Ledger Live Problem on Windows

[Lucius]

Even if you updated to a fake version, your coins wouldn't be stolen. You have to review every transaction on the in-built screen. You would notice right away if something was wrong.

We have same option in Electrum (preview button), but user is not forced to use it, maybe many would be saved if Electrum force users to check all transaction details before clicking on send button. But even with that extra step of checking address some users will just click on send button without really checking if address is correct.

Ledger is force users to confirm transaction on screen, but how many of them really do that? Fake Electrum presents almost the same danger even with hardware wallet.

Electrum isn't risky. Users with poor security practices are risky.

If huge number of crypto users have very poor security practices and we see every day that this is true, then using wallets as Electrum is a big security risk for them, and they should not use it until they fully understand what they are doing.

[erikalui]

This is intended; it is a security feature to prevent other people viewing your accounts if you have stepped away from your computer. If you don't like it, you can adjust the time up to an hour or disable it altogether by clicking on the "Settings" icon in the top right of Ledger Live and changing the "Auto-lock" settings under the "General" tab.

It logged me out while doing a transaction and I had to reenter the PIN, confirmed BTC wallet which was irritating. Thanks! Will do that.

You can't lose your coins simply because of a fake pop up. The fake pop up required users to follow a fake link, download fake software, install the fake software, and open their wallet with it. If you follow the recommended steps for properly installing Electrum (i.e. only ever download from "electrum.org" and verify all files before installation), then you can't be fooled by attacks like this. In addition, this has already been patched for many months, and is only continuing to affect users using outdated versions. In further addition, if you were using Electrum with a hardware wallet (as you would be), this wouldn't be effective as you would still have to confirm any transaction on your Ledger device just like you do at the moment using Ledger Live.

Electrum isn't risky. Users with poor security practices are risky.

Electrum is open-source and a free wallet which is why it can be manipulated more easily than Ledger that's hardware. Even the best of people can be fooled if they follow the pop-ups in the wallet and even Ledger has the same option of updating the version. Ever since I got hacked due to a virus on my PC, I avoid installing anything on it and hence I started using Ledger which doesn't get affected even if my PC is infected. I don't like to use even Ledger Live but still since it doesn't get affected by viruses, it's fine.

[o_e_l_e_o]

Electrum is open-source and a free wallet which is why it can be manipulated more easily than Ledger that's hardware.

You make it sound like being open-source is a bad thing. Electrum being open source is good. You can review the code yourself, and build the application yourself from the source code, so you know exactly what it will and won't do. If you don't have the knowledge to review the code yourself, you can pretty much rely on the fact that because Electrum is so popular, someone else will notice any malicious code long before it gets pushed to an update. Ledger Live is also open source, but Ledger hardware is not. It would be easier for a malicious party within Ledger to alter their hardware products undetected than it would be for someone to slip malicious code in to Electrum undetected.

Even the best of people can be fooled if they follow the pop-ups in the wallet and even Ledger has the same option of updating the version. Ever since I got hacked due to a virus on my PC, I avoid installing anything on it and hence I started using Ledger which doesn't get affected even if my PC is infected. I don't like to use even Ledger Live but still since it doesn't get affected by viruses, it's fine.

Electrum didn't get infected with a virus. Users were tricked in to a downloading an entirely fake piece of software. The exact same vector of attack is possible with Ledger Live.

Using a hardware wallet is a good idea, and I own a couple of Ledger devices, but your dislike of Electrum is misplaced.

[bitmover]

Electrum isn't risky. Users with poor security practices are risky.

Certainly.
Electrum is one of the most trusted wallets out there. Every Bitcoin community recommend it and like it.
As much as this phishing about Electrum 4.0 caught a lot of users , if people followed basic security procedures.

[Pmalek]

Even the best of people can be fooled if they follow the pop-ups in the wallet...

Don't follow any pop-ups in your Electrum wallet now or in the future. Doesn't matter that the malicious practice of servers sending fake messages got patched. Maybe in the future scammers will find another way to get their fake software onto people's computers but as long as we follow the basic guidelines we will be safe. Download only from the official website and verify the signature of the wallet before installing it. Done. 

[ABCbits]

Electrum is open-source and a free wallet which is why it can be manipulated more easily than Ledger that's hardware.

That's the disadvantage of open-source software, but would you rather use closed-source wallet and fully trust whoever create that wallet?
Even if you can't verify the source code by yourself, popular open-source software will be reviewed/audited by someone else who usually would share the result if they found vulnerability or backdoor.

Even the best of people can be fooled if they follow the pop-ups in the wallet and even Ledger has the same option of updating the version.

No, best of people would verify GPG signature of the downloaded installer/source code.

They also could check the domain of Electrum website on the pop-up as well.

[bob123]

Electrum is open-source and a free wallet which is why it can be manipulated more easily than Ledger that's hardware.

Open source does not mean that anyone can change the code. It means everyone can view the code.

Anyone can make requests to change the code, but it will still be audited by multiple people managing the repository.
And only if it passes the code audits, it will be merged into the repository.

Even the best of people can be fooled if they follow the pop-ups in the wallet and even Ledger has the same option of updating the version.

It has been mentioned numerous times here around this forum that one should only download electrum from the official website.
And verifying the signature is mandatory.

Just because most people don't follow those pretty simple tips to stay safe, it by far doesn't mean that everyone would get fooled by such a cheap phishing attempt.