Our Test Results

By Brett Glass  |  Posted 2003-02-04 Print this article Print

Faced with confusing and sometimes contradictory statements from Intuit and Macrovision, we decided to run our own tests to see what the software actually did. We started with a copy of TurboTax Premier Home & Business, bought for $67.77 at a Sams Club warehouse between Christmas and New Years Day, 2002. CD Itself Not Copy-Protected
Macrovisions Michael Glass recently told ExtremeTech that "Burning the protected CD doesnt work because the software sends certain commands which can only be interpreted by master CD burners at mass duplication factories." This statement appeared to us to be highly questionable, to say the least: How could software that we hadnt yet installed send "commands" to our machine? And why would commands to factory equipment be included on a finished disk? So, the first thing we did -- before installing TurboTax -- was test to see whether the CD could be copied.
Sure enough -- and as we expected -- Roxios disk copying software was able to make a perfect copy of the TurboTax CD without so much as a hiccup.

Update: We have received the following information from Michael Glass at Macrovision that clarifies this matter:
Glass says that TurboTax does NOT use SafeDisc, MacroVisions CD-ROM copy protection product. It only uses SafeCast, their licensing product. The comment regarding "the software sends certain commands..." refers to a SafeDisc software toolkit used by a software publisher to prepare a golden master CD for duplication, and its not related to software running on a users PC.
Elaborate Testbed
We next set up an elaborate test bed, consisting of two heavily instrumented Windows XP computers. We loaded the machines with PartitionMagic 7.0 (to monitor the disk partition table), Neil Rubenkings InCtrl5 (which monitors changes made to your system during installation), Norton SystemWorks (to allow low-level inspection of the hard disk), and Roxio CD duplicating software (to test whether the DRM would keep us from copying CDs). A packet sniffer monitored all network traffic to and from the machine under test (the sniffer system and systems-under-test were plugged into a network hub device, not a switch, so we could monitor traffic). We commanded InCtrl5 to take an initial inventory of the systems registry entries and file system, then began the installation. We started with the systems network cable unplugged, so that we could watch what happened if the user was not connected to the Internet during installation. The installation program asked us to agree to a license containing roughly 4 pages of complex fine print that few users are likely to read. We did read it, of course, and discovered among the terms a statement that if the product had not been "activated," we could prepare a return but not use the systems "form mode" to inspect the tax forms that were being created. This concerned us, because even if you prepare a tax return that will ultimately have to be printed or filed from an activated copy of TurboTax, you should still be able to see how the forms are filled out. Note: Intuit claims to have addressed this issue with a mid-January update that now lets you use "form mode" even if the product has not been activated. But as youll soon see in Part 2 of this review, our testing revealed that the license was in error: forms mode may in fact be used when the product is installed on a second machine. After we reported this to Intuit, the company updated the license agreement and FAQ which are posted on its Web site. However, Intuit cant change the license you see when you install the product, since the text thats displayed is read from the CD-ROM. The program also displayed a dialog box indicating that the program contained DRM. This dialog box is the first warning that most users will get that the program is copy-protected. We entered the product key and watched the product install itself. Unfortunately, Intuit apparently could not resist placing advertising both inside the installation program and elsewhere. We had to dismiss an offer to purchase Quicken, and remove a bunch of annoying advertising icons that were strewn across our pristine desktop. Activation
Next, after apparently being installed, without giving us a chance to say "yea" or "nay," the product attempted to reach out across the Net and contact Intuits Internet servers. Of course, since wed removed the Ethernet cable from the back of the machine, it wasnt successful; instead, it displayed a dialog box insisting that we activate the product either by telephone or over the Net before use. At this point, we quit the installation program and tried to run the product without "phoning home" to Intuit. Alas, we were surprised to discover that we could not do so; each time we started the program, it would let us go no farther. In short, contrary to Intuits claims, you must activate TurboTax even to use it its "crippled" or "trial" mode. And since activation requires either a phone call or Internet connection, Intuit can conceivably determine your telephone number (via ANI) or your IP address when you activate. This isnt detailed personal information, of course, but it may still be enough to track you if the company thinks youre a pirate. It also gives Intuit information about the number and whereabouts of computers on which its software is installed. Note: Intuit claims that it neither obtains nor saves your IP address or telephone number during the installation process, and that its privacy policy specifically forbids this type of activity. But the more serious problem lies with requiring Intuit to either answer the phone or have a server available to respond to the installation programs requests. Should Intuit go out of business or be acquired -- or if its communications lines were to go down -- there would be no way to install and then use the software youve bought. In any mode at all. After assuring ourselves that there was no way to continue otherwise, we finally relented and allowed the software to contact Intuit via the Internet. We didnt see sufficient Internet activity to suggest that any private information extracted from the computer was sent during the process. We then prepared and printed a simple tax return (one W-2, no deductions) without incident, and conducted a post mortem examination to see how the DRM had affected the machine. Well report on the results in our next installment, due later this week.

Brett Glass has more than 20 years of experience designing, building,writing about, and crash-testing computer hardware and software. (A born'power user,' he often stresses products beyond their limits simply bytrying to use them.) A consultant, author, and programmer based inLaramie, Wyoming, Brett obtained his Bachelor of Science degree inElectrical Engineering from the Case Institute of Technology and his MSEEfrom Stanford. He plans networks, builds and configures servers, outlinestechnical strategies, designs embedded systems, hacks UNIX, and writeshighly optimized assembly language.

During his rather eclectic career, Brett has written portions of the codeand/or documentation for such widely varied products as Borland's Pascal'toolboxes' and compilers, Living Videotext's ThinkTank, Cisco Systemsrouters and terminal servers, Earthstation diskless workstations, andTexas Instruments' TMS380 Token Ring networking chipset. His articleshave appeared in nearly every major computer industry publication.

When he's not writing, consulting, speaking, or cruising the Web insearch of adventure, he may be playing the Ashbory bass, teachingInternet courses for LARIAT (Laramie's community network and Internetusers' group), cooking up a storm, or enjoying 'extreme'-ly spicy ethnicfood.

To mail Brett, visit his Web form.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel