I always have this nightmare, a hidden keylogger somewhere on devices that I use. How one can make sure of that?

Can we assume Apple devices are tight not to easily allow such software as it needs access to kernel extensions?

As for Linux I believe there is no such protection, correct?