Businesses trying to decide which of their bills to pay first had best move the one from their software supplier to the top of the stack.

Revlon Group Inc. learned that lesson the hard way recently when a small software company, angry that Revlon hadn't paid up, shut down two of the cosmetic giant's factories by pulling the plug on the software that runs them. Acting in the dead of the night, technicians from Logisticon Inc. in California sent instructions over the phone lines that disabled software controlling Revlon's operations in Edison, N.J., and Phoenix.

This week, Revlon shot back with a lawsuit. A spokesman for the cosmetics company condemned the act as "sabotage" and "something verging on commercial terrorism." The software hadn't been working properly, he said, so $180,000 in payments had been withheld.

The incident is at least the third case to come to light demonstrating a software company's ability to surreptitiously cripple a customer's operations by manipulating software programs. The practice, though rare, is the latest blemish on the image of an industry already so concerned about its credibility that several major players recently launched a campaign to improve it.

Software vendors are notorious for delivering their products late and laden with errors. Indeed, many of the disputes, like Revlon's, center on disagreements over the software's quality.

The ramifications of such disputes became painfully evident to Revlon in the early morning hours of Oct. 16.

Implementing what Logisticon President Donald Gallagher called a precise "surgical" procedure, company officials remotely dialed into Revlon's computers and swiftly paralyzed the inventory system. Without the software, Revlon had to close the plants for three days, putting hundreds of people out of work.

Telephone-line access is not uncommon in the software industry, so that vendors can easily update and alter software. As far as Gallagher was concerned, Logisticon was merely using that access to "repossess" software that Revlon hadn't paid for, just as a bank might repossess a car when payments became delinquent.

As an intangible piece of property, software is especially tricky to "repossess." While Logisticon chose to sneak in over the phone lines, other companies rely on what are known as "time bombs," or "drop-dead" devices, or -- more delicately -- "automatic payment algorithms."

Software products that contain such "time bombs" are programmed to stop working at a specific moment -- usually when a bill payment is due. They typically flash a warning notice to the user before shutting down.

"It just gives us more control to get them to call us and talk to us," said Denny Yost, vice president of BlueLine Software Inc. in Minneapolis. Yost said BlueLine has never allowed a time bomb to go off. Instead, like other vendors that employ such devices, it provides customers a code that will enable them to reset the software clock. But sometimes the deadline passes -- with potentially catastrophic results.

A year ago, software being evaluated by more than a dozen medical laboratories to compile patients' test results shut down when time bombs went off a week earlier than expected by the software vendor, Lab Force Inc. of Dallas. Through the phone lines, Lab Force officials sent new software instructions in an attempt to revive the programs. But a lab in Milwaukee interpreted that action as pure and simple sabotage.

Franciscan Shared Laboratory, which serves three Milwaukee-area hospitals, immediately went to court, contending that Lab Force had caused the critical software to malfunction by implanting a "virus." Complicating the situation, a judge prevented Lab Force from making further alterations, even to extend the software's life.

A lawyer for Lab Force said the matter was resolved out of court.

A court in Oklahoma in 1988 issued an order banning a software company from allowing a program used by a trucking company to be deactivated.