In Part 1, we laid out some of the reasons why we suspected problems with Intuits implementation of digital rights management with its Turbo Tax problem, and explored some of the issues that surfaced during installation. Now lets look closely at what happens when you actually try to use the product.
After installing TurboTax, we allowed the program to update itself across the Internet, and then prepared a simple TurboTax return for a Ms. Nona Yerbizness, from New Yawk, NY. We connected to the laser printer on the local network and printed the tax return to ensure that the entire process, from creation to printing, worked as expected.
As it turns out, Im a graduate of H&R Blocks tax preparation courses, and so I gave the return a quick once over – it looked just fine. We then shut down TurboTax and began our “post mortem” investigation of the machines state.
In Part 1, we described the various software products we installed to instrument the PC to determine and changes or problems. One of those, InCtrl5, is designed to detect any system changes that occur during software installation or any other process.
The programs inventory of changes to the system during our brief test was huge — more than 280K when output as a plain text file. If you really want to look at that file, you can access it here.
Nearly all of the registry and file system changes identified were made by TurboTax and C-Dilla/SafeCast. Note that InCtrl5 also recorded the screen shots wed saved and the drivers and registry entries added when we installed our Lexmark Optra network printer.
It wasnt hard to recognize the files that were added by the SafeCast/C-Dilla software, since most had file names beginning with the characters “CD”. On our XP test machines, SafeCast was installed as a Windows “service,” or privileged background task. Whether or not TurboTax was running, this task was always present, and — according to the system — taking up 1.4 MB of memory, along with other resources, including CPU cycles, hard disk space and bandwidth, and other system resources allocated on behalf of the background task, or “daemon”.
Windows 98 Installation: On a Windows 98SE box we used later in our tests, the software didnt stay resident but instead loaded itself as a VXD (a “virtual device driver”) when TurboTax was started. Because we had allowed TurboTax to fetch Intuits latest updates during the installation, the uninstaller for the “SafeCast Shared Components” was available to us through the Control Panels “Add/Remove Programs” applet. However, if you activate the product by phone, you wont get the uninstaller unless you later connect to the Internet for an update (a good idea, since the update contains fixes that might affect the accuracy of your return) or download the uninstaller separately from Intuits website.
Macrovision Responds: We wondered why the DRM remains task-resident full-time on XP, rather than simply loading and unloading like with Windows 98SE. According to Macrovision, SafeCast “wakes up” every so often and increments counters in some of the product files. If those counters are out of synch, the software assumes that part of the product has been copied from one disk to another, and refuses to grant you access.
This technique wont work, however, if you copy both the license files and the program files at the same time – so the software also uses other measures to try to detect when this happens.
Macrovision further states that the software runs as a “daemon” under XP, so that it can perform operations that require administrator privileges. This happens even if the user running TurboTax lacks privileged access to the system.
When we asked Macrovision why the resident SafeCast task took up so much room, Macrovisions Michael Glass told us that its because the SafeCast code is “treated to several layers of obfuscation and internal scrambling, to keep it from being reverse engineered.”
“As youve seen,” said Glass, “this bloats it considerably. But the process wouldnt do much good if it could easily be hacked.”
Were a bit uncomfortable with this explanation, since it implies that SafeCast relies on “security by obscurity” (which, ultimately, is not good security at all). Were also skeptical that the relatively simple constraints imposed by the TurboTax software – even with the obfuscation — would take up so much room.
Could something more nefarious than the simple restraints we encountered be lurking inside the code? We uncovered no evidence to imply that, but still, were suspicious. So we decided to continue with our tests and check for such behavior later.
Uninstalling TurboTax and SafeCast/C-Dilla isnt difficult – as long as youve updated TurboTax to the latest version or downloaded the uninstall utility. However, we discovered two snags that you should be aware of.
First, the uninstall utilities didnt remove everything; there was some debris left in the file system, and in the Registry that we had to manually clean up afterward.
TurboTax left behind its advertising icons, as well as two directories and several registry entries. Ironically, one of the registry entries contained an unencrypted version of the product key that wed entered during installation.
C-Dilla left more behind. We found a hidden directory called C:C_DILLA, as well as a driver with the name C:WINDOWSSYSTEMDRIVERSCdaC15BA.SYS.
The second problem: We had to uninstall all the pieces in exactly the right order — we could not remove SafeCast before we removed TurboTax.
