T 4.43 Undocumented functions

Many application programs contain undocumented functions, i.e. functions which are not described in the documentation and which the users do not know about. For some operating systems and application programs there are now books which describe a large proportion of the functions which have come to light that had previously been undocumented and are generally more voluminous than the manuals that come with the products. Undocumented functions are not, however, confined merely to tools that have useful effects. As long as these functions are not out in the open the possibility that they could create problems cannot be excluded.

In particular this is a problem where the undocumented functions affect security mechanisms of the product, for example access control. Such functions often serve as "backdoors" during the development or distribution of application programs.

Examples

• In a number of IT systems backdoors that were inserted and then forgotten about by the developers but were originally intended to facilitate maintenance have been found, which, however, also made it possible to obtain administrator rights with a trivial password.

• Many programs can (or even have to) be registered on line with the vendor. With some of these programs the act of online registration of software simultaneously permitted an insight into all the programs stored on the hard disk.