Critical Update: Broadcom Modem, why no documentation?

[George]

I recently visited Windows Update and saw the following
update in the critical updates section: "Broadcom
Corporation modem software update released on August 27
2003". I downloaded it and later noted that it installed a
file, "BCMSMMSG.exe", in the "run" section of the registry.

Here is my concern. First, there was virtually NO
INFORMATION available from Microsoft when I downloaded this
critical update. There was not, in other words, the usual
article (or bulletin) that you could read that explained
the reason for the update and the security hole that it as
designed to fix. Second, it is very unusual (in my
experience over the last five years, anyway) for a
non-Microsoft product to be part of a critical update.

I spoke with MSFT tech support about this, and after some
investigation by the tech person, I was told that the
update is legitimate, but that THERE IS NO PUBLIC
INFORMATION AVAILABLE on this issue.

I'm glad that the update is legitimate (assuming that what
I was told is accurate), but I am not satisfied with the
complete lack of any documentation for an update,
particularly one in the "Critical" category. How can a
user evaluate an update if he has no idea whatsoever what
the update is designed to fix and what it does? And
doesn't the absence of information make it impossible for
the user to assess over time the quality of the OS and the
modem that he is running? Could this become a trend --
just install this update, we are not telling you what it
is, trust us -- in the future?

Does anyone have any insight into this situation or
thoughts about this?


Thanks.

George

 

[Karla]

-----Original Message-----
I recently visited Windows Update and saw the following
update in the critical updates section: "Broadcom
Corporation modem software update released on August 27
2003". I downloaded it and later noted that it installed a
file, "BCMSMMSG.exe", in the "run" section of the registry.

Here is my concern. First, there was virtually NO
INFORMATION available from Microsoft when I downloaded this
critical update. There was not, in other words, the usual
article (or bulletin) that you could read that explained
the reason for the update and the security hole that it as
designed to fix. Second, it is very unusual (in my
experience over the last five years, anyway) for a
non-Microsoft product to be part of a critical update.

I spoke with MSFT tech support about this, and after some
investigation by the tech person, I was told that the
update is legitimate, but that THERE IS NO PUBLIC
INFORMATION AVAILABLE on this issue.

I'm glad that the update is legitimate (assuming that what
I was told is accurate), but I am not satisfied with the
complete lack of any documentation for an update,
particularly one in the "Critical" category. How can a
user evaluate an update if he has no idea whatsoever what
the update is designed to fix and what it does? And
doesn't the absence of information make it impossible for
the user to assess over time the quality of the OS and the
modem that he is running? Could this become a trend --
just install this update, we are not telling you what it
is, trust us -- in the future?

Does anyone have any insight into this situation or
thoughts about this?


Thanks.

George
.
George,

I feel the same way, with one exception. After being
attacked by a virus which took down my modem, it crashed
it. I couldn't believe that all of a sudden I had no
modem. Anyway, I had to remove and reinstall my modem to
get it back on line. When this update came out,my
thoughts were that if this helps preventing another
attack on my modem great. But as with you I couldn't get
any information on this critical update and prayed that
it was good for it was on Microsoft update page. I still
wonder what the fix is on the Broadcom Modem with this
update.

 

[Robert Moir]

I'm glad that the update is legitimate (assuming that what
I was told is accurate), but I am not satisfied with the
complete lack of any documentation for an update,
particularly one in the "Critical" category. How can a
user evaluate an update if he has no idea whatsoever what
the update is designed to fix and what it does? And
doesn't the absence of information make it impossible for
the user to assess over time the quality of the OS and the
modem that he is running? Could this become a trend --
just install this update, we are not telling you what it
is, trust us -- in the future?

Does anyone have any insight into this situation or
thoughts about this?

Only thoughts that spring to mind are that as such an update would come from
broadcom, the lack of public documentation may well be connected to them, so
you might consider directing your enquiries and annoyance to them.

Secondly, as annoyed as you feel about this happening this way, which I
would agree is far from ideal, would you feel more or less annoyed if nobody
posted a fix and whatever hole it patches up was used to attack your
computer?

--
--
Rob Moir, Microsoft MVP for servers & security
Website - http://www.robertmoir.co.uk
Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html

Kazaa - Software update services for your Viruses and Spyware.

 

[George]

Of course, I'm glad that MSFT posted a fix. But, as the
update is not simply a driver update -- it actually changed
something beyond the driver component in the Windows *OS*
itself according to MSFT tech support -- and MSFT is the
source for it, I think MSFT should have published the usual
documentation.

I appreciate your input.

George