Topic: Ledger Live 2.1.0, 2.2.0, 2.2.3 Installers and Uninstallers flagged as Malware - page 2. (Read 1151 times)

I have to go a little off-topic in my own thread. Better than creating a brand new one just to ask a question.

Has anyone experienced any problems updating their Ledger Live to the newest version (2.3.2, I think)? For some reason it just wont update on my end. For a couple of days I wasn't even able to initiate the download process. Clicking on the download button in Ledger Live didn't do anything. Over WIFI I couldn't do it.

Last night, I connected my laptop to cable and the download started but took half an hour to download. My connection and speed are fine BTW. After that the notification stayed at 'Downloaded 100%' for an hour.

I got fed up so I restarted the app to try again. The exact same thing happened for an even longer period of time.
Has anyone had a similar experience with this release or one of the older ones?

I think it is a "False Positive" from a certain antivirus against the Ledger Live application - in this case, Windows Defender.
Previously when I want to update Bitcoin Core, Bitdefender detected Bitcoin-Qt (download from the official site) as a threat.
https://bitcointalksearch.org/topic/m.53500127

There was never a problem with Bitdefender. Windows Defender was flagging the files for some time but that has been fixed from what I can see. ZoneAlarm was also flagging the installer as a "trojan downloader" and that seems to have been resolved as well.
There is still 1 security software that detects the installer but it's relatively unknown and I can't remember its name from the top of my head.

I am a Ledger Nano X user and currently use Ledger Live Mac version 2.2.4, and Android version 2.2.0.
All of these devices have Bitdefender Antivirus installed.
During this time, Ledger Live has no problems with the antivirus that I use.

In all honestly, I haven't had many problems with Ledger Live. I hope it stays that way. I prefer using Electrum with my Bitcoins and Nano S anyway so I can't complain about missing features. They do what they think is important, probably based on the needs the community expresses.

I am not sure what has caused all those bugs from the past. Hardware, software, or a combination of both. I doubt Ledger knows what has caused bootloader issues, Ledger Live not being able to load, etc.

Looks like that false positive alarm was fixed by ZoneAlarm. The 2.2.4 version is now only being detected by 2.2.4 as a Trojan Downloader.
 

I'm sorry, but moaning about a false positive generated by another application that a developer has no control over is ridiculous.

That isn't a "bug" or "poor coding"... that is Windows Defender being overly aggressive. Sure, it's not a good look for new users getting strange alerts from their AntiVirus/AntiMalware software when they're supposedly installing "legit" software... but a LOT of software has fallen victim to that sort of overzealous behaviour and NOT just in the cryptosphere.

I have had Windows Defender "quarantine" a lot of things in an effort to "halp" protect me from the "BadPeople"™

And it's even worse in Windows 10 now because I cannot actually permanently turn off the "Real Time Protection" anymore...


At least they were actively trying to fix it once it was reported.


Now, I do agree that Ledger haven't been great in a lot of areas... support timeframes would probably top that list, but their apparent focus on adding shitcoins in favour of fixing other issues is definitely in there too.

However, I can understand why they do this... think about it... what is more likely going to sell a HW to the "AverageUser"™? The ability for them to use all their favourite shitcoins with a fancy UI... or the fact that Ledger have a 100% bulletproof and error free firmware upgrade system, or that the "MasterPublicKey" shown for SegWit wallet is actually shown correctly as a "zpub" instead of an "xpub"?

I agree with him honestly, I even regret the Chrome App we used to use before. Using Ledger Live is like running the unstable or testing versions of Debian sometimes.

Why put the roof on the house if you haven't finished the walls? Instead to add stupid coins that nobody uses except the bots on the exchanges they should focus to make their product correct instead of throwing updates here and there that don't matter.

Thanks.
I will wait for next 'surprise' from Ledger, and open my own topic where we can chat more.
Cheers

Yes, it is open source: https://github.com/LedgerHQ/ledger-live-desktop



Probably as much as people want them to.
People want worthless shitcoins to be added, and they follow. Especially since developer create their application on their own and it only needs a security review from ledger.



Excuse me?
I only hear people crying who got their web wallet created by someone else and now lost x $.

I'd rather hear people crying because of some stupid bugs in a software you don't even need to use on a daily basis, than scams going on.

