Well first of all Electrum doesn't show update notifications at all. If it were to start now it'll only muddy the waters even more
Electrum is show this message in combination with bad servers, and even if Electrum can not influence on such servers, yet there is a great deal of responsibility on them. Such a thing should be foreseen and prevented, but instead of that we have hundreds of stolen
BTC and confusion that continues to last...
You posted some of possible solutions, and both would in any case be better than the current situation. It's been 16 days since the attack started, and only fix in that period is mitigation of problem.
I see there is version of Electrum 3.2.4 (2018-12-31 11:26), but on main page is still
Latest release: Electrum-3.3.2 , even more confusion...?
Do we have a list of servers that are safe for sure? Would help because then you could connect manually to those when you get the pop up.
Nothing is 100% sure, but I found a list with Electrum servers which could help. However, owner of this site can also be tricked to list some bad server, it is just for informational purposes.
https://1209k.com/bitcoin-eye/ele.php