An undetected software bug can impair system functionality and increase the likelihood of malicious code and security exploits. In many ways, it is more dangerous than malware with far greater consequences.
“The devil made me do it!” It’s an excuse that’s so cliché, and yes, cringe-worthy, that it makes you wonder if it ever carried any weight—particularly, beyond the walls of a confessional. Pointed tails and pitch forks can be intimidating, for sure!
But just as the devil isn’t to blame for every single misfortune, malware, in the world of computing, isn’t always the culprit of software disasters. Sometimes the instigator is the program’s author(s). A mistake in source code, also known as a software bug, can be just as consequential as a hacker who bears you malice, or a program with malicious intent.
Take Arianespace, the world’s first commercial launch service provider (LSP), for example. With a history dating back to the 1970s and a track record of over 200 successful rocket launches, a software bug obliterated its first test flight of the Ariane 5 spacecraft in 1996. A malfunction in the vehicle’s flight control software resulted in its explosion about 40 seconds after liftoff.
This software bug went on to become one of the most infamous in history, and is credited for a massive $370 million loss. Fortunately, the Ariane 5’s payload was a constellation of four spacecrafts collectively known as “Cluster,” and not human beings. The latter, however, wouldn’t be as fortunate in a separate case.
Just four years laters, Multidata Systems, a maker of radiation therapy products, would set off a series of medical mishaps with its software for physicians. The stubborn effort of doctors at the National Oncologic Institute superseded the application’s usability rules, revealing a software bug that would claim eight lives and overexpose twenty others undergoing radiotherapy. The doctors would eventually be indicted for murder.
As you can see, a software bug can be more disastrous than malware! This is because a software bug is a defect—much like automobiles that have to be recalled or food which may turn out to be contaminated. Hackers are usually motivated by money, and malware, regardless of its type, operates within a set of rules. The implications of a software bug are often unknown until they play out—usually in real time.
Software Bug vs. Software Virus
Malware.xyz is committed to your information security and has covered malware and computer viruses in Malware 101 and the Computer Virus Crash Course, respectively. These articles don’t just define what a computer virus is, but describe the different types you will likely encounter as you frequent the Web.
A software bug, on the other hand, is completely different from a computer virus. It is essentially an error, flaw or failure in a software program that results in its impaired or unexpected behavior. In extreme cases, a software bug might also give way to larger, systemic exploits.
The term bug, as it relates to engineering, is said to have roots in the 19th century where greats like Thomas Edison described “the faults and difficulties” of the mechanical process. Dr. Grace Hopper and faculty at Harvard’s Computation Laboratory would encounter an actual bug more than a half-century later. An operating error caused by a moth in a computer’s relay would become synonymous with glitches encountered in modern programming.
Who or What can a Software Bug Impact?
Unless you live under a rock, no one is exempt from the pervasiveness of software. The more it permeates our way of life, the more vulnerable we become to its own set of weaknesses, including malware, hacks and software bugs.
Smart phones, household appliances, automobiles and implanted medical devices: Nearly everything is at risk of a software bug! All it takes is one to interrupt a person’s lifestyle, or, life in general.
Theoretically, bugs can exist throughout any system’s architecture. Circuitry, hardware and software defects will negatively shape system functionality. Of more concern, arguably, is the software bug which impacts security. Non-functional weaknesses in security architecture are what often lead to the compromising or exposing of one’s personal data.
Availability and Security, the most important non-functional components in any software product, often conflict with each other. Simply put, the more available something is, the less secure it is. The more secure, the less available.
Social media, mobile banking and other technologies which enable connectivity have in turn, increased availability. As a result, people who don’t “live under a rock” are less secure. Striking the appropriate balance is a task that every engineer must consider, and one that every user must assume as their own responsibility.
…But sometimes a Software Bug cannot be Avoided: A Working Class Case Study
A software bug isn’t always explosive or life-threatening. In most cases it surfaces in isolated events, and can wreak havoc on the livelihoods of poor and middle-class consumers. Aarons, a rent-to-own (RTO) company, experienced such a case. In 2010, their network of “homegrown” information systems caused a payment malfunction that debited their online customers seven (7) times their monthly amount due.
Needless to say the effects were devastating! It happened on a Friday when most of their customers had just received their paychecks. Bank alerts via SMS/text messaging had just come to fruition, which ultimately, proved to be a good thing. Without this technology, customers might not have realized what was going on.