Is there open source code for their disaster buggy Ledger Live software, or should I think about that also?
How many more shitcoins are they going to add?
I would like to hear some insider information.

Step out and hear the cries of new people who are using Ledger wallet.



Sure, I will think about creating something like that.
Don't get me wrong, I also have Ledger wallet myself, but it's not a holly grail.

Ledger decided to create a hardware wallet resistant against physical attacks by using hardware / firmware which is under NDA and can't be open sourced.
They are using a secure element.

The non secure MCU is completely open source (comparable to trezor) but not resilient against physical attacks (comparable to trezor). Thats what the (closed source) secure chip is for.

Think about that.

I am aware that different people have different problems when it comes to the same software, but as good as some software may be, it may not work exactly the same on different configurations and operating systems. I see many people complain about Windows 7 and Ledger Live, but that OS is not supported more than a year, and I see a lot of people download fake Ledger Live and type their seed - and everyone blames Ledger for it.

I bought a hardware wallet for the sake of protecting my private keys, and it works flawlessly for now. I also do not live in the misconception that Ledger has made the ultimate security device, and I'm aware it's not open source - but they have built their reputation over the past 4 years.

This is a topic about Ledger Live false positive detected by Windows Defender (and as I show ZoneAlarm), so maybe you should open new one and post all other issues. Before that you can visit Ledger and Trezor Reddit, and you will see that there is not much difference in the problems that users have, even though Trezor is open source.

I know, and I don't expect to see any perfect hardware wallet.
But Ledger is NOT open source, and this false positive is not the only issue they have.
Think about that.

False positive is something which happens constantly, why does anyone think Ledger Live is immune to it? I personally have not had any problems with Ledger Live, and I use Nano S and Nano X on Windows 10. In this particular case, the only culprit is Windows Defender, which detects Ledger Live as something malicious.

New 2.2.4 Ledger Live for Windows is also detected by ZoneAlarm as HEUR:Trojan-Downloader.Script.Generic, same as it detect 2.2.0 version.


Freedom of choice is available to everyone, Ledger is not the only choice, but don't be fooled that there is something perfect, because you certainly won't find it. Do you know that Electrum also has a lot of false positive detections? Just a quick search can find dozens of cases on the forum...

https://bitcointalksearch.org/topic/electrum-301-setupexe-false-positive-2367499
https://bitcointalksearch.org/topic/avast-malware-warning-electrum-332-maybe-false-warning-5090850
https://bitcointalksearch.org/topic/false-positives-in-latest-wallet-3117187
https://bitcointalksearch.org/topic/electrum-wallet-virus-2575927
https://bitcointalksearch.org/topic/windows-security-reports-electrum-installer-infected-5107585

Imagine you are crypto newbie, and you just purchased Ledger hardware wallet.
Then you have bunch of stupid bugs for every damn update in recent weeks/months.
Oh, and this is not a theory, people actually complain all the time, so I will not close my eyes about this, sorry.

I find this a bit unfair. The device is still OK.
I've used Ledger Live only for install/uninstall things. I'm too used to Electrum to drop it.
Other wallets (MEW, for example) also work fine with Ledger.

So I'd only drop Ledger Live as a wallet. (Well, I don't even have to.)



Indeed Comodo Internet Security never complained.

All this with Ledger update bugs is becoming more and more serious.
Like I said many times....they should focus more on fixing issues instead of adding support for bunch of shitcoins.
Maybe it's time to move to some better HW.
Meanwhile people can use Electrum + Ledger

I didn't notice anyone talk about it in this part of the forum. The issue was brought up in the Croatian local section by slackovic (https://bitcointalksearch.org/topic/m.54231714)

The Ledger Live 2.1.0 update gets flagged and blocked by the Windows Defender as a Malware. Ledger issued two quick updates with 2.2.0 and 2.2.3 but they were not able to resolve the problems. This issue was brought to their attention on their GitHub > https://github.com/LedgerHQ/ledger-live-desktop/issues/2822.

The team has now released 2.2.4 that should rectify the Windows Defender flag. They recommend that anyone who has updated their Ledger Live to 2.1.0, 2.2.0, 2.2.3 first uninstall the software before installing the new 2.2.4 release. There is a separate uninstaller available on the link above.

Apparently this problem was/is only present on devices where Windows Defender is active.