So they can just steal my wallet file, and put it inside another wallet of their choise, like it doesn't have to be electrum, and then they are not able to spend/move my bitcoins right?
Kinda. The wallet files are rarely compatible, but if someone has your file they can figure out which software its for, open it and not (!) spend your coins. It would act the same as your copy and upon spending ask for the password.
If this is the case, I shouldn't be worried about the wallet file, and if someone steals it, they can't do anything with it because they dont have my password or seed?
Correct. Just because I am a bit paranoid Id still create a new wallet and make a final TX moving all the coins from the old wallet to the new one. As long as your password is strong enough this is not needed though.
But why is then everybody saying protect and backup your wallet etc..
Because files get corrupted sometimes if you only have one file there is a single point of failure. I read about a father that lost plenty coins from a mobile wallet because the kids needed space for their games and hit the "delete appdata"-button for dads wallet. So the backups are to protect against other things that can go wrong besides beeing attacked. The great thing about Electrum is that it only ever needs the seed.
Your suggestion of seucurity seems like a bit advanced to me, although I kind of understand what you mean.
But my wallet is on my external harddrive. If I set a password lock/encryption to the whole folder, it will make the security level go up a little bit, which is good I guess.
I cant deny that it would increase security.
A few days ago I read a thread here which is now deleted, but the op linked to a website. And it said that I didn't have flash installed, so I was not thinking more than I should, and tried to download the file and install it. I already even had flash on my computer so I don't know why I did that. Later on I get a message on my screen saying electrum password expired! change it. And I didn't even had my external harddrive connected to my PC. And how they knew I used electrum, not sure.
Usually there are some file that indicate which wallet you arw using even though the data is storred externally.
And then I realised it was some kind of trojan/malware, and I also looked in the thread and some more users confirmed this. So I deleted it and checked that my coins were safe on my computer at a later point, and they were.
You dodged a bullet there.
But imagine if I had my external harddrive connected to my computer at that point, what could of happen? Could the malware just see my password and take my coins, or would it log me when I type my password, and then transfer the coins to themself?
With your password the virus could either send the coins directly with your copy of electrum or send the file with the password to someone else to do this manually. Depends how "well" the virus is written.
I guess it's better to have electrum on a external harddrive rather than on the computer it self. Becuase you could always check that your coins are safe in another computer, thats not infected with virus/trojan or malware, and then proceed to clean the computer.
Yes. I have to admit I never thought about it like this. I think you learned the "dont download random stuff" lesson. Yet the next virus might be attacking when you have your folder decrypted. This is where I think the idea might lead to a false sense of security.
Btw, I appreciate the time you take to help me understand this whole thing!