Slashdot Mirror

← Back to Stories (view on slashdot.org)

TurboTax DRM Writes to Your Boot Sector?!

Posted by ryuzaki0 on from the now-that-ain't-cool dept.

ltwally writes "As reported on Slashdot (amongst other sites) recently, the latest version of TurboTax is laden with DRM software. Even worse, however, is that it apparently writes to your hard drive's boot-sector , as reported at Extreme Tech here. As I'm sure most Slashdotters already know, the boot-sector is often times used for silly things like boot-loaders and such. "

14 of 733 comments (clear)

  1. Turbotax naughtiness by Neophytus · · Score: 4, Interesting

    What smartarse decided to put registration data in such a volatile place such as the MBR. Heck, any program that performs low-level operations on your hard disk should be banned, because of the risks involved with writing blindly onto one area. Turbotax are treading shallow water, especially after their licencing 'policy'

  2. only in danger if you dual-boot by ltwally · · Score: 5, Interesting

    TurboTax's DRM software only modifies sector 33 of your boot-sector. Basically what this means is that for Windows only users, you're safe.

    If, however, you use other boot-loaders or "alternative" OS's, you might be in for an unpleasant surprise as things suddenly stop booting. YIKES!.

    Anyhoo.. just thought that I'd point out that any of you that just have to run TurboTax should be "safe" unless you run something non-M$.

    --



    /dev/random
    1. Re:only in danger if you dual-boot by Pius+II. · · Score: 5, Interesting

      This is software targeted at average users, meaning that it is easily possible that some of them still use hard drives which store additional enablers in the MBR to overcome all those silly BIOS limits (512 mb ought to be enough for everyone. No wait. Shit. Well, then let's extend this to 2 GB. Oh, damn. 8 GB. Oh, there goes another. 32 GB. Oh no, wrong again. 128 GB. To be continued...).
      I don't think I have to mention what overwriting those drivers means to the users data; plus, you aren't even likely to be able to restore those drivers.

  3. Re:How Appropriate by crawling_chaos · · Score: 5, Interesting

    The install instructions for TurboTax state that it will not install correctly with a virus checker enabled. Now we know why.

    --
    You can only drink 30 or 40 glasses of beer a day, no matter how rich you are.
    -- Colonel Adolphus Busch
  4. 3D Studio Max does a similar thing. by dnaumov · · Score: 5, Interesting

    3DS Max like to keep it's registration information in the boot-sector and of course it's ONLY compatible with the Windows bootloaders.. This means that if you have a dual-boot system with Linux using GRUB to boot Windows, the moment you register 3DS Max from within your Windows install, your bootloader will be practically wiped out. If you reinstall the bootloader again, 3DS MAX will complain that you have to re-register and obviously, if you do so, your bootloader will be wiped yet again.

  5. UK online returns by larien · · Score: 4, Interesting
    Here in the UK, we're being encouraged to do returns online. As I had to fill one in for 2001/2002 (things like having a private pension etc & being in the higher tax bracket meant I was due a refund), I figured I might as well. From the web site, I was able to enter details for all my incomings & outgoings in forms. At the end of it all, it calculated my tax due & tax paid (via PAYE and tax deducted at source) and offered to give me a refund either by cheque in the mail, a higher tax code for next year (to recover it) or even by direct bank transfer (which I chose).

    All in all, pretty painless as well as free...:)

  6. How many other programs do this? by wiggys · · Score: 4, Interesting
    I installed Autocad 2000i on a computer a couple of years ago. Anyway, the user managed to completely screw up his computer in such a way that we had to reformat and reinstall Windows 2000 (even FDISK was used). When the OS was reinstalled we tried installing Autocad but the software informed us that our 30-day trial period had ended and we must contact Autodesk to register. So... where was the info written to?

    But that's not all. Recently The Register ran a story which talked about how a stolen tablet PC had been traced over the net. The security software installed on this notebook (Computrace) supposedly "involves a tamper resistant agent that resides on the hard disk of PCs. Even formatting a drive will not erase this agent."

    Now, I for one doubt those claims (Partition Magic would surely be able to zap the software, and the software wouldn't run if Linux was installed etc) but if it is true then who knows what else could be written to inaccessible (by the user at least) parts of the hard-disk?

    It gets worse. The Computrace software creates a backdoor in your system which allows Computrace (and anyone else who figures out how to use it) to silently delete files from your drive). It also uses cloaking software which "is silent and invisible and will not be detected by looking at the disk directory or running a utility that examines RAM."

    Claims are also made that it can worm its way through firewalls. Big claims indeed (perhaps too big without some clarification... the devil's in the details) but if this software is sold to the public by a private firm, what the heck could Government departments install on our computers to track what we do?

    --

    Sorry, but my karma just ran over your dogma.