As they began receiving alerts of debits exceeding their predetermined thresholds, many of them began to panic. The call queue at Aarons National Support Center increased rapidly, causing the Voice over IP (VoIP) technology to crash. Many emails were exchanged, including one from the Chief Information Officer (CIO) at the time, which concluded that analysts had “made it hard for the company and its customers.”
The CIO was right. Software bugs of this magnitude can hinder working-class families from paying their rent, keeping their utilities on, or worst, feeding their children. It took nearly a week to make things right, and heaven knows what some of those customers had to endure in the process.
This real-life scenario underscores the responsibility of engineering software products, which takes more than just technical skill. It is a systematic and scientific discipline that promotes human safety when using software products. Bugs should be eliminated prior to the live or production use of software. But in practice this isn’t always case. Developers and engineers mean well, but sometimes a software bug cannot be avoided.
Protecting Yourself against a Software Bug
Protecting yourself from the consequences of software defects is not always possible, but aiming to do so parallels the responsibilities of an ethical user of software. The following is our list of seven (7) tips for safeguarding your sensitive information while using software responsibly.
Only use software published by trusted brands.
It’s the first recommendation in this list and in no way foolproof! It might even be difficult to know which brands are trustworthy. For example, the Ariane 5 explosion was the result of failing to handle code from a previous project. Reusability is huge part of software engineering and every developer, regardless of experience, reuses code. Trusted brands, however, usually offer perks with their products and services. They monitor their systems and provide frequent updates and patches in response to the discovery or reporting of defects.
Apply software patches and updates.
There are times when we must hold ourselves accountable for the results of a software bug. Software patches and updates are not uncommon, but it is up to us to take time to apply these upgrades. The process can certainly be time-consuming, especially when several upgrades are issued within a short time span. But applying patches and updates is what responsible users of technology do.
Use software as intended.
Even if you’re not operating heavy machinery, you don’t want to be like those doctors at the National Oncologic Institute and exploit the usability of your software applications. You will also want to refrain from using pirated software which often comes with its own set of issues. Using software tools as they were intended is always the best practice. This leads to…
Reporting bugs to their vendors.
Every software developer appreciates honest feedback and often provides a way to report bugs and suggestions. This not only enables them to provide a better product or service, but keeps their fat out of the fire (i.e., the case of Multidata Systems and the doctors at the National Oncologic Institute). In spite of rigorous unit and regression testing, some glitches and defects aren’t detected until after a product has been deployed to market and used in a real business case. Making a point to engage with the vendors you patronize is beneficial to everyone.
Beware the vendor who does it all.
Software engineering is a meticulous industry. With the exception of a handful of large companies, rarely does one boutique handle each layer in the solution stack. If you are considering a software package provided by a small developer, you should pay attention to how security and payment transactions are handled. These elements of e-commerce are so huge that entire companies like PayPal and Symantec have been started around them.
Consider electronic bill payments for recurring expenses.
In response to cases like the Aarons rent-to-own incident above, it is often safer to use your banking institution’s “bill pay” feature for recurring expenses. It gives you more control over your money and is less susceptible to payment glitches that could potentially wipe you out in a matter of minutes (ironically, payment glitches rarely result in under charging your bank account). Most banks offer this service for free and even have the means of electronically transferring your funds. This means that electronic bill payments can be just as fast as paying your creditor directly.
Don’t plan any space trips any time soon.
This final suggestion isn’t entirely tongue-in-cheek, as there have been talks of moon and Mars colonization for quite some time. Until you actually see a building or two constructed on one of the terrestrial planets, and perhaps the commercialization of space flights to and fro, it may be worth keeping your distance for now. No need to be the payload of a failed rocket launch.
There are certainly cases in which malware and black hat hackers are responsible for the breaching of online security. In fact, the 1.5 million strands of Android viruses alone is part of the reason we started Malware.xyz—to make you, the user, aware of a growing epidemic in the world of software. But just like its not always practical to blame the devil (or any other “boogeyman”) for every mishap in the real world, the same is true for malware in the realm of cyberspace.
For apps, online services and other forms of software, the devil is often in the details. A software bug that goes unnoticed is just as detrimental as malware, if not more. It can impair software functionality and leave a system vulnerable to malware and command sequences issued by hackers. It is your responsibility as a user to follow best practices, and to engage with trusted vendors by reporting adverse behavior of their software products.