This site may earn affiliate commissions from the links on this page. Terms of use

In Part 1, we laid out some of the reasons why we suspected problems with Intuit’s implementation of digital rights management in Turbotax, and explored some of the issues that surfaced during installation. Now let’s look closely at what happens when you actually try to use the product.

After installing TurboTax, we allowed the program to update itself across

the Internet, and then prepared a simple TurboTax return for a Ms. Nona

Yerbizness, from New Yawk, NY. We connected to the laser printer on the local network and printed the tax return to ensure that the entire process, from creation to printing, worked as expected.

As it turns out, I’m a graduate of H&R Block’s tax preparation courses, and so I gave the return a quick once over  it looked just fine. We then shut down TurboTax and began our “post mortem” investigation of the machine’s state.

In Part 1, we described the various software products we installed to instrument the PC to determine and changes or problems. One of those, InCtrl5, is designed to detect any system changes that occur during software installation or any other process.

The program’s inventory of changes to the system during our brief test was huge — more than 280K when output as a plain text file. If you really want to look at that file, you can access it here.

Nearly all of the registry and file system changes identified were made by TurboTax and C-Dilla/SafeCast. Note that InCtrl5 also recorded the screen shots we’d saved and the drivers and registry entries added when we installed our Lexmark Optra network printer.

It wasn’t hard to recognize the files that were added by the SafeCast/C-Dilla software, since most had file names beginning with the characters “CD”. On our XP test machines, SafeCast was installed as a Windows “service,” or privileged background task. Whether or not TurboTax was running, this task was always present, and — according to the system — taking up 1.4 MB of memory, along with other resources, including CPU cycles, hard disk space and bandwidth, and other system resources allocated on behalf of the background task, or “daemon”.

Windows 98 Installation: On a Windows 98SE box we used later in our tests, the software didn’t stay resident but instead loaded itself as a VXD (a “virtual device driver”) when TurboTax was started. Because we had allowed TurboTax to fetch Intuit’s latest updates during the installation,

the uninstaller for the "SafeCast Shared Components" was available to

us through the Control Panel’s "Add/Remove Programs" applet. However, if you activate the product by phone, you won’t get

the uninstaller unless you later connect to the Internet for an update (a good

idea, since the update contains fixes that might affect the accuracy of your

return) or download the uninstaller separately from Intuit’s website.

Macrovision Responds: We wondered why the DRM remains task-resident full-time on XP, rather than simply loading and unloading like with Windows 98SE. According to Macrovision, SafeCast “wakes up” every so often and increments counters in some of the product files. If

those counters are out of synch, the software assumes that part of the product has been copied from one disk to another, and refuses to grant you access.

This technique won’t work, however, if you copy both the license files and the program files at the same time  so the software also uses other measures to try to detect when this happens.

Macrovision further states that the software runs as a “daemon” under XP, so that it can perform operations that require administrator privileges. This happens even if the user running TurboTax lacks privileged access to the system.

When we asked Macrovision why the resident SafeCast task took up so much

room, Macrovision’s Michael Glass told us that it’s because the SafeCast code is “treated to several layers of obfuscation and internal scrambling, to keep it from being

reverse engineered.”

“As you’ve seen,” said Glass, “this bloats it considerably. But the process wouldn’t do much good if it could easily be hacked.”

We’re a bit uncomfortable with this explanation, since it implies that

SafeCast relies on “security by obscurity” (which, ultimately, is not good

security at all). We’re also skeptical that the relatively simple constraints imposed

by the TurboTax software  even with the obfuscation — would take up so much room.

Could something more nefarious than the simple restraints we encountered be lurking inside the code? We uncovered no evidence to imply that, but still, we’re suspicious.

So

we decided to continue with our tests and check for such behavior later.