  7. Not the boot sector! by steveha · · Score: 5, Interesting

    This annoying DRM junk does not involve the boot sector. According to the actual article (which I actually read), they found it writing to track 0, sector 33.

    Track 0, sector 0 is the boot sector. The partition table is stored in this sector. The rest of track 0 (sectors 1 through 63) is not officially used, so some DRM systems like to stash data there.

    What makes this annoying is when you try to install another DRM-enabled product that also wants to write in the same place; after you install the second program, the first one will accuse you of being a pirate, and it will refuse to run anymore. Since there is no standard for using this space, its easy for two DRM systems to conflict with each other.

    If there were a standard for using that space, presumably the DRM authors wouldn't want to use it! After all, someone would write a utility that showed you what programs were using that space, and for what... and then it wouldn't be obscure, and so it wouldn't be "secure" anymore. Feh.

    I won't ever buy programs that pull stunts like this.

    steveha

    --
    lf(1): it's like ls(1) but sorts filenames by extension, tersely
  8. Re:CDilla by Nogami_Saeko · · Score: 4, Interesting

    Erm, ya.

    It's farking TAX software, it's not CAD, it's not 3D animation or video editing. It's for doing TAXES.

    It's like installing a sophisticated electronic ignition interlock system in a Yugo or something. Why bother?

    It's this sort of thing that permanently alienates me on a product. I will NEVER buy a product that uses low-level writes on my system for copy protection purposes, especially if they try and keep it secret.

    N.

    --
    "Nothing strengthens authority so much as silence." - Charles de Gaulle
  9. Re:As has been pointed out. . . by Moonshadow · · Score: 4, Interesting

    Well, I know my girlfriend's parents bought TurboTax this year, and definitely used it. They also tend to be pretty concerned about digital privacy and such like this - I'm sure they'd be interested in getting it off their machine For one untrained in the ways of the boot track, how might I go about removing it? I've played with the MBR and such, and even had a virus infect my boot record before, but what's the proper method for removing this thing? Assembly? ;)

    Do the virus scanners catch this? If so, can they restore an untouched copy of the boot track?

  10. No thanks by iamacat · · Score: 4, Interesting
    I expect some integrity from the authors of my financial software. If it does dangerous operations without my permission, how do I know it doesn't send my e-mail address, with my income level and home ownership status, to Intuit for inclusion in a spammer's dream list? Or worse, charges back a few bucks from my electronic refund.

    Anyone knows if TaxCut makers are known for some dishonest practices. They bought CompuServe and tried to push it to people who came to H&R block. Hmmm...

  11. LEGALLY Circumventing (sortof) all this crap by nurd68 · · Score: 5, Interesting

    1.) I just happen to have an inspiron 7500 with no screen (hinges broke off). Works fine when hooked to a CRT, though.

    2.) It came with a Win98 license that I retained, but never used (it was a GNU/Linux box).

    3.) Install legal copy of Win98

    4.) Install copy of TurboTax

    5.) Do taxes

    6.) Pass laptop around to family and friends, who hook it up to their monitors and printers, but (as per the license) it is only installed on ONE machine. (The machine just happens to move around a lot...)

  12. Re:I just bought that yesterday! by Restil · · Score: 4, Interesting

    But he never implied that he wanted to sue them. Only that he puts them in a position where they refuse to pay for damage caused by a function of their software that they were well aware of, but haven't bothered to inform the public of.

    The point is, you make a media case out of the company and in light of a well informed marketplace, hope that people will see this software as dangerous and refuse to use it on that basis, especially when they clearly refuse to pay for damage that they clearly caused.

    And EULA's aren't the impenetrable blanket they might appear to be. Yes, we can use them to avoid getting sued because some overlooked bug did something undesireable. But as far as I know, a contract that involves illegal activity is not a legal contract. And as long as initiating the spread of a dangerous virus is considered illegal (and judging by the arrests and convictions to that effect, I'm going to assume it is), the only thing a virus writer would have to do to exempt themselves from prosecution would be to include a EULA along with the virus that somehow the victim would agree to. Nobody reads them anyway, so the virus would still spread just as rapidly.

    Writing to the boot sector is dangerous, and application software has NO reason to do so. As far as I'm concerned, make a public spectacle out of them. Let the public realize that in the name of DRM some software companies are doing inherently dangerous things, and let other software companies know that this type of activity will not be tolerated.

    -Restil

    --
    Play with my webcams and lights here
  13. IRS should provide XML-based forms, rules by g4dget · · Score: 4, Interesting

    The IRS (and state tax boards) should really provide tax forms in XML format. Furthermore, tax laws are a good place to start translating fuzzy legal language into clear mathematical and programmatic rules, and those rules should not be coded up by a bunch of private companies, they should be supplied by the IRS. Then, the function of tax software would be to be a user interface to the IRS-supplied XML forms and rules.