Yes. The problem scenario relies on an infected machine. This infection exploits UAC's default behavior to auto-elevate signed system binaries to achieve silent rights elevation. Of course, if UAC was a security
boundary, then it would not possess such behavior.
Right, and it should be.
But without leaving it turned all the way on Microsoft will never be able to make it one because application developers and users will never update to the new system. Leave it turned up for now, roll out a better UAC in Windows 8 along with removing the
ability to login to Administrator accounts on workstations.
Administrator accounts have no place anymore. But people are FORCED to use them because too many applications haven't adapated and will never adapt with UAC off.