"cancel or allow" (which Microsoft still does) makes no sense, it just trains user to click "allow" every time. Users don't know what they should allow or not.

It makes a bit more sense on accounts that have a password set, as it requires you to confirm identity when introducing significant changes to the system (and this is something that Apple also does).

Gatekeeper is a different thing, it basically makes sure that the software you're trying to run has been pre-scanned for malware by a trusted party, similar to Windows's "smart screen" and Defender or APt's GPG keyring integration. It's a mechanism that is completely invisible to 99+% of users. If you see a Gatekeeper pop-up and the app in question is not mlaware, the developer is doing something very wrong.