I don't know where you've gotten the idea that Windows will just run whatever software you provide it without saying anything. Executables must be signed with a trusted CA. You can get this trust by buying a CA and waiting for reputation to build (which means any malware you produce can be tracked back to your business), submitting the software to Microsoft for malware analysis, or waiting a very long time for reputation to build[0].
If your executable doesn't have trust, a scary warning pops up (or Windows blocks the app from running) and tells the user Windows Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk. This seems about as effective as having a bunch of random people vetting packages for a Linux distro.
Sure, if by "scary warning" you mean the click through nags that Windows pops up early and often (sometimes multiple times for a single action) and that have trained generations to ignore software warnings and dialogs in general.
I honestly just installed my first non-throwaway Windows VM in a long while, and I was appalled how the state of the art in Windows "security" is still stuck where it was a decade ago.
If your executable doesn't have trust, a scary warning pops up (or Windows blocks the app from running) and tells the user Windows Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk. This seems about as effective as having a bunch of random people vetting packages for a Linux distro.
[0]: https://stackoverflow.com/questions/48946680/how-to-avoid-th...