So they can just steal my wallet file, and put it inside another wallet of their choise, like it doesn't have to be electrum, and then they are not able to spend/move my bitcoins right?
Kinda. The wallet files are rarely compatible, but if someone has your file they can figure out which software its for, open it and not (!) spend your coins. It would act the same as your copy and upon spending ask for the password.
If this is the case, I shouldn't be worried about the wallet file, and if someone steals it, they can't do anything with it because they dont have my password or seed?
Correct. Just because I am a bit paranoid Id still create a new wallet and make a final TX moving all the coins from the old wallet to the new one. As long as your password is strong enough this is not needed though.
But why is then everybody saying protect and backup your wallet etc..
Because files get corrupted sometimes if you only have one file there is a single point of failure. I read about a father that lost plenty coins from a mobile wallet because the kids needed space for their games and hit the "delete appdata"-button for dads wallet. So the backups are to protect against other things that can go wrong besides beeing attacked. The great thing about Electrum is that it only ever needs the seed.
Your suggestion of seucurity seems like a bit advanced to me, although I kind of understand what you mean.
But my wallet is on my external harddrive. If I set a password lock/encryption to the whole folder, it will make the security level go up a little bit, which is good I guess.
I cant deny that it would increase security.
A few days ago I read a thread here which is now deleted, but the op linked to a website. And it said that I didn't have flash installed, so I was not thinking more than I should, and tried to download the file and install it. I already even had flash on my computer so I don't know why I did that. Later on I get a message on my screen saying electrum password expired! change it. And I didn't even had my external harddrive connected to my PC. And how they knew I used electrum, not sure.
Usually there are some file that indicate which wallet you arw using even though the data is storred externally.
And then I realised it was some kind of trojan/malware, and I also looked in the thread and some more users confirmed this. So I deleted it and checked that my coins were safe on my computer at a later point, and they were.
You dodged a bullet there.
But imagine if I had my external harddrive connected to my computer at that point, what could of happen? Could the malware just see my password and take my coins, or would it log me when I type my password, and then transfer the coins to themself?
With your password the virus could either send the coins directly with your copy of electrum or send the file with the password to someone else to do this manually. Depends how "well" the virus is written.
I guess it's better to have electrum on a external harddrive rather than on the computer it self. Becuase you could always check that your coins are safe in another computer, thats not infected with virus/trojan or malware, and then proceed to clean the computer.
Yes. I have to admit I never thought about it like this. I think you learned the "dont download random stuff" lesson. Yet the next virus might be attacking when you have your folder decrypted. This is where I think the idea might lead to a false sense of security.
Btw, I appreciate the time you take to help me understand this whole thing!
Yeah, creating a new wallet and transfer the coins to that one would be good if the wallet file gets in someone elses hand that shouldn't have it. Although as you say, they can't do much without the password or the seed.
So with electrum we don't need to back up the file as long as we have the seed because we can re-create the wallet by typing in the seed. But for other wallets, back up of the wallet file is necessary.
But would you recomend to put a locker on the whole file? Just in case. Because sometimes even when downloading something, you are not 100% sure if it contains virus or malware or not, even though you can read the comments for the file etc. But I assume a random virus that's not coded to log or steal bitcoins, wouldn't do any harm to a wallet, so ideally it could be safe to operate the wallet while having a virus, am I right?
What do you mean about that the next virus could attack my electrum wallet when I am decrypting my folder, if I am using an external harddrive? Because if I do use an external harddrive, I would probably make sure that my coins are safe on another computer, and hopefully that one won't have virus or malware or trojan or anything like that.
But if I am connecting my external harddrive to my own computer while it's infected, and I try to decrypt the folder, its no point in having a decryption then because with or without decryption, they will see my password once I type it in.
Can a virus or trojan infect an external harddrive when you connect it to a computer thats infected? It sound like it should, so I am not even sure why I am asking tho.
And another question, would you rather have two electrum wallets with your bitcoins or just one? It would be smarter to have two wallets, but a bit more jobs with saving the seed, even though it's not that hard.