Actually you can't guarantee even that given the profitable black market for user data in Russia (it's easy to sell and buy leaked or stolen data there)
Not everything in Linux have a source code available for users. And you may want to use i.e. Chrome, or some games, or some drivers by i.e. NVidia. And that without counting BIOS or whatever deep down computers use, most of what you could use as social network/mail solution, and not found yet trojans like what happened with xz in some basic tool.
Having the source is a good start, but having a "lawful" powerful active player that actively want to intrude should be part of the equation. It was a formidable threat a decade ago, nothing was done about that, and now is even more advanced than what was then.
According to InformNapalm, "managers of the Kaspersky Lab neural network development team created the on-board AI system for the Russian Albatross drones."
Downloading binaries from should-not-be-trusted sources, and executing/installing them is one way. There is some irony on having to do exactly that with this scanner. But, anyway, you may not have everything you want in your distribution, so you may have to resort to that in some cases.
There are more subtler ways to download binaries and scripts from elsewhere, depending on what you use, like Steam games, python/js/perl/etc repositories , browser extensions, adding new distribution repositories, and so on. Everything should be safe enough and should be checked, but as the xz problem showed, that is not a fail-proof guarantee.
Also ML models, which are often distributed not as data (weights), but data wrapped in Python scripts that get to run arbitrary code and download stuff from the Internet.
If you have a public HTTP server somewhere, you can check its access logs. You'll find a lot requests which try to exploit remote code execution vulnerabilities of some CMS or router firmware.
Manually downloaded scripts from websites, which are then run as root. The website will tell you that thats how it works, and to "trust me bro".
The target audience is the same "computer expert" who runs anything he downloads onto his Windows 7 PC as admin, because that solves a lot of issues usually™.
Is the executable updated before each run, and not merely the data (definitions/patterns) used? Because running as root, being closed source, and updating the virus definitions daily wouldn't be surprising.
