Maybe Microsoft should just turn UAC off entirely if this is their position. Based on what they're saying it doesn't really do a great deal of anything at its default, least of all offer any protection for users. Either turn it up or turn it off. Anything else is just a waste of everyone's time.

There are several bugs in the current UAC design default but the main issue is that bypass can be automated. While today you can inject and bypass, you have to guess what the user will elevate or trick the user into elevating your choice of process, and that adds complexity (and crashes?). With the new UAC you can entirely automate and verify the escalation of your process. Just launch a copy of calculator, inject, escalate, close calculator. Would take less than 1 sec. You will see toolkits, libraries, both on the white and grey markets before Windows 7 ships.

UAC isn't a security boundary but it SHOULD be. It should replace Fast User Switching for the admin-user to user-user switch.