While it looks as if SafeCast is removing itself, if you click on its “Add/Remove Programs” applet first, it actually doesnt do anything until youve uninstalled not only TurboTax, but any other program that uses SafeCast. Oddly, it appears that something is going on – theres a bit of disk activity, and a pause that could lead you to believe it had been purged. But you cannot actually remove it until TurboTax has been uninstalled first.
This is contrary to what Intuit says about the uninstaller; it claimed that SafeCast could be removed at any time — although TurboTax might not run if it was deleted.
SafeCast Fails To Protect,
Next, we tested the DRM by installing the product on some additional machines. Since wed already activated it on one machine, we expected the software to “phone home,” discover that it had been activated on one machine already, and work only in its “trial” mode on the others.
For our first test, we chose a virtually identical XP machine and followed the same installation procedure as we had for the first. We expected the product to fail to install, or run only in “trial” mode.
Much to our surprise, however, we found exactly the opposite. Not only did the program install, but it activated 100%, giving us full access to all features — including printing of our return. As far as we could tell, the DRM wasnt working.
At first, we speculated that SafeCast had been fooled by the similarity of the two machines; after all, their hardware was identical and their drives had been “Ghosted” from the same disk image. So, we took the TurboTax CD over to a very different machine: A much older Pentium II 400MHz box running Windows 98SE. Again, we were surprised to see that the program activated, ran, and printed returns without any impediments whatsoever.
Intuit Admits Early DRM Problems: Intuit told us two things when we discussed this problem with them. First, Intuits servers record the dates and times of each activation. The product key from our store-bought copy, they said, had first been used in early December (a few weeks before we made our purchase at Sams Club), and then three more times when we installed it on machines in the lab.
The fact that someone had used the key in early December brought to mind a new product activation question: What if the DRM had worked? Clearly in our case, it was not working. But what if someone had bought the software, installed it, and then returned it to the dealer? The subsequent purchaser would have been out of luck.
This poses a serious problem for both retailers and customers. A shopkeeper has no way to check whether the key has been used, and a legitimate customer could be shut out of using a product that they (or in this case I) had legally purchased. Unless, of course, that customer called Intuit to resolve his or her legitimacy, and was able to obtain a new key. Probably not the best thing to try to accomplish on the evening of April 15th.
Despite the fact that our key had already been used, we were able to use it again on every machine we tried. And this wasnt an isolated case; some ExtremeTech readers, in our discussion forums and via e-mail, have claimed that theyd done the same thing.
How could this be? Intuit told us that early versions of the program — in particular, ones that were sold at retail late in 2002 — had non-working DRM. Still, we wondered, why couldnt the server recognize duplicate keys, and just refuse the installation?
Intuits spokesperson replied that there were “instructions” in the product key that allowed it to activate the product any number of times, making this impossible. This technically implausible explanation caused us to scratch our heads. “Instructions” in the 18-digit product key? Servers that just couldnt be programmed to say “no” when the same key came in a second time? We were baffled.
We Speculate About A
After much more head-scratching, we developed a theory that might explain what happened. Suppose that, early in the production cycle, Intuit produced a few truckloads of products with the same key. The company couldnt just honor the first product to register that key – then all the tens, hundreds, or thousands of legitimate users to follow would be denied!
Intuit may have just decided to allow those specific keys unlimited activation. You can imagine why they wouldnt want us to know about this. Anyone could leak these early keys, and let zillions of unauthorized users get free activation. This theory would also explain why our copy of TurboTax appeared to be completely unused and unopened; maybe it really was.
Of course this is just conjecture, and well probably never know what really happened… In any event, to complete our testing, we needed a copy of the product with an operational DRM. Intuit sent us one, and we continued our tests.
Finally, SafeCast Works
When we installed TurboTax from the disc we received from Intuit, equivalent to what you could purchase in a store or through the Internet, we were — at last — able to see the DRM at work. We first tried the new CD on a Windows 98 laptop — an older system which had been previously upgraded from Windows 95.
Unfortunately, the installation did not succeed; in fact, it froze up the machine so completely that we had to cycle the power to resuscitate it. This is consistent with behavior that some of our readers have reported when installing this years TurboTax on older systems.
We then tried installing on another machine with a relatively fresh install of Windows 98SE. On this machine, too, the installation went wrong: We were never given a chance to enter the product key; instead, we were taken directly to a dialog box that insisted that we pay for the product.
