Viruses don't need to be .exes by the way. There were spectre/meltdown proofs of concept that only ever used front end JavaScript.
Because the modern style of CPU attack (zenbleed too) usually side chains access to private memory (where your authentication details exist) they can get full system control without executing any .exes.
That computer would need a firewall disabling all incoming traffic, the latest bios firmware patches and js disabled on Firefox to be close to safe. And that's the base level stuff.
Edit: changed VPN to firewall. That was silly.
I was reading about Slackware today and it seems their init system still uses system V and lots of scripts.
So I'd definitely recommend that OS to anyone curious about the old style of init system.