Dear Christian, 

First of all, thank you for your quick answer and your reply is helpful. 

>seung, if the browser would modify the system in a way that is not  
>excluded in the exclusion list, capture would classify the page as  
>malicious.

>on a standard ie 6 sp2 installation, active x components are not  
>automatically downloaded and installed.

As I understood, ActiveX component automatically are downloaded but not 
installed. doesn't it? If I wrong, inform me. 

>you can, however, configure ie to do so. if you make this  
>modification, you would have to modify the exclusion list to exclude  
>the state changes that result from an active x component install.  
>otherwise, as you state correctly, capture would classify the page  
>incorrectly as malicious.


In that case, can capture-hpc distinquish the state changes that result from an 
ActiveX component install and the state changes that result from excutable file 
of attackers by modifying the exclusion list. I mean exclusion list can have 
that level of granularity. 

>hope this helps.
>Christian

---
Web: http://www.mcs.vuw.ac.nz/~cseifert


On Apr 14, 2008, at 6:29 PM, "Seung Wook Jung" <seung-wook.jung at 
cns.ssu.ac.kr 
 >> wrote:

>> Dear all,
>>
>> I would like to know how the capture-hpc deals with the ActiveX.
>>
>> When an ActiveX is included in a web page and users access the web  
>> page, the ActiveX will be download from the web site without any  
>> interaction with users as I understood. In this case, the state of  
>> the PC will be changed so, I guess, the capture-hpc would decide the  
>> web page is malicious even if the ActiveX is not malicious.
>>
>> Best Regards,
>> S. Jung
>> _______________________________________________
> Capture-HPC mailing list
> Capture-HPC at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/capture-hpc
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc

Reply via email to