With AV you could be infected for months without ever knowing. All it takes is to get infected by anything that hasn't made it into the (often out of date anyway) definitions.
The old school Unix method works very well: Keep a list of all changes made from the base install, then periodically swap the disk out for a blank one, follow your documentation and restore non-executable user data from backup. Also has the benefit of regularly validating your documentation and testing your backups, and allows easy rollback by following the same process for major OS updates or hardware upgrades.
The old school Unix method works very well: Keep a list of all changes made from the base install, then periodically swap the disk out for a blank one, follow your documentation and restore non-executable user data from backup. Also has the benefit of regularly validating your documentation and testing your backups, and allows easy rollback by following the same process for major OS updates or hardware upgrades.