Topic: [ANN] LevelNet : The First Distributed Cyber Security Platform - page 31. (Read 48626 times)

The date of registration of my account does not apply to irrefutable arguments that your project is scam.

1. If the reports are signed with a security key, then it must be sewn into the client program. It follows that it can be extracted and used to sign fake reports. The problem with the management of statistics from the outside is not solved by you.

2. You introduce yourself as a great specialist in cyber security. However, say such nonsense that the execution of the code in memory carries no threat? This shows that you are not competent in matters of cyber security. Through the shellcode, you can run the simplest backdoor and execute commands in the system. In addition, you can download any malicious program and execute it in memory without saving to disk.

3. The company virustotal.com antivirus companies independently apply and enter into a legal agreement, and provide them with api interface for their software product. They benefit from this, as they receive information that users upload. However, no company will cooperate with you, because there is no benefit in this. And legally you will not be allowed to use the antivirus product for commercial purposes.

New account registered yesterday and didn't provide any proof either.

Nothing unusual. Revenge

The fraud claim here is pretty worrying 

Thank you for your correct questions, we see that you have become better understood:

1.Reports about malicious objects from LevelNet client applications are not sufficient to place these objects in the malicious category in the database. This decision is made on the intermediate super nodes, the messages from which, in turn, are signed with a security key. Thus, false reports will be filtered at this stage.
2.Practically in all cases, the execution of the shell code entails loading onto the disk and the subsequent launch of the malicious executable module, which will be immediately detected and blocked by the LevelNet client. Due to the limitations of bytecode execution in RAM, no serious actions can be performed without saving to disk.

About the legal aspect. How can you say so if there are examples, for example, virostotal and others? They were closed? Or you can know some legal subtleties that we do not know, then the sound of the position on the basis of which our project will be closed. You are considerably behind in understanding the project and its movement.

It is not a problem to buy thousands of proxy servers and send false reports from each IP address, thereby manipulating statistics in the database of levelnet. How can you check the real report or not?

Statistics can be manipulated from the outside, and so there is no point in such a project.

You are going to use the result of the work of third-party antivirus software for your own commercial purposes. No antivirus company will allow this. The user's license for the anti-virus only entitles the user to use the software product for the intended purpose. This does not entitle you to use the output of a third-party product. You just sue and the project will be closed legally!

Your project is not an antivirus or firewall. It just blocks the launch of the program based on statistics, which is easy to manipulate from the outside. It is not able to protect against the implementation of the shell code through vulnerabilities. Can not recognize web exploits. This is absolutely useless software product.

You have not created a single successful project in your life. Your past project failed in a shame. All ordinary developers listed on the official site levelnet.co have long worked in other companies and will not be dismissed for the sake of your suspicious project. Why did you decide that you can do at least something like that?

These are serious claims and seem to be a provocation.
As for the technical part. There is no question of any dynamic and static analysis of speech. Confirmation of a false request from the user
is also described in the algorithm for assigning the level of risk. Read carefully how the threat level is set.
Reputational base formation
A novel concept of weighting certain attributes for the determining the Risk Level of
potential software packages. This Risk Level is evaluated by the LevelNet system
automatically based on the value of a set of factors listed below in descending order of
importance:
● antivirus solutions reactions from end-point users.
● level of trust that its publisher has
● prevalence within the network
● the number of cases when this software was added to the list of exceptions
end-users
The number of antivirus solutions can be obtained both from users' devices
and from the internal servers of the LevelNet network. The process of monitoring
previously unknown software.

Also read about the database of trusted publishers, you most likely missed it or just did not know it.

If the object (the new hash) does not satisfy the conditions, then it is considered dangerous, thus all manipulations with the cryptor and morphing are reduced to zero due to the fact that the object
previously did not meet with users and there are no trusted publishers in the database.
The algorithm is specified in the answer number 1. In addition to this algorithm, the number of requests from the user is checked. In reality, if the user
sends many requests, it is blocked due to the fact that this is not a real behavior. Because sending a lot of requests from the user in reality does not happen.
2.1 We do not check each file, we use the algorithm specified in item 1. The source of information is user devices and the database of trusted publishers and their files.
We do not use dynamic anti-virus scanning on our side.
3. It's not the number of devices, but the speed of delivery of verified information. The data transfer rate is very high today. There's really no verification on the video
on the reliability of the request received from the device on which an antivirus is installed, which is able to cope with the threat. Validation test
A request from a user for an identified threat does not take much time. We do not analyze the set of anti-virus engines in our
in the cloud, but we operate the information with information obtained from other users and sources of re-checking the information.
Verification of the request is not based on either dynamic or static analysis, which you specified in paragraphs 1-8.

