Ledger Live Problem on Windows | Bitcointalksearch.org

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: erikalui on August 10, 2019, 09:16:38 AM

Electrum is open-source and a free wallet which is why it can be manipulated more easily than Ledger that's hardware.

Open source does not mean that anyone can change the code. It means everyone can view the code.

Anyone can make requests to change the code, but it will still be audited by multiple people managing the repository.
And only if it passes the code audits, it will be merged into the repository.

Quote from: erikalui on August 10, 2019, 09:16:38 AM

Even the best of people can be fooled if they follow the pop-ups in the wallet and even Ledger has the same option of updating the version.

It has been mentioned numerous times here around this forum that one should only download electrum from the official website.
And verifying the signature is mandatory.

Just because most people don't follow those pretty simple tips to stay safe, it by far doesn't mean that everyone would get fooled by such a cheap phishing attempt.

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: erikalui on August 10, 2019, 09:16:38 AM

Electrum is open-source and a free wallet which is why it can be manipulated more easily than Ledger that's hardware.

That's the disadvantage of open-source software, but would you rather use closed-source wallet and fully trust whoever create that wallet?
Even if you can't verify the source code by yourself, popular open-source software will be reviewed/audited by someone else who usually would share the result if they found vulnerability or backdoor.

Quote from: erikalui on August 10, 2019, 09:16:38 AM

Even the best of people can be fooled if they follow the pop-ups in the wallet and even Ledger has the same option of updating the version.

No, best of people would verify GPG signature of the downloaded installer/source code.

They also could check the domain of Electrum website on the pop-up as well.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: erikalui on August 10, 2019, 09:16:38 AM

Even the best of people can be fooled if they follow the pop-ups in the wallet...

Don't follow any pop-ups in your Electrum wallet now or in the future. Doesn't matter that the malicious practice of servers sending fake messages got patched. Maybe in the future scammers will find another way to get their fake software onto people's computers but as long as we follow the basic guidelines we will be safe. Download only from the official website and verify the signature of the wallet before installing it. Done.

bitmover

legendary

Activity: 2352

Merit: 6089

bitcoindata.science

Quote from: o_e_l_e_o on August 10, 2019, 06:07:58 AM

Electrum isn't risky. Users with poor security practices are risky.

Certainly.
Electrum is one of the most trusted wallets out there. Every Bitcoin community recommend it and like it.
As much as this phishing about Electrum 4.0 caught a lot of users , if people followed basic security procedures.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Quote from: erikalui on August 10, 2019, 09:16:38 AM

Electrum is open-source and a free wallet which is why it can be manipulated more easily than Ledger that's hardware.

You make it sound like being open-source is a bad thing. Electrum being open source is good. You can review the code yourself, and build the application yourself from the source code, so you know exactly what it will and won't do. If you don't have the knowledge to review the code yourself, you can pretty much rely on the fact that because Electrum is so popular, someone else will notice any malicious code long before it gets pushed to an update. Ledger Live is also open source, but Ledger hardware is not. It would be easier for a malicious party within Ledger to alter their hardware products undetected than it would be for someone to slip malicious code in to Electrum undetected.

Quote from: erikalui on August 10, 2019, 09:16:38 AM

Even the best of people can be fooled if they follow the pop-ups in the wallet and even Ledger has the same option of updating the version. Ever since I got hacked due to a virus on my PC, I avoid installing anything on it and hence I started using Ledger which doesn't get affected even if my PC is infected. I don't like to use even Ledger Live but still since it doesn't get affected by viruses, it's fine.

Electrum didn't get infected with a virus. Users were tricked in to a downloading an entirely fake piece of software. The exact same vector of attack is possible with Ledger Live.

Using a hardware wallet is a good idea, and I own a couple of Ledger devices, but your dislike of Electrum is misplaced.

erikalui

legendary

Activity: 2632

Merit: 1094

Quote from: o_e_l_e_o on August 10, 2019, 06:07:58 AM

This is intended; it is a security feature to prevent other people viewing your accounts if you have stepped away from your computer. If you don't like it, you can adjust the time up to an hour or disable it altogether by clicking on the "Settings" icon in the top right of Ledger Live and changing the "Auto-lock" settings under the "General" tab.

