When I stated "misunderstanding" before, it was mostly in regards to the comment about being "protected from you're machine"; as I noted, you aren't being protected from you're machine, you're being protected from security flaws in the programs you run. It's not just about the prompts as people like to pretend. The request to elevate that UAC provides is in and of itself only of minor benefit; the major gain is that applications that do not require elevation, aren't running with the highest possible privileges; this is what they do when UAC is disabled, and on the default configurations of XP and earlier. The advantage is that you are running Word, MSN, Internet Explorer, Firefox, IRC clients, Outlook, Adobe Reader, Foxit, etc as a standard user by default; they don't get any special abilities.
Now, the point is that exploits exist for all of these programs. Even Word. if you have UAC disabled and visit a page that exploits a hole in IE or firefox or Opera or whichever and it is able to place a piece of binary code on your machine and execute it to try to install a rootkit, it's going to need admin privileges to run. Without UAC, it already has admin privileges- you get no prompt. But you do get a rootkit. With UAC; you can click cancel. Now, naturally, many people will click OK, but the more savvy users will stop and think, OK, *censored*, why do I need admin permissions for IE just to view whatever.com?
Thought experiment: having UAC disabled. Let's say you need to download a text file. Your favourite editor is of course associated with it. What you- or anybody really- doesn't know is that there is a flaw in that text editor that allows the syntax highlighting engine to be manipulated to allow custom pieces of text to be executed as native macro commands for the editor; let's say (for the sake of argument, and because it is hardly a corner case) this editor has a very rich scripting language that allows you to do *censored* near anything. Your Boss, or whomever sent you this text file; you know the text file is "safe" because I mean, it's a text file right? Text Files aren't dangerous! So you download it. Of course, unbeknowest to you, the sender was infected with a rootkit that was configured to paste the exploit text at the end of the file whenever it was edited; and of course because they used the same text editor as you the malware changed it so the macros hide the presence of the text. So now when you go to open it, the exploit code is able to take over the editor, and works from within the editor process doing whatever it pleases. It basically perfectly fits the definition of a biological virus in that it reprograms a otherwise benign entity to do it's evil bidding. And since that process is running with full Admin/root permissions (because you trust this editor, and believe that all dangers are perfectly avoidable with safe browsing habits, etc) that exploit code has now owned you. it downloads data from the web to install rootkits and other nasties, and now all the text files you edit will have this exploit code. And it the crap just rolls downhill from there. With UAC enabled, all attempted automatic attacks that try to exploit flaws in a program's parsing routines would all fail and you would stand a far higher chance of not getting owned.
As far as windows is concerned, it's one of the least invasive implementations This sounds like a good thing. It's not. On Linux machines you have to SU or get prompted (in a similar fashion to UAC, via a graphical dialog) to run admin apps, utilities, etc. just like on Vista/7; the difference is that everytime, you have to enter your password. Other solutions such as a "suid bit" (trust) or the lock model that some systems implement are rather dangerous and exploitable programmatically.
People often say "ha... it's useless, people just learn to click OK all the time"; that's a non-argument. As I noted above, it has tremendous benefits. People should take the time to educate themselves- and their users; as to what UAC really is, and exactly what it is doing. None of this "well, I'll only judge it based on what I can see" nonsense.
Lastly, you can do everything right (not downloading suspicious apps, running a good AV, firewall, etc) but still get infected/owned through no fault of your own. it's not so much like building a wooden lava bridge over a volcanic crater as much as it is building a wooden lava bridge over a volcanic crater while a whole bunch of people are swinging it from side to side to try to get you to fall. Falling is not your fault; choosing to use the bridge rather then the path is; just because it's a tad faster doesn't mean it's the smartest option. Running applications with Super-User/admin permissions is equally dangerous on every platform.
Also, some may say "well that text file thing is made up" It's not; When I was running XP I was whalloped by virut simply by opening a text file (truly the editor program's fault) of course, the text file wasn't from a trusted source; and naturally it opens fine in notepad and you just see some goofy characters at the end; but open it in the text editor I was using at the time (which I won't mention, the bug has since been fixed so it's nothing but finger-pointing, as they are hardly the only one with the issue) happened to misinterpret the BOM; additionally, the extension that was chosen meant that a specific syntax highlighter was selected for use which happened to contain a parsing flaw that caused a buffer overflow, allowing crafted pieces of the text file to be inserted into the stack of the text editor; for example, the stack frame pointer was corrupted to point to the start of what in notepad just looks like nothing but is in fact a "NOP sled" leading up to the malicious code (which just looks like garble). So the text file was able to execute MACHINE CODE because of a flaw in a text editor. This is not a backwater, unpopular text editor either; it's quite popular. Like I say, this isn't limited to text files, or text editor with syntax highlighters, or anything of that sort. Basically, the very act of dealing with files at all, for any purpose presents a risk. Especially when you consider that parsing a text document is relatively simple. new, similar flaws are found in web browsers all the time that cause similar conditions that allow them to change the in-memory execution context to do their evil bidding. If that application has full control, that evil code has full control. It doesn't matter how few bugs or how many fixes said application has had- it only takes one to lose your machine- and through no fault of your own, save not using UAC, which would cause the attempt to infect to fail silently, or possibly, in a second-to-worst case scenario, show a prompt (the worst case scenario is that it somehow bypasses UAC entirely, which is far less common).
The reason I state this is because I quite understand the sentiment; before I used Vista it was mine as well, and the first thing I did was disable UAC. But (as I was dealing with some files that were still infected from the XP machine) I got re-infected with the same thing, I reformatted, and decided "alright, I'll leave UAC on, just until I know I don't have any evil files here" And I haven't disabled it since. The example cited may seem to be a huge corner case that requires several coincidences and several correspondences to be present, but it is exactly that which the baddies take advantage of.
