Slashdot Mirror
TurboTax DRM Writes to Your Boot Sector?!
ltwally writes "As reported on Slashdot (amongst other sites) recently, the latest version of TurboTax is laden with DRM software. Even worse, however, is that it apparently writes to your hard drive's boot-sector , as reported at Extreme Tech here. As I'm sure most Slashdotters already know, the boot-sector is often times used for silly things like boot-loaders and such. "
to my boot sector...I hope it's a really lovely story. Maybe a romance novel would be nice.
I came *this* close to installing TurboTax on my Mac via VirtualPC or Bochs (cheaper) and then I read the box closely.
"Will not work on the Macintosh Platform using Windows emulation software."
I took it back and used TaxAct instead. I nearly installed it on my fiancee's PC instead. Ick.
You have to be on some sort of crack to write to a person's boot sector. Period. That's just off limits.
Karma: Chameleon (mostly due to the fact that you come and go).
Virii write to boot sector
DRM writes to boot sector
hmmmm...
What smartarse decided to put registration data in such a volatile place such as the MBR. Heck, any program that performs low-level operations on your hard disk should be banned, because of the risks involved with writing blindly onto one area. Turbotax are treading shallow water, especially after their licencing 'policy'
Now I am defintely NOT doing my taxes...again.
Hmm seems to me like this product rather should be called Turbotax XP.
my sig
TurboTax's DRM software only modifies sector 33 of your boot-sector. Basically what this means is that for Windows only users, you're safe.
If, however, you use other boot-loaders or "alternative" OS's, you might be in for an unpleasant surprise as things suddenly stop booting. YIKES!.
Anyhoo.. just thought that I'd point out that any of you that just have to run TurboTax should be "safe" unless you run something non-M$.
/dev/random
Folks, the forms are no more complicated than the software. To the extent the forms are more complicated, the software is oversimplifying the law. Save yourself a few bucks and just fill in the forms by hand.
The comments so far are pretty inane and clearly come from windows users.. any word on how it impacts a dual-boot box? does it render your lilo or grub setup useless? I would personally be very upset if it screwed up my boot setup, and reasonably so, I think. imho, hese kinds of things should raise the hackles of the tech community, and linux users in general enough to give the vendor some serious shit.
what does it do to wine?
So long, and thanks for all the Phish
It looks like Turbotax programmers just had a sneaky idea on how to make it hard to crack their program. They just thought it was a cool idea, not thinking about the consequences.
Sure its not really a good idea and if lots of companies do that, it would lead to conflicts. Especially since 33 is a nice number, being in the middle. But is it really something we should be "afraid of" ?
The article had its worries about Tax software forgetting its licence just before you are done and have to send them off to the gov't. But that isn't too new with computers. Murphy's Law would apply regardless of what kind of copy protection that software has.
3DS Max like to keep it's registration information in the boot-sector and of course it's ONLY compatible with the Windows bootloaders.. This means that if you have a dual-boot system with Linux using GRUB to boot Windows, the moment you register 3DS Max from within your Windows install, your bootloader will be practically wiped out. If you reinstall the bootloader again, 3DS MAX will complain that you have to re-register and obviously, if you do so, your bootloader will be wiped yet again.
I can just imagine every piece of software writing its particular attempt to defeat piracy in our boot sectors; finally, we'd have a regular mosh-pit of games and apps regularly crashing our systems and giving virus-checkers fits of apoplexy. Bravo to Intuit for being a trendsetter .
If you insist on using TurboTax, use their web-based vesion; it's alway current and no software gets installed on your PC.
Personally, even though I've been using TurboTax for over 10 years, I will be using a different tax preparerer this year. I find their association with this kind of DRM crap distastful.
Can You Say Linux? I Knew That You Could.
All in all, pretty painless as well as free...:)
~jeff
As I understand it, a program running as Administrator on NT can elevate its privileges to LocalSystem and do just about anything, such as write sectors to physical drives.
Will I retire or break 10K?
