Jesper is The Guy on security and since UAC is generally represented as a security feature, I'm interested in just about anything he has to say on the topic. So imagine my eyebrows headed for the ceiling when I read:
UAC does not, nor is it intended to, stop malware.
But my eyebrows came back down pretty quickly. There's a difference between stopping malware and reducing the effect of malware people happen to launch. UAC is intended, Jesper says, to "enable more users to run as a standard user." After all, most devs are admins on their own box, because otherwise they can't accomplish all kinds of day-to-day developer tasks. And then they accidentally write applications that only work if you're an administrator. And most folks react to that by making everyone an administrator. And that leaves you in a nasty place if you did happen to launch some malware. He goes on to say:
...we ideally end up in a situation where most people do not run as administrators and, hopefully, start questioning some of the elevation prompts they do get. The fewer they get, the more likely they are to consider them carefully before allowing them, or so the theory goes. By extension, yes, there may be less malware, but it all depends on (a) whether users keep UAC on, (b) which is dependent on whether ISVs will write software that works with it, and (c) users stop considering prompts to be fast-clicking exercises and actually consider whether an elevation request is legitimate or not.
That last one I am seeing no signs of. A UAC prompt comes up, people just click it as quick as they can. Sigh. Let's hope that changes over time. One last quote from Jesper:
The fact that UAC does not mitigate all security problems, or that it does not possess a property that many of us, myself included, would dearly like to have - first-order protection against malware - does not mean it is not a security technology.
The more we understand the point of UAC, the more likely we are to think a little during that black-screen-pause while the prompt is coming up. If you don't think what you just did deserves a UAC prompt, why are you going to consent?