longzheng said:
CKurt said:
*snip*

The application that does the code injection does not ever need to show a UAC prompt. It does not need to be installed, nor does it need to be elevated to run the code injection.

Furthermore, this risk is increased even more if you take into account remote code vulnerabilities in other unelevated applications. (Not low-privileged applications like IE though)

That's the crux of the argument, in my opinion. My primary argument in favour of UAC that I've always used is that if there's a remote code execution vulnerability in e.g. Outlook, any exploit code cannot exceed Outlook's privilege level, it cannot elevate without the user's consent. Now, with Windows 7's default settings, it can.

I do not understand why MS is pretending this isn't a bad thing.