But that's not all. Recently The Register ran a story which talked about how a stolen tablet PC had been traced over the net. The security software installed on this notebook (Computrace) supposedly "involves a tamper resistant agent that resides on the hard disk of PCs. Even formatting a drive will not erase this agent."
Now, I for one doubt those claims (Partition Magic would surely be able to zap the software, and the software wouldn't run if Linux was installed etc) but if it is true then who knows what else could be written to inaccessible (by the user at least) parts of the hard-disk?
It gets worse. The Computrace software creates a backdoor in your system which allows Computrace (and anyone else who figures out how to use it) to silently delete files from your drive). It also uses cloaking software which "is silent and invisible and will not be detected by looking at the disk directory or running a utility that examines RAM."
Claims are also made that it can worm its way through firewalls. Big claims indeed (perhaps too big without some clarification... the devil's in the details) but if this software is sold to the public by a private firm, what the heck could Government departments install on our computers to track what we do?
Sorry, but my karma just ran over your dogma.
If you had read the article, this is C-Dilla's LMS that they're using.
They also proved using a sector editor that the location is correct.
Yes, our new tax software does to your hard drive what the IRS is going to do to you!
I'm one of the legions of long-time TurboTax users who switched to TaxCut this year. Glad I did, TaxCut works just as well, costs half as much, and has no DRM or other installation games. As a bonus, it imports TurboTax data flawlessly.
We went through this before, in the early days of the PC (early 80's). Companies kept using more and more obnoxious forms of copy protection, making software more brittle, and more and more difficult to install and use. Finally enough consumers revolted and the software companies wised up. Looks like Intuit needs a history lesson.
that said something like "TurboTax writes to boot sector"
In a past life, I managed a software product validation team. Nothing would have shipped past me with this in it. It's a bug. File a report. You do not need to be a registered user to file a bug report, it turns out.
This annoying DRM junk does not involve the boot sector. According to the actual article (which I actually read), they found it writing to track 0, sector 33.
Track 0, sector 0 is the boot sector. The partition table is stored in this sector. The rest of track 0 (sectors 1 through 63) is not officially used, so some DRM systems like to stash data there.
What makes this annoying is when you try to install another DRM-enabled product that also wants to write in the same place; after you install the second program, the first one will accuse you of being a pirate, and it will refuse to run anymore. Since there is no standard for using this space, its easy for two DRM systems to conflict with each other.
If there were a standard for using that space, presumably the DRM authors wouldn't want to use it! After all, someone would write a utility that showed you what programs were using that space, and for what... and then it wouldn't be obscure, and so it wouldn't be "secure" anymore. Feh.
I won't ever buy programs that pull stunts like this.
steveha
lf(1): it's like ls(1) but sorts filenames by extension, tersely
How, in the name of God, does a post which consists of three questions get modded "5 Informative"?
"5 Interrogative", would be more appropriate, no?
T&K.
Political language
Erm, ya.
It's farking TAX software, it's not CAD, it's not 3D animation or video editing. It's for doing TAXES.
It's like installing a sophisticated electronic ignition interlock system in a Yugo or something. Why bother?
It's this sort of thing that permanently alienates me on a product. I will NEVER buy a product that uses low-level writes on my system for copy protection purposes, especially if they try and keep it secret.
N.
"Nothing strengthens authority so much as silence." - Charles de Gaulle
1) Install a bootloader.
2) Remove floppy drive from computer.
3) Install TurboTax.
4) Shut down computer.
5) Remove CD drive.
6) Power up.
7) Ooops. Unable to boot, MBR corrupt.
8) Return to shop, and demand compensation for 'destruction' of computer.
9) Be refused compensation.
10) Hire ludicrously overpriced consultant to fix MBR (say $300).
11) Send bill to TurboTax.
12) Have bill returned with letter expaining politely that it's not their problem.
13) Forward bill and letter to national news services who love to publish this kind of crap.
14) Watch the bottom drop out of TurboTax's share price, and smile.
Note: Paying the consultant is optional.
