AND IF anti-virus software exists, [a clamAV?]
It does indeed and in fact exist.
For a moment - for my next question that is - let's ignore the base distros you all mentioned: they seem like bad ideas if they hide or obfusicate that I'm running as root. But wouldn't the *real* problem be if a module or package I install after the initial distro setup continues to run as root? And therein lies the trojan or virus possibility?
If a trojan/virus were installed as root wouldn't its trapping, containment or expunging require that the anti-virus thingy be part of the kernel itself?
For the first part, you are correct it could be a problem. No one that would make a program
would even consider doing that, at least they shouldn't except in specific cases. If you ever
follow any development sources, you will find that the thought of process escalation. In fact
most developers from what I find spend time trying to even decrease the privilage. Any process
running as root does create that possibility.
The linux kernel is already a moving target, not in a good way imho. To add such a thing would
only make it worse.
Its' funny how everyone wants to try to close a door after the flood. The thought of closing the door
before it is open is much more sensible. If my clients get infected the game is over period. There are
those here that feel that they can remove every trace of malware, trojans or virus's. All most all use the
metric of looking at running processes to determine if such a threat is present. The primary metric in
removing such bad things is looking a system resource uses, if they decrease then you have fixed the
problem. If you can not do a full audit of the entire system how in the world can you state a threat has been removed? There are a couple things you can do to get it as clean as possible. The is no full proof method short of a reinstall with a wiped drive. I welcome any arguments if there is such a full proof documented method of doing so.
The ultimate responsibility is that of the administrator. This is part of the reason that there are sources
recommended for packages.