Easy, your BitcoinWalletProtect[tm] will warn you that a new unknown process is accessing your (hopefully smaller and secondary) wallet file and ask you to allow access!
The next wallet stealer version will either kill the wallet protector process or patch/bypass it. The Bitcoin running as server is another option. This is arms race, and smart people will always be few steps in lead.
True. So we don't try at all? I should turn my firewall and antivirus off. It's not like the next malware or attack won't disable them anyway?