It's useless until it's not. Something like it is necessary on Windows.
The naming is pretty off though. "Responder" would be a better name than "Defender".
At a high level we all know that it's theoretically impossible to detect all unknown "malicious" software ahead of time, by inspection.
Defender also necessarily acts as an "oracle", if you're writing malicious software you have the ability to keep trying different things until Defender doesn't complain about what you're doing.
However, once some specific malicious software has been identified, a fleet-wide response is necessary and at that point "Defender" has some use.
Windows Defender reduced the amount of virus on windows on it's own.
The original anti-virus applications ( some of them, eg. Norton) would be considered as my malware, blocking files, CPU spikes, taking over your browser search experience. All that ugly shit is gone by Defender.
I mean, I expected it would be cyber-attackers, but I would eagerly have accepted the alternatives as well.