Wine is not Windows... Wine has a very limited capability of features implemented and most malware will simply fail to run when executed on Wine. I'm fairly sure the appcertsdll key and its features are part of the things that are not implemented into Wine.
In addition you need to be aware that a windows executable can not do calls to Linux functions, it would need to go through Wine to do this and either find and exploit a vulnerability in Wine or just drop a file somewhere and hope that someone will execute it in the future.
As long as the user-group "linux users" is too small to be a viable target for malware authors you can be sure that the user-group "linux users that use Wine" is not even noticed.
It's not just the infection itself that would need to be Wine compatible, for starters you would need to be surfing with a browser running through wine, then you would need to have something installed in the browser that's vulnerable and the vulnerability would need to be functional even with Wine's limited implementation. If all of that is the case, then you can go ahead and drop the malware. Now the malware needs to be fully compatible with wine too. The chance of all of this happening is incredibly remote as anyone who has tried to use Wine will know. Besides the approved programs on the list at wine-hq, there's very little that actually runs on Wine out of the box.
, If a malware say a trojan hit Linux tomorrow there is no way we would know,
This is just not true... Last year Mac got hit by a number of malware (including trojans) designed specfically for Apple. They also didn't run AVs before that, yet it was almost instantly known.
If a malware say a trojan hit Linux tomorrow there is no way we would know, Most of the Linux community uses NO anti virus software at all.
This would be the same if there was an anti virus.. There are no detection rules for malware on linux because there is no malware so far. There is also no behavioral detection because for that to exist you need to know some typical behaviour in the first place.. As there is none, no behaviour can be predicted.
Say one of these silent install run in the background things that spy on you
Silent installs on linux are much harder than on Windows.. You can't just disable the AdminPrompt or have someone click on a window without knowing what it really is.. You need to enter the password of the admin account (which is usually going to be the one of your account as well).
In addition you don't need "just" the malware you also need a way of deploying it. You need a vulnerability and a working exploit for it... Something that is quite hard to find.
On my system and on most Linux set ups you wouldn't notice anything as most of our PC's are so fast.
Yes. But you would notice constant outgoing connections and traffic to sites you are not visiting. Ubuntu has the iptables-firewall installed by default, though what you make out of it is your decision.
Yes, right now the linux end-user is little targetted and can live its life without worry and protection. But when the day comes, there will be a lot of buzz and with that buzz will come the protection.. The OS will be updated to close the vulnerability to which the infection crept in and there will be a ton of tools at your disposal to protect yourself against it.. Most of them will be unnecessary, but if you want you can add anti virus over anti malware over firewall.