I am TheRaven on Soylent News
...maybe it's just my opinion, but if at anytime I *don't* disable my anti-virus software, it's when a program tells me to. Particularly one that should have no business doing virus-like behavior.
This goes rigth up there with those trojans that cliam that it won't work "right" with firewalls/anti-virus/whatever active. If it does show up on your anti-virus scanner, take it back to the store and return it as being infected. Remember to note what anti-virus program you're running and version, in case they ask. And don't take "no" as in "no, there's no virus on it, disable your antivirus" or "no, must be your machine that's already infected" for an answer.
Kjella
Live today, because you never know what tomorrow brings
it writes to the boot *track,* so it's not going to munge your partition table, but may well munge other important boot records.
Nothing belongs in that *track* other than boot information. Period.
KFG
like, by the article and stuff, it doesn't write to the MBR. It writes to sector 33 of the boot *track.*
The problem is that since the entire track is reserved for boot information, not just the sector holding your MBR, things like LILO and GRUB may be residing there as well.
Boot loaders are legitimate boot records. Software registration codes are not. They don't belong in the boot track, whether they write to the MBR or not.
KFG
I also switched this year, and in the registration comments for TaxCut, I wrote something to the effect of:
I switched from TurboTax because of their lame DRM schemes. As long as you don't do this, I'll keep buying your software.
Here's hoping they listen.
Yep, it works with VMware. That's how I installed it, after reading the earlier /. story. One thing, though, you need to turn off the "hardware acceleration" in the VM configuration while starting the program (after that, you can turn acceleration back on).
After reading the earlier stories about locking to a particular machine, and possibly installing spyware, I figured I'd either return the thing or install it under VMware. The geek in me won out, so I decided to see how it'd work under VMware. I'm sure glad I didn't install it on a PC directly.
-Steve
Democracy is a poor substitute for liberty.
TaxAct is accurate and full of features. I've been using it for years (the paid version, which is still cheap). The UI is super slick and anybody's grandma could figure it out. Vote against DRM bullsiht like this with your wallet.
One simple rule for its versus it's
The sad thing is that I think the EULA allows them to make this statement, as I believe it explicitly states that they are not responsible for damage done to your machine or software as a result of using their product. Warranty only guarantees you what you paid for their product.... I'd love to see how well it would stand up in court in a case like this, where their product did something known to be destructive in some cases without bothering to inform you of it ahead of time.
GreyPoopon
--
Why is it I can write insightful comments but can't come up with a clever signature?
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
Anyone knows if TaxCut makers are known for some dishonest practices. They bought CompuServe and tried to push it to people who came to H&R block. Hmmm...
1.) I just happen to have an inspiron 7500 with no screen (hinges broke off). Works fine when hooked to a CRT, though.
2.) It came with a Win98 license that I retained, but never used (it was a GNU/Linux box).
3.) Install legal copy of Win98
4.) Install copy of TurboTax
5.) Do taxes
6.) Pass laptop around to family and friends, who hook it up to their monitors and printers, but (as per the license) it is only installed on ONE machine. (The machine just happens to move around a lot...)
How can ANY of us expect the hax0rs to behave themselves when Pillars of the System are behaving just as badly or worse?
Is it fascism yet?
Get This.
TurboTax also broke my DX8.1 install. Turns out, those fancy movies that come with it are Macrovision encoded. NT user? check your Services for a magical new service (I can't remember the name, I've long since ripped it a new one) which even if you disable it, running turbotax fires it right back up to automatic. Lord this gives me a new reason to get a full refund from them. How can one tell if their bootsector has some extra bits in it?
But he never implied that he wanted to sue them. Only that he puts them in a position where they refuse to pay for damage caused by a function of their software that they were well aware of, but haven't bothered to inform the public of.
The point is, you make a media case out of the company and in light of a well informed marketplace, hope that people will see this software as dangerous and refuse to use it on that basis, especially when they clearly refuse to pay for damage that they clearly caused.
