and it was refusing to load.

Why is it that sometimes buying software causes you more hassle than getting a warez version? Doesn't seem right to me...

Intuit, never again for me either

[Reziac]

Last year I made the mistake of buying and installing TurboTax. It *forcibly* installed IE5.5 (no option, no way to interrupt it short of the reset button). This did all sorts of damage to my Win98 system, which so far I've been unable to entirely fix (despite drastic measures like IEradicator), plus IE5.5 proved ET-ware.

If you can't tell, I'm STILL pissed about it, and will probably continue to be pissed for the life of this machine (too complex to reinstall everything and too large for practical OS/app backups). Ya see, I used to reboot this machine only once or twice a month. Now it needs it every 3-4 days tops (and before every CD burn) due to resource leakage it did NOT have before.

That they've now pulled the oldfashioned trick of hiding shit in a reserved sector -- well, that doesn't surprise me, but it does give me yet another reason to rant against Intuit at every opportunity. So much for my many years of being a good customer, and recommending their software to all my clients. Never again.

I've had the fun of dealing with the residue of an old app that used the "fake a bad sector" trick as copy protection. It rendered the hard disk impossible to back up by normal means, and when the program hiccupped and died, it proved impossible to uninstall OR reinstall (bad sector trick on the floppy to tell it that it was still installed, so it refused to install. Well, maybe with a sector editor... but that strikes me as a trifle extreme for everyday use.)

The very pissed legit owner called the publisher, and found they'd gone tits-up and been sold to someone else, who would be happy to sell him an upgrade, but would NOT give him a new set of disks to replace those that were now screwed. Owner said fuck you very much and bought a competitor's product.

Here's a hint, Intuit: Copy protection of the "fuck with the user's hard disk" variety didn't work in the DOS era, and it won't work now -- it pisses off the very people you most want to make happy: repeat customers.