‘This “UAC is broken” spiel in the media is particular funny, since the very same publications probably have an article on a) how annoying UAC in Vista is, and MS should make it less annoying, and b) how to disable UAC outright.’

The ‘very same’? So Tim himself is guilty of this is he…?

‘A non-elevated process can’t call out to nor create an elevated process without user consent’

Have you actually read the linked post?

Users.

Almost all attacks (UAC can be credit with that), either use social engineering, or masquerade as harmless, even useful software (scareware comes to mind as a particular nasty example).

Thing is, as long as users are able to actually operate a computer, users will be able to shoot themselves in the foot.

This “UAC is broken” spiel in the media is particular funny, since the very same publications probably have an article on a) how annoying UAC in Vista is, and MS should make it less annoying, and b) how to disable UAC outright.

Now MS makes changes to the user experience of UAC to make it less intrusive (so that users feel in control), and it is wrong, too.

Damned if you do, damned if you don’t.

Mind, I also think that, before a program can actually call out to, say rundll32, it has to be elevated. Since the changes introduced with Vista include a different IPC model. A non-elevated process can’t call out to nor create an elevated process without user consent: http://msdn.microsoft.com/en-us/library/bb625964.aspx