SIP guarantees that you will be able to turn on your computer in safe mode and remove the malware, whereas without it your OS is toast.
If I had malware then the fate of the hardware is at the bottom of my priority list, I'm probably going to be replacing it anyway. I'd be more concerned that someone is going to steal my AWS credentials to run a cryptominer and I get a bill for hundreds of thousands of dollars!
The only solution to malware is to not install it in the first place. By the time SIP is useful you are already very screwed. SIP makes you safer in the same way that having a parachute on a plane makes you safer, technically yes but the difference in safety is marginal.
Do you have a system in mind that prevents the user from doing this?
Sure, macOS could adopt an iPad-style security system that refuses to run all software outside the App Store. It works on iPhone and iPad just fine, all the prosumers love it.
It's not like native darwin triples are a popular compilation target. There wouldn't be any vast tragedy if the macOS shellutil authors were told to use zsh in a VM instead, it would separate the parts of macOS that Apple cares about from the parts they don't seriously support. WSL and Crostini achieves this on vastly weaker hardware with great results.