It logged me out while doing a transaction and I had to reenter the PIN, confirmed BTC wallet which was irritating. Thanks! Will do that.

Quote

You can't lose your coins simply because of a fake pop up. The fake pop up required users to follow a fake link, download fake software, install the fake software, and open their wallet with it. If you follow the recommended steps for properly installing Electrum (i.e. only ever download from "electrum.org" and verify all files before installation), then you can't be fooled by attacks like this. In addition, this has already been patched for many months, and is only continuing to affect users using outdated versions. In further addition, if you were using Electrum with a hardware wallet (as you would be), this wouldn't be effective as you would still have to confirm any transaction on your Ledger device just like you do at the moment using Ledger Live.

Electrum isn't risky. Users with poor security practices are risky.

Electrum is open-source and a free wallet which is why it can be manipulated more easily than Ledger that's hardware. Even the best of people can be fooled if they follow the pop-ups in the wallet and even Ledger has the same option of updating the version. Ever since I got hacked due to a virus on my PC, I avoid installing anything on it and hence I started using Ledger which doesn't get affected even if my PC is infected. I don't like to use even Ledger Live but still since it doesn't get affected by viruses, it's fine.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: Rath_ on August 10, 2019, 05:31:54 AM

Even if you updated to a fake version, your coins wouldn't be stolen. You have to review every transaction on the in-built screen. You would notice right away if something was wrong.

We have same option in Electrum (preview button), but user is not forced to use it, maybe many would be saved if Electrum force users to check all transaction details before clicking on send button. But even with that extra step of checking address some users will just click on send button without really checking if address is correct.

Ledger is force users to confirm transaction on screen, but how many of them really do that? Fake Electrum presents almost the same danger even with hardware wallet.

Quote from: o_e_l_e_o on August 10, 2019, 06:07:58 AM

Electrum isn't risky. Users with poor security practices are risky.

If huge number of crypto users have very poor security practices and we see every day that this is true, then using wallets as Electrum is a big security risk for them, and they should not use it until they fully understand what they are doing.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Quote from: erikalui on August 10, 2019, 05:06:40 AM

It works normally after that but keeps getting logged out if I remain inactive for like 15 minutes.

This is intended; it is a security feature to prevent other people viewing your accounts if you have stepped away from your computer. If you don't like it, you can adjust the time up to an hour or disable it altogether by clicking on the "Settings" icon in the top right of Ledger Live and changing the "Auto-lock" settings under the "General" tab.

Quote from: erikalui on August 10, 2019, 05:06:40 AM

Electrum is risky as after hearing so many members losing their coins due to fake popups

You can't lose your coins simply because of a fake pop up. The fake pop up required users to follow a fake link, download fake software, install the fake software, and open their wallet with it. If you follow the recommended steps for properly installing Electrum (i.e. only ever download from "electrum.org" and verify all files before installation), then you can't be fooled by attacks like this. In addition, this has already been patched for many months, and is only continuing to affect users using outdated versions. In further addition, if you were using Electrum with a hardware wallet (as you would be), this wouldn't be effective as you would still have to confirm any transaction on your Ledger device just like you do at the moment using Ledger Live.

Electrum isn't risky. Users with poor security practices are risky.

Rath_

legendary

Activity: 1876

Merit: 3139

Quote from: erikalui on August 10, 2019, 05:06:40 AM

Electrum is risky as after hearing so many members losing their coins due to fake popups, I'll never choose it. Till now nothing wrong has happened with Ledger Nano.

