T 4.43 Undocumented functions

Many application programs contain undocumented functions, i.e. functions that are not described in the documentation and that the users are unaware of. For some operating systems and application programs, there are now books that describe a large portion of the previously undocumented functions which have been discovered, and these books are generally thicker than the manuals that come with the products. Undocumented functions are not, however, always just tools with useful side-effects. As long as these functions are not made public, the possibility that they could create problems cannot be ruled out.

This is especially a problem when the undocumented functions affect the security mechanisms of the product, for example the access control. Such functions often serve as "backdoors" during the development or distribution of application programs.

Examples:

• In a number of IT systems, backdoors implemented (and then forgotten) by the developers that were originally intended to facilitate maintenance have been found.
• Many programs can (or even must) be registered online with the vendor. In some of these programs, the online registration of the software simultaneously transmitted an overview of all the programs stored on the hard disk.