I purchased TurboTax Home And Business 2017 from greentaxexpert.com, which I now realize appears not to be an authorized reseller. Is there any way to verify that the download has not been modified or infected by them (i.e. an SHA hash of the official download).
Unfortunately, we are not authorized to publish the hash codes. I’m glad that you were able to get your money back.
Sorry, they don't release their hash values, for various reasons. You can try and return it, or dispute the charge with your bank, or take the chance.
Thanks for your feedback. I was able to use the apple codesign utility to verify that the signature on the app appears to be correct, but I will see if I can get a refund. That output includes the sha1 and sha256 hashes, is it acceptable to post them here in the hope that someone with an official copy can verify them?
FWIW, all indications are that the files from them were unmodified: both the original download and the subsequent updates appear to be properly signed by Intuit. When I requested that my order be canceled and refunded, they did so promptly.
I don't know if the moderators would permit the hashes to be published. (To an extent, doing so would assist others in cheating Turbotax of revenue). The other concern is that, even if this particular unlicensed merchant is only selling pirate copies of unmodified software, we have seen reports of other merchants selling modified software, or collecting credit card numbers for nefarious purposes and never delivering the software. Publishing the hashes might give other customers a false sense of security.