Do ordinary anti-virus programs have the ability to detect such problems before they BECOME real problems?
AV are by nature behind the race, and junk ones are full of junk themselves. Microsoft's AV probably doesn't have the coverage but is free and when combined with good practice can be a thing. Good practice might be running one of the aforementioned Unix OS on the iron, and Windows in a rollback VM container, with data on encrypted USB or samba share. The fuck people use Microsoft for anyway.
The two most secure options in this case are using an offline computer, or using a hardware wallet.
Yep achieves the same sig thing. Though HW wallets are usually more portable, may come with PINpad feature, but lack any utility tools.
Also, best practice is to have most of your funds in cold storage.
Like backups, this definitely applies if your balance is more than you wish to lose. HW disk and wallet can, do, and will fail. Print them out and stash them in the woods or wherever. You can simple braincrypt them against being found with 'openssl enc -e -aes128 -a'.