Missing DLL Deep-Sixes Installation: We never found out what went wrong on the laptop; however, Intuit determined that the second Windows 98 machine malfunctioned because the programmers had expected to find a particular Windows dynamic link library (DLL) which was missing. This DLL normally appears on the system when the user updates Microsoft Internet Explorer to a recent version.
However, the primary user of the machine, concerned about security flaws in MSIE, had never updated; instead, he commanded ZoneAlarm to block MSIE from reaching the Internet and used Opera. Thus, the DLL had never been added.
To get the installation to work, we copied that DLL onto the system by hand, and were finally able to install TurboTax and print a return.
As mentioned earlier, we noted that on Windows 98, SafeCast/C-Dilla did not install as a resident “service” but rather as a VXD (virtual device driver) and several associated DLLs. In all other respects, however, its behavior was similar to what we saw on XP.
Windows XP Installation: We then took the disc to an XP machine — one that had never seen TurboTax before — and attempted to install. This time, the DRM worked. Intuits computers realized wed already registered that copy, and we were given the option of paying for another “full” copy, or running the software in “trial” mode. We selected the trial mode to see what restrictions it applied to our work.
Refusing (at first) any updates to the software, we launched it and began to prepare a return. Sure enough, whenever we attempted to print, the program insisted that we pay Intuit first. We did not try to e-file, since filing a return for a Ms. Anne Nonymous without her permission would have been fraudulent. However, we assumed that wed get the same result.
We were pleased to see that, even in trial mode and without the update, we could view, edit, and save the forms that TurboTax was preparing. The forms could be made to appear in a window at the bottom of the screen as TurboTax filled them out, and we could manipulate and enter data directly onto any form.
After we upgraded the software through the Internet, however, viewing and working with the forms became even easier. Forms could be enlarged to fill the screen; they were no longer confined to a small space at the bottom of a window. This is a plus, because even if youre viewing data on a second machine, or on a trial basis, you can easily see whether TurboTax got the forms right.
Perhaps Intuit feared that non-licensed users would attempt capturing images of forms from the screen and printing them, but later reconsidered. Another thing well probably never know.
Finally, before we put a wrap on our review, we decided to investigate readers allegations that SafeCast was performing risky, low-level operations on users hard disks. (Such operations wouldnt have been picked up by InCtrl5s before-and-after inventories of the drive.) While most of the reports we received turned out to be bogus, we were able to verify that SafeCast manipulates at least one area of the disk thats “outside” the file system.
To understand what we found, you need to know a little bit about how data is laid out on the hard disks of IBM-compatible systems. By convention, the first “track” of the hard disk — that is, the outermost ring of data on the first side — is reserved for a data structure called the partition table. The partition table allows the disk to be divided into as many as four parts, each of which might hold a separate operating system or a separate storage area for data.
The partition table only takes up the first 512-byte sector of the track, so — depending upon the number of sectors per track — there may be quite a few sectors left over.
Nowadays, the vast majority of large hard drives use a technique called sector translation that makes them look to the computer as if they have 64 sectors per track regardless of the actual number. So, most drives have 63 unused sectors in this space.
These leftover sectors are often untouched by utilities that manipulate the drive, so data thats hidden there may survive reformatting and repartitioning.
Mysterious Sector 33 Manipulation: We used the “DiskEdit” program from The Norton Utilities to watch that space. What we discovered on our Windows 98SE testbed was that each time TurboTax ran, sector number 33 of the hard drive — which lies right smack in the middle of that area — was being changed.
It never changed when we ran any other program on the system.
So to verify what was going on, we made a copy of that sector, scribbled it with random ones and zeroes, and restarted the system. It booted just fine. But when we attempted to invoke TurboTax, SafeCast decided that things were definitely not kosher. TurboTax decided that we had an unauthorized installation of the product, and demanded that we either present a credit card for payment or run the program only in “trial” mode.
We then copied the old data back to the “magic sector” and re-invoked TurboTax. Lo and behold, the program consulted its server again, determined that our copy was legitimate, and allowed us full access once more.
Clearly, the data in Sector 33 is a special “signature” that SafeCast uses to decide whether a program installation is legitimate. If you copy TurboTax to another hard drive , or restore to a new drive from a backup, this signature will not be included. And without that signature, SafeCast may deny you access to the software even if youve legally purchased and registered it.
