@Pelover, well, the seed is entered in a random order. So even if the computer is compromised the attacked still needs to try 24! combinations before cracking your password. So you will have enough time to create a new account as BurtW said.
But if the new Trezor can use those words in random order, why couldn't the attacker do it too?
Please read this:
https://github.com/satoshilabs/docs/blob/master/trezor-user/recovery.rst'
I have read it but cannot see the answer.
The attack that worries the OP may be: hacker installs malicious browser/plugin in many computers and waits for one of the owners to start the recovery procedure. As the victim types the words, the malicious software sends them to the thief, and sends the wrong words to the victim's Trezor, so that his recovery will fail. Meanwhile the thief starts the legitimate recovery procedure with another Trezor, enters the words (garbled, with nulls and all), and gets access to the victim's wallet.
(A basic problem of all security systems is that, whatever one must do to get access, someone else with the right information could do the same. Including biometrics. Thus, security always depends ultimately on preventing the bad guys from getting some critical information that the good guys have somewhere.)
The TREZOR will ask you to enter the recovery seed in random order, and the order is only displayed on the trezor. You computer dosn't know what order is right.
So even if the attacker has all words, it is pretty much useless. And the entered order is different everytime you are promted to enter it!