Even if you updated to a fake version, your coins wouldn't be stolen. You have to review every transaction on the in-built screen. You would notice right away if something was wrong. Electrum offers far many more features than Ledger Live and the phising method you mentioned doesn't work anymore if you have the latest version.

erikalui

legendary

Activity: 2632

Merit: 1094

Quote from: o_e_l_e_o on August 10, 2019, 02:37:10 AM

What version of Windows are you using? Ledger Live is pretty notorious for not functioning properly on anything older than Windows 8. Does it work normally once it has launched? How long do you wait before killing the process? It might just be that it needs some extra time to load.

If you are using Windows 8 or 10, then the best I could suggest would be to uninstall and reinstall Ledger Live. Alternatively, you could not use it at all and move to pairing your Ledger device with a wallet like Electrum for your bitcoin.

I am using Windows 10 and have installed the latest version. It works normally after that but keeps getting logged out if I remain inactive for like 15 minutes. I reinstalled it twice and now it opens on the second attempt.

Electrum is risky as after hearing so many members losing their coins due to fake popups, I'll never choose it. Till now nothing wrong has happened with Ledger Nano.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: o_e_l_e_o on August 10, 2019, 02:37:10 AM

What version of Windows are you using?

I doubt he is using W7, in my case it's actually impossible to keep Ledger Live open more then 1-2 minutes before it crash, and Ledger is not working in any fix for this OS, he is officially abandoned from any support.

In cases like this, users should remove Ledger Live completely which includes deleting his installation folder which is usually located on the path C:/Users/Home/AppData/Roaming. After deleting and restart of PC, it is recommended to download the latest version.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Quote from: erikalui on August 09, 2019, 12:23:45 PM

I am also facing a problem with Ledger Live. I need to click on Ledger Live atleast 5-6 times before it starts else it is present in the list of processes in Task Manager but doesn't launch. I had to click on it 6 times last time and had to keep ending the processors before re-launching it while last time it started after the second attempt. I got the updated version so don't know why it doesn't start after the first attempt.

What version of Windows are you using? Ledger Live is pretty notorious for not functioning properly on anything older than Windows 8. Does it work normally once it has launched? How long do you wait before killing the process? It might just be that it needs some extra time to load.

If you are using Windows 8 or 10, then the best I could suggest would be to uninstall and reinstall Ledger Live. Alternatively, you could not use it at all and move to pairing your Ledger device with a wallet like Electrum for your bitcoin.

erikalui

legendary

Activity: 2632

Merit: 1094

I am also facing a problem with Ledger Live. I need to click on Ledger Live atleast 5-6 times before it starts else it is present in the list of processes in Task Manager but doesn't launch. I had to click on it 6 times last time and had to keep ending the processors before re-launching it while last time it started after the second attempt. I got the updated version so don't know why it doesn't start after the first attempt.

sunsilk

hero member

Activity: 3038

Merit: 634

Quote from: crwth on August 02, 2019, 01:43:02 AM

Quote from: sunsilk on August 01, 2019, 11:47:25 PM

I've read all the suggestions that you have. When there are updates, I never such problems like yours.

Anyway crwth, have you tried posting this on their reddit?

https://www.reddit.com/r/ledgerwallet/

Luckily, you didn't experience it. I don't know what is happening but I haven't focused on it yet but maybe let's see later. I will try to post it on Reddit once I have screenshots of the problem.

Yeah so far I didn't have, I just update it whenever there's an available update that the live itself suggested.

Post it there, ledger management is more active on that channel.

crwth

copper member

Activity: 2940

Merit: 1280

https://linktr.ee/crwthopia

Quote from: Rath_ on August 01, 2019, 04:46:43 AM

Yes, every Ledger device is given a secret key during manufacturing process. The key proves device's authenticity when connecting to Ledger's servers. If a device is not genuine then a warning is displayed. The same applies if the software was modified.

At least there would be verification for the authenticity which is good for us, the users.

Quote from: Lucius on August 01, 2019, 05:39:59 AM

This is first time I see such problem with Ledger Live, and by what you write it seems that something is preventing new version of Ledger Live to run on your OS. I guess you have this problem on W10, and not on W7?

