security – Is our hardware wallet safe if the PC or Mac has 3rd party apps?

For example, our PC or Mac might have 3rd party apps installed, such as Pixelmator, GIMP, or VLC player. They are usually considered to be safe apps.

However, is it true that when using a hardware wallet, we need to use the PC or Mac, and if the PC or Mac is hacked or is affected by any 3rd party software, then our private key can still be stolen? How do we prevent it from being stolen?

Having said that, I heard that if we did not install the app as an admin on the Mac, that is, if we installed the app only by dragging the app into the Applications folder, then we can reboot the Mac and not run any 3rd party app, and at this stage, no 3rd party app should be able to do anything bad. If we installed the 3rd party app as admin (root), then it is a different story because now the app can be running itself or a small component in the background even after a reboot.