On the legal side:
- All results of anti-virus software on the user's device are the property of the user under license agreements.
Number 9 Are you sure of this? If so, I ask you to provide evidence that we have not undergone any independent technical audit.

Are you saying this is true
For the project owner whether you can clarify clearly

Yes. And it's not in your interests that I prove it. Better answer to my arguments about the project, if certainly able.

Those are some pretty big claims.  Do you have any evidence to back it up, especially the banking fraud claim?

This project is scam!

First, the organizer of the project, Pavel Shkliaev, made his capital on carding(banking fraud). He steals from people money from bank accounts with the help of malicious spyware. This already says for what purpose this ISO was created.

The idea of ​​the project is stupid and carries a number of unavoidable technical and legal problems:

1. The malicious file in this project is determined stupidly by the hash of the file. Any malware uses a cryptor, a morph or a packer, which makes each file unique, which means that each file has a different hash amount. For this reason, the project itself is meaningless.

2. It is impossible to check whether there was a real report on the infected file or this report is fake. Anyone can create a program that will send millions of false reports including for legitimate programs.

If they will check each file on the server with all possible antiviruses by analogy with virostotal.com, then there will not be enough computing resources for this. In addition, the detection will not be a few seconds as a demonstration, but a minimum of 10 minutes, provided that there are free computing resources. And this will only be a static analysis, which is easily handled by the simplest cryptor. For dynamic analysis, you need many times more time and resources. In addition, until now no one has implemented a stable dynamic analysis on the set of antiviruses, because there are many difficulties in this.

3. The reaction time is only on the video demo in a few seconds because there are only 4 virtual machines connected to the local network. And this does not verify the real report or not. In real-world conditions, the time costs for transmitting through a peer-to-peer will be at least a few minutes. And if you check the report with the file on the server, it will take an indefinite time. If all resources are very busy, then the report can be checked in a few days.

4. In order to use third-party antivirus programs both on the client and on the server, you must obtain legal permission from absolutely all anti-virus companies. This is impossible, because no antivirus company will help the competitive product.

5. The client without the user's consent will download files from his computer, which is a violation of confidentiality and may lead to the leakage of important information for the user. In addition, the executable file is stupidly pumped to the server completely, and its size can be hundreds of megabytes and even a few gigabytes.

6. Even if you completely download the executable file and try to perform a dynamic analysis on the server, it may simply not start due to the lack of necessary libraries.

7. Antiviruses and so quickly exchange antivirus databases between each other, so making such a proxy does not make sense.

8. This project will never replace a full-fledged antivirus, since this antivirus has heuristic analysis and proactive protection, which allows detecting suspicious threats or actions.

9. I am familiar with this project, as they tried to offer to various investors during 2016-2017 and no investor agreed to invest money in it, because it does not pass the audit by an independent technical auditor.

Based on all of the above, I'm 100% sure that this project is a scam!

This projects looks very promising and I might consider joining the bounty once I am done with the current bounty campaign that I'm in right now.

More Power LevelNet!

Translating the thread into Russian for a Russian project? Seriously?

That is a completely different project.  This isn't a copy-paste anonymous coin, have you read the whitepaper?

Hi guys. We created a special group only for the participants of our bounty program. You can quickly contact the bounty manager and find out all the questions without mediator =)

Hello everyone!

We have published today a new blog post about LevelNet ICO. Interview with the founder and CEO LevelNet.

Read more about it on Medium: https://medium.com/@LevelNetwork/text-interview-with-the-founder-and-ceo-levelnet-992cb1cebb5f

I think that this coin is good, but I like more Deeponion with TOR integration.

Now the project is in the stage of raising capital, all the forces and means are directed at this.

On the current day:

- The requirements are collected.
- The network protocol has been designed and modeled.
- Written load simulation programs on the network.
- Three backend platforms have been tested (Amazon, Azure, Google). We chose Azure.
- Completed all prototyping and testing of the client part.
- Written 2 services for Windows. (network and integrity control)
- Partially written driver for Windows to work with AB. (Support 5 products)
- The driver of the mode of intercepting certain functions and file operations.
- Describes the mechanism for synchronizing databases. (client-server)
- The team is selected for the backend development.
- Prepared project documentation for the development backend.
- The project documentation for working with publishers and their verification is prepared.
- Fentional prototypes for 3 platforms (Win, OSx, Linux)
- Created a grocery site.
All the work to be closed can be found in the document described in detail - the tab development plan: https: //levelnet.co/files/Financial%20Model%20LevelNet.xlsx

The current site is under renovation

I think it's a good idea to be able to segment the market. What's the progress of the project at the moment?