Reserved Sectors Can Be Unsafe: Unfortunately, these “reserved” sectors of the hard drive arent necessarily a safe place for data. And theyre an especially dicey place to keep licensing information. According to Frank Van Gilluwe — whose company, V Communications, publishes System Commander and Partition Commander — viruses have been known to hide in this portion of the disk.
Data compression utilities, “multiboot” utilities, password protection and encryption software, and sector translation software (which allows older computer systems to accept todays huge hard drives) may also reside in this area. Sometimes these applications can interfere with each other, in effect fighting for use of the space.
One of our readers reported that his license management software — not C-Dilla, but another product — ceased to work after he installed TurboTax and SafeCast wrote to this area. We wouldnt be surprised if other problems cropped up as well.
In short, we found that — in its attempts to prevent illicit copying — SafeCast pulls some tricks that may cause trouble. Will it interfere with the normal operation of your system? We dont have statistics to tell us how likely this is, but were concerned that SafeCast adjusts hidden parts of your hard drive without warning you.
TurboTaxs product activation scheme has raised many fears among potential users that it is “spyware” — or that it will disable functions such as the creation of CD-Rs — because it uses one of the copy protection schemes created by C-Dilla (now a part of Macrovision).
Fortunately, TurboTaxs implementation of SafeCast (the C-Dilla product which Intuit licensed from Macrovision) does not appear to include any spyware features, nor does it intentionally disable any system functions.
It appears that many of the problems worrying our users are caused by C-Dillas SafeDisk product, which isnt used in TurboTax. According to Macrovisions Web site, SafeDisk does interfere with copying of CDs and it performs other tricks which users may find unacceptable, including replacing the drivers that run your CD-Rom drive, and monitoring what you do with that drive. But again, as far as we can tell – and Intuit backs this up –TurboTax does not use SafeDisk.
Some issues do remain, however. Because SafeCast surreptitiously manipulates “hidden” areas of the disk, it may cause conflicts with other software. And because this data is not saved during a conventional backup, you are likely to lose access to software youve legally purchased if you back up your system and then restore to another hard drive in an emergency.
Also, the fact that every installation (even “trial” installs) must be activated before use means that one must secure Intuits “approval” — either via their Internet servers or by telephone — every time one installs the software. Our readers are uncomfortable with this process. Intuit assures us that its DRM software isnt spyware, and that it does not maintain records of the IP addresses and telephone numbers used in activation.
But thats not all. Our readers have issues with Intuits use of DRM in general, for several reasons.
“First, many users tell us that they feel as if Intuit considers them to be thieves or potential thieves — not a good way to begin a trusted relationship involving sensitive financial data.Second, some readers lack confidence that Intuit will re-activate their software if they change machines or upgrade components – such as swapping a hard drive or adding memory. Some users reported problems like this early on, but others now indicate that Intuit has recently relaxed its policy. Still, wed like to see Intuit publish a policy about replacing product keys during an upgrade or component swap.Third, Intuit says that its servers will allow an infinite number of software installations after October 15th — the final deadline for US citizens not living abroad to file taxes. However, some users are skeptical that Intuits servers will be around years later when those approvals might be needed. As “JLMann” writes in our forums: “I cannot believe that their server will actually still support Turbo Tax 2002 in five, ten, or twenty years. They will be like everyone else – We dont support that version anymore……”To its credit, Intuit says it plans to provide a completely “unlocked” version of the software after October 15th. We recommend that every user grab a copy of that software and burn it to CD. The, put it in a safe place — along with a copy of the “.tax” file generated by the program. Also save a paper copy of your return that includes all of the optional worksheets.Fourth, many are also worried that DRM will go wrong, denying them access to essential resources at exactly the wrong time. In our tests, we discovered ways in which Intuits DRM actually did go wrong –although in at least one case, it granted more, not less access.But what if the software suddenly suspects you of thievery or “forgets” that youve paid… just before you need to file? Weve no evidence that this could happen, but then again were talking software and taxes – where Murphys Law always seems particularly active.Finally, users are concerned that accepting Intuits DRM will set a bad precedent, paving the way for other software vendors to include even more onerous restrictions on their products. Some users feel that, as a matter of principle, they must reject DRM-enabled applications simply to keep the practice from becoming commonplace.Those customers will most likely reject TurboTax out of hand, even if the DRM worked flawlessly.“