Don't use your crypto wallet stuff on a device with which you do your daily internet shit. That already can help a lot, but doesn't protect you 100%. Air-gapped or hardware wallets and careful verification of transaction details helps a lot, too.
Currently I manage my crypto only on my Linux partition, we are not 100% free of malware, but it already solves a good number of problems, I only use Windows for cryptocurrencies with a maximum hardware wallet.
I have suggested before on previous threads that developers create a offline solution, where you encrypt the seed before you go online and when you copy and paste the encrypted data, it will decrypt it within the software with a password... before it can be used. So even if the hacker retrieve the encrypted "seed" ... it cannot be used without the password to decrypt it, when you go online.
That's a great suggestion, I hadn't thought of that, although
there are solutions on github that do something similar to what you suggested, but it's an open source third-party tool and you should analyze the code or trust whoever analyzed the code for you.
In multibit classic there was something similar, but it was not a deterministic wallet yet, so to export the wallet's private keys, you would have to encrypt the file to be exported with a password and you could decrypt it with openssl with encryption algorithm aes-256-cbc.
Regarding the tool I suggested in the link, I just did some tests with newly generated seeds that I wouldn't use as main wallets, so I can't guarantee if it's a minimally safe tool. Run your own tests.
