If you have untrusted code running on your computer, especially with admin privilege, then it's already game over no matter what you do. Any kind of stored secret can be extracted, and any kind of typed in secret can be keylogged.
This was definitely true a decade ago, but secure elements in processors have opened up all sorts of options. Unfortunately, taking advantage of those is one place where mobile operating systems are far ahead of desktops.
Mobile OS security works by clamping down hard on what the local user can do, by severely restricting your freedom on what you can do with your device, to the point where you can't even access most of the device's file system. It works under the assumption and reality that 99% of users out there don't have root access on their phone. At the other side of the spectrum we have PC where we have full freedom to do what we want with just a "sudo" or "run as admin" away but that comes with a price.
