> Some malware could break and lock immediately the system, but other could stay there silent for months, so how to find out if there is any? > > I haven't run an antivirus since I last used Windows 20 years ago.

That'd be the role of an IDS (Intrusion Detection System). Things like file signatures of your entire system being saved to another machine (for example an offline/airgapped one) beforehand (for example by plugging your main machine's SSD as a secondary drive on the airgapped one).

If you suspect shenanigans, you take your machine offline, you remove its SSD (your BIOS/UEFI is also a concern), plug it to your airgapped machine with the IDS: it compares all the files (binaries, config files, etc.)' checksums with the past ones.

It's a bit of a lost art but it could make a comeback seen what we're facing, now nearly on a weekly basis.

Some distros have a way to check for file integrity as part of the package manager: but you can't trust the infos coming from the machine itself if it's been compromised.