> There is also a class of user forged in the fires of the primordial internet who would never in a trillion years be tricked into clicking a fake explorer.exe window in their browser.

Until they've had a couple drinks. Might still need a more sophisticated fake than that, but they exist. I'm with you on the disabling part though: I think Apple gets it right with SIP, it takes a reboot in recovery mode to disable it temporarily and a single command while in recovery mode to make it permanent.

Skilled in what exactly? In x-raying all data storages on a system with a naked eye and spotting there a malware? In sniffing ether around the system and smelling a malicious bits on the radio spectrum coming in? How does this skill works?

> How does this skill works?

I've been using computers for 40 years, have never installed and have always disabled malware scanners, and never had a virus. Maybe I'm special. But I'm not that special. There are 3 billion Android uses in the world, almost all of them don't have malware scanners, and almost all of them have never been infected by a malware. Ditto iPhone users.

To be fair, I haven't used Windows for the latter 1/2 of that 40 years. So maybe it's only Windows users who need to go around x-raying all data storages.

I've used computers a bit less since 90s, and I'm also careful not to do dumb stuff on it. But I can't guarantee that any of any PCs at any time is virus free, because I don't know it and can't know it. And that includes Linux btw, though statistically it is much safer. But Linux is beside the point, the whole topic is about removing a Windows component, and on Windows there are millions of different malware.

Most Android users have the malware scanner in Google Play Services enabled.

It's called Google Play Protect. Comparing it to a Windows malware scanner it like comparing a house door lock to security in a jail.

All Google Play Protect does is compare the installed apps on your device to a list of known bad ones, and uninstalls any Google doesn't like. For the most part all it's doing is looking for apps you've installed that Google later deemed bad and removed from the app store. That's a slight exaggeration, but not a big one. The performance impact is what you would expect from that description - almost none.

A windows virus scanner tries to get itself involved in most mouse clicks. Open an email - it's reading it over your shoulder. View a web page - it's looking at it too. Copy a file from USB - it's inspecting every byte. Every time you write a file, it's sniffing over the new contents. The performance impact is what you would expect from that description, ranging from noticeable to crippling in the worst cases. When it does find a virus it can't "just uninstall it". It may well have replaced parts of Windows itself.

Google Play protect is all you need when you design an OS with security in mind. The situation on Windows is where you end up when focus on delivered features, security be damned.

Skilled in not falling for the kind of malware, that Defender is able to catch.

It’s not a very high bar: I have not seen it find anything in a long time, neither on my machines, nor on the ones I inspected after they had been owned.