Drive encryption doesn’t really matter to malware, since the disk must be decrypted to function when turned on. Also the majority of malware still runs in userland, maybe arguably more since the rise of ransomware.
I’m not sure what you mean by permissions being limited to the Microsoft store exactly, but there’s a very robust permissions system built into Windows by default. It’s just not very user friendly, and your average user wouldn’t know it exists probably.
There’s arguments on both sides about default security policies anyway, as I’ve found navigating osx systems to install software can often be a nightmare - but that could be due to my lack of experience with it directly.
Both systems have pros and cons from a security standpoint. In the corporate spaces I’ve worked in, osx security is more annoying to manage from a central point than Windows.