The easiest way to handle this is to boot off a clean OS install (or live cd), connect to the net, update your OS, install Electrum, and disconnect. If you never connect again it is close to impossible that, even if you did get a keylogger or infection during the brief install process, it would ever be able to send funds. The only way I can see if is the Electrum code itself was subverted such that it would alter transaction content during signing - which installing offline as you propose would not prevent anyway.