longzheng said:

True. Memory attacks from remote sources is a typical vector of attack. The point is that your scenario requires that the target system is vulnerable. It's infected with a bug that will cause painful itching when exploited.

If I run vulnerable software on my machine, independent of my realizing it, then I have a vulnerability, by definition. Most people do not realize that there is a poorly designed data structure currently residing at some memory location, for example, primed for overflow...

I understand your positions, Long, Sven, Manip. I am not advocating that some level of extra protection is a bad idea. My position in this discussion is that UAC is not a security boundary. Seems to me that most of you are advocating that it become one or that it behaves exactly as the Vista iteration of the technology. Correct?

C