I haven't tried it on W7 because I don't have that anymore. Anyways, I did remember that ever since that update, the previous version of Ledger Live is gone, even in the program files, there's no executable. I would also check some of the possible software that could interfere with the process.

Quote from: bob123 on August 01, 2019, 05:58:25 AM

Well, you don't need to check every single letter. Checking the first 4-5 and the last 4-5 is enough.

I think it's just the paranoid self in me that wants to see it, but I think doing the 4-5 letters is enough as well.

Quote from: HCP on August 01, 2019, 11:43:52 PM

Possibly a "stuck" aka ghost process? Huh

If you haven't already trying checking Windows Task Manager to see if there is a Ledger process still running in the background and/or try rebooting. Then try re-installing Ledger Live using the installer from: https://shop.ledger.com/pages/ledger-live

Well, that's the thing, after installing the program, there is nothing left with the program files. But I haven't restarted my PC just to re-install it, I just used the Ledger Live on my laptop. I haven't had the chance to try it on my desktop.

Quote from: sunsilk on August 01, 2019, 11:47:25 PM

I've read all the suggestions that you have. When there are updates, I never such problems like yours.

Anyway crwth, have you tried posting this on their reddit?

https://www.reddit.com/r/ledgerwallet/

Luckily, you didn't experience it. I don't know what is happening but I haven't focused on it yet but maybe let's see later. I will try to post it on Reddit once I have screenshots of the problem.

sunsilk

hero member

Activity: 3038

Merit: 634

I've read all the suggestions that you have. When there are updates, I never such problems like yours.

Anyway crwth, have you tried posting this on their reddit?

https://www.reddit.com/r/ledgerwallet/

HCP

legendary

Activity: 2086

Merit: 4363

Possibly a "stuck" aka ghost process? Huh

If you haven't already trying checking Windows Task Manager to see if there is a Ledger process still running in the background and/or try rebooting. Then try re-installing Ledger Live using the installer from: https://shop.ledger.com/pages/ledger-live

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: crwth on August 01, 2019, 04:38:25 AM

The hardest thing to do in a Ledger Nano S is to double-check it while it's moving. You know I would like to get everything right with the letters but it's hard when it's constantly changing lol.

Well, you don't need to check every single letter. Checking the first 4-5 and the last 4-5 is enough.

Just look at the address you want to send the funds to before giving the nano s the TX to sign, remember the first few chars, then send it to your nano s and check the first few letters whether they match.
When they have moved off the screen, look at the address on your PC again and remember the last few. Then wait for them to appear on your nano s.
Works good for me.

Quote from: crwth on August 01, 2019, 04:38:25 AM

Anyway, is that how they check the authenticity of the device as well? Connecting to their own server?

The nano s checks the integrity of the firmware upon installing it by verifying its signature.
Each firmware package/update is signed by ledger. No connection to the server is necessary for this verification process.

Additionally the signature of each app is verified upon starting it.
If you start an application which is not signed by ledger, you'll get a 'non genuine app' warning on its screen.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

This is first time I see such problem with Ledger Live, and by what you write it seems that something is preventing new version of Ledger Live to run on your OS. I guess you have this problem on W10, and not on W7?

I agree with BitCryptex that you should check all security software on your PC, try to install fresh copy of Ledger Live, but this time turn off your AV and all programs that can come into conflict with installation. You can also try to pair your Ledger with Electrum, just for the sake of checking that everything is good with device.

For more help post your problem on Ledger GitHub : https://github.com/LedgerHQ/ledger-live-desktop/issues

Rath_

legendary

Activity: 1876

Merit: 3139

Quote from: crwth on August 01, 2019, 04:38:25 AM

Anyway, is that how they check the authenticity of the device as well? Connecting to their own server?

Yes, every Ledger device is given a secret key during manufacturing process. The key proves device's authenticity when connecting to Ledger's servers. If a device is not genuine then a warning is displayed. The same applies if the software was modified.

Topic: Ledger Live Problem on Windows (Read 360 times)