And EULA's aren't the impenetrable blanket they might appear to be. Yes, we can use them to avoid getting sued because some overlooked bug did something undesireable. But as far as I know, a contract that involves illegal activity is not a legal contract. And as long as initiating the spread of a dangerous virus is considered illegal (and judging by the arrests and convictions to that effect, I'm going to assume it is), the only thing a virus writer would have to do to exempt themselves from prosecution would be to include a EULA along with the virus that somehow the victim would agree to. Nobody reads them anyway, so the virus would still spread just as rapidly.
Writing to the boot sector is dangerous, and application software has NO reason to do so. As far as I'm concerned, make a public spectacle out of them. Let the public realize that in the name of DRM some software companies are doing inherently dangerous things, and let other software companies know that this type of activity will not be tolerated.
-Restil
Play with my webcams and lights here
A year ago I bought the then new Logitech dual pickup optical mouse and installed the drivers from the included CD. The install looked kind of suspicious so I ran ad-aware. It reported some kind of spyware components so I removed them. The system was clean before I installed the drivers.
This really blew my mind at the time. I can see someone who provides free software doing that using the excuse that they need to make money and pay the employees, etc. But spyware with a $49.99 USA mouse ! Jeez...............
The IRS (and state tax boards) should really provide tax forms in XML format. Furthermore, tax laws are a good place to start translating fuzzy legal language into clear mathematical and programmatic rules, and those rules should not be coded up by a bunch of private companies, they should be supplied by the IRS. Then, the function of tax software would be to be a user interface to the IRS-supplied XML forms and rules.
This is a pattern, folks. Since C-dilla is a key based system, writing software to save, restore, or move cylinder 0 of your hard drive might be illegal under the DMCA. This has to be fought. Here's what I've done:
1. I wrote to Intuit telling them why I will not buy TurboTax ever again. They violated my trust. I will not trust them with my taxes again. I already stopped upgrading Quicken with Deluxe 2000 because it became noticably slower and because it is not available in a Linux version. Tell them you will buy TaxCut (if you plan to buy tax software again) next year and that this is why.
2. Join the EFF. I give them a small contribution every year.
3. Write your congressional delegation about your opposition to the DMCA. The existing laws are enough. The DMCA could be construed as making disk image backup software illegal!
Vote with your dollars. Intuit is never, EVER getting another dime from me.
If you feel the same way, great. But be sure to LET THEM KNOW.
Last year I made the mistake of buying and installing TurboTax. It *forcibly* installed IE5.5 (no option, no way to interrupt it short of the reset button). This did all sorts of damage to my Win98 system, which so far I've been unable to entirely fix (despite drastic measures like IEradicator), plus IE5.5 proved ET-ware.
If you can't tell, I'm STILL pissed about it, and will probably continue to be pissed for the life of this machine (too complex to reinstall everything and too large for practical OS/app backups). Ya see, I used to reboot this machine only once or twice a month. Now it needs it every 3-4 days tops (and before every CD burn) due to resource leakage it did NOT have before.
That they've now pulled the oldfashioned trick of hiding shit in a reserved sector -- well, that doesn't surprise me, but it does give me yet another reason to rant against Intuit at every opportunity. So much for my many years of being a good customer, and recommending their software to all my clients. Never again.
I've had the fun of dealing with the residue of an old app that used the "fake a bad sector" trick as copy protection. It rendered the hard disk impossible to back up by normal means, and when the program hiccupped and died, it proved impossible to uninstall OR reinstall (bad sector trick on the floppy to tell it that it was still installed, so it refused to install. Well, maybe with a sector editor... but that strikes me as a trifle extreme for everyday use.)
The very pissed legit owner called the publisher, and found they'd gone tits-up and been sold to someone else, who would be happy to sell him an upgrade, but would NOT give him a new set of disks to replace those that were now screwed. Owner said fuck you very much and bought a competitor's product.
Here's a hint, Intuit: Copy protection of the "fuck with the user's hard disk" variety didn't work in the DOS era, and it won't work now -- it pisses off the very people you most want to make happy: repeat customers.
~REZ~ #43301. Who'd fake being me anyway?