I'm not asking the question frivolously, but only to point out what looks like a "catch 22". It seems to me that when we acknowledge the possibility of undetectable malware being present on the system we also have to acknowledge the possibility of malware penetrating the system in an undetectable manner. When we "follow security normal when using a computer" (as you said) and take all reasonable precautions then it's very unlikely, but it seems that we cannot be 100% certain. We can only do the best we can and then not worry about it.